dercraig - @dercraig@infosec.exchange @DerCraig

Keyboard-Cowboy & Samurai. Head of IT Infra & Services. c3noc. Interested in DDoS & Security. You wanna meet the real me now? @dercraig@infosec.exchange

Joined December 2012
My new #book on DDoS is finally available as eBook! Check out: ddos-book.com/ #ddos #ebook It features Layer 7 mitigations against #AI #crawlers and a LOT more.

ddos-book.com - The Best Book on DDoS attack & defense.

ddos-book.com - The Best Book on DDoS attack & defense.

ddos-book.com
1
dercraig - @dercraig@infosec.exchange retweeted
FastNetMon @FastNetMon
Jun 17
If you need one book about DDoS, this is it: "DDoS: Understanding Real-Life Attacks and Mitigation Strategies" by @DerCraig- one of the most comprehensive resources we’ve seen on the topic in the past decade. Grab your copy: eu1.hubs.ly/H0kYzj_0
1
4
A new book on DDoS attacks and mitigation is available here: buchshop.bod.de/ddos-underst… or on Amazon: amazon.de/DDoS-Understanding… #ddos - ebook also available in a few weeks! :)
I just published: "Testing GitHub DDoS Tools #12: palahsu/DDoS-Ripper" link.medium.com/Vdgf18ukIOb #ddos #tool

Testing github DDoS Tools #12: palahsu/DDoS-Ripper obsfuscated tool

So after some time it’s time to again look at a DDoS tool! This time, it’s https://github.com/palahsu/DDoS-Ripper which has 2,2k star on…

link.medium.com
Interesting piece by The Hacker's Choice.
The Hacker's Choice (@thc@infosec.exchange)
 @hackerschoice
26 Aug 2024
THC exposes Pavel Durov for LYING. Discloses undocumented FSB-style data exfiltration API in TELEGRAM. Don't #FreePavel - keep him locked up. blog.thc.org/keep-pavel-duro…
VERY interesting talk! #DDoS
This tweet is unavailable
1
Did ya'll know that TCP syncookies support TCP SACK and WScale since 2008? It's often incorrectly mentioned that they prevent using them and degrade TCP severely. Not true! git.kernel.org/pub/scm/linux… #ddos #linux
1
dercraig - @dercraig@infosec.exchange retweeted
Roman @faker_
11 Oct 2023
CentOS 7 is the real security hero this week! 💪 ✅ cURL too old for CVE-2023-38545 ✅ glibc too old for CVE-2023-4911 / Looney Tunables ✅ httpd too old for CVE-2023-44487 or any HTTP/2 support
7
114
22
592
dercraig - @dercraig@infosec.exchange retweeted
lcamtuf @lcamtuf
4 Oct 2023
I'm impressed with the Qualys security research team. Not only because they are clearly talented and have an impressive portfolio of high-impact findings - but because in an era of vanity domains and logos for bugs, they're keeping the 1990s research aesthetics alive.
5
75
3
553
Watch this: media.ccc.de/v/camp2023-5702… #ddos

How to survive getting DDoSed by Anonymous, Cyberberkut, Killnet and...

In this presentation, I will talk about how DDoS attacks were carried out generally in the last 11 years and how they innovated since the...

media.ccc.de
2
1
If you haven't seen it yet, there is a new dashboard on @Cloudflare Radar with some stats on attacks: radar.cloudflare.com/securit…

Application Layer Security Worldwide | Cloudflare Radar

Global Application Layer Security trends and insights.

radar.cloudflare.com
dercraig - @dercraig@infosec.exchange retweeted
ALLES @allesctf
6 Jul 2023
Are you also tired from teams stealing flags or organizers stealing 0days from organizers in CTFs? Then you should play CCCamp CTF 2023, organized by ALLES!! The original, without monitoring! We still haven't implemented any :) More info coming soon!
1
15
73
lecromee.github.io/posts/swi… #ddos #botnet #vpn

Swing VPN app is a DDOS botnet

tldr: Swing VPN is using its user base to DDOS sites using its users as a an attack botnet. Introduction It all started with a friend of mine complaining that his phone was doing a request to a...

lecromee.github.io
dercraig - @dercraig@infosec.exchange retweeted
Quentin Kaiser @qkaiser
17 Mar 2023
You can’t make this shit up. Sophos sales: if the ransomware’d hospital had use Sophos it wouldn’t have happened. Hospital CIO: well we *do* use Sophos.
24
312
49
1,275
dercraig - @dercraig@infosec.exchange retweeted
awlnx @awlnx
15 Mar 2023
I need to express my love for @HAProxy once more, it's just the best software I ever worked with and still work with. It's robust lightweight and it feels like it can do everything :D.
2
9
38
dercraig - @dercraig@infosec.exchange retweeted
James Kettle
 @albinowax
7 Mar 2023
I wish people would invest their time in something more productive than rewording other's research. Original: portswigger.net/web-security… Reword by @cobalt_io: web.archive.org/web/20230117…
3
21
2
191
dercraig - @dercraig@infosec.exchange retweeted
vx-underground
 @vxunderground
26 Feb 2023
Minneapolis public schools says it is facing technical issues following an encryption event (meme #2)
20
218
5
1,535
dercraig - @dercraig@infosec.exchange retweeted
Corey Quinn
 @QuinnyPig
15 Feb 2023
Rebranding Linode as “Akamai Connected Cloud” is just replacing words with dumber words until and unless @Akamai replaces @linode’s API with a surly hungover 22-year-old named Jason making changes via ServiceNow helpdesk tickets.
This tweet is unavailable
3
6
3
72
dercraig - @dercraig@infosec.exchange retweeted
Alice Climent @AliceCliment
7 Jan 2023
I asked ChatGPT to write a diss track against Blue Teamer 😭 : Verse 1 You're a CERT analyst, trying to defend But your tactics are just pretend You sit behind a screen all day But you can't handle the hack when it comes your way 1/6
13
55
12
327
dercraig - @dercraig@infosec.exchange retweeted
Justin Elze
 @HackingLZ
6 Jan 2023
Thanks
67
218
40
2,804
Load more