Computing
Categories: [Computing]
Detecting OOB interactions in Sentinel
Florian Roth on Twitter posted a sigma_hq rule for detecting the use of public tools like interactsh, inspired by Matt Kelly. I adapted it for Sentinel and figured I'd share.
let Domains = dynamic([
".interact.sh",
".oast.pro",
".oast.live",
".oast.site",
".oast.online...
Searching for DNS anomalies with the Top 1 Million
Categories:
[Security]
Recently, Cisco started publishing a list of the top 1 million DNS requests received by their servers, updated daily. @SwiftOnSecurity had the great idea to enrich EDR or SIEM data with the results. We're using Sentinel, so I put together a query to report on the anomalies. Results vary depen...
Vulnerabilities in FortiAuthenticator
Categories:
[Security]
Overview
FortiAuthenticator prior to version 6.3.0 contains several hardcoded passwords. These can be extracted from the FortiAuthenticator VM disk file with 7-Zip and Python.
- Static password for backup files
- Static key for encrypted database password fields
- Static password for debug logs...
Credential, key, and source disclosure in Thales products (formerly Gemalto or Safenet)
Categories:
[Security]
Overview
ProtectV and KeySecure "Next Generation" VM images include credentials for AWS EC2, ECR, and SES, DataDog API, and New Relic API license key. Several CA keys are also included.
Multiple AWS EC2 credentials had near-admin rights, potentially allowing malicious changes to the dev, build,...
ssh key reuse in Thales/Gemalto/SafeNet products
Categories:
[Security]
Overview
Several Thales products (formerly Gemalto or SafeNet) embed the system's ssh key when the image is created.
Affected products
- ProtectV 3.5 through 4.10.0
- KeySecure "Next Generation" (all versions)
- Ciphertrust Manager before 2.4
Vulnerability ID
CVE-2021-xxxxx (Waiting for...
How to make a bootable OpenBSD CD
Categories:
[Computing]
Note: this information is probably obsolete.
Okay, we've got the snapshot files. Now what? Next, we use mkisofs from cdrecord to create an ISO image. You can get cdrecord from http://cdrtools.sourceforge.net/private/cdrecord.html. It's also in the Ports collection. So, let's assume that you've got...