|
I laughed much harder than I should have at this. Friday morning owns.
|
# ¿ Jan 31, 2020 16:06 |
|
|
# ¿ May 22, 2024 09:00 |
|
The Fool posted:They had a contact, the responding deputies verified their identities and were about to let them go when the sheriff showed up and decided to be a cock mongrel about “his building” Yeah it was this.
|
# ¿ Jan 31, 2020 19:15 |
|
Yeah I feel like it goes a bit like that.
|
# ¿ Feb 6, 2020 16:47 |
|
Amazing.
|
# ¿ Feb 10, 2020 17:52 |
|
The local University here also uses public IP space for each of the departments. Within the department is a private network and within the campus datacenter there is a private network, but all space between them is 100% public. Also each department has their entirely own network complete with different IT staff and what I will hazard to call "architecture".
|
# ¿ Mar 4, 2020 16:56 |
|
duz posted:Whatever the one built into Windows is called. e: Wow what a lovely page snipe.
|
# ¿ Mar 10, 2020 19:09 |
|
I'm only JUST winning the battle of disabling SMBv1 on my infrastructure, so alright I guess. We also have 1803 on our desktops, so alright x2 I guess.
|
# ¿ Mar 12, 2020 15:54 |
|
I'm not even going to start on the struggle I'm having getting people to buy in to PAW, but know it is not a fun one.
|
# ¿ Mar 12, 2020 16:14 |
|
Yep. Enterprise. Apparently our desktop team is fighting to upgrade, but I don't know to what (hopefully not 1809) and I don't know how that's going. Other question: Is there any reason an API would not use OAuth over the internet other than "because it's hard"?
|
# ¿ Mar 12, 2020 17:12 |
|
Potato Salad posted:Where do you work? I want to get some of that free money. There are even worse things inside my network right now; if you can believe that. Does anyone have experience with Airlock Digital? My company is putting them up against Carbon Black for application whitelisting and I only know what their sales team has told me (which, I'm sure you can understand, I take with a massive grain of salt).
|
# ¿ Mar 12, 2020 20:40 |
|
Potato Salad posted:every motherfucker who complained about getting blindsided by this has an X painted on their back Honestly I'm paying big attention to where I hear these coming from.
|
# ¿ Jul 8, 2022 17:10 |
|
CLAM DOWN posted:nothing is free Except the airline losing your bag. That one's on the house. I will also be reporting in at B-Sides and DefCon next week. DkHelmet posted:Essential stuff: skytalks and villages. Nailed it.
|
# ¿ Aug 2, 2022 21:10 |
|
CLAM DOWN posted:that guy sounds like a massive piece of poo poo not empty quoting
|
# ¿ Aug 18, 2022 21:14 |
|
CLAM DOWN posted:lol. lmao. This perfectly sums up my reaction. Burn it to the ground. The fallout will likely be impressive.
|
# ¿ Sep 16, 2022 05:43 |
|
Yeah powershell actively yells at you about using plain text and you need to specifically change your code to work with a regular cred string as opposed to a credential object. It's incredible they went so far to do it wrong.
|
# ¿ Sep 16, 2022 22:54 |
|
Thanks Ants posted:Full tunnel is great if you want the user experience to be poo poo Sickening posted:Its like I am in a time machine and its 2010 all over again. My company's terrible remote IT strategy over the last few years is being called out.
|
# ¿ Mar 15, 2023 22:01 |
|
As of last night and seeing which screen grabs on discord could be expanded, I can see it does not appear to have been retroactively applied at this time. Maybe that's changing, but it doesn't seem to be right now.
|
# ¿ Mar 22, 2023 16:55 |
|
Sickening posted:I am got out of a meeting this morning because some vp was upset that they were prevented from uploading their personal tax filing to their browser on their work computer. They weren't in trouble for doing it, they were just prevented through DLP and were ANGRY. My life is this, but with every employee wanting to use gdrive because "it's how I want to do things". I work at a bank and it is explicitly stated in our policy that uploading to cloud storage that isn't our OneDrive or ShareFile is not allowed.
|
# ¿ May 2, 2023 20:16 |
|
Nearly all my coding is interacting with APIs these days as I write automations into our SOAR. Would I say I'm good at coding? Hell no. I'm good enough to make the drat thing work and comment it for the next guy though.
|
# ¿ May 3, 2023 17:46 |
|
CLAM DOWN posted:I want one of these but they're like $400 CAD which is hard to justify. Yeah they're pretty rough in price up here. I managed to turn mine into a pineapple though (among other things), so hey 2-for-1 toys aren't a bad deal.
|
# ¿ Jun 13, 2023 17:28 |
|
Thanks Ants posted:No you see to be compliant with what this third party says we have to give up our passwordless identity platform and return to enforced password complexity with 30 day expiration. This hits close to home and is, in fact, the topic of a meeting I currently am suffering through.
|
# ¿ Jun 29, 2023 20:27 |
|
Defenestrategy posted:Can yall give me some insight into how yall triage/remediate your pentest/scan tickets. This is the issue with Vulnerability Management in general. When I was in charge of vuln management in my shop, the only way to really grab this traction was change from above. Leadership needed to change some expectations to make it very known that the remediation of these issues is both tracked and scrutinized in relation to the gauge of performance for any given team. Once that trickles down to team managers this will actually start to move forward. There's a good chance you'll need to help build a process with those teams to deal with your requests specifically, but once that's all done you should see a pretty significant turn around in efficacy. tl;dr - it's a long road mostly governed by people than by tech.
|
# ¿ Jul 19, 2023 17:32 |
|
https://twitter.com/vxunderground/status/1701758864390050145 You really love to see it
|
# ¿ Sep 13, 2023 17:03 |
|
Defenestrategy posted:Bluesnarfing, Bluebugging, bluejacking. At least buy me a couple drinks first.
|
# ¿ Sep 14, 2023 16:46 |
|
Cannon_Fodder posted:I'm inheriting a massive vulnerability debt and taking on a vulnerability management position with very little experience. Welcome to vuln management. It doesn't get better. I ran our vuln management for about 4 years before building it out to something proper that can be reasonably handled by another team (in the security office). I like to think I've seen everything, but please do prove me wrong with any novel nightmares you come across.
|
# ¿ Sep 20, 2023 17:34 |
|
Sickening posted:My CISO is looking to expand the scope of security even more. They have a vision of SecOps to architect, create, deploy, and maintain OS vuln, app vuln, config vuln, network vuln, and CI/CD vuln for every aspect of the company. The very notion of "we can't rely on the rest of the company to do what we demand, so we are going to do it ourselves" and its never going to loving work. Our teams are going to crush themselves under boundless scope and responsibility. We are just going to fail. That scope is purely infinite and is not achievable under any circumstance Obviously you know this, I'm just doubling down on it seems you have a CISO who has taken to heart the idea of "if you want something done, do it yourself". Here's you hoping you can talk them out of it and into a more reasonable path of process creation to hand out specific remediation work. Let it be known I also hate this solution in smaller corps, but I will take it over either the extremes of 'we do it all' and 'pray other teams do it themselves'.
|
# ¿ Sep 20, 2023 19:13 |
|
I have been tasked with standing up an OpenCTI instance for us; sure sounds great. Anyone ever build this before or am I essentially being given another pet project for me to turn into the greybeard over?
|
# ¿ Sep 20, 2023 21:33 |
|
FungiCap posted:Soooo is everyone else seeing a massive increase in QR code phishing for o365 logins? Yep there are a few distinct campaigns constantly hitting us. Good times.
|
# ¿ Sep 21, 2023 20:03 |
|
Thanks Ants posted:I just assumed they weren't because of the amount that are getting through Most of what we see are QR codes stuck in images which probably breaks the parsing.
|
# ¿ Sep 21, 2023 20:38 |
|
MustardFacial posted:TIL: Defender for Endpoint will send an informational alert to the dashboard if you plug in a Flipper Zero. Sometimes more than just Defender will alert on it depending what your environment is configured to look for! First hand experience with that one. Not all of the interactions I ran were picked up (expected), some were blocked via USB policies, and others I think I didn't write properly. I am the SOC guy that was testing detections. some kinda jackal posted:-- I spent enough time in an operational security role to know better than to throw a grenade to those poor souls Appreciated lol
|
# ¿ Nov 23, 2023 18:20 |
|
evil_bunnY posted:Also since everyone else can't be in, all your meetings on your office days will be remote or hybrid. Yes our offices are open plan why do you ask? This is my exact problem when I have to go into the office. I tend to go in on Friday because nobody else is there and I will not have to deal with listening to everyone on my floor have a Teams meeting where they scream at their laptops. However this means I am usually one of two people in the office that day; how is this helping the "culture" again? Moron execs push RTO.
|
# ¿ Jan 17, 2024 18:51 |
|
I have absolutely no idea how you fell into their game of numbers if you don't even have an account at the bank. Perhaps an assumption that most people have an account at the major institution? An odd place to 'never attribute malice when incompetence will do', but it's hard to imagine anything other than they don't know who they're targeting. From the FI side of that encounter, there has been a pretty large upswing in persistent ATOs (or at least attempts) as of recent. Once again though, I have no idea why they would come after you if there was nothing to gain access to.
|
# ¿ Jan 18, 2024 19:14 |
|
It's impressive how good meeting room tech has got when everyone wants nothing more than to never set foot in an office again lol.
|
# ¿ Jan 23, 2024 18:11 |
|
Man they're really having a hell of a time over there aren't they?
|
# ¿ Jan 31, 2024 19:04 |
|
Thanks Ants posted:Implies they’re rotating them by having a person click a button and someone didn’t do it This is exactly how I read that.
|
# ¿ Feb 2, 2024 17:57 |
|
MustardFacial posted:Vibe check this statement for me: True and accurate. Might want to soften the blow depending on the audience, but I have had many conversations with managers that sound like this. Your second shot at it right above this is a good edit to ensure nobody decides to throw a tantrum over you being curt, while still sending the same message.
|
# ¿ Feb 15, 2024 21:40 |
|
Potato Salad posted:... we're still working under the presumption that iMessage is compromised in the Chinese market right? Absolutely.
|
# ¿ Feb 22, 2024 19:24 |
|
Subjunctive posted:we got Amir! We're all cheering for the man.
|
# ¿ Apr 18, 2024 17:07 |
|
|
# ¿ May 22, 2024 09:00 |
|
I'm sure the real answer is they do absolutely loving nothing.
|
# ¿ Apr 26, 2024 17:41 |