shellsharks

@shellsharks@infosec.exchange

Infosec researcher | Find me @ https://shellsharks.com

#fedi22 #infosec #cybersecurity #tech #indieweb #apple searchable

Profile picture: A red shark holding a terminal window shaped like a surfboard. The terminal reads “> whoami shellsharks”

https://keyoxide.org/FA7AC5E3626AEF016A5AD0BB172E73E0A585273E

This profile is from a federated server and may be incomplete. Browse more on the original instance.

shellsharks, to random

The first 100 people to star this toot shall have their Mastodon handle forever enshrined on this page https://shellsharks.com/starsharks. A can't miss opportunity to be sure.

*Remember to star first before boosting to ensure you reserve your spot! 😆

shellsharks, to blogging

Discovered this cool post --> https://lu.is/2024/01/after-twitter/ <-- from @luis_in_brief while exploring @molly0xfff 's drop-your-blog thread (https://hachyderm.io/@molly0xfff/111908294962007998). It has some great tips for those still orienting themselves with the Fediverse. Check it out!

shellsharks, to SmallWeb

My new blogroll is live! https://shellsharks.com/blogroll

These are a list of blogs/sites I read and recommend. They are great!

Featuring @adeptsof0xcc @ApisNecros @flamed @jcrabapple @sophie @macstories @theverge

This is something I will continue to maintain and add to as I discover new cool blogs and re-discover those I've been subbed to via RSS.

shellsharks, to random

I've been following @404mediaco since they went live last year and this most recent post from @jasonkoebler (https://mastodon.social/@jasonkoebler/111823811997186188) and the team there really got me thinking. (That toot links to https://www.404media.co/why-404-media-needs-your-email-address/).

They've had some incredible stories and scoops over the last couple months. I see all the headlines come through Mastodon or RSS and I say "wow that's crazy”, or “dang, I never knew that”, but that doesn't always translate into me fully reading the post. Maybe I don't have time to read it, maybe I mean to but then forget, in other cases I think the story is interesting but doesn't necessarily impact me specifically. But these stories are meant to be read, they need to be read, maybe not by me all the time, but by someone… in reality, A LOT of someones if you ask me. Everything they call out in terms of rampaging AI theft, social network decay, traditional journalism in freefall, etc... is no joke. I'm seeing it happen each day and it is in fact quite troubling.

I'll admit, I've always relied on the free-ness of stuff on the web and as a result have been somewhat reluctant to choose creators/publications to support. But given the state of the web, HELL, the state of the world, I really can't justify that any more. I want to see more of what 404 produces, and to help ensure that, I plan to support that end. I've also been working on a list of other causes, publications, etc... to support as this I feel is an ever precarious point in time. (If you have any suggestions I would be interested in hearing what you believe could use the support - comment or DM me).

So what's my point? I suppose it's support what you like, what's impactful, what's important to not just you but to everyone, otherwise it may vanish. The world has changed and I need to as well.

shellsharks, to random

At least Microsoft and HP are getting hacked by a cool-sounding threat actor like "Midnight Blizzard" and not something lame like "Cinnamon Sleet", which sounds more like a seasonal Starbucks beverage.

shellsharks, to infosec

My writeup on MITREs “Crown Jewels Analysis”.

https://shellsharks.com/crown-jewels-analysis

shellsharks, to kbin

Uh oh, @jerry might get ideas when he finds out a new / / competitor has dropped…

https://discuss.online/post/4522403

shellsharks, to infosec

What are some of your favorite indie websites out there?

Bonus points: What makes them your favorite? Are there aspects of the site (other than good content) that makes you like them?

Extra bonus points: Are there any -specific sites that stand out to you?

I am redesigning and adding functionality to my site and am looking for ideas to improve. Thanks!!

shellsharks, to infosec

May be cold in NoVA today but remains hot! Here’s some great new accounts I've discovered, followed and have been enjoying recently.

shellsharks, to ai

When we find out God is an AI singularity that created humans to replace itself only to have us humans create AI to replace ourselves. ♾️

shellsharks, to CSS

I can’t overstate how much I hate . Extremely humbling trying to do anything resembling good, “modern”, responsive . Been working on some heavier under-the-hood changes to my -based and wow my eyes and soul hurt.

A related question, anyone ever implement full-body text search on a static site / Jekyll site before? I’ve been looking into maybe lunr.js…

shellsharks, to lemmy

Wrote a “guide” to / last year after Reddit went full enshittify.

https://shellsharks.com/threadiversal-travel

If you’re interested in checking out a -based alternative to Reddit, come check out infosec.pub! It hosts a number of communities including one I’ve stood up for / !

https://infosec.pub/c/cybersecurity

shellsharks, to infosec

The 1/12/23 edition of my cool accounts I’ve discovered recently !

Though I certainly find new accounts through boosts by those I already follow, I *mostly find these accounts by scrolling the (infosec.exchange) Local timeline. It’s a gold mine!

shellsharks, to mastodon

I wrote this “guide” / thoughts on after re-joining the Fediverse in November 2022 (soon after some sort of Twitter-related crisis). This coincided with one of the larger migrations of folks to Mastodon.

https://shellsharks.com/mastodon

I have kept this post semi-updated with a lot of interesting Mastodon/Fediverse-related resources as well as information for the infosec community here.

shellsharks, to random

The botsin.space instance hosts a bounty of interesting bot accounts. I’ve been perusing the local feed for a few days to find accounts that make me laugh or bring me some other tiny joy. Here’s some of my favorites…

  • @colours
  • @cosmic
  • @dune
  • @dungeon_junk
  • @exoplanets
  • @fauxo_bell
  • @fullofstars
  • @Guid_Waster
  • @inthiseconomy
  • @lucasarts_places
  • @magic
  • @magicitems
  • @MarioVariants
  • @osxthemes
  • @prophetootiae
  • @rpgitem
  • @scream
  • @SpaceEmojisBot
  • @spellbookimp
  • @theRaven
  • @tiny_forests
  • @truequotation
  • @wizard_roll_call
  • @xkcd

shellsharks, to random

I wanted to see the instance breakdown of the folks I follow on Mastodon so I exported the .csv, tossed it in Numbers and pivot-tabled the following data.

With a current total of 853 followed accounts, my top instances are as follows...

  • infosec.exchange: 626
  • mastodon.social: 51
  • ioc.exchange: 16
  • defcon.social: 12
  • hachyderm.io: 11
  • fosstodon.org: 9
  • bird.makeup: 7
  • hackers.town: 7
  • haunted.computer: 6
  • chaos.social: 4
  • mastodon.online: 4
  • infosec.town: 3

*This account mostly follows infosec folks so this breakdown makes a lot of sense 😅

shellsharks, to infosec

Here are the number of “named vulnerabilities” per year (based on data I’ve captured here - https://shellsharks.com/designer-vulnerabilities). Vulnerabilities are counted for a given year based on A. what their CVE ID is, or B. If they don’t have a CVE, when the original article about that vuln was posted.

  • 1998: 1
  • 1999: 1
  • 2002: 1
  • 2003: 1
  • 2009: 3
  • 2011: 2
  • 2012: 3
  • 2013 [1]: 3
  • 2014 [2]: 13
  • 2015: 11
  • 2016: 11
  • 2017: 17
  • 2018: 19
  • 2019 [3]: 42
  • 2020: 66
  • 2021: 72
  • 2022: 98
  • 2023 [4]: 70

[1] I feel most of the vulns 2013 and prior were named after-the-fact.

[2] The year of Heartbleed, which is imo when this whole vuln naming madness really began.

[3] 2019 we start to see a big spike in folks naming their vulnerabilties.

[4] 2022 was a local peak for named vulns with 2022 coming back down to 2021 levels.

Make of this data what you will.

#infosec

shellsharks, to infosec

Here are some cool accounts I’ve discovered recently. Sharing for

shellsharks, to mastodon

Adding some more info to my “Mastodon starter pack” resource…

These are my personal “top tips” (10 total) for getting started with / using . (More info in the linked page below)

  • When you come across an interesting post, Bookmark or otherwise save it! Finding old posts can be devilishly tricky.

  • Add a profile picture, short profile description and make an intro post (using the hashtag) and pin that post to your profile. While you’re at it, if you have a personal/professional web site, link to your site in your profile and use Mastodon verification on the site!

  • Mastodon posts can be issued as “Unlisted” which prevents that post from showing up in people’s timelines. This is useful for replies with little useful context and for long multi-post threads, preventing you from spamming peoples feeds.

  • If you are on a small or mid-sized, somewhat focused instance, make sure to leverage your “Local” feed to find interesting content and accounts.

  • Boost interesting posts, especially those from accounts with smaller followings. We are the algorithm and discovery is made a lot easier when people share. Plus it makes the original poster feel good and gives their account exposure which is nice.

  • Use a third-party Mastodon client. The first-party client is imo woefully underpowered. There are lot’s of great clients to choose from! (e.g. @ivory, @IceCubesApp, @mammoth, @trunksapp, @SoraSNS, etc…)

  • Follow accounts when you see something interesting from them. It’s easier to unfollow accounts later that you no longer like than it is to find interesting accounts after the fact. Hashtags are also a great source of discovery.

  • Want engagement? Want followers? Try engaging with posts and following people rather than posting into the void.

  • Bootstrap your feed by leveraging an importable follow list. (I’ve provided some in the linked resource.)

  • Optional: Enable search for your account! This is an opt-in feature but is great for people to help find you and your posts.

https://shellsharks.com/notes/2023/10/20/infosec-mastodon-starter-pack

shellsharks, to SEO

I’m experiencing a Google / robots.txt issue of some kind. According to my Google Search Console, my site (shellsharks.com) is crawlable and indexable, but it is blocked because of my robots.txt file. When inspecting the robots.txt file WITH the Google search console it says everything is fine and I should not be blocked. Up until recently, I had a “noindex” meta tag in my HTML markup but have since deleted that line so that shouldnt be an issue any more. Anyone have any ideas why Google still believes my site is blocked by robots.txt? Is this just a wait until Google can organically crawl my site again after having deleted the noindex meta tag?

Appreciate any help! Right now nothing on my site is findable it seems via Google which is kinda a bummer =/.

shellsharks, to infosec

@mammoth @kylewritescode I’ve been trying to discover new and interesting accounts and have wanted to get some use out of the /cybersecurity curated list on but in its current state I don’t find it very useful or high-signal. The feed is dominated (at times) by some AI cyber bot thing “cyberfeed” and “Beyond Machines” and some other high-volume posters who only post about infosec a small percentage of the time. It’s also littered with reply posts that are not useful in isolation (even if the parent post is relevant to infosec). How often is this list updated? I’d be happy to help with curation. My timeline is very high-signal on all things infosec & cybersecurity fwiw.

I love the idea of the curated lists and appreciate all the time that’s gone into working on it so far though!!

shellsharks, to mastodon

Anyone know of a app that has some sort of “for you”-style algorithmic timeline feature? I’d be interested in perusing something like that from time to time to surface content / accounts that are buried in the fediverse. I’m familiar with curated feeds and some other clients have a “popular” function but need something more specific to my interests. Thanks!

shellsharks, to blogging

Hello helpful friends of the Fediverse! I am considering a major rearchitecture of my site, https://shellsharks.com (and adjacent properties) and wanted to get some advice/tips from the wider , , , , communities out here. (Sorry for the long read!)

Currently, my site is hosted on Github Pages which uses for static site generation. I've been using this for nearly 5 years and for the most part have no complaints. The service has decent uptime, is pretty customizable (custom CSS, JS, etc...) and after all this time I am pretty comfortable using it. Some things I am interested in though in terms of re-architecting...

  • Fediverse / ActivityPub compatibility - has gone live with their AP plugin and sites like micro.blog (I think) have some direct AP functionality. I'm interested in exploring this but it's not necessarily a must-have. More on Fediverse point of presence later...

  • IndieWeb functionality - I've baked in as much IndieWeb stuff as I can reasonably do with Jekyll hosted on Git Pages but would be interested in WebMention and other more advanced capabilities if offered by another platform / static-site generator.

  • I've toyed with the idea of self-hosting the blog (on AWS or something), while still using an SSG of some kind. There could be some benefits with adding more dynamic content or having more autonomy over my site but not sure if it'd be worth additional costs or headache trying to manage.

  • Writing (or generally producing "content") has always been something I do out of pure enjoyment but I've considered trying to monetize in some way. What are some platform considerations if I wanted to monetize say, a podcast, newsletter, video courses, premium articles, etc...

--

Other adjacent properties I'm looking to "re-design"...

  • My is currently hosted on , which I have liked so far but I'd like to further embrace the Fediverse so have considered moving to . Any advice on hosted vs. self-hosted? Are there other non-Castopod fediverse options?

  • As of right now, my presence in the Fediverse is mostly on infosec.exchange where I post stuff from my site. I've considered hosting my own instance of Mastodon (or something similar) to be my main account or even just as an official "shellsharks the site" account. I've seen accounts of people going down this path and ultimately bailing due to costs, time overhead, etc...

--

If there are noticeable benefits to making any significant changes I'd be willing to take that on as a project for 2024. Otherwise, I might just stick with what I have and focus on writing/research =). Thanks so much to anyone who takes the time to read / respond!

shellsharks, to infosec

It’s , here’s some new accounts I’ve followed recently that im enjoying…

@ittavern
@0x3c7
@scottpiper
@blu3r4y
@brett
@funes
@ghozt
@raphaelrobert
@richi
@uplinc
@oct0xor
@goldbe
@rmceoin

shellsharks, to infosec

My compendium on the multitude of threat modeling methodologies out there. https://shellsharks.com/threat-modeling

It features quite a few frameworks currently! (With more planned for the future)

  • Microsoft Threat Modeling
  • PASTA
  • OCTAVE
  • Trike
  • LINDDUN
  • VAST
  • NIST SP 800-154
  • OWASP TMP
  • TARA
  • IDDIL/ATC
  • hTMM
  • QTMM

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • tacticalgear
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • Durango
  • cubers
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • ngwrru68w68
  • kavyap
  • GTA5RPClips
  • provamag3
  • ethstaker
  • InstantRegret
  • Leos
  • normalnudes
  • everett
  • khanakhh
  • osvaldo12
  • cisconetworking
  • modclub
  • anitta
  • tester
  • megavids
  • lostlight
  • All magazines
    •