Notices by kajer (kajer@infosec.exchange)

@ryanc @Viss https://old.reddit.com/r/itrunsdoom/ is another place of weird doom ports.

I personally liked the Cisco CDP hack to then get a java applet running on a 8841 phone.

@ryanc I used a ATS02= command prior to connection, your hax wont work here!

ATH0

@ryanc there may be a bonus update today...

This camera was OEM branded a few other places too, but the best I can find is this is originally a VHD-V50U camera.

Finding firmware images from 15 years ago is not as easy as I was hoping for. SO MANY MANUALS though... :(

I went down the rabbit hole of "free stuff is not free" and here I am.

If anyone here has a PTZoptics 20X Generation1 camera, I would like a word please. I need some firmware that the vendor claims they don't have.

The firmware can be extracted and stored as a backup using their archaic update tool that isn't shady looking at all.

Getting desperate - found someone from the OEM on linked in that was offering firmware files via DM/email for various VHD-based camera models. I sent and email asking for VHD-V50U usb/fpga bin files. Let's see if this pans out.

get it, pans, as in PTZ camera?
thatsthejoke.jpg

Sadly due to CSS and JS fuckery back in 2017, the wayback machine doesn't have the page or links to the old firmware files published by ptzoptics. The firmware page uses onclick to show things, and wayback can't handle that, at least not back in 2017 archives.

I really hate javascript.

Lol, the one youtube video showing how to update firmware for that camera mode is from the same support person telling me they don't have firmware files for that camera.

🤦♂️

Final PTZ camera update:

It's e-waste. Nobody anywhere, even the OEM, has the USB/FPGA firmware bin files needed to unbrick the camera.

The SoC works, and I can interact with the webapp, but the camera functions and PTZ controls are cooked. We can even flash an older firmware image which is the USB firmware+JFFS2 filesystem, but no FPGA code anywhere.

:(

PTZ camera update:

I attempted to contact VHD directly to ask for old v50u firmware. I setup a burner PC on cellular and had a teamviewer session with a VHD-Corp support engineer. They sent over v50u images and was able to flash the images to the camera.

But... The camera/PTZ system still do not respond to IR remote, web interface issued commands, nor is a picture output via HDMI. Flashing the 2015 image resulted in HDMI output of just black rather than no signal at all so that was nice... I am guessing the FPGA image flashed bricked the video subsystem. :(

Shout out to VHD for taking a remote support call for a 10+ year old camera from some internet rando. All it took was giving them teamviewer access to the box. 🌶️

@ryanc @r This sounds like you are using IP versions as VRFlite instances. This is indeed cursed.

(I have done it too, it's fun!)

@ryanc wat?!

Cool, this is the preferred release.

PAN-272085
(This issue affects PAN-OS 11.1.6-h3.)
When DoH is enabled for DNS Security, multiple DoH transactions in a single HTTP/1 connection might unexpectedly cause the firewall to crash and reboot.
Workaround: Manually disable DoH support for DNS Security using the set deviceconfig setting dns-over-https enable no CLI command. Alternatively, you can remove the DNS Security configuration used to handle DoH traffic.

JFC dude

April 9 is when I told you to make access requests for the box you had me make a "DMZ" for.

This is a special network zone, everything is default-deny due to the proximity to the public internet.

TODAY is when you ask me why you dont have access? TODAY is when you link the ticket from April 9th of me saying there is no allow rules until YOU submit a request?!

FUCK

@ryanc Embrace it, get a lair, do troll things to Superman.

@ryanc @cR0w the wording of the ticket broke my brain. they want a trusted ca to give us a cert for their one ipv6 address they intend to reuse at multiple sites.

@ryanc @cR0w LOL I just re-read the ticket...

ALL servers at ALL sites will use the SAME IPv6 address, so they only need the ONE certificate.

W T A F

@ryanc @cR0w i am not going to be enabling this request by giving them a trusted cert for an ipaddress. I doubt our CA will do it, but I'm not going to ask. They don't want any type of DNS, just the internal use IP.

Hi Digicert, can I get a trusted cert for 192.168.1.1 please?

Hi Digicert, can I get a trusted cert for 2001:db8::1 please?