Activity
Noted:
A hashtag for asking questions to the infosec Fediverse
What does the #infosec / #cybersecurity (or infosec-adjacent) community think of “establishing” a go-to hashtag for asking infosec-related questions? Something like #AskSecFedi or #AskFediSec? Personally I think the latter has a better ring to it but curious what others think. I’ve seen a lot of people in the community ask...
published March 14, 2024 Noted:
You have something to say, someone will listen
@stefan Oh man, the “Nothing to put there” crowd hits home. That and the much-related (but not listed here) “no one will care what I have to say / no one will read” crowd. To anyone who matches these descriptions or has these feelings, know that you…
published March 13, 2024 Changed:updated March 17, 2024 12:00 pm EST
Weekly Changes 3/11/24-3/17/24
March 15, 2024
- 26 new infosec blogs this week
- Added Should I click?, Movies For Hackers & Radar | Cloudflare to infosec tools list
- Added MSTIC to infosec team names note
- Added pages.casa to IndieWeb post
- Added Fediverse Fans to Mastodon post
March 14, 2024
- Added FediScanner to Mastodon post
- Added Calypso Labs to online training list
- Introduced ARCHITECTURE.md (as a redirect for now)
March 13, 2024
- Added ASERT to infosec team names note
- Added Indie Map to IndieWeb post
- Added JustMyToots to Mastodon post
- Added a Well-Known change password file
- Added K8S Lan Party to online training list
- Added HexWalk & Marker to Mac tools post
- Added Malpuse, Homemetry, Webhook.site & Insult passphrase generator to infosec tools list
- Added GhostRace to named vulns list
- Added Ibis to Fediverse page
Changed:updated March 10, 2024 12:00 pm EST
Weekly Changes 3/4/24-3/10/24
March 4, 2024
- 3 new infosec blogs this week
- Added WebDev Finds Box & The 88x31 Archive to IndieWeb post
- Added ArtPrompt to named vulns list
- Added Exploit Observer to infosec tools list
Noted:
The basics of infosec are not basic
@[email protected] I’ve always said something very similar with regard to infosec disciplines that many regard as “junior” or “easy”. Vulnerability Management is one such role that I think is pretty easy to get started in (and many in security do) and for many considered to just be something that is...
published March 3, 2024 Journaled:
Captain's Log, Entry: February 28, 2024
New pages, internet features, some new TV and a few resolution followups.
published February 28, 2024 Changed:updated March 3, 2024 12:00 pm EST
Weekly Changes 2/26/24-3/3/24
March 3, 2024
- 34 new infosec blogs this week
- Added Living Off the Living Off the Land to infosec tools list
- Added Nekoweb, About Ideas Now & Resources List for the Personal Web to IndieWeb post
- Published /Ideas page
March 1, 2024
- Added Silver SAML to named vulns list
- Added Feeds All Around to RSS post
February 28, 2024
- Published February Captain’s Log entry
February 27, 2024
- Added Shim Shady to named vulns list
- Added VulnCheck XDB, VulnCheck Advisories & VulnCheck KEV to infosec tools list
February 26, 2024
- Added EML Analyzer to infosec tools list
- Added Zip Slip to named vulns list
Noted:
Web feed makeover
I’m a big fan of RSS 1, as well as a very large consumer of these types of feeds. I’ve had some RSS feeds exposed on this site for some time but only recently learned about some new ways to spruce up how these feeds are displayed. I came across...
published February 21, 2024 Noted:
Fedicard 1st-gen
Check out this awesome tool to create “Fedi Trading Cards”. Check out others cards by following #FediCard on Mastodon!
published February 20, 2024 Changed:updated February 25, 2024 12:00 pm EST
Weekly Changes 2/19/24-2/25/24
February 25, 2024
- 25 new infosec blogs this week
- Added dogbolt.org to infosec tools list
February 23, 2024
- Added Living Off the Pipeline & Linux Kernel CVEs to infosec tools list
- Updated RSS feed tags
- Added Roll your own RSS to RSS post
- Added SlashAndGrab to named vulns list
February 22, 2024
- Added command-not-found.com to infosec tools list
- Style guide is live
February 21, 2024
- Added Fediwall & Fedi Trading Card Maker to Fediverse page
- Added DMARC Checker to infosec tools list
- Added Captain’s Log feed to Feeds page
February 20, 2024
- Updated Component Checklist
- Added VoltSchemer to named vulns list
- Debut of my FediCard
February 19, 2024
- Added PrintListener & COLD-Attack to named vulns list
Noted:
Invest in the threadiverse
@pu Reddit is (very unfortunately) still where people spend a lot of time, but I agree that it sucks and people should avoid giving them any more content they can then feed into these dumb AI machines.
published February 17, 2024 Noted:
Shellsharks.com, a visual history
The site has gone through some notably major visual/aesthetic revisions since it was first established in 2019. Though I work continuously on the site making changes as I go, I consider these three particular moments in time to be the three major “versions” of the site from a visual sense....
published February 15, 2024 Changed:updated February 18, 2024 12:00 pm EST
Weekly Changes 2/12/24-2/18/24
February 18, 2024
- 26 new infosec blogs this week
- Added KEV Catalog Dashboard & Zero-Day Tracking Project to infosec tools list
- Added EM Eye to named vulns list
February 17, 2024
- Added MMS Fingerprint to named vulns list
February 16, 2024
- Added sPACE Attack to named vulns list
- Added OpenFollow to Fediverse page
- Feeds page is live!
February 15, 2024
February 14, 2024
- Added Digital Defense to infosec tools list
- Added MonikerLink & Snap Trap to named vulns list
February 13, 2024
- Added KeyTrap to named vulns list
February 12, 2024
- Added Analytodon & Metricdon to Mastodon resources
- Added smolweb & Glitch to IndieWeb post
- Published Starsharks
Noted:
Linkedin's value to me
@simonroses Linkedin provides minimal, but some value…
published February 11, 2024 Changed:updated February 11, 2024 12:00 pm EST
Weekly Changes 2/5/24-2/11/24
February 11, 2024
- 28 new infosec blogs this week
- Added Ransomwatch to infosec tools list
February 10, 2024
- Added EventLogCrasher to named vulns list
February 9, 2024
- Added URLAbuse to infosec tools list
- Added prose.sh | pico.sh, Bear, Mataroa, Smol Pub, Montaigne & Haven to IndieWeb post (thanks Manuel Moreale!)
- Added FediGroups.social to Fediverse page
- Added Robb Knight to blogroll
- Added MastoFeed to Mastodon resources
February 8, 2024
- Added EFF | Tools from EFF’s Tech Team & Magic Sign On to infosec tools list
- Added Proton Mail to Mac tools post
- Debut of new Blogroll page
February 7, 2024
- Added Posthaven & Scribbles to IndieWeb post
- Added What using RSS feeds feels like to RSS post
February 6, 2024
- Added Leaky Vessels and this to named vulns list
- Added Tuba & these Collections of Mastodon resources to Mastodon post
Noted:
Thoughts on chips
Jumping in on the chips thought-train 1, 2, 3, 4 (Warning: Hot takes ahead…)
published January 29, 2024 Changed:updated February 4, 2024 12:00 pm EST
Weekly Changes 1/29/24-2/4/24
January 29, 2024
- 7 new infosec blogs this week
- Added Illustrated TLS 1.3 Connection
Journaled:
Captain's Log, Entry: January 28, 2024
Shellsharks 3.0 is live! On the surface, it won’t look like much, but underneath I changed quite a bit so the site would be more accessible, more robust and easier to add things to in the future. For readers, you’ll notice a new, snappier hamburger menu, and more consistent /...
published January 28, 2024 Noted:
How I decide to follow back
@adamshostack My how-I-follow strategy kinda looks like this…
published January 27, 2024 Noted:
On supporting 404 Media and what's important
I’ve been following @404mediaco since they went live last year and this most recent post from @jasonkoebler and the team there really got me thinking. (That toot links to https://www.404media.co/why-404-media-needs-your-email-address/).
published January 26, 2024 Noted:
How the Internet discovers my site
@john_fisherman Hey! I read your post here and wanted to let you know about my own experience as a random writer on the web (understanding that everyone’s experience differs). I started my blog in 2019 and expected to never really get any interest from people in terms of reading, using...
published January 23, 2024 Changed:updated January 28, 2024 12:00 pm EST
Weekly Changes 1/22/24-1/28/24
January 28, 2024
- 21 new infosec blogs this week
- Added ARTToolkit
- Fixed up note layout
- Cleaned up Pro icons
- Published January Captain’s Log entry
January 27, 2024
- Added IsRSSDead? to RSS post
- Added Mimestream to Mac tools post
January 26, 2024
- Updated What’s on my iPhone
- Updated /uses and /now pages
- Clear button on search page
- Reordered hamburger menu links
- Updated roadmap
- Added resume to pro page
- Published supports section
- Added Running a Mastodon instance entirely free forever to Mastodon post
- Added hosting section to IndieWeb post
January 25, 2024
- Added Cloud Threat Landscape & CSIDB to infosec tools list
- Added RTP bleed to named vulns list
- Added Cloud Threat Landscape to threat modeling post
January 24, 2024
- Added RUSTSEC to threat modeling and infosec tool posts
- Added Sys:All to named vulns list
- Upgraded search to lunr.js
January 23, 2024
- Added What Should I Patch & Known Exploited Vulnerabilities (KEV) Catalog to infosec tools list
- Added HashTag Place to Mastodon post
- Added MavenGate to named vulns list
- Added Curlie, i.webthings directory, 32-Bit Cafe Directories & Listings, IndieWebify.Me & 32-Bit Cafe to IndieWeb post
- Added feedle to RSS post
January 22, 2024
- Added The Cybersecurity Researcher’s Seedbox to Getting into infosec post
Noted:
AI creates humans, humans create AI
When we find out God is an AI singularity that created humans to replace itself only to have us humans create AI to replace ourselves. ♾️
published January 19, 2024 Changed:updated January 21, 2024 12:00 pm EST
Weekly Changes 1/15/24-1/21/24
January 21, 2024
- 14 new infosec blogs this week
- Added LVE Repository to my threat modeling post
- Added MyFlaw named vulns list
- Added a11y-webring.club, Hotline Webring, Retronaut & Max Böck blogroll to IndieWeb post
January 19, 2024
- Added Things with RSS Feeds you might not have known about to RSS post
- Added Lemmy Apps to to threadiverse post
- Added fedisecfeeds to infosec tools list
- Added Old’aVista to IndieWeb post
- Published /now page
- /blogroll now links to my list of IndieSec blogs!
January 18, 2024
- Launch of Shellsharks 3.0
- Added SMTP Smuggling, Sleep Attack, Winshock & ConnectAround to named vulns list
- Added FeedSeer to Mastodon post
January 16, 2024
- Added PixieFAIL & LeftoverLocals to named vulns list
January 15, 2024
- Added YARA Validator to infosec tools list
- Added Emulate to Exploitate to online training list
- Added TSSHOCK to named vulns list
Noted:
IndieWeb search engine
@mikehaynes Definitely a lot of attempts at #IndieWeb / #smallweb search engines/repos/lists. I’ve (somewhat poorly) tried to capture a lot of them here… https://shellsharks.com/indieweb.
published January 12, 2024 Noted:
Using bird.makeup as a canary
Pro Tip: If for whatever reason you still have a Twitter/X account but don’t really use the platform, follow it from here using bird.makeup. This way, if you ever DO see something from there, you’ll know it was hacked somehow 😅. Because apparently getting your X account pwned is something...
published January 12, 2024 Changed:updated January 14, 2024 12:00 pm EST
Weekly Changes 1/8/24-1/14/24
January 12, 2024
- 31 new infosec blogs this week
- Added IndieWeb search engines to IndieWeb post
January 10, 2024
- Added KyberSlash to named vulns list
- Added Alien Labs & Keen Security Lab to infosec team names note
January 9, 2024
- Added voidshock named vulns list
- Added YARA Toolkit to infosec tools list
- Updated No AI labeling
January 8, 2024
- Added ooh.directory
Noted:
Bots in space
The botsin.space instance hosts a bounty of interesting bot accounts. I’ve been perusing the local feed for a few days to find accounts that make me laugh or bring me some other tiny joy. Here’s some of my favorites…
published January 6, 2024 Noted:
Mastodon follows by instance breakdown
I wanted to see the instance breakdown of the folks I follow on Mastodon so I exported the .csv, tossed it in Numbers and pivot-tabled the following data.
published January 6, 2024 Noted:
Named vuln counts by year
Here are the number of “named vulnerabilities” per year (based on data I’ve captured here). Vulnerabilities are counted for a given year based on A. what their CVE ID is, or B. If they don’t have a CVE, when the original article about that vuln was posted.
published January 5, 2024 Noted:
Evangelizing Mastodon
I’ve decided to dedicate 95% of my #Threads personality to yammering on about #Mastodon / the #fediverse and why people should #joinmastodon (and abandon Threads). As an example, here is my most recent plea to the #infosec folks of Threads to create Mastodon accounts and invest their social time here...
published January 2, 2024 Changed:updated January 7, 2024 12:00 pm EST
Weekly Changes 1/1/24-1/7/24
January 6, 2024
- Added SPACE-SHIELD to my threat modeling post
- Added SRI Hash Generator & Shodan Exploits to infosec tools list
- Added Sockstress to named vulns list
- 3 new infosec blogs this week
January 5, 2024
January 3, 2024
- Added Segfault to infosec tools list
January 2, 2024
- Added “host a community” to Cyber Clout page
- Added ntlm.pw to infosec tools list
Noted:
Absolute Firefox CSS fun
Ok, are there any #webdev #css #webdesign #webdeveloper folks out there who can help me with this annoying #firefox issue? On basically every browser I’ve tried, the text I’ve positioned under this icon on my home page (https://shellsharks.com) appears correctly. But on FF, it floats kinda above the icon. From...
published December 31, 2023 Journaled:
Captain's Log, Entry: December 30, 2023
After all this time I finally got Covid. Right before Christmas so perfect timing and definitely messed up a bunch of plans. Had about 28 hours of awful symptoms but since then have felt fine. 0/10 don’t recommend.
published December 30, 2023 Noted:
Rearchitecting shellsharks
Hello helpful friends of the Fediverse! I am considering a major rearchitecture of my site, https://shellsharks.com (and adjacent properties) and wanted to get some advice/tips from the wider #indieweb, #blogging, #openweb, #webdev, #webdevelopment communities out here.
published December 22, 2023 Noted:
Hopes for the infosec community on Mastodon
@cxiao @jerry #3 for me. I’d love to see the #infosec community that has found shelter here, STAY here. For holdouts on X, I hope they decide to eventually come here when that service inevitably dies rather than go to the next behemoth centralized platform. I realize many will be...
published December 16, 2023 Noted:
Annual holiday hack tradition
My unfortunate annual infosec holiday season tradition…
published December 8, 2023 Noted:
Don't forget the A in CIA triad
@nf3xn I definitely agree that infosec folks often forget or discount the importance of “A” here. This is somewhat mitigated by the fact that the non-infosec components of IT, operations teams and the SRE discipline all are concerned with A as well. This allows infosec folks to put it third...
published December 8, 2023 Changed:updated December 31, 2023 12:00 pm EST
Monthly Changes 12/1/23-12/31/23
December 31, 2023
- 46 new infosec blogs
- Added Catodon Mastodon post
December 30, 2023
- Published December Captain’s Log entry
December 29, 2023
- Revoked access to cohere and anthropic bots in robots.txt
December 28, 2023
- Added Triangulation to named vulns list
- Added IOCParser to infosec tools list
December 27, 2023
- Added WEAKPASS to infosec tools list
December 23, 2023
- Added CTI.fyi to infosec tools list
- Added FeedLand to IndieWeb post
- Added RetSpill to named vulns list
December 22, 2023
- Added Fedigov.eu to Mastodon post
December 21, 2023
- Added Lopseg
- Updated infosec instances on Mastodon post
- Added GREAT to infosec team names note
December 19, 2023
- Added Cybersecurity Incident Tracker & VISS Calculator to infosec tools list
- Added Zoom VISS to my threat modeling post
- Added Wet Noodle to the IndieWeb post
December 18, 2023
- Added omg.lol, maple.pet & The “Cheap” Web to the IndieWeb post
- Added Terrapin Attack to named vulns list
- Added Fedi on Fire 🔥 to Mastodon post
December 14, 2023
- Added EMB3D to Future Methodologies list
- Added QuadAttack to named vulns list
December 7, 2023
- Added Vedere Labs to Security Team Names
- Added Sierra:21 & 5Ghoul to named vulns list
December 6, 2023
- Added AutoSpill to named vulns list
December 5, 2023
- Added SLAM to named vulns list
December 4, 2023
- Added Cyber Triage | DFIR Training to online training list
December 1, 2023
- Added badfiles to infosec tools list
- XMAS!
Noted:
NaBloPoMo 2023 wrap-up
Welp! That’s a wrap on NaBloPoMo 2023. To sum it all up, the experience was certainly challenging but also a great way for me to write about a variety of different topics. Here’ some other mini-takeaways from the past 30 days…
published November 30, 2023 Noted:
Shellsharks.com operating costs
Running an indie blog isn’t expensive! See what it costs me to run Shellsharks below!
published November 29, 2023 Noted:
Functions of engagement and discovery
@matthew_d_green On Mastodon, engagement is often a function of how many followers you have, discovery however is a function of who you follow and how many people you follow. My advice, follow more people —> discover more stuff! You can always prune folks later if you decide you don’t like...
published November 28, 2023 Journaled:
Captain's Log, Entry: November 27, 2023
NaBloPoMo, Framework, Super Mario Wonder, and my gym debacle - what a pickle!
published November 27, 2023 Noted:
Are LinkedIn follows weird?
@cfiesler There are plenty of either completely fake profiles or “influencers” who are hoping for a follow-back to grow their own radius. But LinkedIn is a professional networking site, nothing really weird about a stranger in your field or an adjacent field looking to connect with you. Especially if you’re...
published November 24, 2023 Noted:
How to spend my time off
I’ve got ~4 months of leave coming up and am mentally lining up how I would like to spend it and what (if anything) I could attempt to accomplish given I have the time. Here’s what I got…
published November 24, 2023 Noted:
Retro gaming with Delta
Update: Delta is now available natively on iOS/iPadOS!
published November 22, 2023