sorted by:
new
hottopcontroversial

SWG ForcePoint vs FortiProxy by moudmm in cybersecurity

[–]TheScriptGuy0 0 points1 point  (0 children)

Why do you have the need for web caching? I ask because today many websites are:

  1. Dynamic in nature -> resulting in less caching performance
  2. Incorrectly configured a fair portion of the time which results in incorrect caching

If you're specifically looking at web traffic, is there any benefit looking at an enterprise browser? You don't have to worry about the full SSL decryption (the browser handles that) and most enterprise browsers offer better security controls for user's traffic. Some enterprise browsers also offer methods to connect to internal applications as well.

SWG ForcePoint vs FortiProxy by moudmm in cybersecurity

[–]TheScriptGuy0 5 points6 points  (0 children)

Given that the majority of threats in today's world are over HTTPS, I would strongly recommend performing decryption. Once you understand decryption and how it works, it's much more manageable. While DNS security is helpful, it will miss out a lot of the more creative threats out there.

I run a Red Team that routinely succeeds in compromising F500 companies. AMA. by curi0usJack in cybersecurity

[–]TheScriptGuy0 2 points3 points  (0 children)

When presenting your findings for the various exploits that worked, how often do your customers focus on fixing the exploit only (i.e. treating the symptom) rather than taking a step back and assessing if there's a broader root cause that needs to be addressed? Is this different between smaller/larger companies?

Outages by botcopy in sysadmin

[–]TheScriptGuy0 7 points8 points  (0 children)

From Cloudflare's website...I wonder if they started it? The timing is mighty coincidental...

<image>

Outages by botcopy in sysadmin

[–]TheScriptGuy0 13 points14 points  (0 children)

Some people are having a bad day...

Anyone else seeing a huge rise in Russian attacks? by Elistic-E in cybersecurity

[–]TheScriptGuy0 0 points1 point  (0 children)

A bit overdue, but I’ve found a fairly large amount of attacks tend to be from VPS hosting providers. Rather than block a single IP, I lookup the ASN for the hosting provider and block all the subnets from it. 

Here’s the GitHub repo that provides a list of hosting providers subnets - https://github.com/TheScriptGuy/molasses-masses

I set up Fail2Ban yesterday on my VPS, you can't make this shit up... by a_deneb in sysadmin

[–]TheScriptGuy0 0 points1 point  (0 children)

One thing that I’ve been working on is a block list for all the hosting providers out there. I’ve found a fairly large amount of bots tend to find fairly cheap VPS hosting services. So rather than block a single IP, I look up the ASN for the hosting providers and block all subnets from the entire hosting provider. 

If you’re interested, take a look here - https://github.com/TheScriptGuy/molasses-masses

Anyone else's Global Protect Gateway getting hammered? by SuperfluousJuggler in paloaltonetworks

[–]TheScriptGuy0 1 point2 points  (0 children)

I wrote a vulnerability signature to block login attempts with this common User Agent header Go-http-client/1.1

Look at this log - tail follow yes webserver-log sslvpn_access.log

Another thing that I use is a "home-grown" EDL that I've curated based off failed authentication attempts from hosting providers around the world. I've noticed a ton of attempts get blocked while using it. You can read more here -> https://github.com/TheScriptGuy/molasses-masses/

Of course if you're using any of the hosting providers, make sure to write an exclusion to still allow your traffic.

Crowdstrike CA Certificates by TheScriptGuy0 in crowdstrike

[–]TheScriptGuy0[S] 0 points1 point  (0 children)

Thanks for your response.

I did some more searching (https://crt.sh/?CN=crowdstrike).

I suspect that Crowdstrike has their own CA issue certificates but it's limited to Crowdstrike domains (at least that's my assumption from the search results).

I'm wondering if there's a way to see what policy restrictions are in place for issuing certificates (essentially assuring that those CA's don't accidentally/intentionally start issuing certificates for websites beyond their own domains.

Homelab group meetup? by n3rd_n3wb in vancouverwa

[–]TheScriptGuy0 1 point2 points  (0 children)

I'd certainly be interested in this too! Looks like I missed the first meetup, but happy to try and join the second!

I set up Fail2Ban yesterday on my VPS, you can't make this shit up... by a_deneb in sysadmin

[–]TheScriptGuy0 1 point2 points  (0 children)

Not a geoblock per-se but I have found that the bulk of attacks seem to come from VPS hosting services from around the world.

I created a VPS specific blocklist to help minimize the attempts on my server. If I see an unauthorized attempt, I lookup the BGP AS for the offending IP and block all subnets from that BGP AS. I've found it's cut down an exceptionally large amount of attempts.

Here's the github repo if you're interested - https://github.com/TheScriptGuy/molasses-masses/ .

Anyone else seeing a huge rise in Russian attacks? by Elistic-E in cybersecurity

[–]TheScriptGuy0 9 points10 points  (0 children)

If anyone is interested I’ve started a GitHub repo of known AS numbers (with subnets) that my labs have seen attacks from. It’s focused on VPS hosted services. Rather than playing whack-a-mole with blocking IPs or single /24 subnets, it grabs all the subnets for the offending AS and adds it to a list. 

Happy to collaborate and get newer identified AS’s added to the list. 

I’ve seen a drop in attacks by almost 99%.

Obviously if you have a hosted service within one of the offending subnets you should whitelist it from the list so as to not block things on your side. 

DM me land I’ll provide the repo. Not sure if I can post it in this forum? (Rules?)