|
Arcsech posted:why doesnt this guy ever find earthshattering oh-poo poo vulns on like, monday morning or something we find it's always better to release details on a friday. studies have statistically shown that there's less chance of an incident if you do it at the end of the week
|
# ? Jul 6, 2017 23:45 |
|
|
# ? May 28, 2024 16:14 |
|
sysadmins work weekends when paged, attackers like to party
|
# ? Jul 6, 2017 23:46 |
|
any bets on what type of software this one's in? i'm guessing it's in a popular VPN client since he hasn't really looked at those yet and openvpn has been getting audits lately. if it is it's going to be Real Bad
|
# ? Jul 6, 2017 23:48 |
|
does he do mobile? apseudonym? he should do mobile
|
# ? Jul 6, 2017 23:52 |
|
i think it's going to be another ms defender exploit
|
# ? Jul 6, 2017 23:52 |
|
MacOS airdrop? Chrome's webm container handling? a fuzzer for DHCP? some obscure but enabled-by-default USB-over-SCSI-over-IP protocol? outlook?
|
# ? Jul 6, 2017 23:55 |
|
Number19 posted:any bets on what type of software this one's in? That's a strange guess, what makes you say that?
|
# ? Jul 7, 2017 00:11 |
|
"The evil bit is real," Tavis said in his CVE earlier. "RFC 3514 is real, and strong, and he's my friend."
|
# ? Jul 7, 2017 00:43 |
|
spankmeister posted:That's a strange guess, what makes you say that? nothing other than it being hilarious to see another type of software crumble under his gaze
|
# ? Jul 7, 2017 00:46 |
|
something dumb that shouldn't exist like minesweeper being able to change your mbr when running as a standard user.
|
# ? Jul 7, 2017 00:56 |
|
code:
|
# ? Jul 7, 2017 04:03 |
|
I'm new to following security stuff, but I like Tavis. He's good. Think he'll be my friend?
|
# ? Jul 7, 2017 04:04 |
|
Lain Iwakura posted:
https://twitter.com/loneferret/status/883084028546568192
|
# ? Jul 7, 2017 04:08 |
|
Lain Iwakura posted:
|
# ? Jul 7, 2017 04:10 |
|
Lain Iwakura posted:
What's "0 day" about this, it looks like some run of the mill macro poo poo
|
# ? Jul 7, 2017 04:13 |
|
Rufus Ping posted:What's "0 day" about this, it looks like some run of the mill macro poo poo no idea
|
# ? Jul 7, 2017 04:20 |
|
downloaded the sample off VT, definitely nothing 0day. maybe the binary it downloads and runs was cool? more likely that pentesters aren't using 0day
|
# ? Jul 7, 2017 07:23 |
|
if you're doing a pentest how do you expect to be able to stop your client from uploading suspicious poo poo to virustotal or whatever
|
# ? Jul 7, 2017 07:28 |
|
anthonypants posted:if you're doing a pentest how do you expect to be able to stop your client from uploading suspicious poo poo to virustotal or whatever Also isn't doing pentesting with bespoke 0days kind of missing the point?
|
# ? Jul 7, 2017 07:35 |
|
I don't know if this user1 has any infosec knowledge or anything but it seems to me they dont actually know what an 0day is. 0day is becoming one of those terms that gets thrown around without people knowing what it really means, just yesterday I was talking to some non-techies about wannacry and nyetya and one of them thought and 0day was a backdoor and persistence mechanism.
|
# ? Jul 7, 2017 07:54 |
|
gonadic io posted:Also isn't doing pentesting with bespoke 0days kind of missing the point? pentesting with bespoke 0days is the kind of thing only badasses able to charge the client 10x do. We're delivering bespoke 0days to test your org. Sign here. please ignore this means the hash of our python script isn't in virustotal
|
# ? Jul 7, 2017 07:56 |
spankmeister posted:I don't know if this user1 has any infosec knowledge or anything but it seems to me they dont actually know what an 0day is. an app idea - 0dayr, crashes your phone on activation
|
|
# ? Jul 7, 2017 08:08 |
The fidget spinner of prosumer cyber.
|
|
# ? Jul 7, 2017 08:09 |
|
cinci zoo sniper posted:an app idea - 0dayr, crashes your phone on activation You could probably find a venture capitalist ready to invest 10 mil into this. Just change "crashes" to "disrupts", make some vague noises about monetisation strategy, and you're golden.
|
# ? Jul 7, 2017 08:19 |
communism bitch posted:You could probably find a venture capitalist ready to invest 10 mil into this. Just change "crashes" to "disrupts", make some vague noises about monetisation strategy, and you're golden. what if we pay users if they can actually load into it, but they pay us for each disruption suffered to make for an immersive ransomware experience?
|
|
# ? Jul 7, 2017 08:21 |
|
But enough about android
|
# ? Jul 7, 2017 08:31 |
|
gonadic io posted:Also isn't doing pentesting with bespoke 0days kind of missing the point?
|
# ? Jul 7, 2017 10:34 |
|
BangersInMyKnickers posted:I'm going over the OpenSSL docs to review their cipher support (schannel/openssl configbomb incoming) Hey, these are actually really neat! Do you mind also handling libressl as well? Thanks!
|
# ? Jul 7, 2017 10:48 |
|
Wiggly Wayne DDS posted:there are orgs that get pentested to this degree, mainly ones with nation states after them already While there's a lot of value to "if you've got an exploit against this target, how much lateral movement do you get to non-vulnerable targets, and how quickly is the intrusion identified?", I don't see what you get by using actual 0-days rather than just, say, giving the pentesters local root on a particular box to jump off from.
|
# ? Jul 7, 2017 11:06 |
|
spankmeister posted:I don't know if this user1 has any infosec knowledge or anything but it seems to me they dont actually know what an 0day is. i got a little grouchy with some people at work who used the phrase "published zero days" in a memo.
|
# ? Jul 7, 2017 13:03 |
|
seems like a good way to know who even knows what a 0day is is people who call it an "oh-day" vs. "zero day"
|
# ? Jul 7, 2017 13:56 |
|
communism bitch posted:Just keep all your passwords in a word file on your desktop titled "passwords" like my dad. i needed the root password to this new public-internet-facing VM someone had set up and noticed the guy had a habit of mailing passwords in emails (there were several earlier in the email chain) so i ask him to give me the password another way that's more secure than email he just sends it to me on slack and tells me "oh good idea suggesting we be secure and not put this in an email!"
|
# ? Jul 7, 2017 14:00 |
Cocoa Crispies posted:seems like a good way to know who even knows what a 0day is is people who call it an "oh-day" vs. "zero day" if you ever say it "zero day" to a british person you'll be laughed out into the loving oblivion. do you also "zero" when dictating a phone number with 0 in it?
|
|
# ? Jul 7, 2017 14:23 |
james bond, agent double zero seven
|
|
# ? Jul 7, 2017 14:25 |
|
Cocoa Crispies posted:oh-day Text me
|
# ? Jul 7, 2017 14:29 |
|
Jabor posted:While there's a lot of value to "if you've got an exploit against this target, how much lateral movement do you get to non-vulnerable targets, and how quickly is the intrusion identified?", I don't see what you get by using actual 0-days rather than just, say, giving the pentesters local root on a particular box to jump off from. its a good way to test realistic intrusions against your generic mitigations to see if you actually can limit the spread or other damage beyond the unknown effects of the 0day. like if they can get into a box with the exploit but then you have mitigations that prevent them from escaping the machine/container/other jail, they might be able to gently caress up whats in that container but you can prove the efficacy of your other mitigations.
|
# ? Jul 7, 2017 14:53 |
|
I was catching up on all the LE sperging when I thought "I should post 'Is cloudflare still a comically bad pile of poo poo? I haven't been keeping up since taviso publicly poo poo all over them'" and then, like whoa, he appears in the thread!
|
# ? Jul 7, 2017 14:54 |
|
mrmcd posted:I was catching up on all the LE sperging when I thought "I should post 'Is cloudflare still a comically bad pile of poo poo? I haven't been keeping up since taviso publicly poo poo all over them'" and then, like whoa, he appears in the thread! wait did tavis actually post in the thread and i missed it or do you just mean that tweet
|
# ? Jul 7, 2017 15:08 |
|
ate all the Oreos posted:wait did tavis actually post in the thread and i missed it or do you just mean that tweet The tweet. AFAIK he doesn't post here.
|
# ? Jul 7, 2017 15:10 |
|
|
# ? May 28, 2024 16:14 |
|
mrmcd posted:AFAIK he doesn't post here. i thought maybe he had started because we're all smart attractive people? i can dream
|
# ? Jul 7, 2017 15:14 |