|
@martytoof Microsoft has just published one of their passwordless ignite sessions on YouTube which is partly about fido2 in case you want some extra guidance https://youtu.be/3wtwUh6iyxY
|
# ? Nov 5, 2021 10:57 |
|
|
# ? May 26, 2024 05:12 |
|
SlowBloke posted:@martytoof Microsoft has just published one of their passwordless ignite sessions on YouTube which is partly about fido2 in case you want some extra guidance Thanks for the link. I got a chance to talk with our ransomware insurance auditors last month and it was an interesting discussion. He said basically they're raising rates across the board this year due to the number of successful attacks but also really digging in deeper on audits in an effort to not penalize companies that are actually doing the necessary work. Like someone else said some company will always be willing to lie and just check the box. But I wonder in an actual payout situation if the insurer goes back and verifies before ponying up the money.
|
# ? Nov 5, 2021 11:54 |
|
Some npm packages got dirtied... https://github.com/advisories/GHSA-73qr-pfmq-6rp8 https://github.com/advisories/GHSA-g2q5-5433-rhrf
|
# ? Nov 5, 2021 12:32 |
|
SlowBloke posted:@martytoof Microsoft has just published one of their passwordless ignite sessions on YouTube which is partly about fido2 in case you want some extra guidance Awesome, thank you! and thanks for the advice guys. I'll do a little deep diving in the next week or so.
|
# ? Nov 5, 2021 13:37 |
|
Hey, if you happen to have a package on NPM, now would be a great time to check if you're distributing malware through a compromised github account so I can knock all the compromise analysis out in a couple days instead of doing this poo poo every week.
|
# ? Nov 5, 2021 16:13 |
|
Cup Runneth Over posted:Hey, if you happen to have a package on NPM, now would be a great time to check if you're distributing malware through a compromised github account so I can knock all the compromise analysis out in a couple days instead of doing this poo poo every week. Well, this is why we have a required review before letting a merge execute, right? https://medium.com/cider-sec/bypassing-required-reviews-using-github-actions-6e1b29135cc7 Wait. Shi--
|
# ? Nov 5, 2021 22:43 |
|
Bunch of the REvil ransomware ops got popped and arrested https://twitter.com/nakashimae/status/1457758752841555970?s=20
|
# ? Nov 8, 2021 21:22 |
|
Internet Explorer posted:It's really damning with faint praise when people say that insurance companies or client audits are what push companies forward. It's by no means great or even good, but often times it's the only ammunition you have. After an audit and two weeks of discussions I've got two clients who are dropping their cyber insurance, or at least plan to pending some discussion with their attorneys, because there is not a chance in hell of us actually getting all the 'No' boxes to 'Yes' given their lack of desire to spend. Its not for lack of money, they're making more than ever. They just don't see why IT should suddenly cost more when its been just fine at this level for years.
|
# ? Nov 8, 2021 21:38 |
|
CommieGIR posted:Bunch of the REvil ransomware ops got popped and arrested We'll see how much that actually disrupts ransomware distribution in the coming months, I guess.
|
# ? Nov 8, 2021 21:39 |
|
Proud Christian Mom posted:After an audit and two weeks of discussions I've got two clients who are dropping their cyber insurance, or at least plan to pending some discussion with their attorneys, because there is not a chance in hell of us actually getting all the 'No' boxes to 'Yes' given their lack of desire to spend. Its not for lack of money, they're making more than ever. They just don't see why IT should suddenly cost more when its been just fine at this level for years.
|
# ? Nov 8, 2021 22:00 |
|
Turns out delaying virtually any sort of upgrades for a decade and still relying on legacy software old enough to enlist does in fact, not make it cheaper later on.
|
# ? Nov 8, 2021 23:00 |
|
Proud Christian Mom posted:Turns out delaying virtually any sort of upgrades for a decade and still relying on legacy software old enough to enlist does in fact, not make it cheaper later on. But it makes it cheaper for this quarter, which is all that matters for a lot of those C*O-types.
|
# ? Nov 9, 2021 18:06 |
|
Proud Christian Mom posted:Turns out delaying virtually any sort of upgrades for a decade and still relying on legacy software old enough to enlist does in fact, not make it cheaper later on. Ask me about our database server that run on some old itanium server.
|
# ? Nov 9, 2021 18:07 |
|
CommieGIR posted:Bunch of the REvil ransomware ops got popped and arrested Unfortunately just incompetent affiliates that don't actually know who the ringleaders are.
|
# ? Nov 9, 2021 18:13 |
|
wargames posted:Ask me about our database server that run on some old itanium server. I think I just decommed one of those. It had an attached note about how it had never even been used anyway.
|
# ? Nov 9, 2021 18:17 |
|
well at least Helpdesk has a chance to work before the calls come in https://twitter.com/BenSpurr/status/1457867740094636035
|
# ? Nov 9, 2021 18:51 |
|
Bonzo posted:well at least Helpdesk has a chance to work before the calls come in So is calling it EFAP a typo, too, or what?
|
# ? Nov 9, 2021 19:22 |
|
Absurd Alhazred posted:So is calling it EFAP a typo, too, or what? Nah that's what the workplace counselling programs are called here. Maybe it's a Canadian thing. EFAP = Employee Family Assistance Program. Lol at that number typo though
|
# ? Nov 9, 2021 19:24 |
|
CLAM DOWN posted:Nah that's what the workplace counselling programs are called here. Maybe it's a Canadian thing. EFAP = Employee Family Assistance Program. That's an unfortunate confluence, then.
|
# ? Nov 9, 2021 19:25 |
|
Confluence is unfortunate, yes
|
# ? Nov 9, 2021 19:36 |
|
Thanks Ants posted:Confluence is unfortunate, yes Guess what I am spending all month upgrading.
|
# ? Nov 9, 2021 20:22 |
|
RFC2324 posted:I think I just decommed one of those. It had an attached note about how it had never even been used anyway. Ours gets used, and its our cored DBserver and is not very stable, plan is in about 4-5 years we can replace it.
|
# ? Nov 9, 2021 20:25 |
|
Anyone familiar with jack the ripper I can hit up? My gpg key is expiring and I have lost my passphrase like an idiot. I've been debating just ditching GPG because... GPG but I'd like to make a small effort to recover this. I have a small wordlist of possible phrases and I'd like to run it through a bunch of permutations. It's probably like 3 or 4 of the words joined together with some random single character punction thrown in the middle and end; what is the magic command line / ruleset to do this? The documentation seems... bad. I think I need to use the `--prince` mode(?) to handle permuting the phrases together but the rule lists are either to simple or going to take 15 years... e.g. this is what I ran last which finished in 3 minutes, using 'Jumbo' thinks it'll take 15 years.... code:
|
# ? Nov 13, 2021 01:03 |
If --list=opencl-devices lists any GPUs, you can use them via --format=gpg-opencl --devices=N. If that doesn't work, and you don't wanna build john with the support, you can always use --fork=N for however many threads your CPU has.
|
|
# ? Nov 13, 2021 02:11 |
|
You can use hashcat to generate the wordlist for John to use without using the GPU. I'm sure john's built in stuff is good but I never quite wrapped my head around its syntax so I use this trick from time to time.
|
# ? Nov 13, 2021 06:29 |
|
John on k8s for all your cracking needs: https://github.com/praktiskt/multi-john
|
# ? Nov 13, 2021 16:34 |
Because everyone is a hyperscaler and has a cluster to deploy it on? smh
|
|
# ? Nov 13, 2021 19:06 |
|
Do you not?
|
# ? Nov 13, 2021 19:35 |
I guess that's on me then.
|
|
# ? Nov 13, 2021 19:36 |
|
I mean, when you’re paying for aws with a stolen cc# it doesn’t matter too much
|
# ? Nov 13, 2021 20:13 |
|
spankmeister posted:You can use hashcat to generate the wordlist for John to use without using the GPU. I'm sure john's built in stuff is good but I never quite wrapped my head around its syntax so I use this trick from time to time. I ended up doing this but probably would have been fine with john. I finally had the brilliant idea to throw the special characters I would have used in as separate words instead of trying to figure out how to do it in a rule; and while the final wordlist from ~12 phrases ended up being like 2 billion long it found it in 20 minutes. Think I spent more time trying to get john compiling with CUDA support than actually generating word lists and trying to crack them, what a dumpster fire of a code base/documentation; but I guess it works if you can get the right magic numbers so
|
# ? Nov 14, 2021 04:42 |
Yeah, jtr is kinda (in)famous for being exceptionally poorly documented, which is why everyone always mentions hashcat.
|
|
# ? Nov 14, 2021 13:55 |
|
Yeah the last time I used JTR successfully it still took me ages to configure right, Hashcat is kinda the go to now.
|
# ? Nov 14, 2021 16:49 |
|
I only use JTR when Hashcat doesn't support a certain hash tbh.
|
# ? Nov 14, 2021 17:26 |
spankmeister posted:I only use JTR when Hashcat doesn't support a certain hash tbh.
|
|
# ? Nov 14, 2021 17:41 |
|
Emotet is back https://twitter.com/sans_isc/status/1460492865243648001?s=20
|
# ? Nov 16, 2021 14:40 |
|
Everything old is new again. This is the worst "retro" computing thing yet :| Yes yes not that retro but it's early and I've had precious little coffee.
|
# ? Nov 16, 2021 15:04 |
|
Oh god, my new job is a poo poo show of the highest degree. I'm coming from a place that had such a great security program with total buy in from execs to this place. New place got leveled by ransomware in 2020, was forced to start a security program for insurance and to prevent lawsuits. Its such a shitshow, I cant even wrap my head around things here. Logging... what logging? Where could it be? Different departments running different AV, EDR or no EDR, DLP or no DLP. Nothing is standardized, no effective top down management. I mean the team is great so far, they're paying me well, good benefits. Hoping that because its so green here I can actually step in and do some good/fun work but holy poo poo what a dumpster fire. BaseballPCHiker fucked around with this message at 15:50 on Nov 17, 2021 |
# ? Nov 17, 2021 15:09 |
|
Oof, been there. Either you'll make a name for yourself or the management will shut you down. Good luck.
|
# ? Nov 17, 2021 15:11 |
|
|
# ? May 26, 2024 05:12 |
You know that TPM sniffing that allowed bypassing BitLocker? It's been reproduced independently. Best part, this is totally achievable at home with a very trivial amount of hardware.
|
|
# ? Nov 20, 2021 14:17 |