whonose123 is a user on infosec.exchange. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

whonose123 @whonose123@infosec.exchange

whonose123 boosted

I'm really enjoying the new tv series "strange angel". perhaps the coolest part is that the real story is just as strange. the show's writers probably had to tone it down for a tv audience rather than the reverse.

whonose123 boosted

this is an eye witness recounting of how hitler was democratically elected in austria by a 98% majority and within 5 years transformed the country into a fascist distopia. those who don't learn from history are doomed to repeat it.

beliefnet.com/columnists/on_th

whonose123 boosted

Is there a good guide to setting up an IPv6 home network (including DHCP, DNS, etc) for moderately savvy users? Trying to teach it to someone and realizing I don’t understand it well enough to simplify it usefully…

whonose123 boosted

^^^ <End of Thread> ^^^

I breached a company through a newly constructed branch location.

I slipped in in that short moment between them implementing the network and them implementing the security to protect that network.

whonose123 boosted

Walked around the place. Looking at the newly constructed cubical farms.

Seats freshly installed.

Plastic, boxes, styrofoam on the floor.

Found the hot ethernet jacks to the side and plugged in some more RPi dropboxes.

Folks just thought I was an installation tech.

Left the site and checked my listeners. The RPi’s had connected.

I had complete access to that location, of course.

But I also had internal access to the WAN. To the central corporate network in another city.

A flat network.

whonose123 boosted

All of the servers had their IP addresses printed out on labels.

The security camera management console had each IP camera’s IP address on display.

Firewall appliances, vuln scanner appliances, security appliances, all labeled neatly.

Lot of little devices on the wall and in the racks plugged in.

I had a couple Raspberry Pi dropboxes in thise black official cases.

I took them out. Plugged them in. Left.

whonose123 boosted

Got out of my car & walked up to the main lobby. A lot of folks coming and going.

It had a badge reader, man trap, and locked down lobby...

...that hadn’t been locked down yet.

So I walked through. Nodding to folks as I passed.

Went into the office area of the warehouse & looked around. Made sure folks saw me. Became part of the busy flow.

Found the server room. Door propped open. Room crowded with network field techs finishing their cabling. Camera folks setting up the management console.

whonose123 boosted

New warehouse just finishing construction. A lot of different people there. Electricians, network field techs, physical security engineers, etc.

Drove up to the parking lot to see all manner of different companies and installation techs, coming and going.

While driving up to the site, I noticed the place surrounded by high fences, barbed wire, lots of cameras. It had good coverage. Didn’t see a dead zone.

When this place becomes fully operational, it’s going to be a tough nut to crack.

whonose123 boosted

So I recently completed a physical pentest. Was going to live toot it.

But it happened a little too quickly.

Went to case the joint; conduct some active recon.

And then just sort of breached the place while I was there...

@tinker I really love the story you put on Tweeter about dropping the Pi's into the client site during setup. Nothing works better than the "I am supposed to be here" walk through a worksite. LOL!

whonose123 boosted

@ScottMortimer @jackiebailz
It is. I have it running on the first gen rPI since last weekend. Runs great for a small home network. But piping an installation script into bash should be banned. It's a good reason for punishment

whonose123 boosted

@ScottMortimer
im curious about your experience running it on a rPi 1, i've got one laying around myself

whonose123 boosted

Another Friday, another day at the data pumps...

whonose123 boosted

the is transmitting SSTV on 145.800Mhz until tomorrow for anyone who may be interested.

whonose123 boosted
whonose123 boosted
whonose123 boosted
The true failing of RSS is that you can't track people with it