Skip to main content

Educator, instructional technologist, tinkerer, musicmaker, hauler of bootstraps

networkeffects.ca

twitter.com/grantpotter

flickr.com/photos/grantpotter

onename.com/grantpotter

Grant Potter

https://newrepublic.com/article/146399/year-robots-came-jobs “The real source of robot anxiety isn’t the android’s uncanny mimicry of human movement. It’s American capitalism, which forces workers to experience employment as a zero-sum conflict. (When Americans aren’t afraid robots will take our jobs, we’re afraid immigrants will.) We fight hard to keep our jobs because we know that if we’re out of work, we’ll have no way to provide for ourselves or earn social respect. That’s been true for much longer than we have been dreaming of automated production.”

Grant Potter

Grant Potter

https://irlpodcast.org/episode3/ "we are hired by corporations to cyber-disrupt day to day business of their competition .. the purpose was to lock files to delay a corporation's production time to allow our clients to introduce a similar product into the market first."

Grant Potter

Grant Potter

http://interferencearchive.org/ "the mission of is to explore the relationship between cultural production and social movements."

Grant Potter

Grant Potter

@Rancher_Labs - easily manage all aspects of running containers in development and production environments, on any infrastructure http://rancher.com

Grant Potter

http://wiki.p2pfoundation.net/Peer_Production_License "The peer production license is an example of the type of license, in which only other commoners, cooperatives and nonprofits can share and re-use the material, but not commercial entities intent on making profit through the commons without explicit reciprocity."‬

Grant Potter

Tactics, Techniques, and Procedures

  • He identified peripheral web servers via Google and Linkedin searches
  • Used known WordPress flaws and custom bugs to compromise PHP sites
  • Linux authentication mechanisms were altered to capture credentials
  • Nmap was used to identify exposed network services internally
  • Corporate Wikis revealed administrative workflows and VPN details
  • Ticketing, bug tracking, and version control systems provided secrets (e.g. cryptographic keys, seeds, hashes, credentials, and source code)
  • Cookies from weak non-production instances (e.g. staging) were valid in production as cryptographic materials were the same — bypassing 2FA
  • Client certificates (exposed by email, ticketing, or lifted from filesystems) were combined with known credentials to access corporate VPNs
  • Engineering credentials were used to commit backdoors to version control which were self-approved and later deployed into production

Grant Potter