Mastodawn

Jarrod Frates Jan 3, 2024

Taylor Parizo Jan 3, 2024

It turns out Responder has a server GUID of 00000000000000000000000000000000ee85abf7eaf60c4f928192476deb76a9 which is searchable through Censys. Makes enriching those suspicious SMB services a bit easier especially if you see an accompanied HTTP server running Microsoft IIS 7.5 and returning a 401.

https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=services.smb.negotiation_log.server_guid%3A+00000000000000000000000000000000ee85abf7eaf60c4f928192476deb76a9
#ThreatHunting #ThreatIntel

Jarrod Frates Jan 2, 2024

Now that Steamboat Willie is in the public domain, can someone modify it so that Mickey is not a psychopath to the animals? I don't let my kids watch the earliest Mickey Mouse because he was a serial abuser of animals, not to mention of Minnie, who he dropped out of a flying airplane because she wouldn't kiss him in Plane Crazy. (The silent version of that is also PD now, with the sound version going PD next year.)

Jarrod Frates Jan 1, 2024

A rather niche issue that I run into with using 6to4 for IPv6 is that occasionally, some Windows app/service will throw a 0x80072ee2 error. This error usually means that it cannot access the internet. In my case, it's usually using RDP to go from a non-AzureAD computer to an AzureAD computer using FIDO2 via a Yubikey 5.

My IPv4-only ISP is pretty solid, so it's usually something like I forgot to rerun the 6to4 script after rebooting my router. Windows' auth stack is apparently bright enough to use only IPv4 if that's all that's available, but not bright enough to fail over to IPv4 if IPv6 isn't connecting. (Windows Update fails over just fine, though.)

I hope that saves someone some frustration.

Jarrod Frates Oct 2, 2023

InfoSecSherpa Oct 1, 2023

For once, please, can we as an #InfoSec community please NOT be total knobs when it comes to Cybersecurity Awareness Month?

People work hard to produce these programs, tips, and other events.

If our users see security practitioners not taking it seriously and crapping on it, WTF kind of message do you think that sends to end users … AND THEN users get made fun of. 🤦‍♀️

So, this October, be a part of the solution and not the problem.

Don’t make me turn this car around.

Jarrod Frates Sep 5, 2023

kuzushi 🇲🇽 🇺🇸Sep 4, 2023

A long while back I got into a conversation with @wendynather on why you can't treat security standards like building for elemental risk (fires, earthquakes, etc) and safety standards because unlike these things, we are talking about adversaries that are intentionally working to circumvent such controls for their own benefit.

While I still contest that is true, lately I have this feeling that I am finding hard to shake... we are a professionally negligent industry. Let's say I was wrong, and indeed cybersecurity could be thought of as tolerances against predictable events... do we have any evidence that what we are doing is working? Where are the objective studies that show that compliancy standards have net positive reduced the very outcomes they are designed around?

The sheer lack of evidence of effectiveness, coupled against clearly growing threats and consequences is honestly alarming. I get that risk reduction still leaves opportunity for occurrence. Like, if I could reduce the risk by 80%, that still means that there is a 20% chance a thing could still happen. But as far as I have seen, I've only run into one study done on effectiveness that would even begin to direct people.

Maybe I am wrong, and all of this is just my own ignorance into the modern state of enterprise security. but, at least as far as breach reports I've been reading seem concerned, whatever we are doing isn't really tracking.

Jarrod Frates Aug 28, 2023

Nick's world Aug 28, 2023

Hello there. So, I never thought I'd ever be using Mastodon for this and its a longshot but I'm looking for a paid job in #virginia. I'm a senior in College and I'm going to be graduating with a degree in business management in May and I want to be ready. For my skills, I'm well-versed in #Microsoft products, particularly #MicrosoftExcel and #MicrosoftWword though Excel is my prefered application considering I wish to work with spreadsheets. Yes, I'm totally blind but that shouldn't be an issue because of #screenreaders and #ADA #accommodations and #RemoteWork. So, if anyone is looking for a dedicated person who genuinely enjoys helping others and working with functions from #statistics to #financial functions using #appliedMath, I am willing and able to work for you and what I don't know, I'm willing to learn so help me #GetFediHired. Resume will be sent apon request through DM's. Thank you, and boosts are absolutely encouraged.

Jarrod Frates Aug 28, 2023

The Whore of Blahbylon Aug 27, 2023

Never.

Jarrod Frates Aug 27, 2023

Lesley Carhart

Aug 27, 2023

Very gentle reminder that if you have seen me speak on cybersecurity in the past, and you found me to be maybe slightly good at it, I fund my con, clinics, and bsides volunteeeing entirely by speaking for for profit companies through LAI, a DC based professional speaking agency. I lost a ton of revenue by leaving Twitter. If your organization is interested in a speaker on cybersecurity, my rates are very competitive and I am indebted for your recommendations!

Show thread

Jarrod Frates Aug 25, 2023

But she didn't say that. She said that I unambiguously fall under an ADHD diagnosis, and that I didn't have to wait for the original mid-September date for the report. She showed me the results of the computer test (Qb Test, I think) and talked about my own descriptions and her observations of my physical reactions. She said that I probably developed coping mechanisms that worked mostly fine until I had children, and then the added stress overwhelmed the coping mechanisms so that anxiety and depression got worse, and that may have exacerbated the ADHD, right into a vicious circle.

She asked me to get an appointment with my GP ASAP because she strongly believes that medication for both ADHD and anxiety would benefit me, and that she would have the report ready by that time, even if it's next week. She also suggested that I do an autism evaluation, though that won't happen for a few weeks because the person that does that is unavailable for a while.

I thanked her and left the office, and I wanted to cry. I don't know why. I didn't feel especially happy or sad or angry or relieved. I just wanted to sit in the car and cry. Two days later and I don't want to cry anymore, but I still don't know how I feel, and now I'm afraid for how medication might affect me. I just want to feel normal again.

2/2

Jarrod Frates Aug 25, 2023

Short version of the rest of this: I'm 48, just diagnosed with ADHD, and I am feeling really uncertain about how I feel.

A couple of days ago, I went in for my second day of ADHD screening, the first being an initial discussion with the psychologist doing the assessment. After doing some stuff on paper and on a tablet, and then a computer-based test, I sat down with her again and talked about the results.

I was scared. Both my children were diagnosed with ADHD, and I thought maybe I would be, too, but I put off the assessment for most of a year, afraid I'd be told that I don't have it, and that my inability to read more than 3-4 pages of a book without falling asleep (I used to be able to read a book a week), or reading the same paragraph six times because my mind keeps wandering, or being unable to enjoy playing Civ games (my all-time favorite series) because I can't keep track of what's happening for more than 20 minutes at a time, or taking forever to build up a new skill is somehow my fault for being a slacker.

1/2