the article states they have not run any ransomware on the systems as of yet and they have maintained access. a backup wouldn't do much in this situation. it's not confirmed if the attackers are the cause of the service going offline and it should be presumed if they were they can take it down again.
it's not necessarily social media itself but the underlying structure and the ways it's misused that makes it harmful. it says more about american values than social media itself.
it's also The Register which is sort of known for these kinds of fear mongering clickbaity headlines. Just about anything can be misused for nefarious purposes. The implications of a sophisticated generative text program (simplifying it [a lot]) are rather obvious
TA is the primary form of analysis for all financial markets. The idea is that the price contains all of the information, hidden on publicly available. It's a requirement for taking the CFA.It's widely accepted by regulators, academics, and industry professionals.
No, it's like pulling cash from banks and sticking it under the mattress. Sure the wider cryptocurrency market is a financial wild west, but bitcoin is relatively stable (I don't mean non-volatile) at this point. It's a reasonable alternative.
The problem is that it is not sticking cash under the mattress it’s the equivalent of buying trading cards and sticking them under the mattress..
You are exchanging cash for crypto which means the exchanges now have to deal with the cash deposits somehow and where can they put it? Well they’ll put it either in banks which solves nothing or invest it as they see fit which likely to be even more problematic.
You're implying it's impossible to purchase goods and services with cryptocurrency. What's stopping someone from say purchasing gold bullion with cryptocurrency and in turn exchanging that for cash? There are also OTC exchanges. My point is there are many methods to exchange it for some other thing of value that doesn't directly involve exchanges and in turn the traditional banking system.
The reason its banned in OSCP is because the OSCP is in no way representative of a real world engagement.
The OSCP places a premium on hand jamming commands and doing everything manually, banning automation, because its trying to test if you understand the fundamentals.
Out in the real world, automation is encouraged. The goal is efficiency - getting the job done within the timeframe allowed by the client. Doing everything manually is horribly inefficient when you are on the clock.
It does annoy me that people take the wrong message from the OSCP, you should be automating away as much as possible so you can spend more time making novel discoveries and giving value to your customers.
I see what you are saying but engagements are not a matter of speed only either, you have restrictions and opsec requirements that prohibit you from automating certain things. If you have a decent EDR for example, even if you can evade the NGAV component,at least one of the commands LinPEAS runs will trigger an alert if the process execution alone is logged.
Really? Isn't coverage for vulnerability management and pentesting always has a specific goal like "get domain admin"? Honestly asking, I do offensive security but never been a pentester.
More mature clients these days want pretty broad coverage as well as "get DA" (or other "goal") out of their engagements, in my experience.
It's been kind of interesting seeing things change over the years - from strictly goal oriented, to the era of the Nessus Monkey (vuln scans sold as pen tests), and then back to goal oriented but now with additional coverage requirements.
Enumerating with it isn't banned, only auto-exploiting is.
This reminds me, I had hopelessly locked myself out of sudo access on a production box. This tool helped me get root again and fix a glaring docker socket privesc left there by some script that auto-configured docker among other stuff. I would have never looked at socket permissions I didn't configure,especially not after initial deployment of the server.
It's on a staging environment - but if it was a production machine it would not be an issue. I have until the end of the week to finish and need to work as fast and effectively as possible. Anything that assists in this goal is welcome.
As someone mentioned in another reply it's not banned in the OSCP. Automating enumeration is actually encouraged - after all enumeration is collecting information. It's up to you as the tester to interpret the results. On the other hand, tools like OpenVAS, Nessus etc. are not permitted as they go further then basic enumeration.
I think that person was being very reductive when they said "making things up", the person they replied to was extrapolating a lot of things based on a faulty understanding of the crypto space, hacking groups and Russia.
Many people are not open to the concept of a working and legitimate aspect of the crypto world. Or "legitimate"/"use case" is something that people will play devil's advocate on forever ad nauseam, as opposed to learning or understanding why people are willing to keep building there (somebody will ask, name one legitimate thing, and then argue about why all the replies are not legitimate as opposed to how individuals are and could address various problems). So people get tired of talking to those kind of people.
Can you please name what these specific use cases/'legitimate things' are? I'd take literally 1 example. My experience (full disclosure of priors: I don't think they exist) is that crypto enthusiasts always vaguely reference them, and then when you look at it it's a tiny project used by virtually no one. I am unaware of any mass-market crypto product that's used by say millions of people, but you certainly prove me wrong by naming one or two.
As far as I can tell crypto is a place for speculation, ponzi schemes, and (to be fair) is a mild upgrade in the field of illegal payments. Other than that, there are no legitimate use cases 15 years after its invention. It's just a technological dead end with an unusual amount of hype
The most obvious way I can see a disconnect is that I view financial services as a legitimate use case, because outside of crypto it is a large industry already that exists solely because there are finances to service. Speculation to be made easier. Its the underpinning of the global economy as the largest industry and every service provider involved takes a tiny cut and is largely invisible. Every other industry and non-financial innovation is smaller and operating within this reality.
The same occurs in the crypto space.
What I mostly see are people that were fundamentally uncomfortable with speculation and serving speculation, and were either redirecting that energy towards the crypto space, or completely segregated from the financial services reality they live within. Unaware that their chosen criticisms applied equally to things they respected.
Okay, so one use case: the Uniswap application and its code base has over million users. You can look at this dashboard to see just Uniswap’s monthly users which seems to peak at 800,000
you can further extrapolate that to all the clones on Ethereum and other blockchains that have higher throughput
Uniswap’s “liquidity pool” concept solved a big need, while also introducing new problems that people rapidly try to improve upon.
Otherwise, crypto exchanges have been a large extortionate gatekeeper in commerce, and attracting liquidity even after being listed was a major challenge. The liquidity pool concept solved that.
I said peak, which was 2 years ago. the traffic quickly went to clones, which I also pointed out. there are plenty of other dashboards to find as well. Dune Analytics is a service for creating these dashboards, and sharing them.
I know, you don't have enough interest to look. But it comes across as a bad faith effort, no different than the kind of person I pointed out earlier.
The difference is that there were people that said "hey lets create this tool within 'useless crypto land' that could attract a million users", while over the last 15 years you were like "this is useless there's nothing with a million users", someone else said "hey lets make this better so an additional several hundred thousand more people can use it", while you were like "this is useless because there's nothing with a million users"
anyway, now its here and you don't even want to count it
there are plenty of people building, it is very lucrative to do so, primarily by taking small basis points of the volume flowing through the application you deploy, just like in the non-crypto financial services world.
With numbers peaking at 800K and with crypto existing for almost 15 years, I would have expected significantly higher numbers given crypto has had a 'head start' to find a use case.
Something like UPI payments (which is what crypto was supposed to achieve but completely failed) already has hundreds of millions of users in drastically less than 15 years, I can see why hash's POV remains unchanged and mine too.
800K is still close to 0 with almost nobody using crypto at all compared to over 500 million users using UPI payments.
a) you are not able to separate a single program from the entire concept of crypto. but compare a payments solution to that single program which is not a payments solution at all. they asked for one popular program and I provided it. there’s nothing for me to defend about that, its probably just a dashboard for Uniswap V2 activity and doesnt include Uniswap V3. its weird that this is not the level of discussion you would be willing to have. Why is the depth of discussion so low that I have to explain the limitations a random user made dashboard from Dune Analytics that I found on Google, in a forum where people are otherwise much more analytical. lets check back in 5 years.
b) its unclear the purpose of your observation. people have made billions of dollars converted to actual dollars in their bank account by servicing just those 800,000 users that are familiar with that one program, Uniswap. People will make another billion dollars servicing the next 500,000 users. There are millions of programs deployed on blockchains. Thats… attractive? The programmer and builder perspective is very attractive. Like I said, its the financial services industry. What exactly does everyone else do here? Making ad speculation programs for democracy destabilizing adtech conglomerates? Or some much more useless side project like owning the compose button in gmail? Its really hard for me to see such reductive understanding applied to the crypto sectors when there’s so much to build that is more lucrative than so many other things to build.
c) “15 years”, Uniswap V2 launched 3 years ago. On top of those other years of technology releases to make that possible. There is a clear chronology, that took many people just being willing to see it and where the technology is going. When the tools mature, applications are developed. It is impossible to have a discussion that conflates a specific application with being representative of anything except that application.
