Notices by Fritz Adalis (fritzadalis@infosec.exchange)
-
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Friday, 21-Mar-2025 02:32:13 JST Fritz Adalis
-
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Thursday, 20-Mar-2025 03:52:51 JST Fritz Adalis
@ryanc @cR0w @kajer
Pretty sure Microsoft's CA does this out of the box. This is why Microsoft always gets the best quadrant.In conversation from infosec.exchange permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Sunday, 02-Mar-2025 01:41:54 JST Fritz Adalis
@Viss @briankrebs
Shits By Design is my new company name.In conversation from gnusocial.jp permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Saturday, 22-Feb-2025 19:59:33 JST Fritz Adalis
@GossiTheDog @paulsanders
It also still makes sense if you haven't played the game and only know it from memes.In conversation from gnusocial.jp permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Saturday, 22-Feb-2025 05:37:02 JST Fritz Adalis
Neighbor is out here pruning my tree.
In conversation from infosec.exchange permalink Attachments
-
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Friday, 21-Feb-2025 17:19:13 JST Fritz Adalis
@SwiftOnSecurity
The IBM slide deck about computers making decisions.In conversation from infosec.exchange permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Thursday, 30-Jan-2025 01:11:00 JST Fritz Adalis
In conversation from infosec.exchange permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Sunday, 19-Jan-2025 10:01:46 JST Fritz Adalis
@ryanc @jerry @shadownetworks @cR0w
Is this RFC 768 in the room with us right now?In conversation from gnusocial.jp permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Sunday, 19-Jan-2025 09:34:19 JST Fritz Adalis
@ryanc @jerry @shadownetworks @cR0w
UDP packets aren't even real.In conversation from gnusocial.jp permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Sunday, 19-Jan-2025 07:33:36 JST Fritz Adalis
KITTAY! That house is not for you!
In conversation from infosec.exchange permalink Attachments
-
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Saturday, 11-Jan-2025 08:52:29 JST Fritz Adalis
@sj
Doesn't VLC use ffmpeg?In conversation from infosec.exchange permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Thursday, 09-Jan-2025 11:33:44 JST Fritz Adalis
@ekis
They weren't stealing, they were playing short-necked plucked guitars.In conversation from infosec.exchange permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Thursday, 02-Jan-2025 23:00:14 JST Fritz Adalis
Wondering if anyone else has seen this behavior.
We received an alert from MS Defender for Cloud that a suspicious IP had downloaded from a storage blob using a SAS token. It turned out that someone was misusing the SAS token feature and had sent the URL via email.
Since then, we've determined that every URL sent via email (O365) is being downloaded immediately by... someone. We brought in someone for IR but they haven't seen anything similar and we can't find a cause. We even set up two secops mailboxes (which are supposed to bypass all MS security) and sending an email between them still triggers the downloads.
The source IPs so far have all been in the US, and Spur tags most with "Oculus Proxy" and most ASNs are "Constant" or "HostRoyale". User agents match Chrome 125 or 131.
The only thing I've found online is complaints on Reddit about this causing a 100% click rate in KnowBe4. No real resolution there though.
We're thinking it's something automated/enterprise, but I want to be sure. Has anyone seen anything similar? TIA.
In conversation from infosec.exchange permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Tuesday, 31-Dec-2024 23:59:32 JST Fritz Adalis
@ekis
Maybe they're building the bunkers for all of us!In conversation from infosec.exchange permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Monday, 30-Dec-2024 09:18:27 JST Fritz Adalis
@ekis
We yearn to rise to mediocrity.In conversation from infosec.exchange permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Wednesday, 25-Dec-2024 05:34:07 JST Fritz Adalis
@azonenberg
Is that the Godot logo?In conversation from infosec.exchange permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Sunday, 22-Dec-2024 07:59:50 JST Fritz Adalis
In conversation from infosec.exchange permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Saturday, 21-Dec-2024 12:51:37 JST Fritz Adalis
@ekis
This seems like good hacking music.In conversation from infosec.exchange permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Wednesday, 18-Dec-2024 21:54:54 JST Fritz Adalis
@jrconlin @ekis
Oh you mean hysteria, not a Martian invasion.In conversation from infosec.exchange permalink -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Thursday, 12-Dec-2024 22:36:10 JST Fritz Adalis
@cR0w @screaminggoat
Is that the right cve? It looks like a different product.In conversation from infosec.exchange permalink