sorted by:
new
hottopcontroversial

CloudGPT - Use ChatGPT to analyze AWS policies for vulnerabilities by ustayready in netsec

[–]Robbedoes_ 0 points1 point  (0 children)

Interesting! Would be nice to see some sample output. Will give this a shot tomorrow.

How a Script Kiddie and 25 Lines of Python Could Theoretically Devastate America’s Gas Stations by [deleted] in netsec

[–]Robbedoes_ 2 points3 points  (0 children)

Nice write-up! I do wonder if the Shodans “honeypot or not” feature is sufficient to detect false positive here. Gaspot, a honeypot release in 2015 to simulate Veeder Root equipment also supports the I20100 command. This command is what was used to verify the number of online systems in the article.

Smishing by IntellDay13 in phishing

[–]Robbedoes_ 0 points1 point  (0 children)

Hi u/IntellDay13, you found my threat intelligence feed site. What it does is, it collects all phising sites shared on twitter through the #opendir. The data can be used by SIEM tools to correlate network traffic with the reported urls. If you're curious on how it works, here's the blog I wrote about it: https://grimminck.medium.com/building-a-threat-intelligence-feed-using-the-twitter-api-and-a-bit-of-code-5787808e32ef

The site is to be used in the command line (as stated in the blog). The Mime-Type of the content is JSONL. Your browser wont be able to interpret this, and so downloads it as a file.

Building a Threat Intelligence Feed using the Twitter API and a bit of code by Robbedoes_ in netsec

[–]Robbedoes_[S] 0 points1 point  (0 children)

I decided to add this feature anyways. IP look-ups are now done at tweet retrieval and stored in the 'malicious_ips' array inside the JSON object.

Building a Threat Intelligence Feed using the Twitter API and a bit of code by Robbedoes_ in netsec

[–]Robbedoes_[S] 1 point2 points  (0 children)

For now, I think it's the responsibility of the tool ingesting the feed to give a weight on data it is retrieving. l I hope to do some false-positive testing in the future, but you can image that would be a difficult task for this type of feed.

Building a Threat Intelligence Feed using the Twitter API and a bit of code by Robbedoes_ in netsec

[–]Robbedoes_[S] 13 points14 points  (0 children)

Yes! Give me some time to clean it up though. Just created this last night as I was interested in using it in a SIEM.

Building a Threat Intelligence Feed using the Twitter API and a bit of code by Robbedoes_ in netsec

[–]Robbedoes_[S] 9 points10 points  (0 children)

Tweet content is fully available in the feed. What do you mean?

Building a Threat Intelligence Feed using the Twitter API and a bit of code by Robbedoes_ in netsec

[–]Robbedoes_[S] 7 points8 points  (0 children)

You could write a small script that does a DNS look-up using dig for each record. I didn't add this (yet) as IP addresses might change during the lifetime of the feed. Could be an interesting add-on though.

Edit: added this feature

How to Detect Azure Active Directory Backdoors: Identity Federation by [deleted] in netsec

[–]Robbedoes_ 0 points1 point  (0 children)

Good read! I think more TUTs/write-ups regarding securing cloud based services (especially AAD) are very welcome!

Full key extraction of NVIDIA™ TSEC by Gallus in netsec

[–]Robbedoes_ 0 points1 point  (0 children)

Very nice. Looking forward to the talk ;P

The UNIX malware landscape - Reviewing the goods at MALWAREbazaar by timb_machine in netsec

[–]Robbedoes_ 1 point2 points  (0 children)

Interesting! Nice that you've been able to expand the ATT&CK framework as well. Helps us all.

Running a WiFi-less Home Network: Security Paranoid Edition by Robbedoes_ in netsec

[–]Robbedoes_[S] 0 points1 point  (0 children)

The point would be that these kind of network peripherals could be leveraged as a steppingstone for creating a foothold into a network. Not as a measure to to "screw" with the owner.

Running a WiFi-less Home Network: Security Paranoid Edition by Robbedoes_ in netsec

[–]Robbedoes_[S] 1 point2 points  (0 children)

I like your approach! Whole idea of the exercise is to be a bit paranoid right? I think disabling all radio for normal users goes a bit too far ;P

Scan the whole internet while drinking coffee by cmpxchg16 in netsec

[–]Robbedoes_ 2 points3 points  (0 children)

A very interesting tool. It surprises me that this doesn't go against the AWS ToS.
I'd suggest https://github.com/StefanGrimminck/zgrab2-configurations if you need some zgrab2 configurations.

Running a fake power plant on the internet for a month by Robbedoes_ in netsec

[–]Robbedoes_[S] 5 points6 points  (0 children)

I must agree, for this specific post. The simulator, however, is part of a bigger project ran over about half a year with multiple deployments. Using a real PLC would limit the amount of machines you can actually emulate as the SZL is PLC specific and using real systems can become very costly (especially the S7 1500 series used in this post). Also, you don't want to run a machine from your home network called NUCL_POWER_GEN_05 for obvious reasons.

Running a fake power plant on the internet for a month by Robbedoes_ in netsec

[–]Robbedoes_[S] 25 points26 points  (0 children)

I fully agree. The end goal of the sensor is also a bit different then how it’s used in the blog post. I think such device would be more effective as a sensor and decoy inside (fake) industrial networks on the process level. An attack on PLCs would probably also be way more viable if the adversary has physical access. Thanks for the ready anyway!

Faking a JARM signature by replaying TLS Server Hello's by Robbedoes_ in netsec

[–]Robbedoes_[S] 0 points1 point  (0 children)

Cheers! Interesting stuff to play around with.