JohnsNotHereMay 29, 2025

Writing up a report for a PITA client right now. I swear I hate being subcontracted out. I could write a literal book on all the things that went wrong while trying to get started with these guys, but that's another story for another day.

Classic environment, but they actually did a good job locking things down. Found an on-prem AD server that also had SQL Server running (port exposed), but when I went back to do some more recon, the entire server is locked out. Only SSH access, so go figure. Thankfully I had previous scans for it, but still.

My suspicion is that someone firewalled it off. That's fine, I'm not going to bitch about it, but I will tell them about the finding. I doubt I'll come back to them in the future, but I'll be damned if I lose an ounce of sleep over this.

Show threadbarelysecure
@JohnsNotHere so perhaps they saw your scan hit, realized they'd unintentionally left it open and remediated the issue... so what's your issue with that?
I certainly have had a few wtf moments after seeing some of my own scan reports on some of my own infra, sprinkling Wazah agents around is usually an eye opener but better than someone else finding your misses.
May 29, 2025 at 5:07pmWeb
Show threadJohnsNotHereMay 29, 2025
@secminded More of a rant than anything, and mostly for myhself for being too noisy to trigger an alarm. I don't fault them for it at all, and actually include it as a finding to say "good job!" (it's an info-level finding) because it shows good operational awareness. I underestimated them, but it also cut off a branch of investigation and testing, and that was frustrating. Overall this has been a PITA client for a number of non-technical reasons, so I'll admit that I was rushing a bit to get it done. Still bugs me though. 🙂