da_667

@[email protected]
6.1K Followers
1.7K Following
545 Posts

Senior Security Researcher, Proofpoint Emerging Threats. Digital Arcanist

I've been doing this cybersecurity thing for the better part of a decade now. Probably longer than that. I'm starting to forget. Time is relative, but it surely isn't kind to my memory.

I'd like to think I do cybersecurity well, but blue teamers collectively get told they're doing it wrong constantly. So maybe I just failed forward throughout my career.

Oh, I wrote a book. Its a good framework for setting up a virtual machine lab. See my bookmarked toots if you're curious.

Finally, I occasionally write about tech/nerd-related things over at https://www.totes-legit-notmalware.site where I expose that I have a short fuse, and no filter.

Work-Related hashtags:
#Iocs #ThreatIntel #DFIR #Malware #NSM #suricata #snort #BEC #phishing #APT #ThreatDetection

Hobbies:
#VideoGames #XCOM2 #Minecraft #Synthetik #Fallout #Skyrim #Anime #Manga #Adventure #Fantasy #Isekai #HomeImprovement #WoodWorking #MetalWorking #HomeLab

self-verificationhttps://www.yeettheayys.cf/v_me/
Emerging Threats NSM ruleshttps://community.emergingthreats.net
How to Homelabhttps://leanpub.com/avatar2
Personal Bloghttps://www.totes-legit-notmalware.site
da_66745m ago
Kit Redgrave45m ago
notices that alchemy factory exists

haha i'm in danger 🙃
Show threadda_66754m ago
20 minutes down, 25 to go. So long as its done before midnight, that's still a win.
da_6671h ago
been so far into my own mind today. Don't really want to work out now, but I know that to abandon a routine is to lose it.
Show threadda_6671h ago
turns out debian bullseye's version of telnet doesn't support SLC (Set Line Character) options, at least accord to the proof of concept (or... it could be patched already? maybe?)
Show threadda_6671h ago
@z3r0fox nope, debian linux VM.
Show threadda_6672h ago
@http_error_418 that is my FAVORITE saying.
Show threadda_6672h ago
@nf3xn I should. "This is america, your packets better speak american" on my telnet banner.
Show threadda_6672h ago

dude. Why are you running/installing telnet

I want live pcaps for this.

https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746)

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability. In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than you. To put the timespan

watchTowr Labs
da_6672h ago

I tried all fucking day to use docker/docker-compose to set up a telnet server. port 23 was exposed, port 23 was forwarded on the host, ss -antl4 showed me that port 23 was listening, I try to telnet in to the host IP address connection refused, FU. check docker's iptables, nothing denying me access to the docker image. I try and I try and I fucking try.

I create an LXC container on proxmox, manually install telnetd, systemctl start telnetd "okey dokey :)" telnet to the LXC container that has a direct IP on my home network, no fucking problems.

Show threadda_6679h ago
@gsuberland its vomit-worthy, and there's no impetus to improve anything. Multiple generations of hardware can have the same vulnerability, and nobody gives a shit.