keisatsu

@[email protected]
43 Followers
104 Following
609 Posts
Security consultant / Pentester
keisatsu2d ago
Enable Security3d ago

Web application security has DVWA and WebGoat. VoIP and WebRTC security hasn't had anything like it ... until now.

We built DVRTC (Damn Vulnerable Real-Time Communications): a hands-on lab for learning VoIP/WebRTC attack techniques. Full dockerized stack with Kamailio, Asterisk, rtpengine, and coturn — each configured to exhibit specific vulnerable behaviors.

7 exercises covering SIP extension enumeration, RTP bleed, SIP digest leaks, credential cracking (online and offline), TURN relay abuse, and traffic analysis. There's a live instance at pbx1.dvrtc.net you can test against right now.

https://www.enablesecurity.com/blog/introducing-dvrtc-damn-vulnerable-real-time-communications/

GitHub: https://github.com/EnableSecurity/DVRTC/

#infosec #webrtc #voipsecurity #sipsecurity #penetrationtesting #training #TURN

Introducing DVRTC: a vulnerable lab for RTC security

DVRTC is a vulnerable VoIP and WebRTC lab for hands-on security training, with exercises covering SIP enumeration, RTP attacks, TURN abuse, and more.

Enable Security
keisatsu4d ago
EDRi4d ago
1/3 🎉 Today, Members of the European Parliament held strong in their rejection of #MassSurveillance in the ePrivacy derogation (sometimes called #ChatControl 1.0)!

In case you missed it, the Parliament took an unprecedented do-over vote on their position on the ePrivacy derogation today after days of shocking developments... 🧵
keisatsuMar 24
raptor Mar 24

RIP one of our favorite techniques to bypass #PaloAlto #Cortex #XDR 🤷

https://labs.infoguard.ch/posts/decrypting-and-abusing_paloalto-cortex-xdr_behavioral-rules_biocs/

Decrypting and Abusing Predefined BIOCs in Palo Alto Cortex XDR - InfoGuard Labs

The Behavioral Indicators of Compromise (BIOCs) of Cortex XDR contain numerous exceptions, including global whitelists that can be abused to evade detection even when using simple and well-known TTPs.

InfoGuard Labs
keisatsuMar 23
tanteMar 23

"Microsoft 365 has more than 450 million paid commercial seats. After roughly two years on the market, Copilot has converted approximately 15 million of them into paying users. That's a 3.3% conversion rate, at $30 per user per month, generating roughly $5.4 billion in annual revenue. That's less than what Microsoft spent on infrastructure in a single quarter (3)."

None of the numbers make economic sense.

https://finance.yahoo.com/markets/stocks/articles/nadella-paid-650m-recruit-ai-170000361.html?guccounter=1

Nadella paid $650M to recruit his AI chief. After 2 years he's quietly pushing him aside — these brutal numbers are why

Nadella just reshuffled his entire AI leadership. Here's what that means for your portfolio.

Yahoo Finance
keisatsuMar 23
Show threadZoarial94 Mar 21
@rustaceans this article was generated by an LLM and rewritten by a human to be more palatable. I'm really saddened to see this.
keisatsuMar 23
Robey ☠️Mar 22

the rust team asked for feedback about pain points in the language & tooling, then they chucked the results at a bot farm without reading them, and had it generate a long slop blog post saying nothing: https://lobste.rs/s/eewvj8

the most polite thing i can say about that is that it seems intentionally (and needlessly) disrespectful and provocative.

what did rust users do to deserve that?

What we heard about Rust's challenges, and how we can address them

0 comments

Lobsters
keisatsuMar 22
Human Brain EnthusiastMar 20
The kids are alright
keisatsuMar 21
Imperatrix Siina Mar 20
reading systemd merge request adding a user age field in userdb and seeing 'em ask claude to review is just icing on the shit cake.

(from https://github.com/systemd/systemd/pull/40954)
keisatsuMar 19
Nathaniel MottMar 19

Let's say I want to set up a website that:

  • Can have Iocaine[0] parked in front of it
  • Doesn't require any kind of analytics
  • Will be expected to serve HTML and CSS over both HTTP and HTTPS
  • Relies on as little slop[1] as possible
  • Allows me to post via "not a web interface" (read: CLI, TUI, Emacs, etc.)
  • Isn't costly

    • What should I be doing? Signing up for Hetzner, slapping OpenBSD on a VM, and calling it a day? Signing up for a managed blogging service so I don't have to cosplay as a sysadmin and can just write? Let me know what's up.

    Also, I originally wanted to say "doesn't rely on slop" but, if you peruse the open-slopware project, its issues, and its pull requests, it's clear that simply isn't possible. Good luck finding a stack that doesn't use LLVM, curl, and/or one of Python or Ruby anywhere!

    I have considered Mataroa, but it's also slop[2], and it seems both Hugo and Zola are fine with slop as well. (See 1.)

    [0] https://iocaine.madhouse-project.org/
    [1] https://codeberg.org/small-hack/open-slopware
    [2] https://github.com/mataroablog/mataroa/blob/main/AGENTS.md

    iocaine - the deadliest poison known to AI

    keisatsuMar 18
    VissMar 18

    https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government

    go to the cloud they said
    it'll be fine they said

    Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.

    A federal program created to protect the government against cyber threats authorized a sprawling Microsoft cloud product, despite the company’s inability to fully explain how it protects sensitive data.

    ProPublica