Today at the Internet Storm Center: Keeping an Eye on MFA Attacks. So you've moved your company to MS MFA, but where do you track failed logins and authentication attacks now?.

Just a reminder - if you did a pentest 11 months ago, the cert and email vendors will start to “pentest” you about now, spamming you for renewals of stuff don’t want, that you only needed for 2 weeks a year or so ago …. Turnabout is fair play I guess 🙂.

Join millions who have switched to Grok.

The latest find, also the only addition to the calculator collection that is not RPN or a slide rule!. Works just like I remember it from 1981 !

This month's Humble Bundle includes 20 excellent books. Need to code network stuff in C,Go or Python? Need more depth in AWS, Azure or GCP? Or (shameless plug), do you need a cookbook for network services in Linux?. Offer expires May 5, get your order in!.

We got our votes in!

Just added a bogus ip route statement to the host (with permission) to demonstrate .AS400 commands take me waaaaay back to coop days at IBM and S/36 and S/38 (circa 1980’s).

Ah, nothing like getting RCE during a pentest, a lot rarer than it used to be. Not only that, but using the web app to pivot,getting RCE on the inside iSeries (yes, AS400) host. I can execute any CL command the service account has rights to, which is admin-equiv apparently.

Never owning up to the fact that nobody really needs them to be perfect, but some common sense would go a long long way though.

When I’m in a call queue and hear that they’ll collect my privacy info “in accordance with our policy”, what I hear is “in accordance with the prophecy”. Every time. Is this just a me thing?.

And yes, you can put a band-aid on your hypervisor of choice to fix that, but who wants to be putting band-aids on every tool they use just to get them to work, and then worry about the one thing that got missed . .

Every minute I spend fighting to “steer” cpu-hungry processes to faster cores is time lost forever.And yes, there are lots of single thread cli and jre apps that need “help” there (grep, sed, awk and so on for starters).

ug, why can’t I buy a new “maxed out” laptop without e-cores. 8 real cores, 4k res, 2 tbolt, 4 nvme., 64-128g. This was a thing a few years ago, doesn’t seem to be possible these days?.

If you’ve always meant to go to Schmoocon, this is your last chance - at 50 years old (plus one) the Potter’s have decided they’ve been at this long enough (thanks from all of us btw). 1st round tickets go on sale at noon EDT (in 27 minutes).

Dare I say "living off the land"?. On the road to #SANSFIRE2024

Is this the same as deny any/any ?. On the road to #SANSFIRE2024

So if your mailbox is a phish, is all received mail automatically phishing?. On the road to #SANSFIRE2024

Josh and I went kayaking for Father's day, great day (aside from Josh getting wetter than he had planned on)

Today at the Internet Storm Center: Scanning with NMAP without Scanning (Part 2) - this time w/the ipinfo API - ie where is that IP?.If you have to diag "impossible geo" logins from log entries, this script may save you some time!.

Today at the ISC: Need a really quick NMAP scan, but don’t have minutes and minutes to run one? Need info on services that the client disabled right before the pentest so you wouldn’t see them? NMAP’s script to use the Shodan API is one you should look at!.

Today at the Internet Storm Center: Got MFA? If not, Now is the Time!.The story of a brute force / cred stuffing attack against a (real) VPN, with some lessons learned.