Jump to content

Jonny Schnittger

  • Content Count

  • Joined

  • Last visited

  • Days Won

  • Invited by

    Kevin Beaumont

Jonny Schnittger last won the day on August 31 2019

Jonny Schnittger had the most liked content!

Community Reputation

9 Neutral


Personal Information

  • Bio
    Write of code, tinkerer of things, securer of stuff

Recent Profile Visitors

2,128 profile views
  1. Definitely, the ASVS makes a great set of security requirements for developers to keep in mind when getting started. @Daniel Cuthbert and co have done a great job with it
  2. We host a once/twice yearly meet-up in our offices (Walmart Labs, formerly Jet.com) on Dawson/Molesworth street. it's a couple of talks, then pizza and a beer. I might try to squeeze one in before the end of the year (closer to Christmas). There's also a quarterly (I think, could be twice a year) OWASP meetup (https://www.meetup.com/OWASP-Dublin/), a monthly infosec meetup (https://www.meetup.com/InfoSec-Dublin/) and then every so often other corporate events. Conference wise there are a few, BSides Dublin being the latest a few months ago.
  3. Home computers Gaming build is a Core I7 with 16GB of RAM There's a few laptops... ranging between 4 and 8GB of RAM The media center is Intel Atom d2550 with 4GB of RAM The workstation has 4 x Intel Xeon 6 core CPUs, 96GB of RAM and a bunch of SSDs Work Computers All laptops... I have 4 at the moment... Lenovo P51 with a Core I7 (desktop CPU), 32GB of RAM and 2 SSDs Dell Core I7 (8th gen) with 32Gb Dell Core I7 (9th gen) with 32Gb Lenovo Thinkpad X1 Yoga with 16GB of RAM
  4. I was asked for a LinkedIn version of the adblock... here you go https://github.com/JonnySchnittger/linkedin-adblock-chrome-ext

  5. The don't load files from disk anymore, you could still unpack the .asar file, modify and repack it... which is very easy to do... you still need local access. I wrote this for our red team to use on a campaign at some point. It's something that a lot of electron apps do, and they're all susceptible to asar modification. The problem of shipping your source with your product. I was also looking at embedding JavaScript inside the external .svg files the have on disk, but I couldn't find them actually being loaded. They specifically state local access is out of scope for their bug bounty, so it's something they've known about for awhile I would say.
  6. I got tired of all of the promoted ads in my timeline... Chrome/Opera CSS extension to collapse/hide them https://github.com/JonnySchnittger/twitter-adblock-chrome-ext

    1. james mckinlay

      james mckinlay

      now need the same for linkedin promoted ads

    2. Jonny Schnittger

      Jonny Schnittger

      ask and ye shall receive... this one is JavaScript though ... https://github.com/JonnySchnittger/linkedin-adblock-chrome-ext

  7. I recently blogged about gaining persistence and remote execution using the Slack client (local file injection). It's my first blog post in years and I'd appreciate any feedback or thoughts on it. Any and all feedback appreciated. https://medium.com/@JonnySchnittger/achieving-persistence-in-slack-through-local-file-injection-d1a54386f4f4
  8. Nah, just view it as a popularity contest... ;) @Thomas V Fischer v @Stephen Lord who will win?!
  9. I'm on a hunt to find the world's best Long Island Iced tea... It's a tough, thankless job but I struggle through it... Failing that a Whiskey Sour (with Egg white is a Boston Sour, fite me!) or an Old Fashioned I don't drink beer, so a regular drink would be Southern Comfort or Kraken rum with lemonade or something
  10. My personal favorite is when they don't respond. You know they got the notification, the issue is quietly fixed (or not lol) and nothing...
  11. Seriously, want to come work for a Fortune #1 company? You're in luck! Because we want to work with you! We have offices across the world and security is a big deal to us. We're hiring across the board. Check out https://careers.walmart.com and https://careers.jet.com to see if there's a match. Even if there's not, ping me. You never know you might be that candidate we make a role for. Locations Bentonville, AK, Sunnyvale & San Bruno, CA Austin, TX Hoboken, NJ Dublin, Ireland Want to know a little about us? Check out these stats! Walmart technology stats 2.2 million employees 265 million customers every week across 5 continents Petabytes of PCAPs Exabytes of Big Data Multiple data centers Over 1 million cores of compute power (of our own) Walmart security stats (per year) 6 trillion cyber events 14 million actual attacks 2 billion spam emails 230 million malware alerts 1.4 billion lines of code were reviewed ~10 billion lines of code scanned 5.1 million vulnerabilities re-mediated Associates have presented at Blackhat, DerbyCon, RSA and many more conferences
  12. Hi, I'm Jonny. I do stuff :) My background is in software development and architecture. I recently made the move across into application/product security, specializing in secure code, tooling and solutions.
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy