|
It was probably a signed integer overflow is all
|
# ? Oct 21, 2018 05:02 |
|
|
# ? Apr 25, 2024 18:56 |
|
ThePagey posted:So this question is going to be pretty vague, if only because I have literally 0 experience with the practical application of things beyond theory at this point and am going to be spending the next few months learning as I go, but I'm transitioning into a new role modernizing small business' security solutions and am curious what you guys think the best practices to implement might be. Assume I'm a complete loving idiot, if you don't mind (because I am), Honestly? Look at maybe getting Office365 E5 licenses and going full cloud based. You get so many simple-to-use DLP tools in a turnkey manner, and Defender ATP is maybe the most turn-key-see-results pseudo-SIEM/automated-DFIR tool you can buy right now if you're completely in a M365 environment.
|
# ? Oct 21, 2018 14:48 |
|
I have hosed around enough with a client totally in 365 to know that, especially for someone with zero starting experience, your quickest path to passable defence is going to be to use a cloud environment that already does most of the hardest work (building detection response orchestration flows, consuming logs from your desktop and server fleet and actually building out decent alarms and investigation views with them, securing email, securing file sharing and implementing conditional access, MFA....) ....for you.
|
# ? Oct 21, 2018 14:54 |
|
Triple post, but at best all that one person can do by themselves is set up a bunch of security products that do jackshit with each other, get old, and utterly fail to secure the environment against anything more intricate than a dictionary attack against your file shares. Security requires buy-in and experience from every element of your infra team: your network employee, your storage and backup employee, every server toucher and developer, etc. If you don't have that, move to a every-feature-you-could-need cloud and call it a day. Or just keep pretending that a perimeter VPN and an unpatched ASA make you secure. If I woke up one morning and found myself magically in your position and couldn't quit, I would immediately want everything valuable in a cloud that by default is significantly more secure than what I've got presently, because suddenly the greatest bottleneck is my focus and attention. I don't have the ability to stop time so I can spend months and years learning the environment then building out desktop security logging, then bring network logging into it, then auto response orchestration with whatever hodgepodge of IdP exists, then build out MFA and maybe integrate it with a few LoB apps that were first implemented on this side of 9/11, then write clear practices/policies for the server touchers and devs, then audit those regularly to get them actually followed, then visit network/perimeter security and learn the network was built around the assumption that bad actors would be stopped at the perimeter firewall, then harass devs about getting code review and unit testing up to a standard higher than "well, we're done when it runs," then finally have a moment to open a single incident investigation out of 658,971,201 false alarms created since I had to divert my attention completely away from whatever stupid SIEM I set up at the beginning of all of this that's been utterly incapable of providing any value whatsoever because I hadn't had time to log into it since before my great-grandchildren were born and the nobody else feels any responsibility for keeping it up to speed. Potato Salad fucked around with this message at 15:41 on Oct 21, 2018 |
# ? Oct 21, 2018 15:02 |
A paper on Reverse Engineering x86 Processor Microcode [PDF] has just been published, which may be of interest to some of you.
|
|
# ? Oct 23, 2018 15:12 |
|
This blog post might align with the interests of this thread. Vectorized Emulation: Hardware accelerated taint tracking at 2 trillion instructions per second
|
# ? Oct 23, 2018 20:41 |
|
Saukkis posted:This blog post might align with the interests of this thread. Thank goodness a person no longer has to manually inspect all those taints.
|
# ? Oct 23, 2018 20:48 |
|
It’s the 10 year anniversary of MS07-067. https://twitter.com/Trustwave/status/1054842313955074053
|
# ? Oct 23, 2018 23:10 |
|
What would be a reasonably secure way to do email that does not require much from the receiver (no PGP etc)? I want to send an email and not have it be easily traceable back to me as the the sender for a third party monitoring the receiver. I don't mind if the receiver knows who I am or anything.
thotsky fucked around with this message at 23:24 on Oct 26, 2018 |
# ? Oct 26, 2018 23:22 |
Biomute posted:What would be a reasonably secure way to do email that does not require much from the receiver (no PGP etc)? I want to send an email and not have it be easily traceable back to me as the the sender for a third party monitoring the receiver. I don't mind if the receiver knows who I am or anything. Public computer where you sign up for a free email account?
|
|
# ? Oct 26, 2018 23:30 |
|
rafikki posted:Public computer where you sign up for a free email account? Yeah, that works. Thanks!
|
# ? Oct 26, 2018 23:59 |
|
rafikki posted:Public computer where you sign up for a free email account? Reported for cyber terrorism
|
# ? Oct 27, 2018 00:25 |
|
Diva Cupcake posted:It’s the 10 year anniversary of MS07-067. gently caress Trustwave.
|
# ? Oct 27, 2018 00:25 |
|
Don't touch computers in the United States
|
# ? Oct 27, 2018 01:10 |
|
Potato Salad posted:Don't touch computers
|
# ? Oct 27, 2018 01:12 |
|
Potato Salad posted:Don't
|
# ? Oct 27, 2018 01:24 |
|
Well, this is promising. Now if all the other poo poo-tier AV engines would follow suit, I'd be much more comfortable with AV in general. https://twitter.com/taviso/status/1055876544768425985
|
# ? Oct 27, 2018 01:28 |
Volguus posted:gently caress Trustwave. I'd like to hear more
|
|
# ? Oct 27, 2018 01:46 |
|
|
# ? Oct 27, 2018 02:04 |
|
rafikki posted:I'd like to hear more I interviewed with them. Really incompetent-looking interviewers. That's fine, they are not probably my future bosses. Before starting the interview process salary promised was around X$. After the interview process I get an offer with X-10%. Say what? "Oh, you get 10% in bonuses if the company meets its targets. It has always happened in the last 10 years. " Thanks, but no loving thanks.
|
# ? Oct 27, 2018 06:02 |
|
rafikki posted:free email account I notice that a few email services now require phone number verification unless they can otherwise associate you with a known identity via tracking cookies. Protonmail has completely anonymous registration, though.
|
# ? Oct 27, 2018 06:53 |
|
EssOEss posted:I notice that a few email services now require phone number verification unless they can otherwise associate you with a known identity via tracking cookies. Protonmail has completely anonymous registration, though. Probably because if they didn’t, they’d be blacklisted, and a lot of their outgoing e-mails would wind up in the receivers’ spam boxes.
|
# ? Oct 27, 2018 19:06 |
|
Double Punctuation posted:Probably because if they didn’t, they’d be blacklisted, and a lot of their outgoing e-mails would wind up in the receivers’ spam boxes. Does that happen to Protonmail?
|
# ? Oct 27, 2018 19:10 |
|
Biomute posted:What would be a reasonably secure way to do email that does not require much from the receiver (no PGP etc)? I want to send an email and not have it be easily traceable back to me as the the sender for a third party monitoring the receiver. I don't mind if the receiver knows who I am or anything. Go the Maniford route, don't send the email, just save it in the drafts folder and send the login information instead Is not securing the email per se, but if you're just shooting to send it from an alternative email address, VPN service to mask your public IP + private browsing session (not cookied and traceable back to you), + temporary email service like inboxbear, or of all things, Yahoo aliases/disposable email addresses. The Yahoo one is actually fairly decent, use a Google voice number or something to register for the Yahoo email.
|
# ? Nov 1, 2018 12:32 |
|
OSU_Matthew posted:Go the Maniford route, don't send the email, just save it in the drafts folder and send the login information instead
|
# ? Nov 1, 2018 13:25 |
|
Just use tor and yandex mail (no phone verification)
|
# ? Nov 1, 2018 14:09 |
|
Just don't do crime.
|
# ? Nov 1, 2018 14:50 |
|
Snail Mail
|
# ? Nov 1, 2018 15:54 |
|
There are no crimes involved. It just seems like a conscientious way of doing it.
|
# ? Nov 1, 2018 16:05 |
|
Biomute posted:There are no crimes involved. It just seems like a conscientious way of doing it. suuuuuuuuuuuuuuuuure quote:I want to send an email and not have it be easily traceable back to me as the the sender for a third party monitoring the receiver.
|
# ? Nov 1, 2018 16:47 |
|
OSU_Matthew posted:Go the Maniford route, don't send the email, just save it in the drafts folder and send the login information instead maybe don't my_crimes.txt this thread imo
|
# ? Nov 1, 2018 18:47 |
|
CLAM DOWN posted:suuuuuuuuuuuuuuuuure Okay, you got me. Cobra has been foiled again.
|
# ? Nov 1, 2018 18:51 |
|
CLAM DOWN posted:suuuuuuuuuuuuuuuuure They're probably just trying to give someone a heads up that they're being cheated on but want to remain anonymous. Although thinking about it, just using a junk account you make at home is sufficient unless you're trying to warn Melania that Donald's been cheating and don't want the feds to get you. Inept fucked around with this message at 19:02 on Nov 1, 2018 |
# ? Nov 1, 2018 18:57 |
|
Inept posted:They're probably just trying to give someone a heads up that they're being cheated on but want to remain anonymous. Seriously, unless the person you're sending this to can subpoena your provider (and had the interest to do so) you're probably fine. If you need to whistle blow the feds go show up to a local ACLU office in person and ask them to contact the EFF for you to help or something.
|
# ? Nov 1, 2018 19:23 |
|
Volmarias posted:Seriously, unless the person you're sending this to can subpoena your provider (and had the interest to do so) you're probably fine. If you need to whistle blow the feds go show up to a local ACLU office in person and ask them to contact the EFF for you to help or something. For everywhere in between, there's the stuff on https://www.privacytools.io/. There's a big assortment of recommended email providers. ProtonMail is, unsurprisingly, at the top of the list. I keep meaning to make a thread about how to be all sneaky-like with your browsing -- blocking ad trackers, and foiling browser fingerprinting, and how to use VPNs and whatnot. But, you know, .
|
# ? Nov 1, 2018 19:40 |
|
Powered Descent posted:I keep meaning to make a thread about how to be all sneaky-like with your browsing -- blocking ad trackers, and foiling browser fingerprinting, and how to use VPNs and coffeeshops and whatnot. But, you know, .
|
# ? Nov 1, 2018 19:45 |
|
Wiggly Wayne DDS posted:not only is it bad advice this'll get flagged even faster - there's automated intel systems to alert on this very specific activity chain I was just being facetious... Though, in all fairness, the investigators only found out about Maniford doing that after the recipient confessed while being interviewed, right? evil_bunnY posted:This is all extremely potent bad advice, especially if you're worried about LE. You want a shared machine on a shared network with a payment system that cannot track you. With enough threads, you can trace nearly anything back. Your shared machine could have a session logged and traced back to a hotel room stay or library card or credit card/security footage at an internet cafe, etc, it's just an extra investigative step. Just out of curiosity though, would it be device information collected by the browser or traffic collected by the ISP that would be considered traceable in this case? The google number would be an easy trace, that was bad advice. Or potentially the VPN service provider collecting information (since it should otherwise be encrypted from the ISP)? I'm just curious where that chain specifically unravels. From personal experience, I've noticed different pricing on airlines while using VPN + incognito, as well as Google's captcha not being happy when it doesn't have adequate cookie/screenshot information to identify you. Unless it's crimes worthy of federal investigation, I'm presuming most LE is still pretty unsophisticated, considering the volume of death threats and blatant criminal activity occurring on a daily basis that gets ignored from LE, even when personally asked to step in.
|
# ? Nov 1, 2018 19:59 |
|
OSU_Matthew posted:I was just being facetious... Though, in all fairness, the investigators only found out about Maniford doing that after the recipient confessed while being interviewed, right? And now you've got me thinking extra paranoid and devious. Let's say you were going to do something radioactively illegal on the internet, and expected the entire government intelligence apparatus to spare no expense tracking you down. Here's the most cautious and risk-averse method I can come up with: Buy a new laptop with cash and remove the hard drive. Install your favorite Linux (encrypted, of course) to an SD card or USB stick, and boot from that. Install VirtualBox and make a new VM that's running something reasonably common like Ubuntu. Leave absolutely everything, right down to the screen resolution, at the default settings, so that when you do your crime, there's nothing even resembling a unique fingerprint. Now set up your laptop's actual OS to use a good VPN -- you would of course not tell the VPN your identity and would pay for it by mailing cash in an envelope (using small bills that you got in change somewhere; bills out of an ATM might be logged), and only ever connect to the VPN via Tor). Now take your laptop to a coffeeshop that's not too close to home (if you're driving, park some ways off), get a drink (not your usual!) and pay with cash, then sit down, connect to the wifi (spoofing your MAC address, natch -- better still, use a USB wifi adapter that you bought with cash, and still spoof the MAC), fire up the VPN, start the VM, (double-checking to make sure it's going out via the the laptop's Tor/VPN connection and it isn't using anything like a virtual adapter to connect itself directly to the coffeeshop wifi) and do your crime. Go home, overwrite the USB stick you booted off of with random data before physically destroying it. If you used a USB wifi adapter, destroy that as well. For maximum security, disassemble and destroy the entire laptop. ...Yeah, this is probably about eight more layers of security than actual international spies use. But it's a fun thought experiment.
|
# ? Nov 1, 2018 21:00 |
|
i don't know where to begin on all the holes in that plan
|
# ? Nov 1, 2018 21:22 |
|
|
# ? Apr 25, 2024 18:56 |
|
Hehehe holes
|
# ? Nov 1, 2018 21:24 |