sten0✅ @sten0_SE@infosec.exchange
Infosec | OSINT | Locksport | Crypto | Social Engineering | Abusing Systems | We're all mad here. Also: https://mastodon.social/@sten0_SE
Schrödinger's Ops... production is in a constant superposition of states between "duct-taped together" and "everything's on fire"
KFC to start taking/storing facial image scans because how could that POSSIBLY go wrong?
"KFC ensures they will be secure" lmao ok, and I'm a Nigerian Prince who just needs to transfer some funds for an upcoming trip.
See enclosed a check for $5,000 USD. Please cash, take $500 for troubles, and wire the rest to my offshore acct. https://infosec.exchange/media/bNrh2yYtp_g7LK1J8zY
Re: #RealityWinner
If you didn't know about the "hidden" printer dots that get added I have a few others for you. The general idea is called "canary trapping" and takes many forms ranging from differeing stories, font spacing, scene markers (film industry), high-pitched frequencies beyond human hearing range (music industry) etc.
ICYMI: ~600 pg monster covering damn-near everything about VM/homelabs. Last day to get it for free... buy it anyway!
courtesy of @da_667 (same handle on tweeter)
List of products with SMBv1 as a requirement (per vendor).
https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/
Good roadmap to learning exploitation.
"From 0x90 to 0x4c454554, a journey into exploitation"
http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
Bypass security on any AT&T wireless by logging onto http://ufix.att.com
Start checking all those wifi's near you... https://infosec.exchange/media/u3vUrUw-yli2nQ4smcM
Did you know? Clouds are formed from the evaporated tears of many thousands of network and systems admins https://mastodon.social/media/g3ikKTz9Hp6ID-BJrJE
Edit: 1 high vuln was found, since patched.. led to server shutdown.
The #OpenVPN audits yield a mixed bag.
Low-medium vulns but nothing considered "high" - crypto solid.
Possible problems with implementation (par for course really).
https://threatpost.com/openvpn-audits-yield-mixed-bag/125694/
Great #easternphilosophy lesson applies to tech debt and #infosec pretty well. Focus on making, not securing will cause large amount of pain in [probable near] future. https://infosec.exchange/media/S3svVwWntQm3QTOt51g
LIN bus often bridged to CAN bus and can be connected to via cd changer connector in trunk.
Watch out for malicious junk in your trunk... here's hoping that "car's will be an iPhone on wheels" quote guy get's a serious life lesson soon...
http://hackaday.com/2017/05/26/embed-with-elliot-lin-is-for-hackers/
From birdsite: Mexican lock with palindrome biting on key 😎
https://twitter.com/eclipsedave/status/867083178552434688 https://infosec.exchange/media/QFwyqRrydlhV-RWYF9U
RSA 2048 private master key for offline AES-NI keys.
https://www.sendspace.com/file/fz133k
pass: 85W0vhRkPbqcvaTafHknhMRP
So many [recent] examples of no validation/verification/authentication. Pathetic. Negligence, pure and simple. Not like SQLi is ~20 years old...
¯\_(ツ)_/¯ 💩 🔥
Pacemakers, TrendMicro AV, automated email, SQLi for years,
http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html
https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities
main()
{
printf("Hello World");
}
May as well join you fine folks over here as well (pref local > fed timelines).
Interests: OSINT, SE, locksport, Red Team, general abuse of systems
blog:
sten0.ghost.io
birdsite:
.social:
https://mastodon.social/@sten0_SE
sec masto:
