Jump to content
OpenSecurity.global

Kevin Beaumont

Members
  • Content Count

    228
  • Joined

  • Last visited

  • Days Won

    32
  • Invited by

    DarkOverlord

Posts posted by Kevin Beaumont


  1. 18 minutes ago, Dan Miles said:

    Heyo I'm Dan, a relapsing Cyber Consultant and welshman banished to London. 

    I'm mostly a scale guy, so shifting huge amounts of telemetry and doing cool things with it (kinda like HELK on steriods)

     

    youtube videos GIF

    • Like 1

  2. So lots of ISPs (including in the UK) proxy HTTP traffic - eg every BT customer and ADSL customer using OpenReach network go through transparent proxy. 

    In Kazakhstan they’re also now proxying all HTTPS traffic, by requiring all devices have a root CA installed to allow transparent decryption. This is how SSL/TLS interception works in the enterprise, it allows them to sniff any encrypted traffic as needed. 


  3. 1 hour ago, Mike James said:

    At our org we use OpenDNS for all DNS lookups and this protocol circumvents this along with other controls, so we're looking into disabling it. Right now, after a search yesterday, we are trying to figure out what is currently using it on our network, because we're seeing traffic from proxy to the Mozilla Cloudflare IP addresses listed above. 

    This is most likely gonna be Firefox, for info. 


  4. How are people planning to deal with this, out of interest?  They go end of extended life in January 2020.

    Personally I think Microsoft will provide public patching for the 'big ticket' items after then for a few years, due to so many organisations continuing to run them.

    For me I think there's a bit of a clash with what Microsoft is trying to do with Windows 10 and Server 2016 - cloud updates, major milestones each 6 months etc - versus what many corporations have on the ground still.  Will be interesting to see it play out.  For me organisations will have to risk manage things until they have great budgets - e.g. turn on Windows Firewall etc.


  5. 3 minutes ago, Glenn Pegden said:

    Having to miss it this year though there is a slim chance I may make the after party, but I have to admit I'm rather gutted as it's one of my faves.

    But is it really your first time Kevin? I'm sure you were at the pre-party at least, last year?

    I went to Beersides last year in the evening but not the main event. I’m super lazy. 

    • Like 1

  6. 21 minutes ago, Tim Casey said:

    Not every midsize company can pull off what Google does. It's a trope you deal all the time in IT from management. "Well, Google does it, why can't we?"

    Haha, I love that one. 

    Zero trust works when you have very good documentation and incredible IT resource, or a greenfield company. Not so much when a company doesn’t have backups and no asset list. 

    • Like 3

  7. A track of BlueKeep CVE-2019-0708 scanners and exploits.

    Scanners

    https://github.com/zerosum0x0/CVE-2019-0708 - first uploaded May 22nd 2019

    https://www.rapid7.com/db/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep - first uploaded May 25th 2019

    Remote code execution exploits

    Unreleased

    Technical writeups

    @0xeb_bp has released a technical writeup.  It doesn't contain code but it does make clear how to reach exploitation, at least on XP.

    0xeb_bp_BlueKeep_Technical_Analysis.pdf

     


  8. 2 hours ago, Carl Gottlieb said:

    You could put a notice that simply says we use cookies, but nothing invasive and we don't need your consent because all of them are essential to make the site work, along with an okay button.

    Cheers.  I'll amend the popup for non-signed in users to say something like this (currently it just says we're a cookie monster).

×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy