Jump to content
OpenSecurity.global

Kevin Beaumont

Members
  • Content Count

    209
  • Joined

  • Last visited

  • Days Won

    20
  • Invited by

    DarkOverlord

Posts posted by Kevin Beaumont


  1. 1 hour ago, Mike James said:

    At our org we use OpenDNS for all DNS lookups and this protocol circumvents this along with other controls, so we're looking into disabling it. Right now, after a search yesterday, we are trying to figure out what is currently using it on our network, because we're seeing traffic from proxy to the Mozilla Cloudflare IP addresses listed above. 

    This is most likely gonna be Firefox, for info. 


  2. How are people planning to deal with this, out of interest?  They go end of extended life in January 2020.

    Personally I think Microsoft will provide public patching for the 'big ticket' items after then for a few years, due to so many organisations continuing to run them.

    For me I think there's a bit of a clash with what Microsoft is trying to do with Windows 10 and Server 2016 - cloud updates, major milestones each 6 months etc - versus what many corporations have on the ground still.  Will be interesting to see it play out.  For me organisations will have to risk manage things until they have great budgets - e.g. turn on Windows Firewall etc.


  3. 3 minutes ago, Glenn Pegden said:

    Having to miss it this year though there is a slim chance I may make the after party, but I have to admit I'm rather gutted as it's one of my faves.

    But is it really your first time Kevin? I'm sure you were at the pre-party at least, last year?

    I went to Beersides last year in the evening but not the main event. I’m super lazy. 

    • Like 1

  4. 21 minutes ago, Tim Casey said:

    Not every midsize company can pull off what Google does. It's a trope you deal all the time in IT from management. "Well, Google does it, why can't we?"

    Haha, I love that one. 

    Zero trust works when you have very good documentation and incredible IT resource, or a greenfield company. Not so much when a company doesn’t have backups and no asset list. 

    • Like 3

  5. A track of BlueKeep CVE-2019-0708 scanners and exploits.

    Scanners

    https://github.com/zerosum0x0/CVE-2019-0708 - first uploaded May 22nd 2019

    https://www.rapid7.com/db/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep - first uploaded May 25th 2019

    Remote code execution exploits

    Unreleased

    Technical writeups

    @0xeb_bp has released a technical writeup.  It doesn't contain code but it does make clear how to reach exploitation, at least on XP.

    0xeb_bp_BlueKeep_Technical_Analysis.pdf

     


  6. 2 hours ago, Carl Gottlieb said:

    You could put a notice that simply says we use cookies, but nothing invasive and we don't need your consent because all of them are essential to make the site work, along with an okay button.

    Cheers.  I'll amend the popup for non-signed in users to say something like this (currently it just says we're a cookie monster).


  7. To explain this one, DNS-over-HTTPS is a new-ish standard which allows DNS requests to transverse the internet encrypted, which is great for privacy as it means network owners cannot intercept, change or log the traffic.

    It can be less good for some traditional security controls, as it breaks them.  For example, it means PCs and servers can make DNS requests without any inspection - DNS requests can carry malware C2 requests, TCP over DNS (backdoor tunnels) etc.

    So until those tools catch up, some organisations may need to block DoH until there is greater insight into how to deal with this.

     

    IPs and hostnames to block for DNS-over-HTTP.  Port 443.  Incomplete!

    Name:    mozilla.cloudflare-dns.com
    Addresses:  2606:4700::6810:f9f9
              2606:4700::6810:f8f9
              104.16.248.249
              104.16.249.249

    Cloudflare:

     1.1.1.1 and 1.0.0.1 

     

    Need moar!

    • Thanks 1

  8. 1 hour ago, Martijn Grooten said:

    Kudos for the anti-gatekeeping statement! Also: hello.

    Hi! My two biggest industry issues are gatekeeping and lack of diversity, and I’ve managed to set up an invite only forum which has ended up full of mostly dudes. Doh. 

    • Like 1
    • Haha 2

  9. By the way, you can invite people with the button up at the top right - my only request is I’d prefer you know them somehow (even just online) and they use their real name when joining. The more people the better as it gets around the (big) gatekeeping issue. 

    • Thanks 1

  10. Just now, Niel Nielsen said:

    Is anything (subject) off topic. Or, Perhaps, of special interrest.

    Personally i like to hack hardware. 

     

    So there's a Clubs option above - if you think it's niche you could create your own club and invite people.  If/after you create a club, hit the "Manage Club" option and add a topic (which is really a forum for it).  Or just post in General discussion, I don't mind bulking lots of topics together - kind of the point of it really.

    • Thanks 1

  11. SHA256: 52870d7111aa983f09bbced0cc346863fc3963941acebca90008cf255fc7b864

    It's amazing the amount of crap this installs.

    image.png.dad09fffe0344122949ed8d5695a21e8.png

    Behaviour wise it's pages and pages and pages of indicators on ThreatGrid, it's quite impressive.

    image.png.ffa8d82f77412ea20c1de33c23386549.png

    I have lots of these and they trigger RDP YARA rules for MS_T120, because why not.

×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy