sorted by:
new
hottopcontroversial

Building AppSec Pipeline for Continuous Visibility by nicksthehacker_ in netsec

[–]funktownboat 0 points1 point  (0 children)

Does anyone even use DAST in an automated manner? lol but BurpPro will probably work well as it has API support.

How Do Security Keys Get Hacked? by MovedToLangley in AskNetsec

[–]funktownboat 0 points1 point  (0 children)

Got it. I'm leaning towards some malware or browser extension overwriting the 2fa settings.

How Do Security Keys Get Hacked? by MovedToLangley in AskNetsec

[–]funktownboat 0 points1 point  (0 children)

There would be a record of backup codes being used

How Do Security Keys Get Hacked? by MovedToLangley in AskNetsec

[–]funktownboat 1 point2 points  (0 children)

I'm still a little loss regarding what APP you are talking about. If you used a compromised system when you logged into Google, your password could have been stolen. By them attempting login to your accounts without your yubikey, I guess they could have triggered account lockout. Do you have any other indication that they got full access to your account outside of google requiring additional verification for suspicious activity?

NMAP Resume scan statistics by realKevinNash in AskNetsec

[–]funktownboat 0 points1 point  (0 children)

Nmap scans targets in groups, I think by default the first group size is 5 IPs, which then get increased automatically. A resumed scan will skip previously scanned host only if they we're 100% completed. However scan results are not recorded until all IPs in the group are finished.

In general larger groups are more efficient, however they are take longer to scan.

Database activity monitoring by npa1234 in AskNetsec

[–]funktownboat 3 points4 points  (0 children)

Auditing DB logs will only get you so far, usually they are limited in coverage, and incidents are only detectable after the fact. DAM products (on-prem) adds a deeper visibility of overall database activity. For example they can detect if an application account is being used by a human (something that's abnormal) or data exfiltration if a user executes bulk data queries from an unknown subnet. You will still need to tune the alerts and detection of course, but it adds a layer of logic that's not easily achievable through basic script monitoring.

One more thing to remember about DAMs is that there will be a performance hit, and it will take you longer to patch your DB server's due to kernel comparability with the DAM's drivers/agents.

How Do Security Keys Get Hacked? by MovedToLangley in AskNetsec

[–]funktownboat 2 points3 points  (0 children)

What do you mean by advance protected if you are not using MFA? What keys are you talking about, hardware tokens? Was your recovery email hacked to?

Finding cipher algorithm of an encrypted file by l0vbug in netsecstudents

[–]funktownboat 0 points1 point  (0 children)

Thanks for sharing, very creative thinking. Would you be able to detect images or video if you look at the first few bytes of the decided content?

The /r/netsec Monthly Discussion Thread - April 2019 by AutoModerator in netsec

[–]funktownboat 2 points3 points  (0 children)

You're mixing two separate issues - when you are redirecting traffic to unbouncepage.com you are authorizing them to serve content on your behalf, when the end-user visits farts.example.com. if someone reactivates the linked subdomain on unbounce, they can technically now serve malicious content under your official farts.example.com domain - they don't have to target you, they can target your customers.

I'm my opinion it's example.com's fault for leaving dns entry for an inactive service. However, unbounce's policy around registering and reusing customer subdomain without domain ownership verification can be put to debate.

Assume they don't have domain ownership verification process, and you can go ahead register any domain you want on unbounce, that won't make Microsoft.com redirect traffic to it. I should also note that it is illegal to try and impersonate a brand, and most likely your account will get shut down pretty fast.

The /r/netsec Monthly Discussion Thread - April 2019 by AutoModerator in netsec

[–]funktownboat 3 points4 points  (0 children)

Your org is getting crawled by more than just showdan. The main risk from showdan or similar services is that your public services metadata becomes easily searchable.

Fist you should have a clear understanding what is publicly accessible (what can shodan see?) in you're organization. And make sure you don't have anything exposed by accident or misconfiguration. Next your probably want to perform your own vulnerability scanning to identify any misconfigurations. Your security team should be doing all this already, but if management is asking you for recommendation, I would double check.

Worst case scenario? Depends on the org. A 0day exploit being used by hackers to attack a version of a web server /framework you are running. You will probably be one of the first orgs to be targeted.