shockley.net

Computing

Categories: [Computing]


Detecting OOB interactions in Sentinel

Florian Roth on Twitter posted a sigma_hq rule for detecting the use of public tools like interactsh, inspired by Matt Kelly. I adapted it for Sentinel and figured I'd share.

let Domains = dynamic([
    ".interact.sh", 
    ".oast.pro",
    ".oast.live",
    ".oast.site",
    ".oast.online...

Continue Reading...


Searching for DNS anomalies with the Top 1 Million


Categories: [Security]

Recently, Cisco started publishing a list of the top 1 million DNS requests received by their servers, updated daily. @SwiftOnSecurity had the great idea to enrich EDR or SIEM data with the results. We're using Sentinel, so I put together a query to report on the anomalies. Results vary depen...

Continue Reading...


Vulnerabilities in FortiAuthenticator


Categories: [Security]

Overview

FortiAuthenticator prior to version 6.3.0 contains several hardcoded passwords. These can be extracted from the FortiAuthenticator VM disk file with 7-Zip and Python.

  • Static password for backup files
  • Static key for encrypted database password fields
  • Static password for debug logs...

Continue Reading...


Credential, key, and source disclosure in Thales products (formerly Gemalto or Safenet)


Categories: [Security]

Overview

ProtectV and KeySecure "Next Generation" VM images include credentials for AWS EC2, ECR, and SES, DataDog API, and New Relic API license key. Several CA keys are also included.

Multiple AWS EC2 credentials had near-admin rights, potentially allowing malicious changes to the dev, build,...

Continue Reading...


ssh key reuse in Thales/Gemalto/SafeNet products


Categories: [Security]

Overview

Several Thales products (formerly Gemalto or SafeNet) embed the system's ssh key when the image is created.

Affected products

  • ProtectV 3.5 through 4.10.0
  • KeySecure "Next Generation" (all versions)
  • Ciphertrust Manager before 2.4

Vulnerability ID

CVE-2021-xxxxx (Waiting for...

Continue Reading...


How to make a bootable OpenBSD CD


Categories: [Computing]

Note: this information is probably obsolete.

Okay, we've got the snapshot files. Now what? Next, we use mkisofs from cdrecord to create an ISO image. You can get cdrecord from http://cdrtools.sourceforge.net/private/cdrecord.html. It's also in the Ports collection. So, let's assume that you've got...

Continue Reading...