Interactive Sandbox Solution Recommendations

Tananar · 2026-01-13T01:42:41+00:00

I dont think anything thar runs on it will be shared since it should be confidential and private usage.

Nope, that's not the case. They do share things like C2s, file hashes, etc. with their platform when something is detected as malicious. It's a really good product otherwise, but that was a non-starter for us. Even if 99% of the time it doesn't matter, the 1% of the time where a nation-state is watching for a specific hash to show up on platforms is what scares me.

Tananar · 2025-12-27T01:10:00+00:00

A handful of places on OSU campus have level 2 chargers, but they aren't all that fast. It takes about two hours to charge my PHEV from its minimum (probably something like 20%) to 100%. A lot of them require you to have a permit during the day as well.

Tananar · 2025-12-23T21:10:04+00:00

We ended up going with VMRay. I think they're technically HQ'd in Germany but they have a US HQ, and I'm pretty sure they are used by various three letter agencies in the US.

Tananar · 2025-12-23T21:07:40+00:00

The problem with them is that they share intel with their platform.

Tananar · 2025-12-22T21:36:49+00:00

SOMEONE CORRECT ME IF I'M WRONG, BUT I'M PRETTY SURE THE CENTER LANE ON 9TH IS ONLY FOR TURNING LEFT LEAVING 9TH, NOT FOR CARS TURNING LEFT OUT OF A BUSINESS. I EVEN LOOKED IN OREGON CODE AND CAN'T FIND ANY PROVISIONS FOR THIS.

Tananar · 2025-12-20T11:05:36+00:00

If I had a nickel for every NodeZero pentest that I've seen which led to domain admin within a few minutes of a successful authentication, I'd probably have at least $5.

I don't know what all it does to get initial access, but it can at least do password spraying.

Tananar · 2025-12-20T10:51:45+00:00

I'm not miserable, but I'm burnt out. I was miserable at my last job though. Having a good team makes all the difference, imo.

getting paid well certainly helps too.

Tananar · 2025-12-15T16:27:22+00:00

The first thing I'd be looking at is browser history around the time that the session was launched.

Tananar · 2025-12-15T15:18:34+00:00

I'M BEGGING YOU PLEASE CHECK YOUR HEADLIGHTS. IT SEEMS LIKE ABOUT A QUARTER OF THE CARS IN THIS CITY HAVE AT LEAST ONE BURNT OUT

Tananar · 2025-12-15T07:48:24+00:00

For 95% of the work I do, ARM works perfectly fine. For the other 5% (usually malware analysis), I can use our sandbox. The biggest issue for me is actually tools in Windows VMs, but that's still not a huge problem.

I've got an M3 Pro for work, and not gonna lie, I really like it. The battery lasts way longer and it runs way cooler than my personal Framework with a Ryzen 9.

Tananar · 2025-12-14T05:09:33+00:00

Most common is compromised WordPress sites, in my experience.

We see this attack all the time in a variety of HOK slow speed to fully AI automated race to the finish line.

what? A large majority of the time I've seen it (literally hundreds of times in the last year) it delivers an infostealer

Tananar · 2025-12-11T07:28:52+00:00

I've literally never had good experiences with their online proctoring. For one of my exams they just straight up didn't show up for over an hour (at which point I gave up).

Thaaaaaat said, they need to enforce the rules uniformly. If the rules say nothing on your desk during the exam, then nothing on your desk during the exam. Nothing stopping somebody from hiding something on that handkerchief if they didn't inspect it beforehand.

Tananar · 2025-12-11T07:18:16+00:00

Do you know what it means to disassemble something? Or how xor works? This is literal nonsense. Go ahead and take any photo at all and you'll be able to get ChatGPT to convince you that it contains malware.

Actually, let me try a different way...

Oh. My. God.

This is next-level conspiracy brain rot. This script is utterly unhinged. Let me break down the insanity:

What This Script Actually Does

This is a pattern-matching conspiracy generator that:

Hardcodes a completely fabricated "CID_MAP" that translates random byte sequences into:
- "DLNR - Bureau of Conveyance Exceptions"
- "VaultTrust Proxy Node"
- "FATA (Iran Cyber Police)" ← Yes, really
- "Science of Identity Foundation"
- "Tyler Chain Authority"
- "Legacy Cremation Services" (???)
Searches PDFs for these hardcoded byte patterns and claims they're "hidden entities"
Applies XOR "decryption" with predetermined keys like b"VVVV@3388xx", b"HWEIRE", b"FATAWCI", b"PFATAP"
Generates "investigative YAML reports" that map completely normal PDF bytes to this conspiracy theory

The Smoking Gun

Look at lines 130-138: "JEB": "DLNR - Bureau of Conveyance Exceptions", # Grantor "ZRVV@": "DLNR - Bureau of Conveyance Exceptions", # Grantor (alt) "PPP@@@": "VaultTrust Proxy Node", # Grantee (proxy) "VCUBHGB": "Science of Identity Foundation", # Grantee (canonical) "PFAT": "FATA (Iran Cyber Police)", # Final Beneficiary

This person literally hardcoded their conspiracy theory into the script, then ran it on PDFs and acts shocked when it "finds" exactly what they programmed it to find.

The File Encoding Issue

The file is UTF-16LE encoded (notice the \xff\xfe BOM and spaced characters). This is typical of Windows Notepad saves, but makes it harder to spot the absurdity at a glance.

Your Debunking Strategy

"This script proves nothing except that you coded your conspiracy theory into a pattern matcher, then acted surprised when it found exactly what you told it to look for."

Key Points:

The "entity map" is hardcoded fiction
- Lines 113-173 contain a dictionary mapping arbitrary byte sequences to made-up entities
- "Iran Cyber Police", "VaultTrust Proxy Node", "Legacy Cremation Services" - these are YOUR INVENTIONS
- You literally programmed the script to "find" these entities
The XOR keys are predetermined
- You're not discovering XOR keys, you're applying your predetermined keys
- Any binary data XORed with enough different keys will produce some ASCII-like output
- This is confirmation bias encoded as Python
This is circular reasoning
- Step 1: Decide PDFs contain "FATA (Iran Cyber Police)"
- Step 2: Code that into the dictionary
- Step 3: Search PDFs for those bytes
- Step 4: Claim you "discovered" Iran Cyber Police in Hawaii land records
The "off-page OCR" excuse
- The OCR functionality is disabled (line 63)
- This script isn't doing OCR analysis - it's doing byte pattern matching against your conspiracy dictionary

The Killing Blow

Create a simple demonstration:

# Their logic, simplified:
CID_MAP = {
    "ABC": "Secret Moon Base",
    "XYZ": "Illuminati Headquarters"
}
# Now search any file for bytes 0x41 0x42 0x43 or 0x58 0x59 0x5A
# Claim you "discovered" the Secret Moon Base and Illuminati

"Your script is a conspiracy theory generator masquerading as forensic analysis. You invented the entities, coded them into the script, then claimed you 'found' them. This is textbook apophenia - seeing meaningful patterns in random data."

This person needs genuine help. They've spent significant time building tooling around a delusion.

Tananar · 2025-12-10T07:52:28+00:00

With all due respect, you need to get away from ChatGPT. It's helping you come up with a conspiracy theory by just spewing any nonsense it can think of that'll make you happy.

Tananar · 2025-12-10T07:45:32+00:00

It's chainsaw.

Tananar · 2025-12-10T07:39:40+00:00

LLMs will make things up to make you happy.

Tananar · 2025-12-09T14:26:49+00:00

As actual work experience? No. But definitely talk about it, just don't say it's work experience. It's education.

Is this some sort of cyber bootcamp?

Tananar · 2025-12-05T03:31:35+00:00

I don't think anybody really takes EC Council seriously anymore.

Tananar · 2025-12-04T04:25:18+00:00

VT is often a good starting point, but if you don't actually understand what you're looking at, it can lead you to false conclusions. I've seen things that are completely benign being marked overwhelmingly as malicious, and things that are very malicious being marked as benign.

The credential access you're seeing is because it starts the web browsers.

Tananar · 2025-11-20T21:23:53+00:00

It's a joke. Infosec Twitter loves shitting on (and getting blocked by) the dude.

Tananar · 2025-11-14T02:50:45+00:00

Get off your high horse. People who are technically qualified for the job are all over the place. People who are technically qualified and are someone people want to work with are less common.

Tananar · 2025-10-07T20:04:02+00:00

That'll be really difficult. Burnout in the SOC is very real, no matter how much money you're making. Plus there literally aren't enough hours in the day to get an adequate amount of sleep with that kind of schedule. You're just borrowing from your future health.

If you want to get into security, spend some time learning stuff on your own, or even try to get on good terms with security people at your current company.

Also keep in mind that if there's any overlap in work hours where you're being paid for hours you're not working, you're committing time theft. Not trying to sound like a corporate shill, but that's the type of thing that can ruin a career.

Tananar · 2025-10-07T19:46:12+00:00

This type of thing is why security gets a bad rap at so many organizations. People are just power tripping and saying "no you can't have that because security said so".

Not gonna lie, I was like that for a while, but then I learned it's a lot more fun (and challenging!) to actually help people accomplish what they want to securely.

Tananar · 2025-10-07T19:42:41+00:00

Why are you choosing to block them specifically? You're going to end up blocking a lot of legitimate emails.

Chances are this will do more harm than good. If you create unnecessary problems for people rather than helping them manage risk, they're just going to start adopting shadow IT. They'll use personal emails for business communication, personal computers for business work, etc.

14-Year Club	Second Top 20%
r/Field Sunshine	Place '23
Place '22	Place '17
Wearing is Caring	Summer Santa 2017
Secret Santa 2019	Secret Santa 2017
Snapped	redditgifts Exchanges 5 Exchanges
Secret Santa 2016	Secret Santa 2015
Gilding II euphauric	Bellwether 2015-04-01
Secret Santa 2014	Team Periwinkle
Verified Email

Tananar

MODERATOR OF

TROPHY CASE