Notices by Jake Hildreth (acorn) :blacker_heart_outline: (horse@infosec.exchange), page 22

@catsalad @jerry https://www.winamp.com

@catsalad @jerry https://apps.apple.com/bg/app/icq-video-calls-chat-rooms/id302707408

@catsalad @jerry Uh... I'm participating in the Winamp re-release beta right now and just deleted ICQ from my phone last week. (I am not joking about either.)

@catsalad @jerry The fact that WS_FTP still exists at all gives me the warm & fuzzies.

@catsalad this is the way

@zak Why use Launchpad when Spotlight exists? And why use Spotlight when Alfred exists?

Hackers / Pentests - Wanna sniff out canary tokens?

Ya worried the blue team seeded fake credentials throughout their environment? Put them in LSASS, LSA, or even that suspicious "too good to be true" passwords.txt file?

Ya worried that if you use those creds, blue team will get alerted that you used them because no one ever uses those creds and any login attempt triggers massive alarms?!?!?!

Just dump Active Directory (with other valid creds) via LDAP and go through the resulting LDIF.

Look up the sus account and look for the parameter "lastLogon:" : Was it a while back? Has anyone used the account in a while?

Now look for the parameter "pwdLastSet:" - Is it close to the lastLogon? Did blue team set the password, set the alert, and then leave it to sit?

If they are recent dates, maybe it's a new hire. So maybe it's fine.

But if its older... thats a little suspicious.

Look for other parameters and paint a picture. Look at passwordExpirationTime. Is it 0? Look for accountExpires, is it set for near forever? (or a long way off).

Big thing is, compare it to other accounts, especially accounts you know are good. Look at normal and then conduct anomaly analysis and see how well your sus account stacks against known good or known normal.

Active Directory gives a lot of information. Dive into it.

#infosec #hacking #pentesting #honeyTokens

@TheGibson Toot! is the best I’ve found so far. It the elk.zone web app is great too.

@Sempf Example: "A photo of a squat rack with an empty bar. The bar is very rusty because it hasn’t been used in four months. The photographer is rusty for the same reason."

@Sempf I love writing humorous shit in my alt text!

Hello, old friend.

@DataDrivenMD @com Did you happen to install a beta version on those 3 devices?

@tinker @wendynather Oh em gee, what did you use to create this?

I am feverish in bed post-vaccine, please tell me a cool fact about something

@frainfostudent @GossiTheDog @malwaretech *besterest hacker

@rand0h yakkety yak

@rand0h Bluesky can feel dead if you aren’t following many people and/or not using custom feeds. Custom feeds are cool.

Refactoring is oddly satisfying.

@bandrel LIVE NOW!

TODAY!!! 2pm ET on the Twitch Happy Hour we wrangle @bandrel and let him host the entire thing by himself. https://Twitch.tv/TrimarcSecurity