Jarrod Frates

@[email protected]
343 Followers
209 Following
159 Posts
Owner of Illuminus LLC. Breaker of things. I like to write reports telling how I broke them and documentation to help keep them from breaking in the future.
Homepagehttps://illuminus.com/
Jarrod FratesJan 3, 2024
Taylor ParizoJan 3, 2024

It turns out Responder has a server GUID of 00000000000000000000000000000000ee85abf7eaf60c4f928192476deb76a9 which is searchable through Censys. Makes enriching those suspicious SMB services a bit easier especially if you see an accompanied HTTP server running Microsoft IIS 7.5 and returning a 401.

https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=services.smb.negotiation_log.server_guid%3A+00000000000000000000000000000000ee85abf7eaf60c4f928192476deb76a9
#ThreatHunting #ThreatIntel

Show threadJarrod FratesJan 2, 2024

@itisiboller @spaf

Some of us Merkins use sensible time formats. A few of us even use ISO-8601, or at least DD Month YY formatting.

There are at least three of us.

Jarrod FratesJan 2, 2024
Now that Steamboat Willie is in the public domain, can someone modify it so that Mickey is not a psychopath to the animals? I don't let my kids watch the earliest Mickey Mouse because he was a serial abuser of animals, not to mention of Minnie, who he dropped out of a flying airplane because she wouldn't kiss him in Plane Crazy. (The silent version of that is also PD now, with the sound version going PD next year.)
Jarrod FratesJan 1, 2024

A rather niche issue that I run into with using 6to4 for IPv6 is that occasionally, some Windows app/service will throw a 0x80072ee2 error. This error usually means that it cannot access the internet. In my case, it's usually using RDP to go from a non-AzureAD computer to an AzureAD computer using FIDO2 via a Yubikey 5.

My IPv4-only ISP is pretty solid, so it's usually something like I forgot to rerun the 6to4 script after rebooting my router. Windows' auth stack is apparently bright enough to use only IPv4 if that's all that's available, but not bright enough to fail over to IPv4 if IPv6 isn't connecting. (Windows Update fails over just fine, though.)

I hope that saves someone some frustration.

Jarrod FratesOct 13, 2023

@counterVariable @thebeavertonbot

It's not just the red lights. I was nearly taken out while walking in my neighborhood by a pair of cyclists who turned left while blowing through a stop sign while I was crossing the street they were turning onto, coming close enough that I caught the wind off them. They pedaled off with a single "Sorry!" over their shoulder.

Not long after, I was crossing a street in the same neighborhood after waiting for a car to go by on the street I was crossing. Another cyclist made a right turn from behind me without stopping or slowing, then yelled obscenities at me for getting in his way.

I have seen numerous other near-collisions since then because cyclists blow through stop signs. No one has been hurt yet that I've seen, but it's likely a matter of time.

Pardon me if I have little sympathy for your position.

Jarrod FratesOct 2, 2023
InfoSecSherpaOct 1, 2023

For once, please, can we as an #InfoSec community please NOT be total knobs when it comes to Cybersecurity Awareness Month?

People work hard to produce these programs, tips, and other events.

If our users see security practitioners not taking it seriously and crapping on it, WTF kind of message do you think that sends to end users … AND THEN users get made fun of. 🤦‍♀️

So, this October, be a part of the solution and not the problem.

Don’t make me turn this car around.

Show threadJarrod FratesSep 5, 2023

@mttaggart @wendynather @kuzushi

I think the lack of studies comes from two things:

1. A reluctance on the part of companies to take part in such studies.

2. A lack of reliable lab environments to conduct studies separate from live environments.

In the first case, no one wants to end up in a scientific paper as an example of how taking an action or set of actions led to catastrophe, even if they were part of a minority that landed in the failure group and a large majority was successful.

In the second case, building a lab environment to simulate an enterprise environment is incredibly expensive, and that's without all the legacy software, quirky configs, users bypassing security, and all the other fun things we deal with on a daily basis. A change to the fire codes can be tested in a lab and then checked out in a model construction or even a house scheduled for demolition for a much more realistic test. I would love to get such a luxury, but I'm doubtful I ever will.

Jarrod FratesSep 5, 2023
kuzushi 🇲🇽 🇺🇸Sep 4, 2023

A long while back I got into a conversation with @wendynather on why you can't treat security standards like building for elemental risk (fires, earthquakes, etc) and safety standards because unlike these things, we are talking about adversaries that are intentionally working to circumvent such controls for their own benefit.

While I still contest that is true, lately I have this feeling that I am finding hard to shake... we are a professionally negligent industry. Let's say I was wrong, and indeed cybersecurity could be thought of as tolerances against predictable events... do we have any evidence that what we are doing is working? Where are the objective studies that show that compliancy standards have net positive reduced the very outcomes they are designed around?

The sheer lack of evidence of effectiveness, coupled against clearly growing threats and consequences is honestly alarming. I get that risk reduction still leaves opportunity for occurrence. Like, if I could reduce the risk by 80%, that still means that there is a 20% chance a thing could still happen. But as far as I have seen, I've only run into one study done on effectiveness that would even begin to direct people.

Maybe I am wrong, and all of this is just my own ignorance into the modern state of enterprise security. but, at least as far as breach reports I've been reading seem concerned, whatever we are doing isn't really tracking.

Show threadJarrod FratesAug 29, 2023

@jerry @mttaggart

How does that come about? I realize now that all of Taggart's own posts are like this. Are there apps that don't report a language?

Jarrod FratesAug 29, 2023

@eternalyperplxed

Meanwhile, I can't get ESXi to talk NFS4 to my NAS because the NAS refuses to log the attempt and ESXi just says the NFS server rejected the connection.

So I guess my network is working normally?