GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Untitled attachment

Download link

Notices where this attachment appears

  1. Embed this notice
    cR0w :cascadia: (cr0w@infosec.exchange)'s status on Friday, 12-Jan-2024 09:31:46 JST cR0w :cascadia: cR0w :cascadia:
    in reply to

    If your org uses a third-party solution for phishing training, it is likely that all of the testing emails contain a specific header. Mail filtering is generally configured to allow them to bypass rules and make it to all inboxes as intended. It is also often used to prevent rewriting the URLs in links if your org has a system that does so ( Proofpoint, Barracuda, etc. ).

    As an employee, if you don't want to bother with the regular phishing training, look at the message details and see if you can find the header used to bypass protections in your org. Some of the common ones are:
    X-Phishtest
    X-ThreatSim-Header
    X-ThreatSim-ID
    X-PhishMeTracking
    X-PhishMe

    Then in your mail client, set up a rule to take whatever action you wish. You can create an alert, move the message to a specific folder, or even execute a program or script if IT hasn't disabled that function.

    I fully support those of you of a chaotic persuasion to take the URLs from your org's phishing messages and fully enumerate the unique identifier section. Just brute force it and see if everyone gets assigned phishing training.

    It used to be that as an attacker, you could put all of those headers in and likely bypass filters due to the org setting a basic allow rule for one of them for phishing training. However, more orgs have finally either moved to third-party mail service that usually does a better job at filtering, or they are getting around properly configuring SPF, DKIM, and DMARC with strict rules that specify sending domains that are allowed with the header mentioned above. YMMV, of course.

    #phishing #infosec

    In conversation Friday, 12-Jan-2024 09:31:46 JST from infosec.exchange permalink
  2. Embed this notice
    Azeria (azeria@mastodon.social)'s status on Wednesday, 13-Sep-2023 09:26:14 JST Azeria Azeria

    Time for an Arm-twist! CVE-2023-4039

    Tom Hebb (Meta red team) and I discovered an 0day in GCC (for AArch64 targets) during my Arm exploitation training.

    It renders stack canaries against overflows of dynamically-sized variables useless.

    https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64

    In conversation Wednesday, 13-Sep-2023 09:26:14 JST from mastodon.social permalink
  3. Embed this notice
    StreetFur (streetfur@pawb.fun)'s status on Thursday, 01-Jun-2023 02:31:56 JST StreetFur StreetFur

    @thomasfuchs as someone who graduated in the late 00s and straight into mainframe work. It's interesting to explain, yeah it's super stable and has crazy transaction volumes it can sustain (the history of IMS is a bit bonkers). Buuuuuut it's a weird working market of older developers refusing to knowledge share and younger devs being locked out of the space by mockery and lack of teamwork and on the job training.

    It's going to get real weird when those older devs start expiring.

    In conversation Thursday, 01-Jun-2023 02:31:56 JST from pawb.fun permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.