Notices by da_667 (da_667@infosec.exchange)

@GossiTheDog Not quite sure how I missed your POC the first time around, but I just added coverage in the ET ruleset for both Snort and Suricata. Rules will be out this evening in our daily rule release. Cheers and thank you.

Suricata:

alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco ASA/FTD Memory Leak Attempt (CVE-2020-3259)"; flow:established,to_server; http.method; content:"GET"; http.uri; bsize:>800; content:"|2b|CSCOE|2b|/sdesktop/webstart.xml|3f|"; fast_pattern; content:"|25|p"; endswith; reference:url,github.com/GossiTheDog/Exploits/blob/main/Cisco-CVE-2020-3259.sh; reference:cve,2020-3259; classtype:attempted-admin; sid:1; rev:1;)

Snort:

alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Cisco ASA/FTD Memory Leak Attempt (CVE-2020-3259)"; flow:established,to_server; content:"GET"; http_method; urilen:>800; content:"|2b|CSCOE|2b|/sdesktop/webstart.xml|3f|"; fast_pattern:0,20; content:"|25|p"; distance:0; reference:url,github.com/GossiTheDog/Exploits/blob/main/Cisco-CVE-2020-3259.sh; reference:cve,2020-3259; classtype:attempted-admin; sid:1; rev:1;)

@GossiTheDog Been beating this drum for years. Infostealers are a huge threat because of crossing the streams. whether its byod, or wfh with a company asset, and your kid decides that downloading and running free_robux.toteslegit.exe on your work laptop with saved passwords in the browser is totally fine.

@soatok

Hey, Binary Defense is hiring for a Threat Hunting team lead. They reached out to me to extend an offer, but I'm happy where I'm at right now.

https://recruiting.paylocity.com/Recruiting/Jobs/Details/2999831

and because this isn't listed anywhere on the information about the position, this is the information I was able to get out their hiring person:

The max salary for this position is $165k plus 10% bonus, stock options, 401k match, full benefits and unlimited vacation days.

The position is fully remote, and unfortunately, I have no information as to whether or not they support international candidates.

Please note I'm sharing all the information I can here. Please don't reach out to me with more questions, but also good luck in your endeavors.

@reverseics

THEN FUCKING PAY FOR THE DATA.

https://arstechnica.com/tech-policy/2025/01/ai-haters-build-tarpits-to-trap-and-trick-ai-scrapers-that-ignore-robots-txt/

today it is wednesday

Tik-Tok ban upheld? Good, now do X for election interference and facebook reels because its just as shit as tik-tok ever was.

Oh, you won't do that because Mark and Elon are puppeteering the government so hard, their hands are literally up the president's ass? who would've guessed.

my wife was re-watching twilight last night.

"Your skin is ice cold. You barely drink. You avoid the sunlight."

"Say it. What am I?"

Me: "A security researcher"

@halva @puppygirlhornypost2 save as -> SAP.txt

@halva @puppygirlhornypost2

enterprise grade means never having to say you're sorry.

https://redrays.io/blog/critical-sap-businessobjects-authentication-vulnerability-cve-2024-41730/

@GossiTheDog They way they phrase it makes it seem like they're running their own shadow copy. I would be absolutely enraged if I discovered they were just piggybacking on shadow copies.

@GossiTheDog

I know how we can fix ransomware. Let's put a pretty wrapper on a windows feature that is the first thing ransomware deletes and disables

Another banger by watchtowr. Openconnect is an open-source VPN client that can be made to pretend its a VPN client for different VPNS, because of course, they all have a unique and serially miserable way of connecting to their special VPN appliance.

One of ivanti's connect methods is IF-T. There is a Client Capabilities field that IF-T supports that, if you provide it with more than 256bytes of data, boom, segfault. Also possible RCE if you can guess the right return addresses without knocking over the stack.

https://labs.watchtowr.com/do-secure-by-design-pledges-come-with-stickers-ivanti-connect-secure-rce-cve-2025-0282/

@cR0w I've long since burned out. I do my job with care, but the fact that utter shit product makes it out of the gate is the product of a capitalist ouroboros of shit. It isn't that developers cut corners. Its that companies cut corners on their behalf because there are no consequences for it.

The fact that HNAP vulnerabilties exist across a spectrum of IoT devices spanning over a fucking decade, and the answer to old devices that have these vulnerabilities is "well, buy a new one that is still supported 🤷" is proof that we live in a hellscape propped up by corporate greed.

made pot roast tonight. starting with beef/bone broth as the base makes SUCH a huge difference.

pot roast seasoning packet, can of peas, packet of baby carrots, five diced potatoes, 32oz of beef broth on 375 for 2 hours turned out fine.

how are you today?

sounds of a car trying to turn over, and failing

@GossiTheDog this year's deals were utter dog shite. You weren't missing much.

people who write javascript don't make threats, they make promises