|
"We cannot run these tools on lie-nux because they will not run on lie-nux!" "Have you tried it?" "No we do not have lie-nux machine to try this applications on!"
|
#
?
Feb 7, 2017 21:41
|
|
|
|
| # ? May 17, 2024 17:03 |
|
|
cheese-cube posted:gently caress the hacking tools, that's prolly only a couple of GB at most. what's the rest of the data? probably downloaded some rainbow tables like a chump
|
|
#
?
Feb 7, 2017 23:12
|
|
|
i just found out there's a ps3/ps4/psp trend micro app that applies a filter to the console's web browser. there are two different filters and each comes with a $20 recurring monthly subscription. stay safe out there, https://esupport.trendmicro.com/en-us/home/pages/technical-support/psp-ps3-ps4-security/home.aspx
|
|
#
?
Feb 8, 2017 00:43
|
|
|
this thread has made me $100 richer, reported a vulnerability and it was accepted  keep posting cool poo poo i can read about and learn
|
|
#
?
Feb 8, 2017 00:56
|
|
|
and lol if they listen to my suggested fix in the report. i have no idea what I'm doing
|
|
#
?
Feb 8, 2017 00:57
|
|
|
dangling pointer posted:this thread has made me $100 richer, reported a vulnerability and it was accepted congrats
|
|
#
?
Feb 8, 2017 01:02
|
|
|
is it still sop for "internet security" suits to mitm ssl traffic with self-signed certs? like, i can't imagine a bigger way to make yourself less secure than that.
|
|
#
?
Feb 8, 2017 01:12
|
|
|
infernal machines posted:is it still sop for "internet security" suits to mitm ssl traffic with self-signed certs? Yep, gotta make sure no one is doing anything fun during work hours.
|
|
#
?
Feb 8, 2017 01:16
|
|
|
E: ^^^ I was like you once before. Then I learned I was being stupid. :/infernal machines posted:is it still sop for "internet security" suits to mitm ssl traffic with self-signed certs? MitM SSL strip isn't just about security, it's also about liability. In that regard it does what it needs to. I think F5 is one of the companies to stay away from. We reported some tls issues to them and they were huge cocks about how they know what they're doing (despite providing a poc exploit). We're working on our ssl decryption project now so I've been indulged in business meetings where it's made clear security is secondary to appeasing lawyers. But our biggest concern at the moment is industrial espionage. Winkle-Daddy fucked around with this message at 01:21 on Feb 8, 2017 |
|
#
?
Feb 8, 2017 01:19
|
|
|
better start epoxying those usb ports
|
|
#
?
Feb 8, 2017 01:31
|
|
|
I know I'm late to the party, but I don't think anyone said pounded in the butt by 50TB of NSA database yet You're welcome, mr. Tingle
|
|
#
?
Feb 8, 2017 01:37
|
|
|
lmao https://medium.com/@MisterCh0c/how-i-hijacked-top-celebrities-tweets-including-katy-perry-shakira-fca3a0e751c6#.9c15bd8su
|
|
#
?
Feb 8, 2017 02:04
|
|
|
just as surprised as he is that no one else thought of it
|
|
#
?
Feb 8, 2017 03:41
|
|
|
Crazy Achmed posted:I know I'm late to the party, but I don't think anyone said pounded in the butt by 50TB of NSA database yet 
|
|
#
?
Feb 8, 2017 03:44
|
|
|
Kuvo posted:just as surprised as he is that no one else thought of it i'm surprised i never thought of it considering i was scraping phone numbers off of it years ago
|
|
#
?
Feb 8, 2017 05:00
|
|
|
Winkle-Daddy posted:MitM SSL strip isn't just about security, it's also about liability. In that regard it does what it needs to. go ahead and MitM if you need to, but doing it on the end device with a self-signed cert seems like a terrible way to get there
|
|
#
?
Feb 8, 2017 05:28
|
|
|
coworker today: "it was giving me some kind of 'self-signed certificate' error but don't worry i took care of it" what did you do coworker, what did you doooooooo 
|
|
#
?
Feb 8, 2017 05:55
|
|
|
Winkle-Daddy posted:E: ^^^ I was like you once before. Then I learned I was being stupid. :/ Because MiTMing stops someone from exfiltrating all your secrets off your network MiTMs remain a bad idea.
|
|
#
?
Feb 8, 2017 06:14
|
|
|
ate all the Oreos posted:coworker today: "it was giving me some kind of 'self-signed certificate' error but don't worry i took care of it" disabled https prolly lol comedy option: he/she added the self-signed cert to the default domain policy so it will be added to the trusted store on all machines
|
|
#
?
Feb 8, 2017 07:11
|
|
|
Dylan16807 posted:go ahead and MitM if you need to, but doing it on the end device with a self-signed cert seems like a terrible way to get there end point or network device, either way you're throwing an engine on there to do the work and trusting some kind of cert to do it. mitm on the endpoint is a whole lot more cost effective when there's distributed cpu cycles to spare compared to dumping hundreds of thousands on dedicated gear that can handle gbps of traffic with minimal latency while still creating additional points of failure on the network
|
|
#
?
Feb 8, 2017 07:14
|
|
|
cheese-cube posted:disabled https prolly lol would this be really bad even on a company intranet site?
|
|
#
?
Feb 8, 2017 08:28
|
|
|
OSI bean dip posted:lmao  cheese-cube posted:comedy option: asked his mother to also sign the certificate
|
|
#
?
Feb 8, 2017 09:04
|
|
|
loll
|
|
#
?
Feb 8, 2017 09:17
|
|
|
omg
|
|
#
?
Feb 8, 2017 11:54
|
|
|
Fergus Mac Roich posted:would this be really bad even on a company intranet site? yes because you can't revoke a self-signed cert. also other reasons that i'm not immediately remembering.
|
|
#
?
Feb 8, 2017 13:05
|
|
|
is there a general best practices guide for bug bounties? like how to write good, informative reports so I don't waste the reviewers time? also a list of things you should never do like the guy on the recent risky business podcast who got banned from yahoo for exfiltrating data via a screenshot the guides on hackerone and similar sites are pretty brief. thanks whoever mentioned I should try bug bounties when I asked for advice earlier in the thread, I'm having fun with it
|
|
#
?
Feb 8, 2017 13:17
|
|
|
dangling pointer posted:is there a general best practices guide for bug bounties? like how to write good, informative reports so I don't waste the reviewers time? - log everything you did (including identifying poo poo like ip/mac/useragent/etc) - do not interact with data that's not yours (i.e. for facebook account hack, make two dummy facebook accounts, hacker and hackee, to work the bug out) - do not store things locally, to the best of your ability - even things like screenshots, file tree traversal logs, and so on - do not discuss whatever you found with anyone before the reviewer it is always better to giver reviewer more than enough data, than to leave them guessing. you do not want that
|
|
#
?
Feb 8, 2017 13:29
|
|
|
also could use some book recommendations, open to any topic really. so far ive read: reversing secrets of reverse engineering a bug hunters diary the web application hackers handbook i was thinking of getting the ida pro book and downloading the pro version via  to play with since I'm a poor student currently
|
|
#
?
Feb 8, 2017 13:35
|
|
|
standard rule of not checking the extent of a vuln just that it exists. always inform the security team of what you are doing, leave fixes up to them, recheck after they've said it's been fixed, etc far as books go i've yet to see any that aren't glorified tech ref manuals that are out of date prior to release
|
|
#
?
Feb 8, 2017 13:55
|
|
|
ate all the Oreos posted:coworker today: "it was giving me some kind of 'self-signed certificate' error but don't worry i took care of it" he generated a new properly named cert and signed it with your internal ca, right?
|
|
#
?
Feb 8, 2017 15:28
|
|
|
cheese-cube posted:yes because you can't revoke a self-signed cert. also other reasons that i'm not immediately remembering. you can put it into your untrusted certs and that will block it. self signed certs can be used safely but the effort involved to do so is way more than just using your internal ca correctly.
|
|
#
?
Feb 8, 2017 15:29
|
|
|
Shaggar posted:he generated a new properly named cert and signed it with your internal ca, right? he doesn't remember what he did  luckily it seems he only did whatever it was to a single VM that's not very important unluckily he did this like a year ago and it's been running like that since then
|
|
#
?
Feb 8, 2017 15:57
|
|
|
Shaggar posted:using your internal ca correctly. whoa, hey look at this, i think maybe you've identified the issue...
|
|
#
?
Feb 8, 2017 16:49
|
|
|
https://twitter.com/malwrhunterteam/status/828957753121112064 russians made a short writeup on this: - 0.085 btc bail (approx 90 usd) - uac bypass manipulates file type associations to create an elevated ransomware service works like this: - ipecho.net/plain and ipinfo.io/country are used to determine geoip - tor is downloaded and used for comms with cnc server - ransomware seeks documents with specific extensions - encrypts contents with aes, extensions with rot-23
|
|
#
?
Feb 8, 2017 17:10
|
|
|
Dylan16807 posted:go ahead and MitM if you need to, but doing it on the end device with a self-signed cert seems like a terrible way to get there And the better way would be to............?
|
|
#
?
Feb 8, 2017 17:32
|
|
|
dangling pointer posted:is there a general best practices guide for bug bounties? like how to write good, informative reports so I don't waste the reviewers time? some posts from a good friend of mine: https://medium.com/@collingreene/bug-bounty-5-years-in-c95cda604365#.qk9ip49db https://medium.com/@collingreene/to-the-bounty-hunters-9259b1544325#.91bslvtvp the one thing thats not mentioned in there, don't be an rear end in a top hat and don't do the bullshit where you argue non-stop that some reflected XSS in IE8 on a unauthed microsite is a SEVERE RCE there are actual people triaging your report, we remember the good reporters and the bad reporters and make very little claim towards being unbiased when deciding on payouts basically go try to be fin1te, he is probably the best bug bountier in the world right now and just generally a joy to work with, last time i talked to him he was making significantly more a year from bug bounties than his salary at facebook: https://twitter.com/fin1te https://whitton.io/
|
|
#
?
Feb 8, 2017 18:04
|
|
|
Winkle-Daddy posted:And the better way would be to............? Yeah, when I was looking over Eset's implementation they generated a unique self-signed cert and added it to the trust store. Each install was unique and it seemed to be the best way of going about that at the endpoint if that's what you're trying to accomplish. Hopefully they were dumping all the crypto in and out through schannel instead of some bundled openssl library or custom horseshit but there's still plenty of wiggle room to gently caress up cert validation and plenty of other vendors have been extremely guilty in that area.
|
|
#
?
Feb 8, 2017 18:10
|
|
|
Winkle-Daddy posted:And the better way would be to............? not roll your own crypto
|
|
#
?
Feb 8, 2017 18:11
|
|
|
BangersInMyKnickers posted:Yeah, when I was looking over Eset's implementation they generated a unique self-signed cert and added it to the trust store. Each install was unique and it seemed to be the best way of going about that at the endpoint if that's what you're trying to accomplish. Hopefully they were dumping all the crypto in and out through schannel instead of some bundled openssl library or custom horseshit but there's still plenty of wiggle room to gently caress up cert validation and plenty of other vendors have been extremely guilty in that area. my post was more directed at trying to find out what alternative to mitm'ing ssl that poster might be suggesting, obviously there are poo poo vendors (F5 *cough*) and better ones. There are poo poo deployments and good deployments. but your packets are getting inspected in corporate america.
|
|
#
?
Feb 8, 2017 18:14
|
|
|
|
| # ? May 17, 2024 17:03 |
|
|
well the other option is gateway filtering through an appliance or dedicated server, whether that's better or worse depends on your budget and key-management policies.
|
|
#
?
Feb 8, 2017 18:27
|
|