Luke Humberdross

@[email protected]
7 Followers
76 Following
16 Posts
SecOps guy who’s obsessed with stuff like detection, threat hunting, threat intelligence, etc. Enjoys a good meme every once in a while.
Twitterhttps://twitter.com/x86_n64
Websitehttps://Iuke.humberdross.com
Show threadLuke HumberdrossMar 15, 2023

@Mara
>9-year-old daughter
>I noticed many issues like bad variable naming conventions, code duplication, using if condition, return instead of just returning the condition.

That’s gotta be a troll.

Show threadLuke HumberdrossMar 14, 2023
@burritosec Vulnerability management tool sets off SIEM, SOC analyst checks alert which in turn triggers EDR detection from malicious payload in browser cache, SOAR automation triggers, commencing phishing simulation against analyst’s mailbox as test of competency, SEG follows phish sim link on message delivery, phish sim platform begins mandatory training/punishment workflow, disabling their account, which was being used to run the original vulnerability management service.
Show threadLuke HumberdrossMar 12, 2023
@brie Interesting indeed. My thinking was, if they had somehow forgot about that nameserver and their hosting had lapsed, that IP could’ve been released into the pool of available IPs and someone else (another OVH customer) could’ve taken it. 🫢
Show threadLuke HumberdrossMar 12, 2023
@Autumm Did they forget to gamify it? I don’t work for free unless I get a .png.
Show threadLuke HumberdrossMar 8, 2023
@john_philip_bell @GossiTheDog I think you may be confusing disabling Protected View with enabling macros. Only the former you need to do to print. I think a big part of the problem has been those two info bars look so similar, but have very different consequences.
Luke HumberdrossMar 8, 2023

1 of the 3 nameservers for the ccTLD .dj is some OVH VPS box. It's a name that really sticks out compared to others in the root zone file. Looks like it hasn't been answering DNS queries for some time now, but it does have SSH exposed.

https://tldmon.dns-oarc.net/nagios/cgi-bin/status.cgi?navbarsearch=1&host=dj

Did Djibouti forget to pay their bill and now the owner of this IP is receiving one third of recursive resolvers' queries for .dj domains? Or did their DNS server just fall over?

Current Network Status

Luke HumberdrossFeb 9, 2023

An acknowledgement from Microsoft for my first security vulnerability report just went up at https://msrc.microsoft.com/update-guide/acknowledgement/. 🥳

tl;dr: You could inject `javascript:` URIs into a URL parameter for Teams Safe Links.

(Matrix code rain PoC included.)

Security Update Guide - Microsoft Security Response Center

Show threadLuke HumberdrossJan 6, 2023
@Tzefira_Neviah @wendynather I’d also propose F be capitalised since it’s being used as a proper noun.
Luke HumberdrossDec 27, 2022
@malwaretech It’s usually worth doing root cause analysis in this situation and asking them to take a step back and reevaluate why it is they think they need a printer in current year.
Show threadLuke HumberdrossDec 27, 2022
@jkirk