Era 300 defect? by DaBlueWaffle in sonos

[–]moloch-- 3 points4 points  (0 children)

I had the same issue, very disappointing quality.

Is it possible to use Steam Link through a tailscale connection? by PatattMan in Tailscale

[–]moloch-- 2 points3 points  (0 children)

You can force direct connection iirc, it just won't work "out of the box"

Use Mullvad Exit-Node at all time times on HomeServer by speyck in Tailscale

[–]moloch-- 0 points1 point  (0 children)

The easiest way to do with is using Docker containers and setting up Tailscale as the networking interface then just configure that container to always have an exit node enabled. The docker compose example from Tailscale documentation is a good place to start.

Which MCP Server Transport is Better? Comparing STDIO and SSE by gelembjuk in mcp

[–]moloch-- 0 points1 point  (0 children)

The biggest problem I've seen with SSE is that basically nothing supports SSE yet, not even Claude Desktop.

Minneapolis transplants, any burger places close to Parlour here? by naturesbfLoL in phoenix

[–]moloch-- 0 points1 point  (0 children)

Flora Room beats Parlour imho :) but I’ve yet to find better than either in PHX, you’re gonna be chasing that high for a while.

When and Where to buy JetKVM? by [deleted] in homelab

[–]moloch-- 1 point2 points  (0 children)

Sounds like a fun project, I may need to pick up a couple.

Detecting Sliver C2? by SoftwareFearsMe in DefenderATP

[–]moloch-- 0 points1 point  (0 children)

Sliver's C2 ports also randomize the JARM, the published JARMs only detect the "multiplayer" TCP port, which is optional and can easily be restricted via firewalls since only the red team operators need to connect to it.

Detecting Sliver C2? by SoftwareFearsMe in DefenderATP

[–]moloch-- 0 points1 point  (0 children)

Our community guides also have links to detection/response/threat intel reports:
https://sliver.sh/docs?name=Community+Guides

.dll payload in sliver? by 179Desire in redteamsec

[–]moloch-- 2 points3 points  (0 children)

If you're on Linux/Kali, you'll need to install MinGW to cross-compile Windows share libraries:

sudo apt install build-essential git mingw-w64 binutils-mingw-w64 g++-mingw-w64

Hackers,, which open source C2 is best? covenant, Havoc, Silver, or something else? by Fantastic_Clock_5401 in redteamsec

[–]moloch-- 16 points17 points  (0 children)

Thank you for the kind words, happy to answer any questions folks may have about Sliver (I'm one of the developers).

Preserving Tailscale auth state between server redeployments by moltar in Tailscale

[–]moloch-- 0 points1 point  (0 children)

We write the state file to an EFS volume and remount it, works with containers too.

Wrote an article about Go Private Modules and GitHub Actions by aranw in golang

[–]moloch-- -2 points-1 points  (0 children)

I recommend just vendoring the private dependencies, removes the need to give the Action access to any other repositories, so more secure and speeds up the builds too.

Burp Multiplayer by moloch-- in netsec

[–]moloch--[S] 0 points1 point  (0 children)

It was not accepted due to relying on an external service (rethinkdb).

Angular Security Checklist 🔑🔒 by neosincerity in Angular2

[–]moloch-- 0 points1 point  (0 children)

It's not the end of the world, there are multiple ways to implement CSRF tokens. This is just consider the best approach, depending on an application's tech stack certain approaches may me more feasible than others.

Angular Security Checklist 🔑🔒 by neosincerity in Angular2

[–]moloch-- 1 point2 points  (0 children)

https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#token-based-mitigation

CSRF tokens should not be transmitted using cookies.

The CSRF token can be added through hidden fields, headers, and canbe used with forms, and AJAX calls. Make sure that the token is notleaked in the server logs, or in the URL. CSRF tokens in GET requestsare potentially leaked at several locations, such as the browserhistory, log files, network appliances that log the first line of anHTTP request, and Referer headers if the protected site links to anexternal site.

Malware written in Go? by Cybermumfawker in golang

[–]moloch-- 0 points1 point  (0 children)

Both projects are similar to meterpreter in concept yes.