|
dang, I should consider myself lucky to have an actively involved CISO (first cyber job and first time working w/ a CISO). Our team is fairly small so idk if that helps.
|
# ¿ Feb 23, 2021 23:13 |
|
|
# ¿ May 12, 2024 02:24 |
|
Unauth Vcenter RCE through vsphere client, yay! https://twitter.com/WeisterCreek/status/1364319729515716612?s=20
|
# ¿ Feb 24, 2021 20:22 |
|
90% sure related to this: https://blog.rapid7.com/2021/03/02/indiscriminate-exploitation-of-microsoft-exchange-servers-cve-2021-24085/ OWA -> Webshell -> Cred dump from the looks of it
|
# ¿ Mar 2, 2021 23:51 |
|
ok so I’m definitely seeing a lot of 404s for attack details I was able to access an hour ago.
|
# ¿ Mar 3, 2021 01:29 |
|
trashy owl posted:They took it down because it was written before the advisories came out (from what I heard). I'd bet on a new version coming out tomorrow. It’s easy enough to find the cached copy. Cat’s already out of the bag etc etc but always fun to collate information between sources/ initial observations. https://webcache.googleusercontent....n&ct=clnk&gl=us
|
# ¿ Mar 3, 2021 03:41 |
|
What’s everyone’s favorite cryptography character? Big fan of Trudy myself
|
# ¿ Mar 9, 2021 04:15 |
|
the internet was a mistake
|
# ¿ Mar 11, 2021 04:31 |
|
so the exchange proxylogon PoC is out in the wild. MS removed the original researcher’s upload, but streisand effect and all that
|
# ¿ Mar 11, 2021 22:18 |
|
Sickening posted:Its not really interesting. We acquired some companies and one of them have a few of these ancient shitters. I have researched this a bit before, but outside of the cve's posted by Microsoft, I feel like vulnerabilities of EOL servers just goes dark from the community at large when they go EOL. Microsoft has released patches for Server 2003 past End of Support for some of the known scary stuff, but for example something like SigRED affects 2003 w/o available patch (but theres a reg key mitigation) https://media.defense.gov/2020/Jul/16/2002458198/-1/-1/0/CSA_CVE20201350-V_1_0%20-%20COPY.PDF You’d have to go CVE by CVE on someplace like https://www.cvedetails.com/ to see what MS did and did not patch for 2003. I would wager that this server is probably unpatched against the things that do have a solution tho, would probably start there.
|
# ¿ Mar 22, 2021 19:37 |
|
Hello friends, it’s time to update Exchange (again)! https://twitter.com/thezdi/status/1382023848422473734?s=20 Tryzzub fucked around with this message at 19:21 on Apr 13, 2021 |
# ¿ Apr 13, 2021 19:15 |
|
https://twitter.com/FireEye/status/1384519495394500613?s=20 gently caress you pulse secure for: 1. not having a patch released yet 2. paywalling your tool and workaround for this
|
# ¿ Apr 22, 2021 02:50 |
|
quote:He has well over four decades of experience with systems, networks, data and other cyber resources. bet he knows how to code in html
|
# ¿ May 19, 2021 03:21 |
|
Internet Explorer posted:Fun one, but who has their vCenter exposed to the internet...? Why..? they had a similar plug-in based vulnerability earlier this year. what’s old is new again. last one had a public POC less than 24 hours after being disclosed!
|
# ¿ May 26, 2021 04:13 |
|
On the topic of people who should be more cautious if they’re in the “feds want me dead” crowd: FBI ran an “encrypted chat” app over 3 years to go after organized crime.
|
# ¿ Jun 8, 2021 17:20 |
|
nice, who’s the lucky vendor this month?
|
# ¿ Jun 23, 2021 00:17 |
|
Tryzzub posted:nice, who’s the lucky vendor this month? it’s our dear friend VMWare https://www.vmware.com/security/advisories/VMSA-2021-0012.html Tryzzub fucked around with this message at 16:21 on Jun 23, 2021 |
# ¿ Jun 23, 2021 16:18 |
|
Diva Cupcake posted:The CEH cert is worthless in private industry and I would have considered it theft had my company not paid for it back in 2016. I let mine expire. Agreed! Got mine paid for, would never have taken it otherwise.
|
# ¿ Jun 25, 2021 00:28 |
|
I used to work in fintech and I definitely lost sleep over it
|
# ¿ Jun 25, 2021 18:16 |
|
gently caress, missed opportunity to point out that i am a certified ethical hacker
|
# ¿ Jun 25, 2021 22:44 |
|
RFC2324 posted:At a guess, like most cloud poo poo, it had an always open connection to the c2 server. Its one of the big reasons things like one drive and google drive bother me so much: they demonstrably open the same kind of always on, can delete files remotely functionality, but hey, straight to your system, and good luck getting rid of one drive! (Ime it always comes back after a couple weeks) I think you can block onedrive at GPO level computer config > admin templates > windows components > onedrive > prevent the usage of onedrive for file storage
|
# ¿ Jun 29, 2021 16:23 |
|
fwiw microsoft published official guidance: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 Option 2 has been reported as working for workstations.
|
# ¿ Jul 2, 2021 17:08 |
|
THIS IS NOT WHAT I HAD IN MIND WHEN I SAID I WANT A LONG WEEKEND
|
# ¿ Jul 2, 2021 21:12 |
|
I hope not! re: Kaseya word on the street from an MDR friend is that it is in fact bad.
|
# ¿ Jul 2, 2021 22:57 |
|
CLAM DOWN posted:America is insane for having in-person conferences right now. yea
|
# ¿ Aug 2, 2021 00:22 |
|
Thwomp posted:But it’s flagged as for mature readers only so unless you have an account, you can’t read it. you can on desktop! here's the text for those who care: NSFW. Like many gay men, I thought the vaccine made me invincible and I had a year's worth of pent-up sexual frustration, so I partied hard in P-Town during July 4 week. I tested positive a day after I left, with some cold symptoms that lasted a few days. People are understandably worried about the CDC data showing breakthrough cases in P-Town, but I feel like they've left out a rather large variable. I suspect it may have something to do with offending gay men, so allow me to tell you a little bit about my week. *Ahem* Cue Jeff Foxworthy voice ... You might get a breakthrough case: If you're packed into the A-House shoulder-to-shoulder with 300 other people If the 300 people around you are dancing hard and panting all over you If you make out with 2 (or 5) of those people in the club per night If you go home with one (or 5) of those men per night and have lots of hot bear sex If you wake up in the morning and have some more sex (FYI: gay sex involves kissing) If you go to a crowded brunch and kick your immune system in the rear end with 4 mimosas If you repeat the above six activities with complete strangers every day for a week Do most people live their regular daily lives this way? I certainly don't. Every single guy I talked to was fully vaccinated, so I don't even know how an unvaccinated person would get COVID because they didn't seem to be in P-Town that week. It was a rude awakening that the vaccine does not make me invincible -- but the shot still worked miracles. I barely got sick. All of my vaccinated friends who I lived with for the week tested negative. The cases in P-Town are already plummeting. Without the vaccine, I imagine cases would have been 5,000+ with dozens of hospitalizations and a handful of deaths -- with Delta spreading uncontrollably throughout the rest of MA. But instead, the state numbers seem to be plateauing. I'm embarrassed for being part of the statistic that put MA on the national news. I'm horribly sorry to anyone I've indirectly infected. I've learned an important lesson. But I'm not quite sure it's a representative case study of the average MA population. My point is... To everyone worried about the P-Town data: I wouldn't get too nervous going to the grocery store just yet -- unless you tend to have orgies at Market Basket. Tryzzub fucked around with this message at 04:31 on Aug 2, 2021 |
# ¿ Aug 2, 2021 02:19 |
|
RFC2324 posted:might I suggest putting the NSFW outside the tags if you are gonna bother spoilering it? good call, done
|
# ¿ Aug 2, 2021 04:31 |
|
https://www.youtube.com/watch?v=xHVE7L00v-E
|
# ¿ Aug 5, 2021 19:18 |
|
Exchange On-prem exploit chain being actively scanned for and targeted. Happy Friday!
|
# ¿ Aug 14, 2021 02:12 |
|
decimate the IT staff every time a breach occurs, in the roman sense
|
# ¿ Aug 15, 2021 23:46 |
|
If you're a vet and you're looking to get another cert under your belt: https://ivmf.syracuse.edu/programs/career-training/learning-pathways/ Syracuse University runs a program, they'll pay for one cert. Not a fan of skillsoft personally, but you can breeze past that content and pick up some relevant study books. You can also pick up an Azure fundamentals cert for free if you attend a Microsoft training day: https://www.microsoft.com/en-us/trainingdays Don't downplay your time as an intel analyst, there's a whole corner of Infosec devoted entirely to threat intel and etc.
|
# ¿ Aug 29, 2021 19:20 |
|
Defenestrategy posted:Am I having a seizure? vendor spam, plz ignore
|
# ¿ Sep 4, 2021 00:37 |
|
p much yeah, France -> Europol -> Swiss authorities forced them to collect the IP address of a user. As an aside, interesting to see how many companies have straight up built law enforcement request portals.
|
# ¿ Sep 7, 2021 16:07 |
|
see thread title
|
# ¿ Sep 10, 2021 23:34 |
|
related: what do y’all see being used for MDM for stuff like this?
|
# ¿ Sep 13, 2021 22:23 |
|
unsubscribe
|
# ¿ Sep 15, 2021 02:36 |
|
Which bootcamps are you considering? Cybersecurity is a huge topic in general with tons of specialization.
|
# ¿ Oct 7, 2021 03:58 |
|
my thread title still stands
|
# ¿ Dec 10, 2021 20:55 |
|
You may have vendors who do, so generally yes
|
# ¿ Dec 11, 2021 01:20 |
|
If you have anything public facing/accessible it doesn’t hurt to check product pages for patches. I’ve been seeing opportunistic scanning/attempts all day to anything with an ipv4 address, not unlike the exchange stuff earlier in the year. log4j is ubiquitous and the exploit is trivial
|
# ¿ Dec 11, 2021 01:58 |
|
|
# ¿ May 12, 2024 02:24 |
|
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592 ^^ vendor response cheat sheet for this nonsense
|
# ¿ Dec 12, 2021 15:49 |