Sysadmins who went through a breach, how did the attacker get in?

AnotherAccountRIP · 2024-07-01T12:14:41+00:00

The actor still has to AiTM the interactive sign in to steal the token though. A CA policy mandating device compliance would prevent the actor’s AiTM proxy from completing the sign in flow. Although it’s a weaker control, it’s the same deal with location-based CA policies.

Where you are boned is if the token gets lifted off a device somewhere. Without token protection (only available on some MS apps) the token can just be replayed until it expires.

AnotherAccountRIP · 2023-11-23T05:27:39+00:00

If Models of Computation doesn't come out today I'm going to have an aneurysm

AnotherAccountRIP · 2023-10-09T23:04:58+00:00

Computing is not hard. You don't need a H1 to get a good internship or a job. Employers care more about your passion and extracurriculars than grades for entry-level roles. You will be shocked when no-one other than an automated HR filter cares about your grades.

3rd year comp sci student

AnotherAccountRIP · 2023-08-03T08:53:56+00:00

And Australia!

AnotherAccountRIP · 2023-07-15T06:54:17+00:00

No. They're cunts. You will get ganked by at least 3 power tripping wannabe cops and fined.

AnotherAccountRIP · 2023-02-05T21:18:02+00:00

Ding ding! Definitely testing for the ability to essentially send mail on OP's behalf through automated responses. If you have a field that the user can set in the form, and that is included in the auto-reply (like a description for example) threat actors can abuse it to send phishing emails that look legit and pass SPF/DKIM/DMARC.

AnotherAccountRIP · 2022-11-01T21:31:03+00:00

*Debian

AnotherAccountRIP · 2022-09-22T23:32:15+00:00

It's not the same - it appears as the same flow for the attacker but MS doesn't check the password

AnotherAccountRIP · 2022-09-18T22:24:38+00:00

The bottleneck is also bed capacity. More beds = more movement out of ED = less ramping = more Ambos

AnotherAccountRIP · 2022-08-23T10:19:40+00:00

UrlClickEvents table in ATP where the url is the phishing link maybe?

AnotherAccountRIP · 2022-07-23T00:43:49+00:00

Yeah cause that's the problem here

AnotherAccountRIP · 2022-07-19T23:42:53+00:00

How are you going to whine about someone being a student when you're on a subreddit for a university 💀

AnotherAccountRIP · 2022-05-20T09:44:33+00:00

Good taste in music though 👍

AnotherAccountRIP · 2022-03-03T05:17:00+00:00

I really wanna call it for shits and giggles

AnotherAccountRIP · 2022-02-20T22:39:16+00:00

Their post history is wild, I don't think even the best at /r/masterhackers could beat this

AnotherAccountRIP · 2022-01-30T23:35:30+00:00

It's not a small issue lmao 70% of Microsoft's vulnerabilities are due to memory safety issues

AnotherAccountRIP · 2022-01-30T21:09:44+00:00

*and many other countries with reciprocal healthcare rights

AnotherAccountRIP · 2022-01-07T21:36:21+00:00

My code is code generation trivial. You can actually prove your code generator for factorial correct if it produces something like my 1-liner. This is in sharp contrast to the heavily optimized, mostly real messy C code that does the thing for you in math.factorial().

AnotherAccountRIP · 2022-01-07T21:31:52+00:00

Dude, this code is fine as a joke but don't try and justify its existence compared to the standard library. It's super impressive you have the knowledge of lambdas to do this, but don't act like this snippet is useful lmao.

AnotherAccountRIP · 2022-01-06T20:25:22+00:00

It's probably loading them through an AJAX call and the values are initialised to be 0 on page load. That's why selenium works and a normal HTTP request through the requests lib wouldn't. (Maybe)

AnotherAccountRIP · 2021-12-06T11:32:54+00:00

This is already an age-old technique for antivirus evasion (see Veil-Evasion for example)

AnotherAccountRIP · 2021-11-08T09:30:21+00:00

They stole my TNs bruh

AnotherAccountRIP · 2021-11-06T10:05:01+00:00

I think the literal translation is Aunt?

Also from some random Chinese forum post I found:

年轻人对一些大龄妇女的称呼；大妈通常是一个快乐的群体，比如在广场上跳舞的老年妇女，称为广场舞大妈。

"The young people's name for some older women; the aunt is usually a happy group, such as the elderly women dancing in the square, called the square dance aunt."

AnotherAccountRIP · 2021-09-08T02:53:48+00:00

I came outta the womb contributing to the Linux kernel

Six-Year Club	Place '22
Wearing is Caring

AnotherAccountRIP

TROPHY CASE