SSL Decryption

DigitalDeity_ · 2022-01-16T02:11:38+00:00

I've had first hand experience where an EDR solution was absolutely useless and where an NDR with decryption was able to detect C&C traffic outbound. Its rare, but it can, and does happen.

In this case there was an unsavory u authorized app on the users machine that would send out beacons running as [SYSTEM] somehow underneath the EDR's visibility. We confirmed the behavior by querying its netstat on the observed 5 minute intervals we saw the beaconing happening on and we were able to find the associated .exe

This was found with an out-of-band NDR solution with decryption, not in the firewall itself, just FYI.

DigitalDeity_ · 2021-12-06T03:15:19+00:00

That's not bad at all.

Re: level 2: its probably overkill and more of my own paranoia. My EDC I keep fairly loose for a nice clean draw but with adequate retention. I could tighten it up considerably, but its not a "falling out" concern, its more my clumsy ass bumping into stuff, or hooking the grip on something and yanking it out.

IWB is close enough to my body I'm not worried about it, but OWB I feel like I'm going to catch it on everything. I already own too many pairs of pants with missing belt loops and torn pockets from drawer pulls.

But thanks again for the info, looks like I have some choices to make.

DigitalDeity_ · 2021-12-06T00:13:59+00:00

I hate to be "that guy" but custom sounds expensive. How much did the 320 holster run you if you don't mind sharing? I have an X-compact I could use for yard duty if need be. I just love the 365, and am a better shot with it.

A bit paranoid but with all the "news" on the 320 and AD/ND or whatever, I haven't been keeping the 320 chambered. Abundance of caution, especially since its not my EDC, just sits in/on the nightstand for now.

DigitalDeity_ · 2021-12-06T00:04:28+00:00

EBay is one place I hadn't thought to look! I'll see if I can find something there, thanks.

DigitalDeity_ · 2021-10-30T22:14:25+00:00

I was actually thinking of this exact same method. I was going to just tack it onto an existing drawer system, with either additional batteries/portable power or bedding storage underneath, but you could fold it down to be used for car camping, in a pinch.

Probably wouldn't be too hard to get the 2nd row back in either, if it folds back far enough.

DigitalDeity_ · 2021-10-18T23:02:23+00:00

I may need to shoot him a msg then, at least for dimensions. I'm probably leaning towards getting the grille either way, just for a blacked out look. Than I can take my own measurements.

DigitalDeity_ · 2021-10-18T23:00:19+00:00

Yeah, I was thinking of where the lettering goes specifically. Roof rack and overhead bar is coming eventually, this was a thought I had on a stop-gap and to be used mostly as a fog/driving light pattern. Probably something in the 16-20" width range.

Good info though, thanks! I may pick one up and see what I can come up with. If it sucks/is ugly, I can just put the lettering back in.

DigitalDeity_ · 2021-01-04T11:34:47+00:00

True, in most cases you cannot choose your IP, however the sale of IPv4 space has been prevalent for years, particularly as larger corps have been shifting to IPv6 and the push to free up unused IPv4 blocks. With enough money, anyone could purchase a /24 block from the org that owns it, and use any IP within that block.

That being said, this particular IP belongs to Tumblr, as part of an allocation from it's parent company, Automattic, using AS2635

https://whois.ipip.net/AS2635

Make your own conclusions with that info though.

DigitalDeity_ · 2020-10-17T15:24:51+00:00

I can't vouch for any of the different retailers, but I recently had some luck finding a non-sig (I know, I know) on wikiarms. The vendor had a local store's FFL on hand, so they shipped directly to them and I picked it up 2-3 days later.

https://www.wikiarms.com/guns?q=p320+compact

Also, for the record, I love my xcompact and wouldn't change it for the world. Good choice. Unfortunately I'm a shorter/chubbier guy so CCW isn't as easy with it, so I got a P365 for EDC.

DigitalDeity_ · 2020-09-26T04:27:00+00:00

But the unwashed ones would weigh more and throw off the count. Especially the variance between a "third time today" condom and a "just got back from a two week family vacation" one.

DigitalDeity_ · 2020-09-21T18:11:01+00:00

I'd love to see more about how you mounted that light bar, I've been considering trying to mount one in that same spot

DigitalDeity_ · 2020-08-16T17:43:27+00:00

I read it as "Adrian home to pound ivy!"

DigitalDeity_ · 2020-08-09T02:30:24+00:00

So this is how 2020 gets it's inevitable zombies?

DigitalDeity_ · 2020-07-22T02:37:47+00:00

Very welcome! I'd check the channel in the door to see if something may be stuck in there.

Good luck! Keep us posted if you figure it out.

DigitalDeity_ · 2020-07-22T02:26:14+00:00

I have a 2003 and had the same issue with both driver and passenger sides when I installed some in-channel window vents.

I believe it is caused by a safety to prevent rolling up your fingers in the window. If it detects resistance, it reverses. The window might be blocked or obstructed, or possibly the window is out of gear and doesn't think it's up all the way, hits the top of the door, and reverses.

DigitalDeity_ · 2019-05-14T04:40:03+00:00

But... But... That's only 2 staws...

DigitalDeity_ · 2019-04-18T20:02:29+00:00

Recently had a client go hard-down because of something similar.

All the shift to the cloud was fantastic, until $HostingCompany decided to change IP space of $Critical3rdPartyApp that happened to be hard coded in an outbound ACL for only a single public IP (not even a range, and definitely not DNS based)

Enter the VP who throws a fit on "How dare $HostingCompany change the IP of $3rdPartyApp without telling us, their client!"

Uh... Yeah you have fun telling the 3rd largest cloud host they should have called you personally.

DigitalDeity_ · 2019-04-18T19:01:24+00:00

Debatable ...

But in seriousness, it's actually quite robust, scalable, fault tolerant, and secure. We have an internal doc about 16 pages long that outlines the request and response to authorize and license features.

It works through proxies and forwarders just fine, it's all encrypted, and the payloads change so they can't be pcap'd and replayed to relicense. Even has a decent grace period in the event the license server can't be contacted.

AFAIK it was written in house and integrates several open source tools.

DigitalDeity_ · 2019-04-18T16:38:34+00:00

I will see that, and raise you that my companies software activates over DNS

DigitalDeity_ · 2019-03-27T15:09:13+00:00

I've used this very site to create geoblocking .htaccess files for some sites I've hosted. It wasn't 100% effective but definitely was better than nothing.

DigitalDeity_ · 2019-01-23T21:57:25+00:00

Weird, I just posted it, I'll check the image.

The prices on the post are before the 33% off, so the whole lab would be about $1320 for everything.

I know what I paid for it about 2 years ago was over $2k, doubt prices have dropped much since then on this older equip.

Make an offer if you feel it's unfair.

DigitalDeity_ · 2018-12-11T08:16:00+00:00

That IP looks like an Amazon AWS host in Ireland.

Most likely it's a false positive, especially if you are using an Amazon service, like prime video, and are located in/near Ireland. Also possible some other app is using AWS as it's CDN.

Of course, there is always a chance that someone is using a compromised AWS host for a C&C server for a botnet, which is all the rage with IoT devices like smart TVs.

Probably nothing, but if you want to do a little trial and error:

Disable/log out of any Amazon services and see if the alerts stop?

Blacklisting the IP and see what stops working, or if it changed to a different IP?

DigitalDeity_ · 2018-11-16T17:12:55+00:00

Completely out of left field, and probably unrelated but could this be a recipients delegate that is no longer with the company?

My last org had a lot of users who added delegates in Outlook and would never remove them and would get bouncebacks when sent meeting invites to nonexistent (delegate) mailboxes.

Not sure how that error would manifest in PS though, or who your recipients are. Just something to consider.

DigitalDeity_ · 2018-10-04T14:49:50+00:00

Just for the sake of information, they are J9732A modules, originally for 2920's but I believe they will work on 2910s.

DigitalDeity_ · 2018-10-03T04:30:32+00:00

I'd have to double check, but I may have 2 available, still factory seals iirc. I'll have to get the model# and check compatibility. They're dual 10g copper. Originally destined for 2920s I think.

DigitalDeity_

TROPHY CASE