da_667

@da_667@infosec.exchange

Senior Security Researcher, Proofpoint Emerging Threats.

I've been doing this cybersecurity thing for the better part of a decade now. Probably longer than that. I'm starting to forget. Time is relative, but it surely isn't kind to my memory.

I'd like to think I do cybersecurity well, but blue teamers collectively get told they're doing it wrong constantly. So maybe I just failed forward throughout my career.

Oh, I wrote a book. Its a good framework for setting up a virtual machine lab. See my bookmarked toots if you're curious.

Work-Related hashtags:
#Iocs #ThreatIntel #DFIR #Malware #NSM #suricata #snort #BEC #phishing #APT #ThreatDetection

Hobbies:
#VideoGames #XCOM2 #Minecraft #Synthetik #Fallout #Skyrim #Anime #Manga #Adventure #Fantasy #Isekai #HomeImprovement #WoodWorking #MetalWorking #HomeLab

This profile is from a federated server and may be incomplete. Browse more on the original instance.

da_667, to random

I love it so much.

da_667, to random

it feels so good to be able to run a bat file that just deletes defender AV.

da_667,

you open the door, you pull out the flechette cannon, you blow off chunks of Windows 11, you close the door.

da_667, to random

hey hey, people. Happy monday.

da_667,

@eater yup. XCOM2:War of the Chosen has a feature called the photobooth, where you can put your soldiers in ridiculous ass poses, and take pictures from different points on the map. Huge variety of poster fonts, image effects, etc.

da_667, to random

I don't even understand why the fuck windows update even has error codes when every single fucking one of them always has the same advice from microsoft: Delete SoftwareDistribution, run the troublshooter which never works, run dism /cleanupimage /restorehealth or use the windows 11 installer tool to do a clean install. Don't even bother giving me the error code.

Then you go to the event viewer for windows update logs and its like "the update failed to download" and you ponder the pros of lobotomy via soup spoon.

da_667, to random
da_667, to random

that one kid screeching in the store that they didn't get what they want, while you quietly wish you had a cattle prod for such moments.

da_667,

in deus ex, you could tase the children. that game was ahead in so many ways.

hacks4pancakes, to random

Fun fact, my chosen nemeses for the last twenty years have been the Freemasons. Just because I’m put out they won’t let me join. I’ve devoted inordinate hours to finding and learning all their secrets people drunkenly admit to.

Yes, it’s all very boring. I just don’t care.

da_667,

@hacks4pancakes thats pretty epic that you have a named enemy, senpai. Like dwarves and giants. or dwarves and elves. or dwarves and other dwarves. Man. Dwarves are a contentious lot.

da_667, to random

happy concussion sport day.

da_667,

happy "I'm so important, they flew TWO empty planes to my airport" day.

da_667,

rest of us get told we're demons for wanting plastic straws, but jesus fuck if I miss concussion sport.

da_667,

friendly reminder that the NFL doesn't acknowledge any of the health problems associated with repeatedly getting concussions from their sport.

da_667,

happy "we can afford an ad that is probably priced in the millions of dollars for a few seconds of airtime, but we have to cut 5-15% of our staff" day

da_667,

happy "we always have money to dedicate to this worthless fucking stadium that charges 20 dollars for a beer, but fuck if we have money to maintain infrastructure, schools, feed the children, or literally any-fucking-thing else that returns massive dividends" day

da_667, to random

I let me windows box run again last night after the massive addition to my HOSTS file from this repo:

https://gist.github.com/niutech/1f1c1518ce0eba7e8d429c812d39493d

and also, a whole shit ton of system modifications from privacy.sexy...

I had a grand total of 56kb of traffic recorded overnight

-CRL pickup from microsoft
-ICMPv6 router advertisements
-DHCP
-NTP

That was it. That was all of it. Damn its good.

da_667,

@gsuberland unbelievably, it does.

I ran into a shit ton of issues reaching windows update last night, but it turns out that was likely because mitmproxy was grabbing those connections and the OS didn't appreciate that. After I disabled the proxy, it worked fine.

da_667, to random

years of proprietary SSLVPNs and weird connection rituals only to find out that the OS under the hood is like, CentOS 5 or some shit.

da_667, to random

I made some slight changes to my pfblocker config on the firewall. some of these domains just did not want to co-operate with being put in the hosts file.absolutely refused to null route www.msn.com and config.msedge.skype.com so I null routed them on the DNS server. Fuck you: the revengeance

da_667, to random

So I tried keeping ms teams and dropbox installed on my malware box to make it look a little "lived in", and I fucking can't lads. Those two apps alone generated like 180MB of traffic in the span of moments after the machine booted. I didn't create a dropbox or teams account for either app on the system and they were just shitting traffic EVERYWHERE.

da_667,

SAVE SOME TRAFFIC FOR THE MALWARE YOU SHITTERS.

da_667,

"and you're getting uninstalled ,and you're getting HOSTS null-routed, and fuck you, I guess I have to."

da_667,

most of this is dropbox calling home. I don't even know WHAT TUE FUCK you're talking about.

da_667,

and welcome to my hosts file.

da_667,

Here is a paste of my host file entries, and what I believe these entries affect.

https://pastebin.com/r88TtG90

My goals and yours may be entirely different. I'm looking to make my system as silent as moonlight so that I may more closely monitor malware on it.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • normalnudes
  • rosin
  • ngwrru68w68
  • tacticalgear
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • thenastyranch
  • Youngstown
  • Durango
  • slotface
  • everett
  • vwfavf
  • kavyap
  • megavids
  • khanakhh
  • Leos
  • cisconetworking
  • cubers
  • InstantRegret
  • ethstaker
  • osvaldo12
  • modclub
  • anitta
  • provamag3
  • GTA5RPClips
  • tester
  • JUstTest
  • All magazines
    •