|
CyberPingu posted:It's very fun though. Try hack me is also another great similar platform
|
# ? Mar 14, 2021 15:37 |
|
|
# ? May 24, 2024 13:34 |
Pablo Bluth posted:I haven't got very far at the moment; just working my way through Starting Point. I went down a rabbit hole of trying to manually launch nc and powershell reverse shells via php and lost too many hours to what turned out to be noddy mistakes on my part... This will be a lot of your experience with boxes. The makers intentionally put rabbit holes on a lot of them to throw you off. Which is actually fun to do in real life machines too tbh. But I hope no one ever gets to see any of my rabbit holes I've put on our infrastructure. Otherwise that means I hosed up somewhere else.
|
|
# ? Mar 14, 2021 16:04 |
|
One upside: it just made me mindlessly do an nmap on my pi-hole, only to discover that when I was getting apticron configured to email me upgrade notifications, I'd accidentally installed a running postfix server.... Postfix gone and the firewall enabled & configured to catch any future mistakes... Pablo Bluth fucked around with this message at 22:41 on Mar 15, 2021 |
# ? Mar 15, 2021 22:38 |
|
One thing I _really_ dislike about debian based systems is that it always enables and immediately starts any service you install. And then also apt by default installs recommended and suggested packages, which often can pull in all kinds of daemons like exim, apache, samba, whatever. Not a good combo.
|
# ? Mar 15, 2021 22:55 |
|
Package managers in general, for all their usefulness, seem to have a lot of flaws. Or maybe they're just more transparent about their flaws than Windows installers.
|
# ? Mar 16, 2021 03:47 |
spankmeister posted:One thing I _really_ dislike about debian based systems is that it always enables and immediately starts any service you install.
|
|
# ? Mar 16, 2021 10:20 |
|
BlankSystemDaemon posted:How can this not be a giant red flag with every kind of warning sign next to it? Same way its totally not when java does it People are dumb and don't realize how bad it is
|
# ? Mar 16, 2021 15:31 |
RFC2324 posted:People are dumb
|
|
# ? Mar 16, 2021 20:45 |
|
If I knew how bad it was do you think I would do it for a living? gently caress no
|
# ? Mar 16, 2021 22:03 |
RFC2324 posted:If I knew how bad it was do you think I would do it for a living?
|
|
# ? Mar 17, 2021 02:12 |
|
As usual: To be in infosec, you'd better have a healthy sense of humor.
|
# ? Mar 17, 2021 02:45 |
|
BlankSystemDaemon posted:How can this not be a giant red flag with every kind of warning sign next to it? DevOps: Hold my beer Given the attempts that linux repo maintainers make to check the integrity of the code and still have issues, the fact that you can typo squat popular packages and get code running is just This post takes it one step further and looks for private packages in public code, then uploads a package with the same name into the public repo. And build systems by default will use the public package in preference over the private package source. There is a paper here from MS talking about possible mitigations / best practices. But it's still not great for those in DevSecOps given their threat landscape probably needs to include the individual security of popular npm/pip package maintainers, given your build systems are going take any new version update without question. Not to mention what we've seen with popular chrome extensions etc once the maintainer loses interest and transfers ownership. . .
|
# ? Mar 17, 2021 03:31 |
|
Why on earth would you default to public packages anyway? Why ever take the public one over the custom, in-house one designed for the app being built specifically?
|
# ? Mar 17, 2021 05:21 |
tacit posted:DevOps: Hold my beer I've been trying to figure out ff FreeBSD Ports is susceptible to this, but I don't think so? Firstly, because FreeBSD Ports relies on checksums, and at least for the packages built by the project, networking is completely turned off in the jails, so any dependency has to be already-satisfied by something that's been previously built by the same package builder. Secondly, and this is mostly a result of the first, the porters have come up with some pretty creative ways of relying on the information supplied by the software itself. It's not perfect, of course, as there's still a human involved somewhere - but in order to have commit access, there are some pretty strict requirements (at least compared to most other opensource projects, I'm told)
|
|
# ? Mar 17, 2021 11:27 |
|
Uhm, hi. I'm in no way a security professional, but I do dabble in it as part of my job, and I have a fascination with it in sort of a spectator kind of way. Last night I happened upon this video: https://www.youtube.com/watch?v=_eSAF_qT_FY Which is WELL worth a watch, IMO.
|
# ? Mar 17, 2021 13:41 |
bolind posted:Uhm, hi. I'm in no way a security professional, but I do dabble in it as part of my job, and I have a fascination with it in sort of a spectator kind of way.
|
|
# ? Mar 17, 2021 14:07 |
|
That video is so good. Thanks for linking it.
|
# ? Mar 17, 2021 14:37 |
|
bolind posted:Uhm, hi. I'm in no way a security professional, but I do dabble in it as part of my job, and I have a fascination with it in sort of a spectator kind of way. That was a good one, and the last one I got to see in person.
|
# ? Mar 17, 2021 14:46 |
|
Here's another one from a while ago. Not quite as impressive as the previous one, but I really dig the fact this was all done with QEMU and publicly available firmware images. Anyone with a computer made in the last decade and an internet connection could theoretically pull this off. https://www.youtube.com/watch?v=B8DjTcANBx0
|
# ? Mar 17, 2021 20:00 |
|
bolind posted:Here's another one from a while ago. Not quite as impressive as the previous one, but I really dig the fact this was all done with QEMU and publicly available firmware images. Anyone with a computer made in the last decade and an internet connection could theoretically pull this off. A couple of my favorites: https://www.youtube.com/watch?v=5CzURm7OpAA https://www.youtube.com/watch?v=oHf1vD5_b5I https://www.youtube.com/watch?v=NG9Cg_vBKOg
|
# ? Mar 17, 2021 20:15 |
|
As a layman I really enjoyed these stories, but goddamn did the presentation not age well. I know Defcon presentation are usually dripping with sarcasm ('teh' in 2013?), but I don't think the fedora or abundant use of the word 'retard' were tongue-in-cheek.
|
# ? Mar 18, 2021 09:44 |
|
Euphoriaphone posted:As a layman I really enjoyed these stories, but goddamn did the presentation not age well. I know Defcon presentation are usually dripping with sarcasm ('teh' in 2013?), but I don't think the fedora or abundant use of the word 'retard' were tongue-in-cheek. True, a lot has changed in the years since.
|
# ? Mar 18, 2021 15:05 |
|
The software that does the initial setup to bridge on-prem Exchange and Exchange Online got compromised https://practical365.com/blog/exchange-hcw-replaced/
|
# ? Mar 18, 2021 15:12 |
|
This latest round of Exchange CVEs has been interesting to watch develop. My org was able to get patched within 24 hours of the patch release thankfully. But we've seen a HUGE increase of incoming mail from known vendors/users that have had their Exchange servers compromised. We've broke the news to probably 5 other orgs that were vendors for us within the past week. Every single one of them has said some variation of "Yeah we know we need to patch just hadnt gotten to it yet". For one particular vendor at least this was the last strike and corporate has said we will no longer be doing business with them.
|
# ? Mar 18, 2021 16:37 |
|
BaseballPCHiker posted:This latest round of Exchange CVEs has been interesting to watch develop. My org was able to get patched within 24 hours of the patch release thankfully. The fun part is all the Infosec people just going "Well, just move to O365, problem solved!" Buddy, they can't even PATCH on time, and you want them to jump into a multi-month project to migrate off on-prem exchange? Good loving luck. Help them patch, THEN encourage them to migrate. If they are struggling so much that patching is a pain, there's no way they likely have the bandwidth to up and move right now. But for most of these medium sized businesses, the cost for migrating is a huge hurdle. They still have to handle some of the management tasks of O365 too, so its not some silver bullet to suggest they move to O365.
|
# ? Mar 18, 2021 16:44 |
|
Its not "can't" its "won't". Orgs like that are choosing service availability over data confidentiality. I am fine with them choosing their own destiny.
|
# ? Mar 18, 2021 16:49 |
|
Sickening posted:Its not "can't" its "won't". Orgs like that are choosing service availability over data confidentiality. I am fine with them choosing their own destiny. True, this happens too. But there is honestly a lot of clients I've worked with in the past week who REALLY are stretched thin or didn't even know they had on-prem exchange. We had one or two who did refuse to patch even when told they needed to, and yeah we washed our hands of it. But the vast majority wanted to patch.
|
# ? Mar 18, 2021 16:51 |
|
So is this the same F5 BIG-IP vulnerability being exploited or is this newer? https://twitter.com/wugeej/status/1372392693989445635
|
# ? Mar 18, 2021 17:00 |
|
Absurd Alhazred posted:So is this the same F5 BIG-IP vulnerability being exploited or is this newer? That's the iControl REST vuln I believe
|
# ? Mar 18, 2021 17:04 |
|
BaseballPCHiker posted:This latest round of Exchange CVEs has been interesting to watch develop. My org was able to get patched within 24 hours of the patch release thankfully. It's also that the exploit had been in the wild for like 2 months before we knew about it or had a patch. A bunch of people likely had their entire AD infrastructure hacked. Internet Explorer fucked around with this message at 17:28 on Mar 18, 2021 |
# ? Mar 18, 2021 17:20 |
|
BaseballPCHiker posted:For one particular vendor at least this was the last strike and corporate has said we will no longer be doing business with them. imo this is the only way to actually force anything to change. there have to be business consequences, a tangible impact to the bottom line, to not patching or using basic security practices. until companies are turned into pariahs for stuff like this, there won't be any industry-wide change.
|
# ? Mar 18, 2021 17:23 |
|
brains posted:imo this is the only way to actually force anything to change. there have to be business consequences, a tangible impact to the bottom line, to not patching or using basic security practices. until companies are turned into pariahs for stuff like this, there won't be any industry-wide change. Yup. Otherwise its the same old same old forever.
|
# ? Mar 18, 2021 17:26 |
|
I absolutely agree with the premise, but I'm not sure HAFNIUM is the best example of "dumb idiots didn't patch." Maybe in your specific case, sure, but this exploit was out and being used long before there was a patch. And while it is a best practice to put an Edge Transport server in a perimeter network, it's still domain joined and it still uses AD LDS to talk to the domain. I'm not sure if that type of configuration was as dangerous if exploited as a full Exchange environment. I suspect not. If not, then the exploit wasn't the problem, the architecture was. But as we're seeing, everyone is scrambling for a reason, either because the "correct" architecture was still too dangerous when exploited, or because most places didn't have it architected "correctly." It has been a long time since I worked at a 1k+ person company, but I have never seen someone use an Edge Transport server in a perimeter network.
Internet Explorer fucked around with this message at 18:03 on Mar 18, 2021 |
# ? Mar 18, 2021 17:56 |
|
Internet Explorer posted:It's also that the exploit had been in the wild for like 2 months before we knew about it or had a patch. A bunch of people likely had their entire AD infrastructure hacked.
|
# ? Mar 18, 2021 20:46 |
|
bolind posted:Uhm, hi. I'm in no way a security professional, but I do dabble in it as part of my job, and I have a fascination with it in sort of a spectator kind of way. I was sitting on in this talk when it happened. It was/is still a very wild ride. Reminds me of all those BASIC secret flags on systems like C64s and PETs where you poke addresses to trigger easter eggs/proof of creation signatures but ... gives you root.
|
# ? Mar 18, 2021 21:00 |
|
EVIL Gibson posted:I was sitting on in this talk when it happened. LOL, I had a similar reaction, but it made me think about deliberate track errors as copy protection for C64 floppy discs.
|
# ? Mar 19, 2021 00:18 |
|
Dumb question time, is there a website that shows all the active unpatched vulnerabilities of windows server 2003?
|
# ? Mar 22, 2021 18:09 |
|
Sickening posted:Dumb question time, is there a website that shows all the active unpatched vulnerabilities of windows server 2003? lol backstory please
|
# ? Mar 22, 2021 18:20 |
Sickening posted:Dumb question time, is there a website that shows all the active unpatched vulnerabilities of windows server 2003? Shodan technically....
|
|
# ? Mar 22, 2021 18:23 |
|
|
# ? May 24, 2024 13:34 |
|
brains posted:lol backstory please Its not really interesting. We acquired some companies and one of them have a few of these ancient shitters. I have researched this a bit before, but outside of the cve's posted by Microsoft, I feel like vulnerabilities of EOL servers just goes dark from the community at large when they go EOL. A server being ancient EOL poo poo is enough for me to flag it as a no go, but I am curious what the known unpatched vulnerabilities are and it seems almost impossible to find per my googling.
|
# ? Mar 22, 2021 19:20 |