Hacker Newsnew | past | comments | ask | show | jobs | submit | alp1n3-dev's commentslogin

You're saying a psychiatrist in the U.S. would put their license to practice at stake and write fake disability notes? This would also continuous documentation as long-term disability would be through the company's provider, who don't operate in an easy peasy 1 letter and you're good system, they require a ton of paperwork up front and continuous supporting paperwork for a valid medical claim that can be supported by patient evidence. They even have their own doctors on staff verifying these claims. Those insurance companies are itching to find a reason to stop covering someone / deny long-term payments.


To get a better AppSec perspective, you can always do some more offensive/red team oriented training. PortSwigger (makers of Burp Suite) have their free security labs online, and other places like HackTheBox exist. Familiarize yourself with the OWASP WSTG and take a gander at the OWASP Top Ten + cheat sheets.

There's not going to really be a great "bootcamp", but if you wanted some credentials you could grab a SANS cert if your company is willing to fund it, or HTB has two levels of AppSec certs too. The makers of the OSCP also have the OSWE, but these are all very offsec focused training for pentesters.

In terms of more defensive certs, I think Amazon has some that involve DevSecOps, same with Azure and GitHub, so those might be good things to snag along the way.


Hi, alp1n3-dev. That was informative, thank you. Do you have any suggestions for getting hands on experience in a real world setting that is practical?


Is the bug bounty through a platform like HackerOne / Bugcrowd? Or do they just have a private VDP and the money is a bonus on top?


It isn't a "new" botnet, but just continued use of a rotating array of available addresses. Some are enterprise and will be upfront (as you've observed), some less so.

Different devices also enable this, as mentioned in the comments. Smarthome / IoT devices, cable-brand router/APs, etc. There are also services for rotating residential proxies, that are essentially breaking the ToS of the companies in charge of them, but they trade/buy new IPs constantly.

The larger scale a site is indexed at, the more you'll see this traffic pick up. CloudFlare has rules that can help with it, and you can get stricter with them if you know your audience / customer base via whitelists; geo (can be circumvented ofc, but quiets the noise), user-agent, http version, etc. For the more broad ones, just immediately prompt a challenge if you don't want to outright drop/block them.

It's been this way for a while, LLMs have made it worse, but there was already a ton of garbage requests / scanning going on.


Thanks!


The time to sell a VSCode fork for 3B was a week ago. If someone wants to move off of VSCode, why would they move to a fork of it instead of to Zed, JetBrains, or a return to the terminal?

Next big sale is going to be something like "Chrome Fork + AI + integrated inter-app MCP". Brave is eh, Arc is being left to die on its own, and Firefox is... doing nothing.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: