Fritz Adalis

@FritzAdalis@infosec.exchange
472 Followers
523 Following
23.2K Posts

Infosec Lurker | Technical Debt Collector

It's not for fun, or any sense of community.
It's just trying to dull the pain.

Pronounshe/him
Fritz Adalis2h ago
Patrick 🌎2h ago
Happy Sunday 🙏🏾
Show threadFritz Adalis3h ago

@w7voa
At least we know why:

The decision followed an initial rejection by the court on Friday and came after a closed-door hearing attended by IDF Intelligence Chief Maj. Gen. Shlomi Binder and Mossad Director David Barnea.

Fritz Adalis3h ago
Steve Herman3h ago
Haaretz - The Jerusalem District Court grants Israeli Prime Minister Netanyahu's request to cancel his scheduled testimony in his corruption trial for the coming week. https://www.haaretz.com/israel-news/2025-06-29/ty-article-live/idf-says-it-killed-a-founding-leader-of-hamas-who-planned-october-7-attack/00000197-b98b-d6b3-abf7-f9fb75e30000?liveBlogItemId=423308503&utm_source=site&utm_medium=button&utm_campaign=live_blog_item#423308503
Fritz Adalis4h ago
BeyondMachines 6h ago

Interboro School District hit by cyberattack, exposing student and staff data

The Interboro School District in Pennsylvania, serving approximately 3,300 students, was hit by a ransomware attack on October 28, 2024, claimed by the RansomHub gang who alleged theft of 1.1 terabytes of data. The attack forced cancellation of classes due to complete network failures and prompted FBI involvement.

****
#cybersecurity #infosec #incident #ransomware
https://beyondmachines.net/event_details/interboro-school-district-hit-by-cyberattack-exposing-student-and-staff-data-5-p-b-1-c/gD2P6Ple2L

Interboro School District hit by cyberattack, exposing student and staff data

The Interboro School District in Pennsylvania, serving approximately 3,300 students, was hit by a ransomware attack on October 28, 2024, claimed by the RansomHub gang who alleged theft of 1.1 terabytes of data. The attack forced cancellation of classes due to complete network failures and prompted FBI involvement.

BeyondMachines
Fritz Adalis7h ago
Nullstring 🏴‍☠️10h ago

First drop of #DirtCheapHackingTools Dirt Cheap Probes now available for mail order and #DEFCON pickup

Get yours now!

https://www.dirtcheaphackingtools.com/product/probe

Fritz Adalis13h ago
Norman Wilson1d ago
If the person who owns your building cuts a network cable, are they a landowner or a landowner?
Show threadFritz Adalis14h ago
@Em0nM4stodon
He does have friends everywhere.
Show threadFritz Adalis14h ago
@RueNahcMohr
Lol it's been a while since I've heard a memory count buzz.
Show threadFritz Adalis14h ago
@VeroniqueB99 @scottwilson
Pretty sure Democrat leaders don't want any of those things.
Fritz Adalis14h ago
Show threadtacnextgen17h ago
@VeroniqueB99 this post from Bluesky summed up my view of the current leadership of the Democratic party.
×
HD Moore3d ago
I'm excited to announce our "Out-of-Band" series; these articles focus on the security risks of management devices like BMCs, serial servers, and IP-enabled KVMs. "Out-of-Band, Part 1: The new generation of IP KVMs and how to find them" is now live at:
https://www.runzero.com/blog/oob-p1-ip-kvm/
Show threadRick Altherr3d ago
@hdm last time I reported vulns in BMCs, I was told it was unsporting. Glad to see you're picking up the flashlight to shine on how terrible these devices often are.
Show threadHD Moore2d ago
@mxshift thank you! it's a mess out there - glad to see all of this stuff finally going into open source, but the horrors!
Show threadsntx3d ago
@hdm Great write-up!
Show threadHD Moore2d ago
@sntx thanks!
Show threadVlad2d ago
@hdm (part 1) a few small corrections about NanoKVM. One of their problems - they do not close issues when the issue supposed to be fixed - so status of the ticket doesn't show the state of things and makes analysing it harder.
Therefore, you've mentioned, that they are leaking device id to download sketchy library - that is no longer true (see NanoKVM/kvmapp/system
/update-nanokvm.py in their github repo), they've changed it about 3 months ago and now they just download sketchy binary. tbc
Show threadHD Moore2d ago
@civiloid thank you! we’ll update the post soon
Show threadVlad1d ago
@hdm cool :) Just double check please if they haven't removed the sketchy binary completely, as they were mentioning that they might do that, and I haven't thoroughly checked what has changed since ~March.
Show threadHD Moore1d ago
@civiloid will do! my PCIe shipped with 2.1.1 still (their latest FW is still older 2.x); its not clear to me how the normies are supposed to update these things right now
Show threadVlad2d ago

@hdm (part 2) ... and for those who don't like sketchy binaries, there is unfortunately non-official firmware https://github.com/scpcom/LicheeSG-Nano-Build that reimplements all the sketchy blobs.

Same for updating the password - that was supposedly fixed about 4 months ago, but they've never closed the issue for reasons I have a hard time understanding.

For PiKVM firmware port - they've canceled that for NanoKVM (it seems so) and says they will release their better device with PiKVM firmware available from day 1.

GitHub - scpcom/LicheeSG-Nano-Build: LicheeRV-Nano-Build with submodules

LicheeRV-Nano-Build with submodules. Contribute to scpcom/LicheeSG-Nano-Build development by creating an account on GitHub.

GitHub
Show threadVlad2d ago
@hdm (part 3) and about update - it was completely broken until late 2024 (late 2.1 or early 2.2) as they were trying to download files from CDN in China with very hard deadlines and without a single retry - so you have a chance but like 1 in 1000 that it would succeed in time. It got better since then (retries are in place, timeouts are more realistic) but I think problem is still there and will be there until they start using CDN that have presence outside of China.
Show threaddelProfundo1d ago
@hdm I LITERALLY SAID AT DINNER LAST NIGHT CAN SOMEONE PLEASE TEST SOME OF THESE NEW KVMS 🤣🤣 merci!
Show threadHD Moore1d ago
@delProfundo woot! happy to help