Been thinking about this for a while now. I wonder if I could write a "worm" that uses smb to spread? It would require access to the DC with the design I have. Think it would be interesting to code, but would require specific requirements before it can be used.
Edit: Thank you all for boosting and answering.
I would love to make the Open Space format better known in the cybersecurity context. I think it is a valuable addition to existing formats such as traditional conferences or #BSides
If you would like to learn more about Open Space see my follow up posts
If you participated in Open Space events (in any domain) please share your experience.
Because these posts scroll away, I have posted something on DataBreaches.net about the discrepancies between what Raptor Technologies has told school districts and WIRED and what we know about the incident -- and what we don't know yet:
In every instance that I’ve discovered shadow IT in an environment, I’ve eventually found someone in IT who knew about it and/or implicitly/explicitly enabled it. I hate to think it, and I understand there are always reasons but…
The call is coming from inside the house.
That means Shadow IT isn’t really in the shadows, and the solution has to start inside IT itself.
Thinking about setting up a blog that is markdown. Anyone know if a self hosted blog like this exists that has a crappy, ugly theme I could use with it?
Hooray for NYS AG Letitia James. She has sued Citibank for poor security and failure to comply with #EFTA when consumers report #fraud or #theft.
Snippets from the press release:
"The OAG found that Citi’s systems do not respond effectively to red flags, such as scammers who are using unrecognized devices, are accessing accounts from new locations, or are changing banking passwords or usernames. Additionally, Citi systems do not flag and stop efforts to transfer funds from multiple accounts into a single account and then send tens of thousands of dollars out the door in minutes. Citi also does not automatically initiate investigations or report fraudulent activity to police or law enforcement authorities when consumers first report it to Citi."
"Under EFTA, banks such as Citi are required to reimburse their customers for money in their accounts that is lost or stolen through unauthorized electronic payments. However, Citi illegally exploited a narrow exception in these laws to deny consumer claims for reimbursement, resulting in millions of dollars in losses for New York consumers. Through this lawsuit, Attorney General James is seeking to stop Citi’s deceptive practices and to collect restitution for victims who were denied reimbursement in the last six years, penalties, and disgorgement. "
Security ProTip: If you have already enabled syncing in Google Authenticator and now changed your mind and want to use the app offline, opting out won't delete your tokens and their metadata from Google servers.
To remove your data from the cloud and use the app offline, you need to follow these steps:
1- Make sure syncing is active
2- Either back up the existing tokens by exporting them, or invalidate them by requesting new ones from each service (don't scan the new QR codes in this app yet)
3- Delete all the accounts from your Google Authenticator, this will let the app sync the deletion action with the cloud, and remove the accounts from the cloud, too
4- Now tap on your profile picture in the upper-right corner and tap on "Use Authenticator without an account" as shown in the screenshot*
5- Import the existing tokens from your backup or add new ones
For anyone with a youtube channel specifically for hacking/infosec... did you guys start out with a set path?
I'm going to be working off of some very budget setup, but my idea is to start out small with 15 to 20 minute videos. I want to cover several topics specifically hacking on a budget (I have a lot to share on this), hardware, osint, talk about recent news possibly, talk about recent hacks by gangs, apts, hacking groups, etc.
I'm kind of going off into the unknown with this and not expecting to become big anytime soon, but I want to at least try.
I am also trying to figure out what to do with a Patreon and at the moment I don't even have a phone plan so not even sure if the content I will make will be any good.
Might be a stupid question, but brainstorming and I can't find the answers that I am looking for. Anyone know for sure if you have to "poison" to get the hash with responder?
Adobe Magneto: una pericolosa minaccia RCE per i siti di e-commerce
Gli specialisti di Sicurezza Informatica hanno avvertito che gli #hacker stanno già sfruttando una nuova #vulnerabilità in #Magento (CVE-2024-20720) e l'utilizzatore per implementare una #backdoor persistente sui siti di e-commerce.
Admiration for my friend @amvinfe for his persistence in following up on the #Blackbaud#ransomware attack of 2020 and trying to get accurate info on the education sector victims. See his "final chapter" blog post at:
Does anyone proofread anymore? This is from a breach notification letter from a county agency. The notification letter is dated January 19, 2023 and states, in relevant part:
"What Happened?
DPSS is writing to you because of a privacy incident that occurred on January 19, 2023 at the County of Los Angeles (County) DPSS. A County employee accessed your personal information contained in our electronic systems without a legitimate business reason. County personnel discovered the incident during an internal investigation on December 27, 2022. "
And of course, they don't explain why the lengthy gap between discovery and notification -- unless the notification really was sent on January 19 and they are just first sending it to the state now? What a confusing submission.