Rob D

@[email protected]
1 Followers
9 Following
15 Posts
Founder of e2e-assure. Knows a bit about SOC but not much else.
Rob DMar 11

@GossiTheDog journalist questions about what actions a state like Iran might consider if there were a wartime “gloves off” scenario, I noted that widespread and prolonged disruption of uk power would be top of the list.

For example, extended power could ground flights, disrupt airport operations, and impact other essential services that depend heavily on electricity and that we aren’t very well prepared for that…and that targetting a nations power etc is a well know target

Rob DMar 10
@GossiTheDog harsh.
Rob DDec 1

@GossiTheDog that’s a good article from dark reading. This bit sums up the current situation nicely:

"The reality is that the vast majority of the dark-LLM generated malware is based on known malware samples," Piazza says, "which means we have existing tools and signatures in place to detect the common malware techniques."

Show threadRob DOct 16
@christopherkunz I think to use this method from outside the network would only work if the switch was placed between the Internet router and the firewall and had a publicly routable ip accessible from the Internet with snmp enabled on it and with attacker knowledge of yeh string. The same switch would need to host the target or be connected to a switch that did. It’s not uncommon for switches to be deployed like that but generally they would be layer2 only and managed via console /term svr.
Show threadRob DOct 16
@christopherkunz I think the article is confusing. The attacker would have to be inside the network first with knowledge of the snmp strings and network access to the snmp enabled interface. Once they have compromised the switches the arp spoofing is achievable but tricky and breaks things. I read it as how they got from a compromised internal host to a host in a protected DMZ by bypassing the firewall using the compromised switches, ie took over MAC address of target, see ettercap for example.
Show threadRob DOct 15
@GossiTheDog had a read and couldn’t see the part about when this started, you mention a few years earlier?
Rob DOct 8
@GossiTheDog thanks
Show threadRob DOct 8

@GossiTheDog thanks, there’s some interesting ones in there like dc.vpn.cisco.com.

Just to double check my understanding, the list is everything running potentially vulnerable services and you need to filter out the patched ones from the list?

Show threadRob DOct 7, 2025
Don’t suppose anyone has a shodan query for this they could share?