|
CLAM DOWN posted:https://nakedsecurity.sophos.com/2017/09/17/vevo-hacked-3-12-tb-of-data-leaked/ That guy is super smart.
|
# ¿ Sep 18, 2017 20:50 |
|
|
# ¿ May 8, 2024 10:02 |
|
Diva Cupcake posted:dont touch the poop, etc.
|
# ¿ Sep 25, 2017 22:34 |
|
Thanks Ants posted:I think it's great that Deloitte are such a shitshow. These are the people that will turn up at your office and list everything that Nessus finds as being a vulnerability that needs to be secured right now, and need help getting their laptop onto a VLAN so they can scan it. Good to know it's clowns all the way down. https://krebsonsecurity.com/2017/09/source-deloitte-breach-affected-all-company-email-admin-accounts/ It gets worse.
|
# ¿ Sep 25, 2017 23:36 |
|
"Nobody can get us in the cloud!" Oops
|
# ¿ Sep 26, 2017 00:37 |
|
CLAM DOWN posted:https://autodiscover.deloitte.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fautodiscover.deloitte.com%2fecp That's nice.
|
# ¿ Sep 26, 2017 17:41 |
|
|
# ¿ Sep 28, 2017 23:58 |
|
Didn't see it in the past few pages, but have we discussed this yet? https://www.popsci.com/vpnfile-malware-reboot-router FBI is saying that VPNFilter has 3 stages, and rebooting your router kills the 3rd stage, but considering it doesn't claim to do anything for the 1st and 2nd stage infection....this suggestion doesn't really do anything? The article on VPNFilter specifically states it persists of the router is rebooted (because of course it does) https://en.wikipedia.org/wiki/VPNFilter
|
# ¿ Jun 1, 2018 14:55 |
|
evil_bunnY posted:IIRC A factory reset kills the runtime, and after they seized the c2 domain the bootlader can’t grab the runtime and fails silently to normal operation. The problem is of course that none of these POS devices have any kind of security updates process, so they’re effectively just waiting for the next exploit to come along. From what I'm reading, Stage II is the actual malware and for me would be the largest issue, because its active after every reboot and can receive instruction and actually carry out tasks. According to what I'm reading, Stage III is just optional modules that can be installed. So unless you actually do get a full firmware update, its persistent.
|
# ¿ Jun 1, 2018 15:43 |
|
Jabor posted:Where's it going to receive commands from? If the infection persists, someone will figure out how to send commands to them, abandoned or not. Seems like a hard reset will wipe out stage 1, but also depends upon the default credentials being changed.
|
# ¿ Jun 1, 2018 15:46 |
|
What, is FSLabs past time to just do really, really sketchy things to protect their products? Because that's sketchy as hell. I cannot recall the last thing they did, but I know it pissed off a lot of their customer base. E: Oh yeah, it scraped your Chrome passwords if activated improperly.
|
# ¿ Jun 1, 2018 17:41 |
|
I really want to do more CTFs, but I really need to brush up on my pen testing skills
|
# ¿ Apr 7, 2019 03:27 |
|
OSU_Matthew posted:I’m currently working through this for personal edification at this point, but this is a good resource for OSCP, which is all the hacky bits: Gonna try this, I've been playing with Metaploit/Rapid 7s Metasploitable, but that's a CTF on EASY mode, you can get root right off the bat, and its open to every exploit under the sun. I've got a virtual security lab with a bunch of flavors of Windows and Windows Server plus some RHEL and Debian boxes segregated by a PfSense VM and a Virtual Switch.
|
# ¿ Apr 7, 2019 17:40 |
|
D. Ebdrup posted:I don't know if pfSense ships with netgraph modules, but if it does you can use ng_bridge(4) and ng_ether(4) to do switching (plus, there's ng_netflow if you need that). Alternatively, netmap can be used to create a vale(4) software switch that can easily do +70Gbps on relatively inexpensive hardware. I'm mostly using Xen's built in Virtual Switching feature, but yeah thanks for suggesting netgraph!
|
# ¿ Apr 7, 2019 19:05 |
|
Brilliant. Brilliant. "Just grabbed this Chinese spy, QUICKLY I MUST PLUG IN HER USB DRIVE!"
|
# ¿ Apr 8, 2019 21:22 |
|
xThrasheRx posted:https://www.bbc.com/news/business-47724438 Well they are quoting Check Point security, which does not raise my confidence in their product.
|
# ¿ Apr 10, 2019 13:27 |
|
"You see, if we make (insert crime here) unprofitable, it'll go away" Genius, if only all laws worked this way!
|
# ¿ Apr 10, 2019 14:25 |
|
Absurd Alhazred posted:Holy poo poo, @CthulhuSec! Fucker wanted to setup a paid child porn site? Jesus....
|
# ¿ Apr 12, 2019 18:33 |
|
Proteus Jones posted:Millions using 123456 as password, security study finds Hell, millions still use CommieGIR fucked around with this message at 21:51 on Apr 22, 2019 |
# ¿ Apr 22, 2019 03:56 |
|
I love spellcheck, and you guys are all great.
|
# ¿ Apr 22, 2019 21:52 |
|
Had to open an.l incident because a user shared his private key rather than his public.
|
# ¿ Apr 26, 2019 02:48 |
|
I've lost a lot of respect for him, since his goal is apparently to piss off the infosec field by outing people.
|
# ¿ Apr 28, 2019 23:05 |
|
So I'm starting to play with port knocking as a back door method in case my OpenVPN instance dies, pretty neat.
|
# ¿ May 5, 2019 01:21 |
|
Raenir Salazar posted:Anyone use Suricata on ubuntu? I followed some tutorials but I can't get it to detect/log my pings between two VMs. I have a box running SELK, which is Suricata running with the ELK stack for reporting and analytics.
|
# ¿ May 10, 2019 03:16 |
|
CLAM DOWN posted:What's your opinion on Azure Sentinel, Lain? We just had a demo today for this, more next week
|
# ¿ May 11, 2019 00:29 |
|
CLAM DOWN posted:I'm quite literally excited for your take on this. We're also examining Logarythm, which has some really cool features like Incident quick actions and playbooks. Sentinel also has playbooks, and quick or auto actions based on alerting.
|
# ¿ May 11, 2019 02:51 |
|
Lain Iwakura posted:Stay the gently caress away from LogRhythm. I don't know if that will be up to me, but please give me some talking points? We currently have Symantec MSS, which is garbage. We have Splunk, but we don't have anyone capable of building out a working Security dashboard. I mean, I use ELK a lot without issue...
|
# ¿ May 11, 2019 15:26 |
|
Lain Iwakura posted:Lack of available extractions and availability of apps, their API was trash for the longest time and is still their biggest weakness, and it's really poor at scaling. Splunk's problem is that it requires ES and is a complete crapshoot when it comes to licensing these days, but at least it scales and has a variety of half-decent apps available. The Security suite they showcased is fantastic looking, I hope its not just a farce. Most of the other engineers on my team are already sold, and we're bringing on a Managed Services team to help build/configure it.
|
# ¿ May 11, 2019 20:12 |
|
Lain Iwakura posted:
Yeah, I wish I had more to go off of to sway the other engineers away from Logrythm, then
|
# ¿ May 11, 2019 20:57 |
|
Lain Iwakura posted:We use CyberArk and have little complaints. It will even record RDP and SSH sessions. CyberArk is what we are using as well.
|
# ¿ May 14, 2019 00:50 |
|
The Microsoft Sentinel demo did not go well, unfortunately.
|
# ¿ May 15, 2019 03:18 |
|
Mustache Ride posted:What else have you looked at? Sentinel Splunk Logrythm IBM QRadar One or two others that were not really that impressive.
|
# ¿ May 15, 2019 18:42 |
|
Lucid Nonsense posted:Really? I haven't seen that issue unless the forwarding agent isn't rfc5424 compliant. Snare works fine, but the Datagram syslog agent just truncates the messages. That is our current issue, Snare is just converting Event Forwarding logs and ruins the formatting.
|
# ¿ May 15, 2019 20:30 |
|
Mustache Ride posted:Are you grabbing them as XML or just using the default WinEventLog Splunk collector? I'm going to assume the latter. I was not involved in configuring it, and was before my time.
|
# ¿ May 15, 2019 21:56 |
|
Lucid Nonsense posted:How much time would you guys say you spend learning and configuring with ELK? With my SELK setup, which is an IDS/IPS + ELK, it was fairly simple to do. Tested it with a could of my honeypots and got good results.
|
# ¿ May 16, 2019 14:48 |
|
"You'll get no bounty and we'll sue you if you release it"
|
# ¿ May 24, 2019 02:38 |
|
AlternateAccount posted:I expect Harley Davidson to have a conference on rider safety with Evel Kneivel as keynote any day now. Oh my god no.
|
# ¿ May 31, 2019 02:32 |
|
Seam is how I pronounce it
|
# ¿ Jun 10, 2019 21:57 |
|
Apparently China carried out another BGP hijack against the EU on the 7th
|
# ¿ Jun 11, 2019 04:42 |
|
Fair enough, unintentional hijack.
|
# ¿ Jun 11, 2019 17:55 |
|
|
# ¿ May 8, 2024 10:02 |
|
Saukkis posted:We really need more non-profit associations or other organisations to run services like these, and other services useful for internet. Don't want to rely on individuals or businesses for something like this. There really does. Much like a lot of the best Security/Hacking tools are open source and community driven.
|
# ¿ Jun 12, 2019 03:02 |