Breanne Boland breanneboland

## you-might-study.txt
# What I studied for my AppSec engineer interview in September 2019
This is what I read and studied to feel more prepared for my AppSec engineer interview. I came from an SRE background, so a lot of it is ops-focused.

* [Cracking Websites with Cross Site Scripting – Computerphile](https://www.youtube.com/watch?v=L5l9lSnNMxg)
* [Hacking Websites with SQL Injection – Computerphile](https://www.youtube.com/watch?v=_jKylhJtPmI)
* [How NOT to Store Passwords! – Computerphile](https://www.youtube.com/watch?v=8ZtInClXe1Q)
* [Circle CI Security Incident on 8/31/2019 – Details and FAQs](https://support.circleci.com/hc/en-us/articles/360034852194-Security-Incident-on-8-31-2019-Details-and-FAQs)
* [DNS Tunneling: how DNS can be (ab)used by malicious actors](https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors/)
* [A Technical Analysis of the Capital One Hack](https://blog.cloudsploit.com/a-technical-analysis-of-the-capital-one-hack-a9b43d7c8aea)
* [How GCHQ Classifies Computer Se

## Oblique DNS TXT Strategies
These are the contents of DNS TXT records I made for my !!con West 2020 talk: "You Can Put WHAT in DNS TXT Records?!"

At the time that I wrote these, they were all available as DNS TXT records attached to maybethiscould.work. You can get all of them with `dig txt maybethiscould.work`, or you could get just one at a time by choosing a number between 1 and 50 and using that as a subdomain. So `dig txt 3.maybethiscould.work` will yield a different single message than `dig txt 47.maybethiscould.work` will.

The messages are a mix of things inspired by what I've needed to unstick myself when a project - art, writing, code, anything - has stalled, but I need to keep moving. They have a rough theme of self-care, perspective change, and reaching to outside influences.

Ask them again.
If you still do not like it, maybe it is time to leave it.
Tilt your head (or the thing) and look at it 90 or 180 degrees off true.
Reconsider your use of something central. Social media is a good one, or anything that takes a signifi

## dod-glossary-bot-definitions.txt
/define OTA = !
/define ota = !
/define TSP = Transportation Service Provider (that is, a moving company)
/define tsp = Transportation Service Provider (that is, a moving company)
/define PM = TPM (in the government, a semi-technical role overseeing a contract for building software)
/define pm = TPM (in the government, a semi-technical role overseeing a contract for building software)
/define ACQ = Acquisition. Procures software.
/define acq = Acquisition. Procures software.
/define J6 = !
/define j6 = !

## bumpme
Fri May 5 21:44:04 UTC 2017

## guessing2.html
<script>
var guess;
guess = prompt("What color am I thinking of?");

switch(guess) {
  case 'yellow':
    alert("Mmm, nope, but it's half the answer.");
    break;
  case 'red':
    alert("Warmer. Slightly too warm, actually.")
	# What I studied for my AppSec engineer interview in September 2019
	This is what I read and studied to feel more prepared for my AppSec engineer interview. I came from an SRE background, so a lot of it is ops-focused.

	* [Cracking Websites with Cross Site Scripting – Computerphile](https://www.youtube.com/watch?v=L5l9lSnNMxg)
	* [Hacking Websites with SQL Injection – Computerphile](https://www.youtube.com/watch?v=_jKylhJtPmI)
	* [How NOT to Store Passwords! – Computerphile](https://www.youtube.com/watch?v=8ZtInClXe1Q)
	* [Circle CI Security Incident on 8/31/2019 – Details and FAQs](https://support.circleci.com/hc/en-us/articles/360034852194-Security-Incident-on-8-31-2019-Details-and-FAQs)
	* [DNS Tunneling: how DNS can be (ab)used by malicious actors](https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors/)
	* [A Technical Analysis of the Capital One Hack](https://blog.cloudsploit.com/a-technical-analysis-of-the-capital-one-hack-a9b43d7c8aea)
	* [How GCHQ Classifies Computer Se
	These are the contents of DNS TXT records I made for my !!con West 2020 talk: "You Can Put WHAT in DNS TXT Records?!"

	At the time that I wrote these, they were all available as DNS TXT records attached to maybethiscould.work. You can get all of them with `dig txt maybethiscould.work`, or you could get just one at a time by choosing a number between 1 and 50 and using that as a subdomain. So `dig txt 3.maybethiscould.work` will yield a different single message than `dig txt 47.maybethiscould.work` will.

	The messages are a mix of things inspired by what I've needed to unstick myself when a project - art, writing, code, anything - has stalled, but I need to keep moving. They have a rough theme of self-care, perspective change, and reaching to outside influences.

	Ask them again.
	If you still do not like it, maybe it is time to leave it.
	Tilt your head (or the thing) and look at it 90 or 180 degrees off true.
	Reconsider your use of something central. Social media is a good one, or anything that takes a signifi
	/define OTA = !
	/define ota = !
	/define TSP = Transportation Service Provider (that is, a moving company)
	/define tsp = Transportation Service Provider (that is, a moving company)
	/define PM = TPM (in the government, a semi-technical role overseeing a contract for building software)
	/define pm = TPM (in the government, a semi-technical role overseeing a contract for building software)
	/define ACQ = Acquisition. Procures software.
	/define acq = Acquisition. Procures software.
	/define J6 = !
	/define j6 = !
	<script>
	var guess;
	guess = prompt("What color am I thinking of?");

	switch(guess) {
	case 'yellow':
	alert("Mmm, nope, but it's half the answer.");
	break;
	case 'red':
	alert("Warmer. Slightly too warm, actually.")