Notices by da_667 (da_667@infosec.exchange), page 2

knife sharpening service was worth it. got 19 knives done for 78 bucks. Used one of my knives to butterfly chicken for chicken + riced cauliflower for lunch, and it was effortless.

They really needed the maintenance.

I can't stop fucking laughing.

https://www.varonis.com/blog/malicious-firewall-rules-in-azure-sql

TL;DR: if you have access to modify azure firewall rules, you can craft DELETE requests, and depending on the number of ../ in your request, can delete servers, resource groups, etc.

with thanks to @pjsliney for the heads up.

Also cc @Viss

Go to the cloud they said, it'll be fine they said

@r000t can't say that I have

today I've learned that ethtool doesn't work to check link or duplex speed on virtio devices because the VM and the host are aware its a virtual machine, and just yeets frames between VMs, or out the hypervisor's interface (if bridged) at link speed.

@GossiTheDog didn't even consider this. Hope your employer has strict MDM. But even then, who knows what happens.

I don't know if its bias or not, but the number of really stupid webapp vulnerabilities seems to be on the rise. There seems to be a lot of endpoints that just. require zero auth. A lot of webapps that just blindly trust the user if certain http headers are there. A lot of webapps seem to just completely lose their shit when they hit that (?:\x3b|\x60|\x0a|\x26{2}).

@GossiTheDog your character looks like they've seen some shit.

only thing I wanna know is if they hit the dead pope with the pope hammer three times like they were supposed to.

@GossiTheDog ..which means that its recoverable by bad guys, which means that this is just as much an infostealer now as it was before.

@GossiTheDog 1.2gb of ram. holy shit, lmao.

@mttaggart @Viss what happens when you hide your dead man's switch service into shit like service accounts with non-printable ascii characters? What happens when you store the dead man's switch into an alternate data stream?

@mttaggart @Viss I've very interested in this. I like the idea of active countermeasures, but turned up to 11.

It wasn't that long ago that some were theorycrafting that by just installing VMware Tools, or by installing a host of forensic, malware analysis, or reverse engineering tools, that whole hosts of automated malware will just throw shitfits and refuse to run.

What happens when you develop defense tools that randomize the name of the executable and/or the service or drivers required to run each time they are run?

What happens when you install a dead man's switch service when the AV/EDR executable/service/driver are otherwise disabled or removed entirely?

@mttaggart @Viss any of you around long enough to remember defense tools for the blind?

https://sourceforge.net/p/dtftb/code/HEAD/tree/

tl;dr: "nobody gets shells, now that this daemon is running. I'm not locked in here with you, you're locked in here with me"

For the record, the 2020 Election wasn't stolen. Fuck the current administration.

@GossiTheDog that was incredibly awful, not gonna lie. Wonder which rainforest had to burn down to render that demo.

@silverwizard if you're looking for minaturized hardware, the minisforum ms01 is REALLY good. Otherwise... I'm not sure about full-size server hardware

I don't want AI models taking all of my favorite media and movies from growing up, enshittifying them, and devaluing the effort and care it took to make.

I'm sick of AI taking my hobbies and my recreation, and telling us all that its a fucking revolution. Motherfucker, its theft.

AI should be doing my fucking chores, not devaluing the things I want to do in my free time.

never do when you can overdo: A guide to excess, and anticipating software developers stuffing shit into javascript that should never be there.

Never thought I'd be able to work in Heisenberg Uncertainty Priciple, Hawthorn Effect, and Freeman's Mind into the same chapter of a book.

this microservice could have been a sql query