2h ago

I think I posted this network here the other day but can't remember for sure so have it again.

Maybe look at blocking 2a0e:d683::/32 at your edge if you support IPv6. I've seen failed logins from thousands upon thousands of IPs in that network in my O365 tenants for a while now. They do a nice slow roll so I generally see each IP less than once per month, but I would suggest looking for successful logins in your tenants from that network and respond accordingly. And maybe look at conditional access policies if you can.

#GAYINT

Show threadEddie.8h ago
@da_667 does #gayint have a pew pew map yet?
Maddie1d ago

I've been testing scraper blocking strategies on different servers -- a couple personal servers, a curriculum website, and an API dev server for teaching.

I will write some notes/tutorial of what I've learned soon... I'm too busy today, sorry

But a quick defense that works pretty well in our cases is to block parasites from @JulianOliver's Science is Poetry project, plus heavy rate limiting on #GAYINT's naughty list

https://mastodon.social/@JulianOliver/116391284280771352

nyanbinary (unvalued goose)5d ago

RE: https://infosec.exchange/@ifin/116805217464440865

Ok, #IFIN writes their stuff in Rust, #GAYINT in Python...

...

... who wants to join me in creating a community-first CTI org that writes everything in Java? 

Show threadKevin BeaumontJun 18
#GAYINT list of impacted #FortiBleed IPs. Not all as I couldn't write the parser properly. http://owned.lab6.com/~gossi/research/public/fortibleed/some-fortibleed-ips.txt
Show threadKevin BeaumontJun 18
#GAYINT list of impacted #FortiBleed domains (this is basically email addresses of admin accounts on the device btw) https://blog.gayint.org/intel/fortibleed.txt
GAYINT Jun 17
Fortinet, HudsonRock and SocRadar can all responsibly disclose deez nutz #GAYINT
GAYINT Jun 17

Hey cuties. Long time, no blog. We hope you are having a powerful and rewarding Pride Month. To celebrate, we've got something fun for you.

Since Hudson Rock broke the news on the FortiBleed or whatever, and their site is pretty unusable, we might as well give you the info you're looking for. Well, not all of it. You'll have to beg for the rest. ๐Ÿซฆ

https://blog.gayint.org/fortibleed.html

#FuckHudsonRock #FortiBleed #FortiShit #GAYINT #FURINT #Pride #ThreatIntel

Fortibleed

*notices creds* OwO what's this?

GAYINT Blog
GAYINT Jun 11

Since we've been asked about it several times lately, here's our starting point for an easy TLD block list. Obviously you would need to confirm that it doesn't include any you need but it's a decent place to start.

https://codeberg.org/gayint/lists/src/branch/main/easyBlockTlds.txt

#GAYINT

lists/easyBlockTlds.txt at main

lists

Codeberg.org
GAYINT Jun 9

Phishing testing indicators have been added to our first public repo. Please feel free to send more our way if you know of others.

https://codeberg.org/gayint/phishing_test_indicators/src/branch/main/headers

#GAYINT

phishing_test_indicators/headers at main

phishing_test_indicators - This is a collection of indicators used by phishing testing platforms. Use them to bypass phishing protections or to create rules to autodelete your company's bullshit phishing testing emails, it's up to you.

Codeberg.org