As a pentester, if I see XML in HTTP I start crying.

Login pages ;D

I had a colleague at work years ago who did his Master’s thesis on network scanning. He ran a PoC in the company’s network and had all the printers print hundreds of pages.

We learned that printers suck and that we should always know our payloads and targets 😁

Check out openvas.

https://github.com/greenbone/openvas-scanner

I use Nessus professionally, they are somewhat similar. I can’t decide which one has the worse user interface.

I’m a big fan of hashcat for this use case myself! I route it through WS, however. I like being on the bleeding edge.

The firewalls are all backdoored too!

Jia Tan is most definitely not a person, just the publicly facing account of a group of people.

What is the trail of crumbs? Just some random email accounts?

This was in a big part a social engineering attack, so you can’t really avoid contact.

Who is Ian?

… could.

Or he (and anyone else) could go and do one of 20000 other potentially way more interesting things with their life.

Imagine that?

Marketing™️ I guess? :P

But probably because YOU don’t have to fuck around with servers, for you it’s just an upload of a function.

Instead of spinning up a classical server like Apache or IIS for what you need, you just write a single function that you can bind to an endpoint and just host that - the rest is abstracted away from you.

Since the other people don’t seem too helpful to you, we can gladly setup a meeting and see where it goes :) I don’t have exeprience in all these software like TrueNAS you’re using but I have a lot of experience in a lot of other things, so I’m sure I’ll be able to help!

Check out nuclei or maybe greenbone.

Option 2, because once you start thinking about the ways your stuff could be stolen (“threat modelling”) you’ll see that realistically it’s the easiest option.

I think they replied to the wrong post - there was another question somewhere about a safe PDF reader.