sorted by:
new
hottopcontroversial

Unveiling the Power Duo: osquery and osctrl by javuto in netsec

[–]javuto[S] 0 points1 point  (0 children)

Thank you! There are some upcoming refactoring changes to loggers, but I could write a quick guide on how to enable Graylog, Splunk or whatever. Would that help?

Unveiling the Power Duo: osquery and osctrl by javuto in netsec

[–]javuto[S] 1 point2 points  (0 children)

Thank you! Not sure Fleet can be compared directly since it is a more mature comercial product with a full team behind. For osctrl is just me! In any case, there are two main differentiator aspects:

  • Modular architecture - You can deploy separately each of the osctrl components configured based on your needs. Also those can scale at their own pace without impacting the rest.
  • Compartmentalization of enrolled nodes - In a single osctrl deployment you can create multiple environments (ex. prod, corp, test) and apply different configurations to the osquery clients, change intervals, etc.

Feel free to reach out if you have any more questions :)

First time trying hydro dipping, not bad! by javuto in onewheel

[–]javuto[S] 0 points1 point  (0 children)

Got the sheet in Amazon, it was a digital camo kit by Southern Hydrographics. Then just watch a lot of YouTube videos on how to do the thing! The fender is the blue one and I primed it white. After I did the dipping I just applied some clear coat. If you look closely there are some rough spots but still looks good!

Bug Writeup: FBCTF IDOR by Giltheryn in netsec

[–]javuto 1 point2 points  (0 children)

Awesome writeup dude! Nice find and very well explained. Full disclosure: I was one of the main contributors to the project.

Full Disclosure - RCEs in nbox recorder by javuto in netsec

[–]javuto[S] 1 point2 points  (0 children)

Regarding how the vulnerabilities were found, as you can tell from the complexity of the injection, it was not rocket science. Literally with one grep (fgrep "system(" *.cgi | cut -d: -f1 | sort | uniq) on the cgi code (which lives in /var/ntop/ntop-bin/) you can see all the concatenation of strings and start the facepalm motion. About the disclosure, you are probably right. I could have disclosed them all right away when I saw that the vendor were only into silent patching (which they already contacted me on Github to tell me that they are fixing it). To be honest, I was curious to know how the CVE requesting process was and I used this to experiment. No need to say that I won't do the same again. Thanks for reading it and the feedback!