cheet

@cheet@infosec.pub

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Microsoft is testing Game Pass ads on the Windows 11 Settings homepage (www.ghacks.net)

Microsoft’s announcement: “We are introducing a new Game Pass recommendation card on the Settings homepage. The Game Pass recommendation card on Settings Homepage will be shown to you if you actively play games on your PC. As a reminder – the Settings homepage will be shown only on the Home and Pro editions of Windows 11...

cheet,

if you’re in the know, check out vlmcsd on github and “test” windows enterprise with KMS. It can run on everything from a pi, to docker, to openwrt. If you’re really gangster, you can set up SRV records and get auto activation on your lan

cheet,

Oh I’ll have to check that out I thought I read something about that method being patched.

Tho I do like just booting a new install and its already activated automatically :P

cheet,

Holy shit, that’s actually hilarious, I imagine someone would have noticed when their paste/auto type password managers didn’t work

For those confused, this sounds like instead of making a real website, they spin up a vm, embed a remote desktop tool into their website and have you login through chrome running on their VM, this is sooooo sketch it, its unreal anyone would use this in a public product.

Imagine if to sign into facebook from an app, you had to go to someone else’s computer, login and save your credentials on their PC, would that be a good idea?

cheet,

I like ydotool, uses a systemd user service, but fulfills my needs of KB shortcuts to paste text into vnc sessions

cheet,

Microsoft pulled those from the UI, but if you’re adventurous you can just shove those attributes in to user with power shell and it works the same.

Then just use sssd instead of NIS, surprised me at work when this worked.

cheet,

sorry I don’t have any real documentation but I have a snippet of powershell that explains it pretty well here this comes from a user creation script I wrote back when they removed the unix UI.

I was using Get-AdUser and discovered that the properties still existed but you have to manually shove those in, when an sssd “domain bound” linux machine has a user with these props login, they get the defined UID and GID and homefolder etc.


<span style="color:#323232;">$otherAttributes = @{}
</span><span style="color:#323232;">Write-Host -ForegroundColor Yellow "Adding Linux Attributes"
</span><span style="color:#323232;">
</span><span style="color:#323232;"># get the next numeric uid number from AD
</span><span style="color:#323232;">$uidNumber=((get-aduser -Filter * -Properties * | where-object {$_.uidNumber} | select uidNumber | sort uidNumber | select -Last 1).uidNumber)+1
</span><span style="color:#323232;">
</span><span style="color:#323232;">$otherAttributes.Add("unixHomeDirectory","/homefolder/path/$($samAccountName)")
</span><span style="color:#323232;">$otherAttributes.Add("uid","$($samAccountName)")
</span><span style="color:#323232;">$otherAttributes.Add("gidNumber","$($gidNumber)")
</span><span style="color:#323232;">$otherAttributes.Add("uidNumber","$($uidNumber)")
</span><span style="color:#323232;">$otherAttributes.Add("loginShell","$($loginShell)")
</span><span style="color:#323232;">
</span><span style="color:#323232;">$UserArgs = @{
</span><span style="color:#323232;">    Credential = $creds
</span><span style="color:#323232;">    Enabled = $true
</span><span style="color:#323232;">    ChangePasswordAtLogon = $true
</span><span style="color:#323232;">    Path = $usersOU
</span><span style="color:#323232;">    HomeDirectory = "$homeDirPath$samAccountName"
</span><span style="color:#323232;">    HomeDrive = $homeDriveLetter
</span><span style="color:#323232;">    GivenName = $firstName
</span><span style="color:#323232;">    Surname = $lastName
</span><span style="color:#323232;">    DisplayName = $displayName
</span><span style="color:#323232;">    SamAccountName = $samAccountName
</span><span style="color:#323232;">    Name = $displayName
</span><span style="color:#323232;">    AccountPassword = $securePW
</span><span style="color:#323232;">    UserPrincipalName = "$($aliasName)@DOMAIN.COM"
</span><span style="color:#323232;">    OtherAttributes = $otherAttributes
</span><span style="color:#323232;">}
</span><span style="color:#323232;">
</span><span style="color:#323232;">$newUser = New-ADUser @UserArgs
</span>

basically the “OtherAttributes” on the ADUser object is a hashtable that holds all the special additional LDAP attributes, so in this example we use $otherAttributes to add all the fields we need, you can do the same with “Set-Aduser” if you just wanna edit an existing user and add these props

the @thing on New-ADuser is called a splat, very useful if you’re not familiar, it turns a hashtable into arguments

lemme know if you have any questions

cheet, (edited )

I think you could boil it down to something like Set-ADUser bob -otherattributes {uidNumber=1005, gidNumber=1005}

cheet,

That’s super interesting to me, any references for a software person who wants to find some overlap with philosophy? I know very little about the subject.

cheet,

Try to take it easy man, don’t burn yourself out over work, your health is important.

cheet,

Metasploit and Gitlab are both my main uses of ruby, hasn’t made me think any better of it tho.

cheet,

The blog post they did showing how they do a sort of regression testing is still some of the coolest devops I’ve seen.

Check the FifoCI stuff here.

dolphin-emu.org/…/making-developers-more-producti…

cheet,

What a great series that is, I should get the kit

cheet,

Im a security professional who works to harden medical devices. I use the flipper zero to easily test many different protocols that would be a pain in the ass to do “manually”.

The flipper makes it easy for me to verify IR, sub GHz, USB, SPI, and many other protocols while being able to walk around the devices I test.

Without the flipper I could totally do these checks with homebrew tools, a pi and an rtlsdr (unless thats gonna be illegal too?) But it would take me writing new tools and procedures rather than the ease of the flipper.

Anybody in the know can tell you that the hardware isn’t anything special, and like many others have said, its like making a swiss army knife illegal cause the toothpick can be used to pick a lock.

This isn’t gonna stop anybody, if pentest tools are showing flaws in your product, maybe we should send flippers to the car manufacturers and tell them to fix their shit. You shouldn’t be allowed to sell a car that can be wirelessly hacked like this, just like how the FDA doesn’t let you sell medical devices that can be hacked like that.

You don’t just put the cat back in the bag…

cheet,

The thing is, if there’s a wireless exploit/hack that can cause “patient harm” the FDA+Health Canada would force a recall the sec its publicly known.

The flipper wouldn’t be the only thing able to exploit it, anybody with a radio and some software would be able to. It just so happens the flipper can also do it cause its a swiss army knife and has a general purpose radio.

Generally by the time an attack exists on the flipper, its already been mastered on laptops and raspberry pis and stuff, putting it on the flipper is more to make it available to test easily without having to lug out the laptop. Nobody is inventing new exploits for such underpowered hardware as the flipper. People are porting known exploits to it.

I can’t say how concerned you should be, but this won’t make her any safer than before, equal risk. Just as likely someone with a laptop in a backpack doing that. We don’t make laptops illegal tho.

What I would be concerned about is the idea that the company that makes the implant would not be able to easily test for issues in the implant with such an “illegal” device. Yes they could use a laptop, but you don’t use an xray machine to find a stud, you use a handheld studfinder cause its cheap and easy.

Hope that helps explain a bit

cheet,

I see this kinda like any% speed runs where they use ACE and crazy crazy exploits that totally bypass the point of the game. Or maybe its more like a TAS, or “pure hackmons” in Pokémon talk.

Anyways, I find the concept interesting, so long as people don’t get hurt significantly more than they do with “regular” sport. To see how far the human body can go, including all the tech and science possible.

I could legit for see a future where the Paralympics are “more impressive” (whatever that means) due to incredibly powerful prosthetics.

Ethically speaking, idk anything, I’m just a dude on the internet.

cheet,

We use gitlab ultimate at my work, I’m the main admin of the instance. Like 2 weeks ago when there was the cvss 10 vuln, gitlab sent us a .patch file to apply to the instance instead of releasing a new minor cause they didn’t wanna make the vuln public yet. I guess that’s coordinated disclosure, but I still found that remarkably jank.

cheet,

If you’re mixing a dedicated GPU and onboard graphics you need to set the dedicated GPU as primary somewhere, otherwise all screens get rendered on the onboard and “reverse PRIME’d” to the dedi GPU outputs.

I’ll see if I can find the snippet that fixed this for me.

cheet,

So add your user to the new docker group made on install of that package and you’ll be able to docker without sudo. You may need to relogin or newgrp docker before it works tho

cheet,

Yeah I’m still not over losing my notification led either. Was a staple of the android experience imo

cheet,

I find myself using this often when talking about Jr devs or Jr sysadmins

cheet,

Can you really not read any of the compiled code tho? Like if I take the binary, put it in ghidra and use that to reverse engineer something, is that not clean room still?

I remember watching Halt and Catch fire where they had 1 group writing specs for what he REed and another group would write that code according to spec.

cheet,

Holy crap I wasn’t ready for that. Great rec tho

cheet,

How’d you get my shell history?

cheet,

N64, and no I’m still not sure how to hold it, I always end up walking funny.

cheet,

Similar story for me, Ubuntu w/ wobbly windows and desktop cube in Jr High (I was a particularly nerdy kid), arch w/ i3 in HS and college, now I’m a DevSecOps Developer (engineer is a sacred term in Canada)

Learning to do naughty things to the WEP wifi around me is what led me to now doing penetration tests at my org.

Funny how goofing around on a computer as a kid can lead to careers and passions.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • tacticalgear
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • Durango
  • cubers
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • ngwrru68w68
  • kavyap
  • GTA5RPClips
  • provamag3
  • ethstaker
  • InstantRegret
  • Leos
  • normalnudes
  • everett
  • khanakhh
  • osvaldo12
  • cisconetworking
  • modclub
  • anitta
  • tester
  • megavids
  • lostlight
  • All magazines
    •