Posts by chort@infosec.exchange
 (DIR) Post #AUM3HTKPfoylohggxk by chort@infosec.exchange
       2023-04-05T16:00:45Z
       
       0 likes, 0 repeats
       
       Something that has annoyed me about InfoSec podcasts for a really long time is how offensive-centric they are.Most of the really popular podcasts, including @riskybusiness have offensive-minded people doing the technical commentary. You end up with baffling, non-sensical advice like "file transfer appliances have had a lot of vulnerabilities, so your business just shouldn't use them any more." HUH? And how else do you propose to transfer files? What happens to all the business processes you've built up around that? How do you know the alternative is any safer?That's just once example, but the same general thing applies to pretty much all the other advice. For a pentester it's "simple, just stop doing that." Anyone who has worked on defensive security engineering knows that's ludicrous.Any way, security news podcasts should really have technical commentators who have a lot of experience working within a business to give advice about what ACTUALLY WORKS, not this magical thinking nonsense.
       
 (DIR) Post #As3cDL95B7WUbq6Nua by chort@infosec.exchange
       2025-03-14T21:05:19Z
       
       0 likes, 2 repeats
       
       I heard there have been some InfoSec layoffs lately. First of all, my condolences. Capitalism sucks.Second, if you know of experienced Detection & Response folks, please send them my way. I might have a position opening soon.
       
 (DIR) Post #AsUiI1XqqSNETpRX3A by chort@infosec.exchange
       2025-03-27T22:36:11Z
       
       0 likes, 1 repeats
       
       I guess some threat actor has figured out how to abuse forms on various platforms, like Hubspot and Microsoft(!?!) to send invoice phishing.On Hubspot the real destination URL seems to be hidden until you click submit. At least on Microsoft (customervoice.microsoft.com) it's visible in the form code (although the actor has whited-out the warning not to enter credentials, lmao).Just absolutely blows my mind that Microsoft allows any way at all to put user-supplied content on a microsoft.com sub-domain. What absolute brain-genius built that site?