adulau

@adulau@infosec.exchange

Enjoy when humans are using machines in unexpected ways. I break stuff and I do stuff.

The other side is at https://paperbay.org/@a (photography, art and free software at large)

#infosec #opensource #threatintelligence #fedi22 #threatintel

This profile is from a federated server and may be incomplete. Browse more on the original instance.

adulau, to random

Zero-Trust just means that you can connect from a hotel room to your corporate applications using a crappy laptop.

bert_hubert, to random
@bert_hubert@fosstodon.org avatar

"To be good with technology requires actually doing technology" - it is so sad that we have to point this out today. You can't outsource all the things you do and assume you'll continue to be in control of what you do. (from https://www.techpolicy.press/the-dangers-of-moving-key-internet-governance-functions-to-amazons-cloud-the-case-of-the-netherlands/)

adulau,

@bert_hubert Very good point. We can focus the point “To be good with security requires actually doing security” all the recent incidents with many magical security vendors selling VPN boxes. If you don’t know what’s inside the box and actually doing security around, you are left alone to listen to false promises from those vendors.

adulau,

@tfiebig Doing security is clearly the people reading logs, fixing stuff, improving automation, dealing with false positives, searching for true positives and doing incident response. The most successful security teams are the ones dealing with the boring stuff to make those interesting. @bert_hubert

adulau, to opensource

The @misp project's extensive knowledge base, available at misp-galaxy.org, now features an interactive and dynamic graph. This new addition showcases graph relationships, enhancing your browsing experience with visible, dynamic connections. Plus, you can easily filter through these relationships to find exactly what you need.

🔗 An example with the PROMETHIUM threat actor https://www.misp-galaxy.org/microsoft-activity-group/relations/5744f91a-d2d8-4f92-920f-943dd80c578f/
🔗 Threat actor galaxy https://www.misp-galaxy.org/threat-actor/

adulau, to music

"Hacker’s Paradise: Analysing music in a cybercrime
forum"

🎼 #cybercrime #music #paper #research

Remind me to add this functionality in @ail_project ;-)

🔗 https://api.repository.cam.ac.uk/server/api/core/bitstreams/646224d4-9d69-45ee-9892-a70b8bbd7024/content

adulau, to opensource

A very nice dataset from Malpedia with all the deobfuscated strings from their dataset. The repository contains the result of the FLARE FLOSS tool applied to all unpacked and dumped samples in Malpedia.

🔗 https://github.com/malpedia/malpedia-flossed

adulau, to random

The right decision for Ivanti products disconnect :

https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure

adulau, to infosec

What happened to pastebin.com ? It has been down for the past 12 hours.

:blobcatpeekaboo:​

adulau,

@spiegelmama with them, everything is possible. From running away to having hosted the wrong stuff and being seized. Let’s see what the future will tell us.

adulau,

@d_a Yep it’s partially back.

adulau, to opensource

cve-search - an open source tool to perform local searches for known vulnerabilities - version 5.0.1 has been released

#cve #cve-search #opensource #vulnerability

🔗 https://github.com/cve-search/cve-search/releases/tag/v5.0.1
🔗 https://github.com/cve-search/cve-search

quinn, to random
@quinn@social.circl.lu avatar

The biggest fallacy of AI companies is thinking that what the world wants and needs is more digital content

adulau,

@quinn It’s just like the Ambient music, a continuous rehashing of the existing content.

adulau, to random

@mispbot query 192.252.183.116

adulau, to infosec

Creativity for creating PSK ;-)

Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.

🔗 https://vulnerability.circl.lu/vuln/GHSA-jj7g-c984-hr2m

adulau, to infosec

Recapping the state of vendors' VPN appliances:

  • They don't maintain their software
  • They accept money from their customer for maintenance
  • They don't provide patch or update for their customer
  • Don't proactively review the code

Yet organisations question open source?

remiforall, to random French

Google admet que les utilisateurs de Chrome peuvent être suivis dans le mode Incognito.... #petiteverole
https://www.01net.com/actualites/google-admet-que-les-utilisateurs-de-chrome-peuvent-etre-suivis-dans-le-mode-incognito.html

adulau,

@remiforall 01net devrait aussi admettre le tracking de ses lecteurs ;-) https://lookyloo.circl.lu/tree/1f91993b-0c74-4535-892d-18aeee8b50e2

adulau, to opensource

I released a new version of the DomainClassifier python library with improved performance and built-in caching. Thanks to @terrtia for the contribution.

DomainClassifier is a simple Python library to extract and classify Internet domains/hostnames/IP addresses from raw unstructured text files following their existence, localization or attributes.

DomainClassifier can be used to extract Internet hosts from any free texts or collected unstructured information. It's for example used in @ail_project to guess all potential hostname/domain from any text.

🔗 https://github.com/adulau/DomainClassifier
🔗 PyPi https://pypi.org/project/DomainClassifier/

adulau, to random

Cyber Toufan was finally added in the @misp MISP galaxy as a threat-actor.

#threatintel #threatactors #cybertoufan #misp

Thanks to Mathieu Béligon for the recent contribution.

🔗 https://www.misp-galaxy.org/threat-actor/?h=cyber+toufan#cyber-toufan
🔗 if you want to contribute or update the thret-actor MISP galaxy https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json

adulau, to opensource

I think the @jwz famous quote about regular expressions can be applicable to docker nowadays.

Some people, when confronted with a problem, think "I know, I'll use docker." Now they have two problems.

nixCraft, to random
@nixCraft@mastodon.social avatar

Be honest: do you actually finish each side project before starting a new one?

Or do you have a whole bunch of unfinished side projects? 🤔

adulau,

@nixCraft Can we say that a software project is finished? I think it’s either maintained or archived. IMHO, There is no such thing as a finished software project.

adulau, to opensource

In recent years, we have strived to update the MISP standard to ensure it remains stable, simple, and extensible. This effort benefits not only the MISP project but also other threat intelligence tools that utilise this format.

Our commitment is to maintain a stable long-term format that allows users to actively reuse the MISP standard without encountering disruptive changes. We are pleased to announce that our standard format is now being used by numerous software applications worldwide. Recently, we have made minor updates to various formats to incorporate necessary changes while ensuring that our current users are not adversely affected.

For more detailed information, please refer to the following links:

🔗 Core format https://www.misp-standard.org/rfc/misp-standard-core.html
🔗 Object template format https://www.misp-standard.org/rfc/misp-standard-object-template-format.html
🔗 Taxonomy format https://www.misp-standard.org/rfc/misp-standard-taxonomy-format.html
🔗 Galaxy format https://www.misp-standard.org/rfc/misp-standard-galaxy-format.html

🔗 For further details, visit our main website MISP standard website https://www.misp-standard.org/

The MISP standards are also published as I-Ds at the IETF for further dissemination.core, galaxy, object and taxonomy.

@misp

codefiscal, to random French
@codefiscal@mastodon.social avatar

CyberToufanBackup are really of another level :blobsweats:
https://socradar.io/dark-web-profile-cyber-toufan-al-aqsa/

adulau,

@codefiscal When you have time, dedicated ressources and commitment, the results are there.

adulau, to random

SSH ProxyCommand == unexpected code execution (CVE-2023-51385)

Interesting vulnerability to replace the username or hostname token to execute code on the client side with ssh if you use the ProxyCommand directive.

#ssh #poc #vulnerability

🔗 https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html

amuse, to random

Reminder, "Responsible Disclosure" is still an emotional value-laden way to refer to reporting vulns to vendors for fixing.

The ISO standard is called "Coordinated Vulnerability Disclosure" and that's what we should be calling it. :)

adulau,

@amuse We still call it responsible based on the past experience where irresponsibility is still unfortunately a regular practice.

https://circl.lu/pub/responsible-vulnerability-disclosure/ @circl

adulau,

@amuse Some vendors who don’t take seriously vulnerability disclosure. Some security researchers reselling the vulnerability while doing disclosure via a CERT to claim they are ethicals. Too many vulnerability disclosure platforms having two (or more) business plans (reselling CVD to customers while selling exploits). So we are still far away for clean and smooth vulnerability disclosure process. @circl

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • everett
  • rosin
  • Youngstown
  • ngwrru68w68
  • khanakhh
  • slotface
  • InstantRegret
  • mdbf
  • GTA5RPClips
  • kavyap
  • thenastyranch
  • DreamBathrooms
  • magazineikmin
  • anitta
  • tacticalgear
  • tester
  • Durango
  • cubers
  • ethstaker
  • cisconetworking
  • modclub
  • osvaldo12
  • Leos
  • normalnudes
  • megavids
  • provamag3
  • lostlight
  • All magazines
    •