|
ieee spectrum has a pretty good article up about russian electronic warfare equipment and capabilities
|
#
?
Jul 31, 2022 08:17
|
|
|
|
| # ? Jun 5, 2024 11:58 |
|
Beeftweeter posted:ieee spectrum has a pretty good article up about russian electronic warfare equipment and capabilities I found the local cell network stuff interesting and omfg at these assholes coordinating stuff via cellphones. When I was in the army I wasn’t a super secret squirrel but I worked with our EW folks at a division level and got certified on certain things. I can’t talk about any of it cause I don’t remember poo poo about it but what I learned from our EW folks is that it’s all the kind of thing a really well run operation can take advantage of but not really a make or break deal
|
|
|
#
?
Aug 2, 2022 01:09
|
|
|
For those people who can't get enough of it, here's some more cryptography talk. The NIST contest to make quantum-resistant algorithms is in its fourth round, and a severe vulnerability has just been discovered in one of its contenders: https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/
|
|
#
?
Aug 2, 2022 16:05
|
|
|
thanks for the iMessage responses folks! I knew I was missing some key details
|
|
#
?
Aug 2, 2022 16:44
|
|
|
iMessage owns
|
|
#
?
Aug 2, 2022 16:50
|
|
|
Crime on a Dime posted:iMessage owns
|
|
#
?
Aug 2, 2022 16:57
|
|
|
sb hermit posted:For those people who can't get enough of it, here's some more cryptography talk. quote:To give an example illustrating what I mean, for decades people have been trying to attack regular elliptic curve cryptography, including some who have tried using approaches based on genus 2 curves. None of these attempts has succeeded. So for this attempt to succeed in the realm of isogenies is an unexpected development. comedy outcome: this leads someone to go on to realize a novel technique to attack EC
|
|
#
?
Aug 2, 2022 17:36
|
|
|
isogenies is pronounced the same as diogenes
|
|
#
?
Aug 2, 2022 17:43
|
|
|
Wild EEPROM posted:isogenies is pronounced the same as diogenes hackerone / macaroni
|
|
#
?
Aug 2, 2022 17:46
|
|
|
stuck an exploit in his app and called it hackerone
|
|
#
?
Aug 2, 2022 17:53
|
|
|
Crime on a Dime posted:hackerone / macaroni
|
|
#
?
Aug 2, 2022 18:00
|
|
|
haveblue posted:stuck an exploit in his app and called it hackerone lmaoooo
|
|
#
?
Aug 2, 2022 19:13
|
|
|
haveblue posted:stuck an exploit in his app and called it hackerone 
|
|
#
?
Aug 2, 2022 19:14
|
|
|
haveblue posted:stuck an exploit in his app and called it hackerone https://twitter.com/Crimeonadime/status/1506195513804455939
|
|
#
?
Aug 2, 2022 19:25
|
|
|
haveblue posted:stuck an exploit in his app and called it hackerone
|
|
#
?
Aug 2, 2022 19:31
|
|
|
haveblue posted:stuck an exploit in his app and called it hackerone lmao
|
|
#
?
Aug 2, 2022 19:52
|
|
|
haveblue posted:stuck an exploit in his app and called it hackerone
|
|
#
?
Aug 2, 2022 19:55
|
|
|
Wild EEPROM posted:isogenies is pronounced the same as diogenes behold, a curve
|
|
#
?
Aug 2, 2022 20:17
|
|
|
haveblue's version is better 
|
|
#
?
Aug 2, 2022 21:19
|
|
|
flakeloaf posted:behold, a curve in a NIST man's house there is nowhere to SIKE but his face
|
|
#
?
Aug 2, 2022 23:13
|
|
|
it's happening again https://twitter.com/stephenlacy/status/1554697077430505473
|
|
#
?
Aug 3, 2022 12:19
|
|
|
Chris Knight posted:it's happening again https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/
|
|
#
?
Aug 3, 2022 12:35
|
|
|
still thinking about the great new thread title
|
|
#
?
Aug 3, 2022 13:31
|
|
|
really ties the room together
|
|
#
?
Aug 3, 2022 13:55
|
|
|
https://twitter.com/githubsecurity/status/1554843443200806913?s=21&t=USzIt877Hpw-pRZE2IIMow
|
|
#
?
Aug 3, 2022 16:11
|
|
|
haveblue posted:stuck an exploit in his app and called it hackerone lmao
|
|
#
?
Aug 3, 2022 16:31
|
|
|
anyone here passed the OSEE? we recently had our consultants in-office to show off to the CEO+board of directors and one of the consultants was bragging about passing it. poo poo sounds obscene, a loving 72 hour proctored practical involving 48 hours of practical exploit demonstration and 24 hours of write-up. e: dude said the report he produced in the 24 hours was ~110 pages. like im sure loads of that was filler but still. also documenting every step of the exploit phase was required to an insane degree, to the point that it has to be 100% reproducible. oh and the exploit targets consisted of three disparate AD domains with various relying party trusts and numerous exposed services and poo poo. loving insane Pile Of Garbage fucked around with this message at 19:47 on Aug 3, 2022 |
|
#
?
Aug 3, 2022 19:43
|
|
|
if you aren't following the alex jones trial, and i dont blame you if you arent, his lawyer accidentally gave the sandy hook families lawyers a copy of jones' phone and ignored the lawyers asking if he was sure he meant to do that https://twitter.com/dansolomon/status/1554900413702443016 https://twitter.com/dansolomon/status/1554900775922536451 https://twitter.com/dansolomon/status/1554901464899887104 i guess make extra sure you know which dropbox folder is for the people suing you and which is for your client
|
|
#
?
Aug 3, 2022 19:53
|
|
|
my only experience with Dropbox is syncing 1Password vaults and that has made it seem sketchy enough, is it really certified for legal chain of custody stuff?
|
|
#
?
Aug 3, 2022 20:04
|
|
|
Jenny Agutter posted:my only experience with Dropbox is syncing 1Password vaults and that has made it seem sketchy enough, is it really certified for legal chain of custody stuff? that's a good question imo as this isn't the first time i've seen a cloud storage provider be used for discovery in court cases. i have nfi what the expectations are with that kind of stuff, it seems like everyone just kind of doesn't give a poo poo? unless they're doing a lot of hash validation and poo poo on the side. paging a lawyer i guess
|
|
#
?
Aug 3, 2022 20:12
|
|
|
Jenny Agutter posted:my only experience with Dropbox is syncing 1Password vaults and that has made it seem sketchy enough, is it really certified for legal chain of custody stuff? "Certified". Lol The lawyers in my old office had four options for digital file transfer: * Burn a CD and mail it or fax/mail printed hardcopies * Unauthorized email, personal Dropbox, Google drive links tied to personal accounts * A password protected zipped archive sent over email as a reply all to a large group. With the password to said archive usually in body of the email * Some sketchy file transfer service built in 1997 by an it admin in his spare time who'd retired a decade ago.
|
|
#
?
Aug 3, 2022 20:13
|
|
|
at my last job we delivered the results of a discovery via onedrive I'd trust that or dropbox or google drive over most of the other solutions lawyers dream up
|
|
#
?
Aug 3, 2022 20:16
|
|
|
duz posted:i guess make extra sure you know which dropbox folder is for the people suing you and which is for your client
|
|
#
?
Aug 3, 2022 20:21
|
|
|
lol I don’t know what I expected. a bit surprising given that charter just got a $7billion judgement against them based partly on the provenance of a forged contract
|
|
#
?
Aug 3, 2022 20:26
|
|
|
We just recently moved over to Egnyte and they have quite a few legal-specific holds and PII sensitive content classifications and governance but you have to pay extra for some of the more advanced features. It still beats emailing an archive or attaching plain documents to email... we can at least restrict access to a specific external user account and force MFA setup before sharing access or a link.
|
|
#
?
Aug 3, 2022 20:26
|
|
|
law firms love PST files and have insanely expensive rubrics built around PST ingestion and indexing. that is why you can still export to PST from microsoft 365 security & compliance/purview
|
|
#
?
Aug 3, 2022 20:28
|
|
|
Dr_0ctag0n posted:We just recently moved over to Egnyte sounds like you're all smiles
|
|
#
?
Aug 3, 2022 20:44
|
|
|
flakeloaf posted:sounds like you're all smiles I inherited like 20 years worth of hosed up mismanaged poo poo when I started this job and every little bit definitely helps. Lmao sorry if it sounded like an ad. It's like a miracle to finally get rid of ~5 fileservers with about 60 shares and zero permissions control. Seems like whoever was managing these were just like "well, this drive is full, let's use this one over here...who can see it? Meh, just give everyone access" for decades. ☠️
|
|
#
?
Aug 3, 2022 20:51
|
|
|
love to find poo poo like \\dfs.example.com\AdminScripts where it's just a pile of PS scripts and Domain Users has read+write. inserting back-doors into scripts as an unprivileged user and waiting for them to be run by privileged users is just great. e: see also PS scripts on a server that are executed by a Scheduled Task as SYSTEM and yet Users have read+write on the script, great way to elevate.
|
|
#
?
Aug 3, 2022 20:55
|
|
|
|
| # ? Jun 5, 2024 11:58 |
|
|
Pile Of Garbage posted:love to find poo poo like \\dfs.example.com\AdminScripts where it's just a pile of PS scripts and Domain Users has read+write. inserting back-doors into scripts as an unprivileged user and waiting for them to be run by privileged users is just great. I keep seeing people leaving plaintext domain admin creds in ps scripts on their desktop.
|
|
#
?
Aug 3, 2022 21:23
|
|
