Show more

~Open Source Security Tool of the Day~

Endlessh: an SSH tarpit

Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.

github.com/skeeto/endlessh

Bellingcat’s Online Investigation Toolkit

Welcome to Bellingcat’s freely available online open source investigation toolkit. You can follow our work on via our website, Twitter and Facebook. The list includes satellite and mapping services, tools for verifying photos and videos, websites to archive web pages, and much more. The list is long, and may seem daunting.

docs.google.com/document/d/1Bf

😳

New Windows exploit lets you instantly become admin. Have you patched?

Zerologon lets anyone with a network toehold obtain domain-controller password.

arstechnica.com/information-te

Azure Seas....

"The team is speculating that the greater reliability may be connected to the fact that there were no humans on board, and that nitrogen rather than oxygen was pumped into the capsule."

Microsoft's underwater data centre resurfaces after two years

bbc.com/news/technology-541467

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics.

cheatsheetseries.owasp.org/

Privatezilla integrates the most important Windows 10 privacy settings and allows you to quickly perform a privacy check against these settings. It allows you to fine-tune Windows 10's many settings and configure your privacy without navigating through a hundred different menus.

builtbybel.com/ms-apps/private

Duh. I didn't even know that TRIM is supported on SD cards?

jeffgeerling.com/blog/2020/ena

On one of my PIs:

# fstrim -v /
/: 11.3 GiB (12144545792 bytes) trimmed

Lessons Learned from SSH Credential Honeypots - System Overlord

For the past few months, I’ve been running a handful of SSH Honeypots on some cloud providers, including Google Cloud, DigitalOcean, and NameCheap. As opposed to more complicated honeypots looking at attacker behavior, I decided to do something simple and was only interested in where they were coming from, what...

systemoverlord.com/2020/09/04/

I have never been a big L2-L3 guy, so I found this interesting

How do Routers Work, Really?

An accessible overview of how exactly a router works, with code examples.

kamila.is//teaching/how-router

Mr. Hastings: If I had to guess, the five-day workweek will become four days in the office while one day is virtual from home. I’d bet that’s where a lot of companies end up.

Netflix’s Reed Hastings Deems Remote Work ‘a Pure Negative’

archive.is/6iK6Z

Professor DungeonMaster does a terrific job of explaining horror, role-playing games and how the two should work together. This man knows what he's he's talking about and anyone interested in RPGs would be wise to listen.

youtube.com/watch?v=t_LrhcwWNN

'Super bacteria' survives for three years outside space station

Given that a tardygrade, which is much more complex can manage the same thing, I wasn't too impressed with Deinococcus radiodurans.

However, the fact that it is also known as 'Conan the Bacterium' is pretty great! :-)
bbc.com/news/av/science-enviro

Just published two posts, all about DNS log collection and security:

DNS and IT security - Know your DNS Queries and Requests, Attacks, and SANS CSC
hannahsuarez.github.io/2020/dn

DNS Log Collection - More on DNS Queries hannahsuarez.github.io/2020/dn

Related from May 2019: Why understanding of DNS monitoring is useful for securing and hardening infrastructure hannahsuarez.github.io/2019/DN

Show more

Scott Mortimer's choices:

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.