|
Paul MaudDib posted:Way to beg the question. In the real world, Hmmm yes ransomware wouldn't spread if people stopped doing the things you listed please tell me more.
|
# ¿ May 1, 2016 15:30 |
|
|
# ¿ Apr 20, 2024 02:19 |
|
The NSA doesn't need to backdoor AV, the vendors already do that without their help by writing poo poo software.
|
# ¿ May 3, 2016 00:48 |
|
Mustache Ride posted:Hey this is good news: http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/ It is. There are not going to be many victims however who haven't either a) restored from backup b) paid ransom or c) accepted the loss of their files, AND kept their encrypted files around.
|
# ¿ May 19, 2016 16:28 |
|
Frozen Peach posted:I just sent a follow up email. I realize a couple of days isn't long enough for a fix, but I wasn't sure if I should expect to hear back from them or not, or how insistent I should be in finding out a resolution time. It depends on the organization really. Tbh 48 hours is nothing for large organizations and it's a bit naive to think that your issue will be escalated to the proper persons right away. I mean, it should be, but that just means they don't have a good process for this and then you're just another email that needs to work it's way through the machinery of the corporate behemoth. Very often it will end up at someone who doesn't understand the problem or who does but isn't mandated to do something about it right away. Then even if you get the proper attention there is the change process itself which may take months for the fix to trickle though the various change requests, procedures, change review boards, maintenance windows, etc Luckily a lot of organizations these days have a responsible disclosure policy and process which should prevent these kinds of problems. But often they don't. In your case, well it depends on how important you think it is i.e. the amount of effort you're willing to put in. It might take a lot of persistency to be taken seriously. So you have emailed them and haven't received anything after 48hrs you might try emailing them again. Then again after a week. If you don't get a response you might look on their website or linkedin for a more appropriate contact within IT or IT security. Maybe you want to email the CISO or CTO directly. Depending on the country there are organizations that can help you get their attention, such as US-CERT or CERT/CC in the US, NCSC-UK in the UK, etc. They usually handle only government and critical infrastructure but they can also assist in contacting an unresponsive company if the vulnerability has enough impact. One last thing, don't be surprised if this gets quietly fixed without acknowledging your efforts. It sucks but it happens. Corporations suck. There is always full disclosure on Twitter. I totally understand why people do that.
|
# ¿ Jun 5, 2020 07:35 |
|
Yeah that seems very reasonable. So far it's going well. You got a response, it's been forwarded to the proper team (presumably), and a fix within a week or two is pretty normal. This is pretty smooth as far as vulnerability disclosures go.
|
# ¿ Jun 5, 2020 07:42 |
|
Hey let's be fair and real, this poo poo is hard. Fine grained authorization is very difficult problem, not only technically (which is the easy part) but moreso organizationally. It's very hard to keep track of who needs to do what exactly, and to keep that information up to date.
|
# ¿ Jul 24, 2020 06:49 |
|
Internet Explorer posted:There are so many loving false positives that it's just an avalanche of garbage unless you put an absolute enormous amount of time into it. This is true for any security product tbh
|
# ¿ Jul 31, 2020 08:55 |
|
EVIL Gibson posted:As someone that is taking it now, it got way different. You can't use metasploit metapeter for the test, but nothing stops you from breaking down the ruby code its based on to upload a stack smashing executable you made and manually trigger the exploit. You can use meterpreter on one machine in the exam. Once you use it, it's locked to that machine wether the exploit is successful or not. So choose wisely. Imo I'd use it for a windows privesc you're struggling with because that poo poo is obnoxious and msf has a bunch of stuff to make that way easier.
|
# ¿ Sep 3, 2020 03:32 |
|
Achmed Jones posted:You don't need meterpreter for anything on the exam. You can use it if you really want, but it's by no means necessary. If you really need it, you goofed True, but there is no reason to limit yourself if you're smart about it. If there is a machine that you're struggling with and you know there's a module that does what you're trying to do effortlessly you can save yourself a lot of time. There's no shame in using it if you think you need to. Just make drat sure to choose wisely.
|
# ¿ Sep 3, 2020 08:21 |
|
RFC2324 posted:I thought all it was is a collection of external scripts brought together in one handy tool? It is that but meterpreter is very powerful since it automates away a lot of things for you. When you get a session established you can attempt several local privilege escalation methods automatically, migrate the process away from the unstable exploited process to a more stable one, load modules in memory like mimikatz, open up port forwards for pivoting to other networks, etc. All of which you can do manually, but it's just plumbed together really well and very easy to use. Way less error prone etc. Which is a plus when it's 4AM and you're tired. I'm not some kind of metasploit fanboy or anything but it definitely gets dunked on way too much because some people say it's not 1337 enough or whatever.
|
# ¿ Sep 3, 2020 16:27 |
|
Mopp posted:I'm trying to do a couple of OSCP like boxes, but I'm stuck at privesc on a particularly difficult box. Kernel exploits are generally the last thing I would try to do tbh. That php-dns thing looks VERY suspicious so I would definitely focus on that. spankmeister fucked around with this message at 22:36 on Sep 6, 2020 |
# ¿ Sep 6, 2020 22:32 |
|
This all seems a bit convoluted for the average OSCP-like boot2root VM. It should be simpler than that I would think.
|
# ¿ Sep 8, 2020 17:39 |
|
Subjunctive posted:Why did I wait until I was old to start to do CTF stuff? I've been doing the overthewire basic stuff and it's puzzle fun that rewards decades of accumulated software trivia. Wait till this guy gets a load of Hack the Box
|
# ¿ Sep 9, 2020 23:01 |
|
Subjunctive posted:yeah I doubt I’ll ever be good enough to race or otherwise compete, but they’re fun puzzles to wake up in the middle of the night with an answer to I had this happen with a pwnable the other day and it's hilarious when it does.
|
# ¿ Sep 11, 2020 08:36 |
|
Yeah it's a doozy. Here's a writeup by the person who discovered the bug: https://www.secura.com/pathtoimg.php?id=2055
|
# ¿ Sep 15, 2020 08:26 |
|
Well, you can probably embed one null in your input. If the palindrome check function keeps the null bytes intact the strcpy after it will copy up to and including the null byte and discard the rest. So you'd just make an input that has your desired eip address at the end including the null byte, then just mirror everything and stick it behind to pass that check. Not sure if it'll help in this case but on 32 bit that would be enough to get into the 0040XXXX range and you'd be golden.
|
# ¿ Sep 19, 2020 11:50 |
|
Mopp posted:From what I've found it's not possible to input null bytes using bash, so I'm currently stuck on that. The problem is visible in the first post. Ah yeah it's taking input from an argument, not stdin. I overlooked that part.
|
# ¿ Sep 19, 2020 12:54 |
|
You could try fuzzing the api endpoint with a wordlist to discover functionality.
|
# ¿ Sep 28, 2020 09:16 |
|
e: nvm im wrong
|
# ¿ Oct 12, 2020 23:10 |
|
BaseballPCHiker posted:Sorry should've been more specific MITRE ATT&CK. It's gaining more and more traction in the industry and honestly it's not bad as far as using it to classify attacker behavior.
|
# ¿ Oct 28, 2020 21:42 |
|
Hunting is when you to look for malicious activity based on certain indicators, without necessarily having any indication that you've been compromised by some alert or somesuch. Usually you have a bunch of IoC's* for one or more intrusion sets that you want to focus on and you go digging inside your network for them. *Indicators of Compromise, so file hashes, IP addresses, yara rules, snort rules, certain event log codes, etc.
|
# ¿ Nov 5, 2020 07:23 |
|
gently caress off seraph
|
# ¿ Dec 2, 2020 12:05 |
|
I used to be all about responsible disclosure, but I have since changed my opinion. Some companies just don't deserve it.
|
# ¿ Dec 5, 2020 00:25 |
|
Having dealt with a fair number of Responsible Disclosures and Coordinated Vulnerability Disclosures myself, I can tell you that sometimes it's really not worth the time and effort. Because it really takes a lot of time and effort to do RD. Some companies just don't respond, or they threaten to sue. I totally understand why some researchers feel the only way to achieve your goal (get vulnerability fixed) is to embarrass a company publically.
|
# ¿ Dec 5, 2020 01:43 |
|
Brute forcing? The creds were in a pdf accessible to the entire internet.
|
# ¿ Dec 5, 2020 02:24 |
|
Sickening posted:In-loving-credible. Just goes to show that everybody gets got at some point.
|
# ¿ Dec 8, 2020 22:47 |
|
xtal posted:I do remember making PHP sites when I was like 12 where the password was hashed like md5*md5*sha1*md5*sha1. What are the odds someone else will have the same pattern? Someone who knows how to find and exploit a local file inclusion vulnerability which is inevitably present in your 12 year old programmer code.
|
# ¿ Jan 20, 2021 22:27 |
|
I did SANS 660 and the GXPN exam and while I have some issues with the selection of topics covered in the course, it is absolutely a technical course.
|
# ¿ Feb 4, 2021 19:31 |
|
Yes you can just put wireshark on the tunnel interface and you will capture everything going in and out of the tunnel in plain text.
|
# ¿ Feb 11, 2021 22:20 |
|
CryptoAPI NG/ BCrypt _is_ the library in place. The default crypto library for windows. OP I am not qualified to answer this because I'm not a professional developer but with counter modes like CCM or GCM the nonce is very important. It has to be random and unique for each message. This is because those modes are effectively using AES as a keystream generator and XOR-ing this with the plaintext, and with stream ciphers it is very bad if the keystream is the same for two messages because you can XOR those again and recover parts of the keystream.
|
# ¿ Feb 26, 2021 10:01 |
|
CyberPingu posted:Oh...my...christ It's an unlisted video, right?
|
# ¿ Mar 1, 2021 11:16 |
|
FungiCap posted:Edit2: yeah I apologize, F5 is clearly trying to down play an issue that is more severe than they are presenting. Never take F5 on their word for anything.
|
# ¿ Mar 11, 2021 10:29 |
|
droll posted:Seems all a bit silly. Maybe I'm just too new to 'big security'. Looks like it
|
# ¿ Mar 12, 2021 07:52 |
|
Defenestrategy posted:Personally I'm not sure what my price would be responsible to wake up and do poo poo possibly. Do you even want engineers working on critical poo poo with no sleep? I've done it and it sucks but I just took things a bit more slowly and it's fine. The worst part is getting back to sleep.
|
# ¿ Mar 12, 2021 07:59 |
|
droll posted:Speaking as a silly big security person that just runs scans, generates reports and acts like they're helpful? I'm sure. You're just being reactionary to the big takeover and the new company butting in and changing everything, usually not for the better. I get that, I would probably do that too. But downloading ISO's from China and Russia to elicit some response is juvenile and insulting to the intelligence of their security people. Which might be deserved, but it's still lame af. Imo, try to be constructive instead. Or just GTFO that's what I'd probably be doing.
|
# ¿ Mar 12, 2021 08:03 |
|
One thing I _really_ dislike about debian based systems is that it always enables and immediately starts any service you install. And then also apt by default installs recommended and suggested packages, which often can pull in all kinds of daemons like exim, apache, samba, whatever. Not a good combo.
|
# ¿ Mar 15, 2021 22:55 |
|
Boris Galerkin posted:So I called Fidelity to close my brokerage account with them. The machine had me put in my social security number. So far, normal. What's the password length requirements? e: also, try logging in on their website sometime with your password in the wrong case, I'm willing to bet it's case insensitive. spankmeister fucked around with this message at 07:36 on Apr 1, 2021 |
# ¿ Apr 1, 2021 07:33 |
|
The Iron Rose posted:I still don’t know what “industry vertical” means. Isn’t it literally just the industry type? Could you not just say “industry”? Why in god’s green earth do we call powerpoints decks???? We used to use literal decks of literal slides and a projector for presentations. Hope that helps you sleep comrade.
|
# ¿ Apr 24, 2021 08:36 |
|
Here's my prediction: This was NOT a nation state attack, they just got hit with ransomware. They lost control because their OT and IT networks are basically flat. Don't even @ me about false flags.
|
# ¿ May 8, 2021 21:29 |
|
|
# ¿ Apr 20, 2024 02:19 |
|
Iirc you can copy the text of any dialog box in windows if you click on it (not any of the buttons but the window itself) and hit Ctrl+C
|
# ¿ May 13, 2021 07:54 |