|
Sirotan posted:Anybody here have to use Tenable(.io)? They finally got rid of the Vulnerabilities and Assets 'workbenches' and jesus gently caress WHY. You can no longer do things like, at a glance see the total number of unique vulns in your environment. You get ">1000". Want more detail than that? gently caress you. Wanna see how many devices are currently vulnerable to one specific exploit? They'll tell you, if it's under 500 devices. If it's over 500, you only get to see ">500". Wanna export some data? You can select 5 items, or you can select all items. Nothing in between. Can't generate a report from the data because there are too many lines(???). Want to just export all the raw data with no filters applied so you can deal with it in Excel instead like a sane person? Lol, you can't, the export just silently fails. Have a look at intruder.io. Leverages the same tool and gives you a better understanding of your software\hardware posture. Basically, a nicer UI and easier to understand ways to correct actions.
|
#
?
Jun 2, 2023 07:46
|
|
|
|
| # ? May 30, 2024 09:21 |
|
|
incoherent posted:Have a look at intruder.io. Leverages the same tool and gives you a better understanding of your software\hardware posture. Basically, a nicer UI and easier to understand ways to correct actions. This seems interesting but their pricing is outrageous. Their pricing slider maxes out at 3% of our total number of assets and their cheapest plan would cost us $265,000/yr at that rate lol. I'm sure we could negotiate some kind of volume discount but just deep sixing Tenable for something else would probably end up costing us a fraction of that. But I do appreciate the suggestion.
|
|
#
?
Jun 2, 2023 16:34
|
|
|
Lol tier one at Zendesk just sent out a ticket acknowledgment to a bunch of recipients including CEOs of Home Depot, Delta Airlines, Chick-Fil-A and many more. Someone is gonna get a talkin to.
|
|
#
?
Jun 3, 2023 18:38
|
|
|
klosterdev posted:Gigabyte built a firmware-level backdoor into their motherboards https://arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/amp/ So this thing has been around a while, the last one I recall was ASUS. The fault is really Windows insanity, of course. Basically, the BIOS advertises to windows "Hey why don't you run this binary as superuser without validating anything or prompting the user, please?" and Windows does it, with no way to disable. The idea is the motherboard mfg can provide a driver update launcher or that sort of thing. Which is what they were trying to do, but of course it's a horrible insecure piece of poo poo, as all motherboard 'updater' packages are. It's not some hypervisor rootkit bullshit or anything. It notably only affects Windows because no other OS is stupid enough to do this poo poo.
|
|
#
?
Jun 3, 2023 19:11
|
|
|
Sirotan posted:Anybody here have to use Tenable(.io)? They finally got rid of the Vulnerabilities and Assets 'workbenches' and jesus gently caress WHY. You can no longer do things like, at a glance see the total number of unique vulns in your environment. You get ">1000". Want more detail than that? gently caress you. Wanna see how many devices are currently vulnerable to one specific exploit? They'll tell you, if it's under 500 devices. If it's over 500, you only get to see ">500". Wanna export some data? You can select 5 items, or you can select all items. Nothing in between. Can't generate a report from the data because there are too many lines(???). Want to just export all the raw data with no filters applied so you can deal with it in Excel instead like a sane person? Lol, you can't, the export just silently fails. I use it daily across multiple tenancies. Some still have access to the old workbenches. It does suck you can't see totals over 1000 at a glance anymore but you can still get the total if you export the data. Not sure what sort of data you're talking about with the 'select 5 or all items' thing, where are you running into that?
|
|
#
?
Jun 3, 2023 19:58
|
|
|
Hughmoris posted:At this point, I'm tempted to have them go back to writing all their passwords on a sheet of paper and hiding it in the house. They are much more likely to get hacked than to have a nefarious person in their house sorting through important documents.
|
|
#
?
Jun 3, 2023 21:55
|
|
|
victorious posted:I use it daily across multiple tenancies. Some still have access to the old workbenches. It does suck you can't see totals over 1000 at a glance anymore but you can still get the total if you export the data. Not sure what sort of data you're talking about with the 'select 5 or all items' thing, where are you running into that? I'll have to confirm Monday but it should be Findings, grouping by Plugin? You can select 5 plugins to export, but if you select a 6th the Export button just disappears. It will reappear if you select everything. My coworker reached out to Tenable support on this, thinking something was wrong, and was told that was working as intended.
|
|
#
?
Jun 4, 2023 03:02
|
|
|
Sirotan posted:I'll have to confirm Monday but it should be Findings, grouping by Plugin? You can select 5 plugins to export, but if you select a 6th the Export button just disappears. It will reappear if you select everything. My coworker reached out to Tenable support on this, thinking something was wrong, and was told that was working as intended. Weird, I'll have to check that myself. Not the sort of export I commonly do though. Tenable has a bunch of weird quirks that should probably be expected given how quickly they've acquired other companies and bolted their solutions onto their own. The worst one for me currently is that if you scan one asset using two methods that can't 'see' each other, that one asset uses two licenses.
|
|
#
?
Jun 4, 2023 07:38
|
|
|
victorious posted:Weird, I'll have to check that myself. Not the sort of export I commonly do though. Tenable has a bunch of weird quirks that should probably be expected given how quickly they've acquired other companies and bolted their solutions onto their own. The worst one for me currently is that if you scan one asset using two methods that can't 'see' each other, that one asset uses two licenses. Yes we're having that problem too and it creates hundreds to thousands of duplicates depending on how long we wait in between manual pruning sessions. Tenable has no fix for us. And yes can confirm it happens in Findings when grouping by Plugin, but also by Asset. Doing an export of all data isn't an option as it just fails if I don't have at least a couple filters already applied. The network scanner and agents are fine, the interface is absolute garbage. Support also sucks! Edit: have also just learned that with the new workbenches you can no longer do a word search for vulns when viewing an individual asset Edit 2: nevermind its still there but you have to launch an entirely new tab to do it? and you have to create a search filter and none of the search operators is "contains"???? Sirotan fucked around with this message at 18:35 on Jun 5, 2023 |
|
#
?
Jun 5, 2023 15:01
|
|
|
Sirotan posted:
You can so a 'contains' search by using the 'is equal to' option and putting asterisks (wildcards) around your search term.
|
|
#
?
Jun 5, 2023 19:18
|
|
|
victorious posted:You can so a 'contains' search by using the 'is equal to' option and putting asterisks (wildcards) around your search term. Yes but also you used to just be able to do a keyword search directly from the asset page that did not need to reload an entire asset's worth of data to perform. They have done a lot of work to consolidate the ways you can interact with data, and so far every single one is worse, and requires exponentially more work than what they took away.
|
|
#
?
Jun 5, 2023 20:07
|
|
|
Can any of you recommend an app control solution that isn't hot garbage? I need it to do some basic things. 1: A collective app inventory of all apps across workstations/hosts 2: A system of allow/deny list of app execution 3: decent macOS support Shot in the dark, but chime in if you have recently worked with something.
|
|
#
?
Jun 7, 2023 20:07
|
|
|
Give Kandji a shot. It's Apple-only but then so are most of the best things for that platform.
|
|
#
?
Jun 7, 2023 20:10
|
|
|
Sickening posted:Can any of you recommend an app control solution that isn't hot garbage? I need it to do some basic things. App inventory is probably going to be a separate tool. App control depends on what you want. Very strict control? Carbon Black App Control gets extremely specific, but has a pretty high overhead on the client. Just want to control elevation and blanket deny some apps? Beyond Trust can do that. Mac is better left to Mac specific tools. There isn’t going to be any policy overlap because of the way endpoints handle privilege management and app execution, so don’t try for a ‘single console’.
|
|
#
?
Jun 7, 2023 20:18
|
|
|
Sickening posted:Can any of you recommend an app control solution that isn't hot garbage? I need it to do some basic things. You can check out Defender for Endpoint, it can do most of this. It can't deny list on Mac, at least last I checked, but I expect it will soonish.
|
|
#
?
Jun 7, 2023 20:59
|
|
|
https://www.rapid7.com/blog/post/2023/06/08/etr-cve-2023-2868-total-compromise-of-physical-barracuda-esg-appliancesquote:As of June 6, 2023, as part of an ongoing product incident response, Barracuda is urging ESG customers to immediately decommission and replace ALL ESG physical appliances irrespective of patch level. alrighty then
|
|
#
?
Jun 8, 2023 19:16
|
|
|
I'm sure people will heed that advice but they will replace them with non-Barracuda appliances. How have they hosed up so badly that the software running on the box cannot prevent a firmware-level compromise?
|
|
#
?
Jun 8, 2023 19:36
|
|
|
Thanks Ants posted:I'm sure people will heed that advice but they will replace them with non-Barracuda appliances. How have they hosed up so badly that the software running on the box cannot prevent a firmware-level compromise?
|
|
#
?
Jun 8, 2023 19:39
|
|
|
I meant that from their description it's a vulnerability in their software which can be exploited to somehow make the thing persistent, it seems weird that whatever that vulnerability is can't be fixed without hardware replacement.
|
|
#
?
Jun 8, 2023 19:46
|
|
|
I'll be generous and assume that the system is so thoroughly compromised that the only way to ensure there's no bad actor remaining is to wipe and start over.. .. except that the factory restore partitions are also probably vulnerable to having been tampered with, .. and there's no easy way to introduce a wipe/restore via any USB ports that may or may not exist. So I'm imagining the only secure way to be sure you have a clean unit is to literally get sent a new one from the factory. I'm making some strong assumptions about a device I've only ever seen in passing.
|
|
#
?
Jun 8, 2023 19:54
|
|
|
Everything I've touched from Barracuda has been poo poo so it's possible that different generations of hardware were developed by different outsourced teams and they can't get the people together any more to guarantee a way of cleaning this up
|
|
#
?
Jun 8, 2023 20:02
|
|
|
Thanks Ants posted:Everything I've touched from Barracuda has been poo poo so it's possible that different generations of hardware were developed by different outsourced teams and they can't get the people together any more to guarantee a way of cleaning this up
|
|
#
?
Jun 8, 2023 20:30
|
|
|
Sickening posted:Can any of you recommend an app control solution that isn't hot garbage? I need it to do some basic things. Intune/Defender365 for windows, Jamf or Kandji for macs. Intune is getting there for macos/iOS and honestly it'll probably be one of the best solutions for it pretty soon, but for now you need Apple specific solutions for apple specific problems. it's weird but imo the features Microsoft has been bringing to Intune for apple systems are like, best in class or at parity, supported feature by supported feature. They're catching up but making sure they're quality when doing so.
|
|
#
?
Jun 8, 2023 20:43
|
|
|
Been seeing a lot of management figures suddenly caring about app control hmmm 🤔
|
|
#
?
Jun 8, 2023 20:47
|
|
|
Potato Salad posted:Been seeing a lot of management figures suddenly caring about app control hmmm 🤔 Its a a cycle. The business decides they want to break free from draconian/slow processes to get apps on workstations so they loosen controls and let users install their own poo poo. This leads to employees not being able to have nice things as employees abuse this privilege by making bad decisions and or outright being malicious. Then the cycle of "we have to control what people are doing" comes back and the cycle begins again.
|
|
#
?
Jun 8, 2023 21:35
|
|
|
It took far longer than it should have for native OS-level methods of "elevate with approval/justification" to appear, and that combined with departments making software procurement choices without IT involvement has held back a lot of the efforts to run everything as a standard user account. Not sure you're ever going to fix the software procurement thing but at least IT can point at laws with gigantic fine potential behind them when pushing back on awful ideas.
|
|
#
?
Jun 8, 2023 21:39
|
|
|
|
|
#
?
Jun 8, 2023 23:32
|
|
|
That sudo that you do so well
|
|
#
?
Jun 8, 2023 23:36
|
|
|
Sickening posted:Can any of you recommend an app control solution that isn't hot garbage? I need it to do some basic things. Tanium
|
|
#
?
Jun 9, 2023 00:20
|
|
|
Thanks Ants posted:I'm sure people will heed that advice but they will replace them with non-Barracuda appliances. How have they hosed up so badly that the software running on the box cannot prevent a firmware-level compromise? It generally means that the attackers found a way to modify the device's baseboard management controller and/or the BIOS, so that even if you wipe the firmware entirely, the bad stuff just gets reinjected from the BMC. Such fuckups are alas not uncommon, see ILOBleed from 2021: https://thehackernews.com/2021/12/new-ilobleed-rootkit-targeting-hp.html
|
|
#
?
Jun 9, 2023 00:54
|
|
|
I can’t remember if it was this thread or somewhere else, but I remember seeing people talk about a little pocket gadget in a small plastic case that had a little LCD, some buttons, a bunch of GPIO pins and did things like SWD/JTAG and maybe RFID cloning etc. Apropos of literally absolutely nothing, does anyone remember what the hell it is I’m thinking of? It just popped into my head yesterday. I’m not looking to buy one or anything, I have plenty of hardware interfaces and don’t need a gimmicky pocket-able perimeter tester but at this point it’s just driving me nuts that I can’t recall this absolutely pointless (to me) gadget I came across in a thread on a forum. Clearly I have nothing better to worry about.
|
|
#
?
Jun 13, 2023 11:16
|
|
|
some kinda jackal posted:I can’t remember if it was this thread or somewhere else, but I remember seeing people talk about a little pocket gadget in a small plastic case that had a little LCD, some buttons, a bunch of GPIO pins and did things like SWD/JTAG and maybe RFID cloning etc. Flipper Zero?
|
|
#
?
Jun 13, 2023 11:28
|
|
|
Yeah, that’s the one, thanks!! I have no idea what to do with this information but know that you basically saved me from an unhealthy amount of google searching random terms today.
|
|
#
?
Jun 13, 2023 11:34
|
|
|
I swear it feels like groundhogs day every 6 months with FortiGate SSL VPN RCE's.
|
|
#
?
Jun 13, 2023 15:46
|
|
|
some kinda jackal posted:I can’t remember if it was this thread or somewhere else, but I remember seeing people talk about a little pocket gadget in a small plastic case that had a little LCD, some buttons, a bunch of GPIO pins and did things like SWD/JTAG and maybe RFID cloning etc. Someone used a flipper zero to open someone else's tesla charging port (at least I think it was someone else's)
|
|
#
?
Jun 13, 2023 16:08
|
|
|
some kinda jackal posted:Yeah, that’s the one, thanks!! I have no idea what to do with this information but know that you basically saved me from an unhealthy amount of google searching random terms today. basically every pseudo influencer has a youtube video of them wearing an anonymous mask holding it up with the title "HOW TO HACK" so if you ever forget again, there you go.
|
|
#
?
Jun 13, 2023 17:15
|
|
|
There are infosec influencers?  My Youtube recommendations are all Mustie1 and Techmoan, I'm not sure I want to upset the algo 
|
|
#
?
Jun 13, 2023 17:22
|
|
|
Mustache Ride posted:Tanium I could not wait to get away from this lovely loving product and I only had to deal with it for like 6 months. No thank you. some kinda jackal posted:There are infosec influencers? Of course there are. There's influencers for everything.
|
|
#
?
Jun 13, 2023 17:22
|
|
|
Internet Explorer posted:Of course there are. There's influencers for everything. I mean I'm not entirely sure why I'm so surprised here 
|
|
#
?
Jun 13, 2023 17:23
|
|
|
|
| # ? May 30, 2024 09:21 |
|
|
Brut posted:Flipper Zero? I want one of these but they're like $400 CAD which is hard to justify.
|
|
#
?
Jun 13, 2023 17:24
|
|
