 |
Post At8QIcNsNkifEZCVPc by [email protected] |
 |
More posts by [email protected] |
|
Post #At8MtYcyuZKWTvcnAG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
okay, possibly hot take, but hear me out:cve cratering will actually help stuff… |
|
|
|
Post #At8MtYjMWqQynibt6u by [email protected] |
|
0 likes, 0 repeats |
|
|
|
many many (obviously not all, duh) "vuln management programs" literal… |
|
|
|
Post #At8MtYpOARFr6PQhVI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
for like two decades we've been asking ourselves "why the FUCK is sqli… |
|
|
|
Post #At8MtYvPo24jP6FVtg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
as long as the budgets get refilled, the licenses get renewed, the graphs conti… |
|
|
|
Post #At8MtZ1RRctbhn4KI4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
so do that for 20 years and now you have this complacency. you have this zero-b… |
|
|
|
Post #At8MtZ7p3u041a3QEi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
but you look at the news and literally like every fucking day there are two maj… |
|
|
|
Post #At8MtZECgB6WLN2WBM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
its because none of it is MEANT to work. and this is where the psychology i men… |
|
|
|
Post #At8MtZJsL5docxh31U by [email protected] |
|
0 likes, 0 repeats |
|
|
|
see, there are people who "enjoy their jobs", and "take pride in… |
|
|
|
Post #At8MtZPtygSgveVrPs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
we do it for "the love of the game" (i suppose) and we like seeing th… |
|
|
|
Post #At8MtZVvcHHZELKfoG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss honestly, I can't fucking believe how tremendously broken SMB is as a… |
|
|
|
Post #At8MtZcfDEfbZEU3JA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss And the thing is, there' are a lot of flaws like that that Microsoft … |
|
|
|
Post #At8MtZigqpUTrvIrhY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
when you take a huge swath of people, and you give them "a mostly clear li… |
|
|
|
Post #At8Mta2tdheasal0CG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
however the inverse of this is a very peculiar thing, and ive observed it A TON… |
|
|
|
Post #At8MtaM2UWxxpxiI2C by [email protected] |
|
0 likes, 0 repeats |
|
|
|
it is assumed that "whoever made up the rules" - "actually knows… |
|
|
|
Post #At8N5X8AIr9pJVvAmm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
so - when you DO NOT HAVE A GUIDE.when you DO NOT HAVE "BEST PRACTICES&quo… |
|
|
|
Post #At8N5XEBwRyhcCjzBA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss whenever i see crappy "best practices" and blind following of a… |
|
|
|
Post #At8N5XujOI0Pk8dxU8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
and so in my experience, (i started this nonsense professionally in 2009), i ha… |
|
|
|
Post #At8N5YgwV2ZQ9fCSdE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
and you may ask yourself:viss how the fuck. and i will tell you, kind readerexa… |
|
|
|
Post #At8N5ZLi3TBEC6H1Au by [email protected] |
|
0 likes, 0 repeats |
|
|
|
this is the cool psychology twist.when you arent given a document from a form o… |
|
|
|
Post #At8N5ZzleXDsCL10c4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
the game NOW HAS STAKESyou cant just point at the pci guidelines and fucking wh… |
|
|
|
Post #At8NXE5Mhq84M2ogIi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@paul_ipv6 "best practices" is another way of saying "i dont kno… |
|
|
|
Post #At8NXEBOLQwwejdUh6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss indeed. and sometimes your friend is a good student. other times... not s… |
|
|
|
Post #At8Nn15um5H0hFbRZo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
when its YOUR ASS - then shit gets serious.the cruise control security-by-vibes… |
|
|
|
Post #At8Nn1D0Liwd3Ev6cy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
so we're gonna see first hand if im close to the mark here. we're gonna… |
|
|
|
Post #At8Nn1J1zJlVLvjv1M by [email protected] |
|
0 likes, 0 repeats |
|
|
|
no cve means no nexpose. it means no qualys (HEY TRADERS, GET YER PUTS READY)it… |
|
|
|
Post #At8Nn1PlaH9XgotIWG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss No Qualys? Fuckin' SOLD. |
|
|
|
Post #At8Nn1borSnIICWvJ2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
and the people who dont know what they are doing will fleeleaving those of us w… |
|
|
|
Post #At8Nn1vJgyOFGfeUhE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
again: probably a hot take. probably an unpopular opinion. but this is how i se… |
|
|
|
Post #At8OB7YcOfwTguWSjg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss anyway, did you know that, by default, even with show file extensions, et… |
|
|
|
Post #At8Oi7XdTcqzCLnZGC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@drsbaitso i wanna shell one of those things so bad |
|
|
|
Post #At8Oi7e15txRW8mfCq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss I'm not entirely sure I follow you. I've always been on the "… |
|
|
|
Post #At8Oi7k2jUmJopbTbE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@drsbaitso are you familiar with that fireeye hack that happened in like 2012 w… |
|
|
|
Post #At8Oi7pMPj225K5it6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss I am not, at least any more. |
|
|
|
Post #At8Oi7uK7H0AKiPgci by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@drsbaitso okay, are you familiar with ivanti? |
|
|
|
Post #At8Oi7zdnVFsbCtvua by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss (From context, I'm guessing Qualys actually ships in some sealed VM a… |
|
|
|
Post #At8Ox0JicT9T8TNzDE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@da_667 @Viss they probably rely on this ancient shit to make Recall work. |
|
|
|
Post #At8QBr9t3LZD1qQuw4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss Unfortunately. |
|
|
|
Post #At8QBrFugwO5KXFjKS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@drsbaitso okay so think of the same thinga 'security appliance' which … |
|
|
|
Post #At8QBrMeHtm7fQP6pM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss Yea, but who scans the scanners? That's how you get scannerception. A… |
|
|
|
Post #At8QIcNsNkifEZCVPc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@da_667 @Viss hey now, SMB over QUIC is now a thing :P |
|
|
|
Post #At8QIcUbyi6hZSLsuW by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@kyhwana @Viss I await the day we can continue to see NTLM relay and file URI h… |
|
|
|
Post #At8QIcazazD9tFKyrA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@da_667 @kyhwana ive had to deal with quic during assessments. its been a while… |
|
|
|
Post #At8QIchjBwbCE8UMM4 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @kyhwana oh, they're definitely using websockets. There are stealers … |
|
|
|
Post #At8QUN6134alIHS2Hg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @kyhwana just ran into a simple today do websockets yesterday. New versio… |
|
|
|
Post #At8REexkx7Hy1lexrk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@drsbaitso me. and other security researchers who like to fuck around.this is h… |
|
|
|
Post #At8REf3Qc1pGJMJUhs by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss Oh trust me, I know the horrors that live in "sealed" appliance… |
|
|
|
Post #At8RpzP3v04M8YERgu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@da_667 @Viss I wonder if that’s why Ned left. |
|
|
|
Post #At8RpzVRXHAoSLDXdY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@zarchasmpgmr @da_667 oh ned bailed? he quit talking to me and i havent kept up… |
|
|
|
Post #At8RpzbTArzgl22M1w by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @da_667 he left a few months ago, working at Tuxera now. |
|
|
|
Post #At8RtdB2Ur8aMVPRD6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss Having been a Linux SysAdmin with zero budget, no guidance, and problems … |
|
|
|
Post #At8V7eZGQFyKal7O9w by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss oh man do i have opinions. i have never given a thought to CVE. my threat… |
|
|
|
Post #AtAP0eanilktEV2Iee by [email protected] |
|
0 likes, 0 repeats |
|
|
|
welp.cve got re-funded, so this entire thread has become moot |
|
|
|
Post #AtAP0ehXJj8vZOBg9Y by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss I think it’s temporary, and the yahoos in DC could pull the rug out at … |
|
|
|
Post #AtAsvRZXhSxC1nsZmK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss for how long? The rest of the world need a non US alternative. This kind … |
|
|
|
Post #AtBvzpDqCpeTYXT9yi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss it was a good one though!! |
|
|
|
Post #AtBvzpKvmTK5uWmp1s by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@ranvel thanks! |
|
|
|
Post #AtBw5L4nCVclnVrlM8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss bagder says no earlier. the trust is broken, makes no difference. europe … |
|
|
|
Post #AtBw5LBsm9IO9VBQPI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@nf3xn yip |
