|
Thanks Ants posted:It's unfixable, for some reason printer companies have been dragging their heels on implementing a driver model that was first introduced in Server 2012 It doesn’t help when papercut will make any v4 printer drivers running on the papercut host kill the services and v4 on the client will lose most of papercut features. I honestly hope Microsoft start cutting universal print prices so papercut becomes too expensive in comparison.
|
#
?
Nov 27, 2021 14:47
|
|
|
|
| # ? May 25, 2024 22:32 |
|
|
At a high level, could someone explain how researchers set up environments for analyzing malware, viruses etc...? If an analyst wants to dive in to how the latest ransomware file works, what type of environment do they set up to minimize the risk of hosing their own systems and networks? Will a simple Ubuntu VM on VirtualBox do most the time or is there a standard setup for this type of work?
|
|
#
?
Nov 28, 2021 16:15
|
|
|
Hughmoris posted:At a high level, could someone explain how researchers set up environments for analyzing malware, viruses etc...? Sometimes, some newer malware has the ability to detect vm services and go dormant. My company has an airgapped laptop and network for malware detonation that we've physically disabled wireless communication on.
|
|
#
?
Nov 28, 2021 16:31
|
|
|
Hughmoris posted:At a high level, could someone explain how researchers set up environments for analyzing malware, viruses etc...? Making an isolated sandbox is trivial, windows offers a integrated option for windows pro/ent customers that requires a couple of click to set up. If you want a complete air gap between local clients and sandbox all you need is a nuc with segregated internet access(or a AWS machine to spin up, compromise and destroy).
|
|
#
?
Nov 28, 2021 16:34
|
|
|
Defenestrategy posted:Sometimes, some newer malware has the ability to detect vm services and go dormant. My company has an airgapped laptop and network for malware detonation that we've physically disabled wireless communication on. Depends on the OS too, when I do malware analysis, I've noticed malware that normally shuts down on Windows 10/11 VMs does not on Windows 2019 or 2016 VMs. Hughmoris posted:At a high level, could someone explain how researchers set up environments for analyzing malware, viruses etc...? Its really easy to setup a virtualized environment using ESXi, Xen, Proxmox, or even Hyper-V and place them on Virtual Switches that you can either isolate entirely from the network or give internet access only. Depends on what you need to look for.
|
|
#
?
Nov 28, 2021 17:28
|
|
|
CommieGIR posted:Depends on the OS too, when I do malware analysis, I've noticed malware that normally shuts down on Windows 10/11 VMs does not on Windows 2019 or 2016 VMs. Having malware that shuts down when it detects a server OS on a VM seems to be missing the trend towards having servers be virtualized. It would be absolutely hilarious if the best defense was "do what we already want to do to make life easy"
|
|
#
?
Nov 28, 2021 17:33
|
|
|
RFC2324 posted:Having malware that shuts down when it detects a server OS on a VM seems to be missing the trend towards having servers be virtualized. A vm with russian language seems to be the current "virus ain't going to run here" mode
|
|
#
?
Nov 28, 2021 17:44
|
|
|
SlowBloke posted:A vm with russian language seems to be the current "virus ain't going to run here" mode Random question: are there any programming languages that use different alphabets? Like, is there a language thats all in chinese ideograms instead of the western alphabet?
|
|
#
?
Nov 28, 2021 17:54
|
|
|
There's a technical keyword for this whole field: Oblivious sandboxing. The idea is that a process or series of processes should be isolated and should also not be able to tell that they're isolated. There are a few ways to go about implementing it, here's one way: https://www.youtube.com/watch?v=-0s1bCzUx0Y
|
|
#
?
Nov 28, 2021 18:06
|
|
|
RFC2324 posted:Having malware that shuts down when it detects a server OS on a VM seems to be missing the trend towards having servers be virtualized. Yeah, the target is automated malware analysis like any.run, but given that this would also prevent you from infecting actual server VMs, its kinda of a short sighted move.
|
|
#
?
Nov 28, 2021 18:42
|
|
|
RFC2324 posted:Random question: are there any programming languages that use different alphabets? Like, is there a language thats all in chinese ideograms instead of the western alphabet? First hit on Google: https://en.wikipedia.org/wiki/Non-English-based_programming_languages
|
|
#
?
Nov 28, 2021 18:48
|
|
|
Sheep posted:First hit on Google: https://en.wikipedia.org/wiki/Non-English-based_programming_languages neat, thanks! Chinese BASIC is a good example of exactly what I was thinking about, kinda makes me want to learn Chinese, and I am greatly disappointed no nerd has written a language in esperanto
|
|
#
?
Nov 28, 2021 19:53
|
|
|
RFC2324 posted:neat, thanks! Thats just what the NSA wants you to think. 
|
|
#
?
Nov 28, 2021 19:55
|
|
|
https://eo.m.wikipedia.org/wiki/Neanglabazitaj_programlingvoj#Programlingvoj_bazitaj_sur_Esperanto
|
|
#
?
Nov 28, 2021 20:48
|
|
|
KillHour posted:https://eo.m.wikipedia.org/wiki/Neanglabazitaj_programlingvoj#Programlingvoj_bazitaj_sur_Esperanto 
|
|
#
?
Nov 28, 2021 20:58
|
|
|
The NSA are all huge nerds and would totally be the ones to write an Esperanto programming language for the hell of it. Too bad they're also all lawful evil.
|
|
#
?
Nov 28, 2021 21:42
|
|
|
There are also paid services out there like Joe Sandbox, FireEye AX, etc that will do a lot of the easy analyst work for you.
|
|
#
?
Nov 29, 2021 22:58
|
|
|
BaseballPCHiker posted:There are also paid services out there like Joe Sandbox, FireEye AX, etc that will do a lot of the easy analyst work for you. Joe Sandbox is good, Any.run is my favorite right now, gives you a LOT more info including interactive during execution and playback. https://app.any.run/tasks/ef2779dd-72c1-4714-8672-fc964c9d9045/
|
|
#
?
Nov 30, 2021 01:46
|
|
|
Thanks for the sandboxing info. I've just started a new job where I'll be dipping my toes into infosec, and I've always been curious how people have confidence in analyzing sophisticated malware without fear of compromising their own system (without an airgap of course).
|
|
#
?
Nov 30, 2021 04:37
|
|
|
Humble Bundle is doing a No Starch Press Hacking book deal https://www.humblebundle.com/books/hacking-by-no-starch-press-books?mc_cid=e824713f99&mc_eid=a5a1b4b71c
|
|
#
?
Nov 30, 2021 05:40
|
|
|
I'm hearing about cyber insurance requiring actual security more and more, but I know basically nothing about the market. Who are the big insurance players (I'm thinking international, or preferably EU based, but any will do, really), and do they have any sort of public set of requirements? It seems like a good bit of leverage to have when trying to argue that maybe a firewall would be nice or maybe everyone shouldn't be local admins.
|
|
#
?
Nov 30, 2021 20:38
|
|
|
BonHair posted:I'm hearing about cyber insurance requiring actual security more and more, but I know basically nothing about the market. Who are the big insurance players (I'm thinking international, or preferably EU based, but any will do, really), and do they have any sort of public set of requirements? It seems like a good bit of leverage to have when trying to argue that maybe a firewall would be nice or maybe everyone shouldn't be local admins. https://www.insurancebusinessmag.com/us/news/cyber/top-10-cyber-insurance-companies-in-the-us-195463.aspx Most of them will tell you the requirements when they get in touch, but honestly a lot of this doesn't even need them: Just take examples of ransomware cases and ask how much risk they are willing to accept and whether they are willing to implement risk controls like Least Privilage and Network Access controls. A lot of this is just about taking an inventory of current controls in place, documenting risk findings, and then taking it to management.
|
|
#
?
Nov 30, 2021 21:25
|
|
|
BonHair posted:I'm hearing about cyber insurance requiring actual security more and more, but I know basically nothing about the market. Who are the big insurance players (I'm thinking international, or preferably EU based, but any will do, really), and do they have any sort of public set of requirements? It seems like a good bit of leverage to have when trying to argue that maybe a firewall would be nice or maybe everyone shouldn't be local admins. Here's an example policy https://www.angelriskmanagement.com/products/cyber/uk/cyber What I've found when looking at this is that insurers will tie your coverage to achieving something like Cyber Essentials (or the equivalent for your country), and that contains the more technical requirements. We're also seeing clients require these sorts of certifications when bidding for work. Thanks Ants fucked around with this message at 22:33 on Nov 30, 2021 |
|
#
?
Nov 30, 2021 22:28
|
|
|
https://twitter.com/Andrew___Morris/status/1466093126817300485 PRINTERS, FOLKS!
|
|
#
?
Dec 1, 2021 19:26
|
|
|
I thought printers were inherently fascist. Got egg on my face this time.
|
|
#
?
Dec 1, 2021 20:16
|
|
|
The evil hacker taking control of all the screens around the protagonist is rapidly becoming the most realistic part of that type of movie
|
|
#
?
Dec 1, 2021 20:40
|
|
|
Remember the Ubiquiti breach earlier this year? Turns out it was one of their own guys: https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-charged-for-trying-to-extort-his-employer/
|
|
#
?
Dec 2, 2021 01:08
|
|
|
CommieGIR posted:Remember the Ubiquiti breach earlier this year? Turns out it was one of their own guys: quote:Throughout this process, the defendant tried hiding his home IP address using Surfshark's VPN services. However, his actual location was exposed after a temporary Internet outage. Talk about lol
|
|
#
?
Dec 2, 2021 03:20
|
|
|
Seems like they weren't exactly hiring the best
|
|
#
?
Dec 2, 2021 09:11
|
|
|
Hughmoris posted:Talk about lol I don't understand this part. What would a temporary outage have to do with that?
|
|
#
?
Dec 2, 2021 10:18
|
|
|
Internet dropped, VPN tunnel dropped, internet came back, connection momentarily made from the 'real' IP rather than the VPN tunnel, tunnel re-established (or manually reconnected).
|
|
#
?
Dec 2, 2021 10:37
|
|
|
What the gently caress was his plan when they found the logging policy changes? "whoops"?
|
|
#
?
Dec 2, 2021 10:45
|
|
|
evil_bunnY posted:What the gently caress was his plan when they found the logging policy changes? "whoops"? From the way it reads they didn't really have much proactive monitoring of this, and a one day retention would eliminate traceback to who made the changes in short order? I'm no AWS expert though so maybe there's some more long-lived audit capability and I'm sure you can connect enough events outside of those immediate logs to do forensics so 
|
|
#
?
Dec 2, 2021 13:46
|
|
|
Martytoof posted:From the way it reads they didn't really have much proactive monitoring of this, and a one day retention would eliminate traceback to who made the changes in short order? I'm no AWS expert though so maybe there's some more long-lived audit capability and I'm sure you can connect enough events outside of those immediate logs to do forensics so
|
|
#
?
Dec 2, 2021 14:12
|
|
|
it's aws, policy change audit is retained separately from the subject of the policy
|
|
#
?
Dec 2, 2021 14:56
|
|
|
Didn't get an answer in the Windows thread, so I'm just asking this here again: I just tried to create symlinks in Emacs, and noticed that requires a Windows-permission to be enabled for non-super-users. How much of a security risk is this? I mean it would be cool to do that within Emacs, but it's not essential.
|
|
#
?
Dec 2, 2021 16:04
|
|
|
busalover posted:Didn't get an answer in the Windows thread, so I'm just asking this here again: This post gives me a migraine What permission exactly does it want? Just full 'let me past UAC unhindered?'
|
|
#
?
Dec 2, 2021 16:32
|
|
|
RFC2324 posted:This post gives me a migraine No, there's a Windows option to give non-admins the ability to create symlinks. You need to enable it.
|
|
#
?
Dec 2, 2021 16:49
|
|
|
busalover posted:No, there's a Windows option to give non-admins the ability to create symlinks. You need to enable it. Windows permissions are weird
|
|
#
?
Dec 2, 2021 17:04
|
|
|
|
| # ? May 25, 2024 22:32 |
|
|
CommieGIR posted:Remember the Ubiquiti breach earlier this year? Turns out it was one of their own guys: The opsec utilized here is so terrible it's comical. If you're gonna try and pull a big digital heist like this, at least spend a few weeks or months studying and learning how to implement some basic TTPs .
|
|
#
?
Dec 2, 2021 17:20
|
|
