<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: 001spartan</title><link>https://news.ycombinator.com/user?id=001spartan</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Sun, 12 Jul 2026 06:04:37 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=001spartan" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by 001spartan in "The Coronavirus Is Here Forever"]]></title><description><![CDATA[
<p>The vaccines are not failing. They are incredibly effective at preventing infections _and_ reducing severity of breakthrough infections. The Delta variant is more easily transmitted and more likely to cause breakthrough infections, but that does not account for the majority of the surge [0]. It's largely a surge amongst unvaccinated populations, buoyed by a smaller proportion of breakthrough infections. The ease with which Delta spreads, combined with relaxed restrictions on gatherings and masking, accounts for the surge in infections.<p>Despite the decline in vaccine effectiveness (I've seen conflicting studies of how much this has changed), they're still incredibly effective compared to any other protection we have at the moment.<p>None of this changes the fact that people are going to continue to die until a higher proportion of the population receives a COVID vaccine -- and that we _can_ mitigate this through other measures. None of these things lead me to the conclusion that we should return to normal and accept an increased healthcare system burden and death rate.<p>[0] <a href="https://www.cdc.gov/mmwr/volumes/70/wr/mm7034e1.htm?s_cid=mm7034e1_w" rel="nofollow">https://www.cdc.gov/mmwr/volumes/70/wr/mm7034e1.htm?s_cid=mm...</a></p>
]]></description><pubDate>Mon, 23 Aug 2021 14:40:07 +0000</pubDate><link>https://news.ycombinator.com/item?id=28276463</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=28276463</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=28276463</guid></item><item><title><![CDATA[New comment by 001spartan in "The Coronavirus Is Here Forever"]]></title><description><![CDATA[
<p>Vaccines work. Vaccinated people are far less likely to contract COVID, and when they do they are far less likely to require healthcare resources beyond the standard treatments for someone who has the flu (stay home, rest, treat symptoms as needed).<p>Social distancing and masking work. They reduce the possibilities for spread between people -- not perfectly, but enough to reduce it to a manageable level for our current healthcare resources.<p>Saying that our current measures to combat the virus don't work is disingenuous at best, and a blatant disregard for everything we've learned from the past year and a half at worst.</p>
]]></description><pubDate>Mon, 23 Aug 2021 14:11:50 +0000</pubDate><link>https://news.ycombinator.com/item?id=28275990</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=28275990</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=28275990</guid></item><item><title><![CDATA[New comment by 001spartan in "The Coronavirus Is Here Forever"]]></title><description><![CDATA[
<p>I agree! But the issue is that where these processes exist they are not designed for the scale of the current pandemic, are too inconsistent when implemented, and rely on spare personnel that do not currently exist.</p>
]]></description><pubDate>Mon, 23 Aug 2021 14:07:33 +0000</pubDate><link>https://news.ycombinator.com/item?id=28275929</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=28275929</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=28275929</guid></item><item><title><![CDATA[New comment by 001spartan in "The Coronavirus Is Here Forever"]]></title><description><![CDATA[
<p>Building more hospitals is a long-term process. Training medical personnel is a long-term process. Emergency measures intended to bridge the gap are untenable politically, and people are dying because of it. Thousands of them per day.<p>The answer to this is not to say 'we can't fix the underlying issues right now, so we're not going to do anything'. The answer is to take measures that we _can_ implement until those longer-term solutions can come into play.</p>
]]></description><pubDate>Mon, 23 Aug 2021 14:04:06 +0000</pubDate><link>https://news.ycombinator.com/item?id=28275883</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=28275883</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=28275883</guid></item><item><title><![CDATA[New comment by 001spartan in "The Coronavirus Is Here Forever"]]></title><description><![CDATA[
<p>Returning to normal is a terrible idea when COVID patients are overwhelming hospitals across the world. How can things be normal if our healthcare systems are nearing collapse?<p>You might be willing to accept the risk of getting sick on your behalf, but by advocating a return to 'normal' before we have the capabilities to deal with this virus, you are advocating for putting even more stress on healthcare systems across the globe already on the verge of failure. There are patients in heavily-impacted areas who cannot access healthcare for other life-or-death concerns because hospitals are crumbling under the workload of COVID cases.<p>The article even states this; COVID is likely to reach endemic status eventually, but we are still nowhere near that. Ignoring it will have enormous costs on vulnerable populations  -- even more than it already has.</p>
]]></description><pubDate>Mon, 23 Aug 2021 13:54:24 +0000</pubDate><link>https://news.ycombinator.com/item?id=28275732</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=28275732</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=28275732</guid></item><item><title><![CDATA[New comment by 001spartan in "Microsoft says mandatory password changing is “ancient and obsolete” (2019)"]]></title><description><![CDATA[
<p>That's why those of us in the security industry have to say "compliance is not security" whenever PCI is brought up.</p>
]]></description><pubDate>Mon, 19 Apr 2021 19:13:54 +0000</pubDate><link>https://news.ycombinator.com/item?id=26866794</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=26866794</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=26866794</guid></item><item><title><![CDATA[New comment by 001spartan in "German BSI withholds Truecrypt security report"]]></title><description><![CDATA[
<p>Even Windows gets this wrong at times, with several UAC bypass techniques exposed by auto-elevating binaries. Still, Microsoft has done a great deal of work with the Windows privilege model to prevent things like this, and these issues are steadily being resolved.</p>
]]></description><pubDate>Mon, 16 Dec 2019 19:58:53 +0000</pubDate><link>https://news.ycombinator.com/item?id=21806567</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=21806567</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=21806567</guid></item><item><title><![CDATA[New comment by 001spartan in "Hack the Box – Pentesting Labs for Free"]]></title><description><![CDATA[
<p>1. Dozens (if not hundreds) of tools are used. It's all about personal preference, and what you're used to. Personally, I don't often use most of the tools you mentioned except Mimikatz; I use a commercial framework paired with many open source or private PowerShell scripts and .NET tools.<p>2. Something like evilginx2 can provide man in the middle functionality for stealing MFA tokens, or I try to find endpoints that have misconfigured or absent MFA.<p>3. It depends on the engagement. We like assumed breach scenarios because they're more effective for the time and money involved, but clients want entirely black-box engagements fairly often as well. Otherwise, I'll focus on using OSINT to develop a phishing target list, assuming I do basic scans against the organization's external network footprint and don't find anything egregious.<p>4. It's all about experience. You have to come up against the tools, and then see what works. It's really a lot of trial and error, though a lot of common bypass techniques will work against multiple products. There's no one-size-fits-all bypass.<p>5. Twitter, public Slack channels, and research performed by myself and my coworkers.<p>6. Learn soft skills. It's easy to teach someone how to do the technical part of the job, but you have to be able to communicate it to stakeholders. Technically, you should focus on the areas that interest you, but ensure that it's something used by the types of clients you're doing work for. It doesn't help to know the latest and greatest Linux attacks if none of your clients even know what Linux is. It doesn't help to be a badass web application pentester if you're expected to be able to move through a large Active Directory environment. Personally, I focus on Windows and Active Directory environments.</p>
]]></description><pubDate>Fri, 07 Jun 2019 18:32:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=20127394</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=20127394</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=20127394</guid></item><item><title><![CDATA[New comment by 001spartan in "When Grown-Ups Get Caught in Teens’ AirDrop Crossfire"]]></title><description><![CDATA[
<p>It is sexual assault to expose someone to unwanted sexual advances. It's the same thing as flashing. Why should someone be exposed to a picture of another's genitals when it's unwanted? It's forcing someone else to engage in a sexual way without consent, even if the only reaction is to block the sender, or look away.</p>
]]></description><pubDate>Thu, 06 Jun 2019 16:41:56 +0000</pubDate><link>https://news.ycombinator.com/item?id=20116244</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=20116244</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=20116244</guid></item><item><title><![CDATA[Not a Security Boundary: Breaking Forest Trusts]]></title><description><![CDATA[
<p>Article URL: <a href="https://posts.specterops.io/not-a-security-boundary-breaking-forest-trusts-cd125829518d">https://posts.specterops.io/not-a-security-boundary-breaking-forest-trusts-cd125829518d</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=18554395">https://news.ycombinator.com/item?id=18554395</a></p>
<p>Points: 1</p>
<p># Comments: 0</p>
]]></description><pubDate>Wed, 28 Nov 2018 18:50:07 +0000</pubDate><link>https://posts.specterops.io/not-a-security-boundary-breaking-forest-trusts-cd125829518d</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=18554395</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=18554395</guid></item><item><title><![CDATA[New comment by 001spartan in "Credit-Card Backlash Mounts as Kroger Weighs Expanding Visa Ban"]]></title><description><![CDATA[
<p>The Amazon Prime Visa gives 5% back on Amazon purchases.</p>
]]></description><pubDate>Wed, 01 Aug 2018 05:25:55 +0000</pubDate><link>https://news.ycombinator.com/item?id=17659931</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=17659931</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=17659931</guid></item><item><title><![CDATA[New comment by 001spartan in "Web Application Penetration Testing Cheat Sheet"]]></title><description><![CDATA[
<p>Automated tools can only discover so much, because there are always edge cases that tools won't be able to analyze or exploit. Human creativity is a big part of penetration testing, whether it's web application assessments or other types of penetration testing, because tools have false positives, and can't come up with creative bypasses for security measures in the way a human can.<p>You can definitely automate many parts of testing, especially enumeration steps, but any security professional knows that a tool is no substitute for a knowledgeable hacker.</p>
]]></description><pubDate>Mon, 02 Apr 2018 14:56:58 +0000</pubDate><link>https://news.ycombinator.com/item?id=16734964</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=16734964</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=16734964</guid></item><item><title><![CDATA[New comment by 001spartan in "Web Application Penetration Testing Cheat Sheet"]]></title><description><![CDATA[
<p>I can't speak for DNSDumpster, but a common technique I use to do subdomain enumeration is just brute forcing with a wordlist. By enumerating with a large enough wordlist, you can discover matching subdomains for a target domain.</p>
]]></description><pubDate>Mon, 02 Apr 2018 02:22:44 +0000</pubDate><link>https://news.ycombinator.com/item?id=16731832</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=16731832</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=16731832</guid></item><item><title><![CDATA[New comment by 001spartan in "Web Application Penetration Testing Cheat Sheet"]]></title><description><![CDATA[
<p>I think it's about on par with what developers earn for the same skill bracket and location. As a pentester, I don't think it's necessarily about having _more_ skill than developers, it's just a different set of skills.</p>
]]></description><pubDate>Sun, 01 Apr 2018 19:07:05 +0000</pubDate><link>https://news.ycombinator.com/item?id=16729869</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=16729869</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=16729869</guid></item><item><title><![CDATA[New comment by 001spartan in "Socially Engineering Myself into High Security Facilities"]]></title><description><![CDATA[
<p>When we use this technique (known as "tailgating") to break into client sites, we always recommend that the organization try to foster a culture of "trust, but verify". This means employees stopping people if they don't have their badges displayed, or showing unrecognized people to the reception desk, or closing the door behind you to make sure the next person has to badge in, even if they have a badge that looks plausible.<p>It's not an easy thing to learn to challenge people, but it's vital to maintain a good physical security posture. Employees need to feel comfortable challenging those who they don't recognize, and making sure that employees are part of an organization's security team is important.</p>
]]></description><pubDate>Fri, 20 Oct 2017 22:18:06 +0000</pubDate><link>https://news.ycombinator.com/item?id=15519485</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=15519485</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=15519485</guid></item><item><title><![CDATA[New comment by 001spartan in "Socially Engineering Myself into High Security Facilities"]]></title><description><![CDATA[
<p>That's very true. In many cases, that's even _perfectly fine_. Not every organization needs enough physical security to deter a determined attacker. The ones that do hire people like Sophie (or me), and take the lessons to heart. Even if the organization doesn't make changes to their physical security posture as a result, they know what to be aware of, and they know where their weaknesses are.<p>A lot of our security--both network and physical--is based on the illusion of security. One of the most important things that penetration testing does is to make organizations aware of the issues, to put the bug in their ear to remind them that security is important, and shouldn't be an afterthought. We see lots of organizations make material improvements to their security as a result of red team exercises. We also see a lot of organizations that don't. It's disheartening when that happens, but I like to think I help make a difference. The next data breach might be mitigated by our recommendations, or even prevented entirely.</p>
]]></description><pubDate>Fri, 20 Oct 2017 19:43:52 +0000</pubDate><link>https://news.ycombinator.com/item?id=15518639</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=15518639</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=15518639</guid></item><item><title><![CDATA[New comment by 001spartan in "Socially Engineering Myself into High Security Facilities"]]></title><description><![CDATA[
<p>I need about fifteen seconds of quality time with an unlocked computer before it belongs to me. Devices like the USB Rubber Ducky ( <a href="https://hakshop.com/products/usb-rubber-ducky-deluxe" rel="nofollow">https://hakshop.com/products/usb-rubber-ducky-deluxe</a> ) make it trivial to compromise unlocked systems within seconds. Stealing info can then be done at your leisure, from anywhere you have internet access.<p>Just because she skipped over some unimportant parts of the story doesn't mean she didn't have plenty of time after being shown around the building to accomplish her objectives. She does address this, too:<p>> I took FOREVER looking around this office space, and eventually they said their goodbyes because they had to go back to work. They had a strict policy of escorting visitors. But I had been seen walking around with trusted insiders so no one questioned me.<p>> I was free to take my time. I made myself at home. My main objective at this site was to weasel my way into private corner offices.</p>
]]></description><pubDate>Fri, 20 Oct 2017 19:08:31 +0000</pubDate><link>https://news.ycombinator.com/item?id=15518407</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=15518407</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=15518407</guid></item><item><title><![CDATA[New comment by 001spartan in "Socially Engineering Myself into High Security Facilities"]]></title><description><![CDATA[
<p>If you did this job, you would not be surprised by the ease with which you can pull off these sorts of things. I've been doing this for a couple years now, and it's terrifyingly easy to compromise data or physical security for organizations that really should know better.</p>
]]></description><pubDate>Fri, 20 Oct 2017 18:58:20 +0000</pubDate><link>https://news.ycombinator.com/item?id=15518338</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=15518338</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=15518338</guid></item><item><title><![CDATA[New comment by 001spartan in "Socially Engineering Myself into High Security Facilities"]]></title><description><![CDATA[
<p>This is exactly why penetration testers and red teams do these types of engagements. We like to emphasize that organizations need to assume they've been compromised by someone, and they need to constantly keep that in mind when they build security policies and technical controls. You can never keep a determined attacker out, but you can limit the damage that they can do, and make them spend more time getting in.</p>
]]></description><pubDate>Fri, 20 Oct 2017 18:56:00 +0000</pubDate><link>https://news.ycombinator.com/item?id=15518311</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=15518311</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=15518311</guid></item><item><title><![CDATA[New comment by 001spartan in "Another Ransomware Outbreak Is Going Global"]]></title><description><![CDATA[
<p>It also appears to be using common Windows lateral movement techniques based on credential stealing (namely WMI and PsExec), in addition to EternalBlue.</p>
]]></description><pubDate>Tue, 27 Jun 2017 17:06:06 +0000</pubDate><link>https://news.ycombinator.com/item?id=14647158</link><dc:creator>001spartan</dc:creator><comments>https://news.ycombinator.com/item?id=14647158</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=14647158</guid></item></channel></rss>