god look at what they make you aspire to....
4 hours in a fucking coffee shop..
Seriously I can't think of anywhere worse to work.
1) it's not private
2) it's noisy
3) Tea at the cyber bunker is > anywhere else
4) mouse, keyboard + screen
5) xbox/consoles
6) family
7)
Wait till people see what runs on planes/submarines 🤣
Be careful, elite cyber seals hide everywhere! Like the hordes of hackers on trains they lurk everywhere ;)
twitter have rolled out audio calls on twitter using STUN.
Be warned if you call someone the recipient (and anyone in the traffic path) can see your egress IP.
Apple private relay does not cover this.
################################
CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent
################################
now.. first questions...
how many devices in your enterprise do you have running a vulnerable version of SSH?
How many of these are internet
Ok today we are inside the perimiter
We have options:
> LDAP/ADDS (TCP 389,636,3268,3269)
> Find the printers and continue the human printer war! TCP 9100,9101
> Look for network devices (SSH, HTTP and TELNET) 22,80,443,8443,23)
> Look for services like email (SMTP TCP 25)
>
you wonder why no one takes security seriously??
it's because dick heads run around telling people shit like this... what the fuck is wrong with people....
wanna see how most networks are?
we have found an exposed RDP server on the public internet.... we are going to fire a load of authentication attempts at the server!
hydra -l administrator -P /usr/share/wordlists/rockyou.txt -t 4 -I rdp://target
how long till we get caught?
Mac life is odd 🤣
I basically have to RDP into a windows box to actually do actual work. The Mac is like the most expensive thin client in the fucking world 🤣
XZ Uitls backdoor TLDR:
1) we don' know who did it (from a human pov) - we know the GitHub account that was used.
2) this was caught by a ninja and it didn't deploy to loads of stuff. Some linux distros like KALI managed to get infiltrated (the backdoor works on x86/x64 Linux
oh no.. the NDR server caught me... oh no wait it didn't because there isn't one in ~>90% of networks and even when there is people don't seem to respond to alerts much ( based on BEC and ransomware incidents where something like D
@RKTR
@CE
is deployed)
this however is a noisy
Ok gang shall we talk about network discovery? When I say network, in this sense I mean environment: servers, pc devices, printers, switches, routers, firewalls etc etc
I am getting to a point where I’m going to just say:
Orgs need to learn how to patch anything within 48 hours.
Many moons ago at UK large org I used to be able to patch the entire fleet largely at will within hours/days sometimes. (Depending upon the patch type)
The process
mostly people run:
> BURP (a java app)
> NMAP (is compiled for every OS under the SUN!)
> Metasploit (works on MAC, Windows, Linux)
> a c2 framework (java)
> a c2 framework plus a web browser
> web browser (they all work on all OSs)
> Python
> WINRM/SSH/RDP
> VSCODE
> DOCKER
> A
APT 41 / BARIUM
Known to run:
"whoami.exe"
also launched via wmiexec (HOW DARE THEY!)
Better tell them they would be fired from a red team , I'm sure they will cry about that.... /S
Our industry is very odd.....
things I find in the wild... (vulnerabilities through misconfiguration)
I quite often see Windows DNS servers misconfigured to allow zone transfers from any host.
Anyone have an idea as to why 3/4 of all weather radar stations nationally are down? Coincidental timing with a major severe weather outbreak happening.
Another cyber attack? 🤔 🇨🇳 🇷🇺 🇮🇷
Russian actor using this IP:
182.172.56.199
do you know what gave them away?
their language setting in their browser ;)
pew pew
from Britian with love ;)
🇬🇧❤️
Oh no! Another organisation has just been a victim of ransomware what should I do? Let's post a list of things that people should do!
1. Risk Assessment - Identify vulnerabilities and threats specific to the hospital's environment.
2. Security Policies and Procedures - Enforce
@SwiftOnSecurity
This is what the notice said: "As a product itself, Wireshark is more vulnerable to attacks than most other programs due to literally hundreds of developers programming the code. We're addressing the high number of installations that lead to vulnerabilities."
Looks like outright ads might be coming to the Start Menu in Windows 11, not just the usual recommendations / tips / shortcuts / etc.
After enabling experiment 48797684 the text in Settings changes slightly to accommodate for this 😐
if you look at the CISA stats:
~88% of pwnage is from the attacker having a set of credentials that work... (phishing, brute force or theft etc.)
Cybercrime is largely stealing credentials....
lot's of "IT people" say stuff like:
well sure if you have
why don't linux, windows and Apple Mac's alert you in the gui (if you are logged in) if someone fails to sign in to an remote session? e.g. RDP, SSH, WINRM, SMB etc?
it would be so useful if they did this (tm)
Things you can do that aren't a "red team" or "pentest":
> OSINT
> Asset Discovery
> Business Analysis
> Configuration Reviews
> Control Reviews
> Audits
> Health Checks
> Research
> Detection Engineering
> Detection Testing
> Attack Surface Mapping
> Attack Surface Reduction
>
I am sad. :(
This shall pass. But feels like I’ve been hit by a bus. Life is very not fun sometimes, but also life is also amazing and wonderful. The duality of the world!
So much joy/hope yet also the innevitable end.
I wish for a miracle but I know they don’t exist.
I wish
China.... is a country that despite being.(IMHO) the biggest cyber threat actor home in the world, often seems to fly under the convo radar....
the last report said about 6000 state hackers...
6000 hands on keyboard people...
CHINA can beat EVERY OTHER COUNTRY in the world
Why does the infosec world talk like:
> Everyone has a SOC (They don't)
> That their own orgs posture is perfect (it's not!)
> That they don't have problem with resources, budget, skills (they do)
Most orgs:
> Don't have a security person
> Don't have a SOC
> Don't have a
Can anyone tell me why the public WiFi with an attacker in it is unsafe?
I can read all the targets traffic metadata but I can’t read their traffic.
Anybody? The ASD say it’s not safe but I’m not really sure why…..
If you can show me an attack that will do something let me
I don’t understand all these ‘I’m never working with Windows’ or I’m not learning Windows people... most corps run Windows endpoints and have the majority of windows servers... how are you meant to be able to help secure a corp if u don’t know how this works????
vuln scanners are useful. this is way fucking simpler than running nmap and a load of other tools if you just want to get a broad understanding of an environment.
I think people really over simplify how this world works...
you need to understand context, objectives and
Would people be interested in a guide/paper to hacking/securing Windows Server 2016/2019? I'm writing one and wondered what the interest would be? A few of my friends in the community struggle with securing/pwning Windows compared to Linux based systems)…
ok tweeps, we have a mass exploitation scenario which appears to have targeted: Cisco IOS XE Software Web Management User Interface
(the HTTP server)
This has installed an implant:
which can be detected by running:
curl -k -X POST
You work in a SOC:
you have a user on the 5th Jan log in from London using Chrome.
On the 7th Jan they sign in from France using Firefox.
Is this an authorized or unauthorized logon?
Infosec people: it’s ok to accept risk!
It’s called a choice! You do this all the time in life. You could be run over when crossing the road.
You still cross roads.
You don’t get a tank to cross the road because a risk may occur (well ok it depends)
Risk is very hard to be
This person is a massive knob head!
Anyone that wants to belittle people for working in desktop support can gladly have some of my time….
Oh they also are blaming the shipping incident on a cyber attack!!
#Cringe