Jerry π¦ππ¦Infosec.exchange will be down for a few minutes starting in 12 minutes (10:30am et / 2:30pm UTC)
| personal blog | https://codewrecks.com |
Gian Maria Ricci π±
- 45 Followers
- 41 Following
- 98 Posts
My last concert was pre COVID, I really needed it, the people, the music, always a fantastic sensation.
@GossiTheDog I run mostly Windows on all my computers π, just to break the statistics
Someone has an invite for bluesky? I'm on waiting list but I'm really interested in trying it.
@GossiTheDog only perfect date is 8601, prove me wrong π€£
Kevin BeaumontI had a quick look at the Defender/WSL (Windows Subsystem for Linux) thing at lunch.
It's pretty comical, it looks like the WSL team have unfortunately undercut Defender. E.g. you don't even need to port a backdoor to Linux to maintain access on isolation -- you can just run a Windows trojan in Wine (works in WSL) & the network traffic isn't inspected, logged in Advanced Hunting Query or blocked on isolation. Also WSL can access any local or network files. And it ships built into Windows OS.
Frederik RaabyeAnother great write-up from Oliver Lyak. This time with new tooling for bypassing CredentialGuard in Windows to retrieve NTLM hashes. https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
Eric CapuanoI have found the first of will likely be many non-expiring password reset URLs that you may have had stored in #LastPass
If you had a maxmind.com URL in LastPass that included set-password?token= in the parameters, I just tested and those do not expire... Possession of the URL is all you need in order to change the password.
Shame shame, Maxmind.
Want to hunt for your own possibly sensitive URLs? Start with this against your vault export.
cat lastpass_export.csv | cut -d',' -f 1 | grep -a -i -e '^http' | grep -v 'http://sn' | egrep -i '(api|password|reset|secret|token)'