da_667

da_667, 4 months ago to random

naming my malware lab kaidacorp.local in the Synthetik series of games, they're sort of the equivalent of cyberdyne, except with way less ethics, way more dangerous weapons and a shit ton more rogue AI

da_667, 1 year ago to random

https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally

So this was a fun read today. They practically gave away proof of concept for throwing the barracuda ESG exploit, which in turn helps me write a rule for exploit detection.

But the other aspect of this post that I enjoyed were the Suricata/Snort rules. Expect those in the ETOPEN ruleset today, with copious improvements -- at least for the suricata rules.

suricata has the tcp-pkt rule option that in addition with the flags option triggers on just TCP packets. We don't care about anything else.

I also used the flow keyword set "to_server" -- even thought its TCP, the three-way handshake technically wouldn't have happened yet. That means that we can't do flow:established,to_server; but I can only use flow:to_server; since all of these rules trigger on TCP syn packets. But we can establish that this is traffic flowing towards the mail device/SMTP server.

As a final note, you'll that below the section for suricata/snort rules (two) there are five more rules that are suricata 5+ only. That's because of the tcp.hdr keyword. apparently these five rules detect SEASPY through the use of triggers or implant traffic through custom TCP OPTIONS in the TCP header. Well, neither Snort 2.9.x Nor Suricata versions prior to 5 (According to suricata's read the docs) have the tcp.hdr option to do content matching in the TCP header. Just thought you'd like some more context on why those rules will not and cannot work on snort 2.9.x or suricata 4.x

da_667, 1 year ago to random

3500.00 lmfao

da_667, 8 months ago to random

https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/

>"The main_proto_A_QueryDns component resolves domains to IP addresses using the cloudflare-dns[.]com service, which main_proto_X_WebSocketClient uses for resolving C2 domain names."

WHAT DID I FUCKING TELL YOU.

da_667, 5 months ago to random

find a really nice, comfortable looking car
lexus lm350h
okay... how much is it

Lexus: 🤷

okay, is it available in the US markets?

Lexus: lmao, no. fuck outta here

Ah, yes. wonderful. Such innovation in the US automotive market. Where your choices are generic Crossover Car/truck/thing, Transformers mega pickup truck, with engine bay that goes up to my nipples, or SUV that can seat 18 and whose fuel efficiency is measured in gallons per mile.

Wonderful. Subarashii. Innovation of the highest level.

Could have had a sub 20,000 crawler with the Suzuki Jimny. Could have had a sub-20,000 pickup trick with Toyota's new successor to the hilux.

Could have had a motherfucking minivan limousine with the LX 350h.

I hate it so much.

da_667, 9 months ago to random

time for gadsen flag shitposting

da_667, 1 year ago to random

new patch for nightmare reaper random projectiles got new random projectiles.

https://www.youtube.com/watch?v=j2rvZK6j13s

da_667, 7 months ago to random

My shitpost theory is that the raspberry pi will eventually scale its power requirements to where it requires as much power as an RTX4090 in a few years.

da_667, 11 months ago to random

alright y'all. I'm going to give you a small lesson on writing better snort and suricata rules. Its friday, I have nothing better to do, maybe some of you already know (maybe better than I do), and maybe you don't. Thank you for joining me in sharing some arcane knowledge about my corner of cybersecurity.

da_667, 4 months ago to random

awright. anyone have suggestions for an access point in the 50 dollar range?

da_667, 9 months ago to random

It was a bit of a journey, but We made it.

da_667, 5 months ago to random

Had to share this, because this is my default behavior towards anything sending me notifications or deliverying ads to me

https://www.reddit.com/gallery/18zdhcs

"You are an object. Who in the fuck gave you permission to speak my sacred tongue?"

da_667, 4 months ago to random

Now, go to the Settings tab. There is a drop-down labeled If the task is already running, the following rule applies: select Run new instance in parallel. Click OK to exit out of your scheduled task. You will be asked to enter your current user's password.

da_667, 1 year ago to random

>public sandbox run works
>private sandbox run does not

da_667, 11 months ago to random

https://www.pcmag.com/news/eu-smartphones-must-have-user-replaceable-batteries-by-2027

and of course its the EU who is leading the charge on consumer right to repair legislation.

da_667, 4 months ago to random

got an insta-pot for christmas. Trying out pot roast in this thing today. after reaching temperature, it claims it'll be done in about 35 minutes. Don't know if I believe that, but I guess I'll see.

da_667, 1 year ago to random

#NightmareReaper progress update: Not much going on right now. I'm hanging about in act 4 because I've been duking it out in the arena. My two best weapons are still the explosive blood ammo shotgun, and a book of erupting fireball. I rolled a rare variant that does +11 fire damage, and requires less magic ammo.

I also found a building that I can abuse for cover since none of the enemies in the graveyard can fly: Grapple on top of the stone mausoleum on the edge of the map, and just start shitting fireballs like mortars all around you. Made it to round 65 before elites surrounded me, and one of them kept getting shots on me, forcing me to leave my safe spot, then getting shredded nearly instantly.

da_667, 1 year ago to random

recommended fix: Give us the appliance back and deploy new ones

lmao wut

https://www.barracuda.com/company/legal/esg-vulnerability

da_667, 8 months ago to random

Microsoft killing VBScript

and lo, the heavens did part.

da_667, 9 months ago to random

my ali express routerbox showed up today. I also purchased the wi-fi module for it, so before I go about putting pfSense on it, I'm going to install the wi-fi card, and see if pfSense finds it and make sure the box doesn't become a claymore.

da_667, 11 months ago to random

You don't have to like threads, but its not federated yet, and even if and when they do, you have the option of range banning the entire service by blocking the domain.

just chill, damn.

da_667, 4 months ago to random

Complete the sentence:

"I work in information security. That's why I _________________"

where blank can be words or an image macro as you so desire.

da_667, 5 months ago to random

downloaded the emba firmware testing framework. aside from a huge, comprehensive report, it leaves behind a set of firmware emulation tests it did, including a set of qemu commands necessary to run the firmware, if one wants to manually poke and prod at it.

I'm accessing a GL.iNet virtual machine right now. I have next to no background in firmware testing whatsoever.

this is awesome.

https://github.com/e-m-b-a/emba/wiki/System-emulation

da_667, 5 months ago to random

once again, bless attackerkb for giving me cool things to look into.

https://attackerkb.com/topics/LdqSuqHKOj/cve-2023-50919

da_667, 4 months ago to random

discovered a new reason to hate snort 2.9 today. Maybe I'll nerd out over it on the Emerging Threats community site.