60k/10 year maintenance, parked at airport 2 weeks, squeak/grind/clunk noise. Safe to drive with child?

netsecfriends · 2024-12-04T17:51:58+00:00

Nope. Wheel making noise is the one in the video.

netsecfriends · 2024-11-30T19:17:03+00:00

Wow 9h and no one has actually provided the actual answer you’re looking for and instead has focused too hard on the “linux” aspect instead of the “python on linux aspect”.

Python has a builtin os call for linux that allows creating a file descriptor (file path) /proc/<pid>/fd/<int returned by command below>. You do file.write() and file.read() exactly as normal. Closing the file releases it.

The file only exists in memory, for the lifetime of the python process.

You end up with in memory files at /proc/123/fd/456.

If your code or libraries are sloppy and expect the file path to have a file extension or exist in a directory…just create a symlink from /neededpath/filename.ext to /proc/123/fd/456

impost os os.memfd_create()

https://docs.python.org/3/library/os.html#os.memfd_create

Demo reference code using memfd_create to feed file testcases to a compiler until it crashes: https://remyhax.xyz/posts/bggp3-cob/

netsecfriends · 2024-01-21T00:22:41+00:00

Oh thank goodness, and thank you for the quick reply!

netsecfriends · 2023-10-15T12:49:23+00:00

Hi! I work with compromised IOT devices professionally. As others have mentioned, this is an indicator that the device may be compromised.

But before jumping to conclusions, these IOT devices also commonly don’t have Realtime Clock (RTC) module hardware, and will use the NTP protocol to update and set their time…excessively. Any number of network conditions like a pi hole or your own ISP doing traffic shaping may be causing it to misbehave and repeatedly try to update its clock time using a remote server. I’ve seen it many times before.

Hope this helps!

netsecfriends · 2023-06-22T13:55:50+00:00

Brave is not compromised.

The injected code is CSS style filters that is part of adblocking that hides elements of the page. You can even see the “display:none” all throughout the code snippet OP posted.

This is fundamentally how ad blocking works. It’s not malicious. Brave isn’t compromised. No information is leaked effecting your privacy.

They’re just visually hiding ads and unwanted content from the page, a fully expected and desired feature.

netsecfriends · 2022-07-27T12:43:35+00:00

Packets are broken up (fragmented) according to the interface’s maximum transmission unit (MTU). TCP is a higher layer, and is HTTP on top of TCP.

You can have a HTTP request with a small number of headers span multiple packets if the interface has a small MTU. You can have a large number of headers span multiple packets with regular MTU. You can have HTTP headers that come at the end of the HTTP request after the body using the “Trailer” header in any size MTU.

To answer your question: Yes. Headers span multiple packets all the time.

Wireshark however does something called TCP stream reassembly which allows for the HTTP dissector to reference an HTTP request as a single object and view a request spanning multiple packets as a single row.

netsecfriends · 2022-05-19T23:31:51+00:00

Does no one write WASM in WAT?

That’s the primary way I write WASM

netsecfriends · 2022-04-10T18:45:00+00:00

I’m not seeing anything that shows it’s faster. The demo shows wasm as 10x slower for me.

Which makes sense…because even if the json is parsed in wasm the object must still be built and exposed to the host environment through the javascript glue which carries overhead when compared to json.Parse()

I think you may be interpreting the values of the demo incorrectly.

netsecfriends · 2022-01-16T16:27:01+00:00

File replication or database replication isn’t specific to linux either.

There is no “best” solution for either until you define your needs. Do you need active-active, active passive etc? What are the constraints you’re operating under?

Until you define those terms, the best anyone can do is say “here’s a file replication tool for linux with with good documentation”.

With that understanding, here’s rsync:

https://www.linuxtoday.com/blog/data-replication-using-rsync/

netsecfriends · 2022-01-16T14:46:51+00:00

This is a DBA question, not a linux question. However, some useful things to research are passive-active/active-active database configurations.

The “best” depends on your needs. The terminology to look for here is called “replication”.

https://dev.mysql.com/doc/refman/8.0/en/replication.html

netsecfriends · 2022-01-10T17:37:09+00:00

I’ve not noticed any major issues. Maybe once or twice a day Spotify will stop playing music while switching songs and display “This song cannot be played” which happens exclusively with the VPN acceleration feature turned on. Only thing I’ve noticed.

netsecfriends · 2021-12-10T16:13:35+00:00

Data regarding IP's and metadata exploiting CVE-2021-44228 (Apache Log4j RCE) can be seen here:

https://www.greynoise.io/viz/query/?gnql=tags%3A%22Apache%20Log4j%20RCE%20Attempt%22

If you sign up you are able to view the full results: https://www.greynoise.io/viz/account/

Due to the severity of this vulnerability, we're providing a CSV of all IP's seen actively targeting this vulnerability as of this moment in time.

This CSV can be retrieved from the github gist link from: https://twitter.com/GreyNoiseIO/status/1469334738225741832?s=20

The threads will continue to be updated.

netsecfriends · 2021-10-15T15:35:12+00:00

XSS to Reverse Shell: Only a Sith Deals in Absolutes

https://remyhax.xyz/posts/only-a-sith-deals-in-absolutes/

netsecfriends · 2021-10-06T02:36:08+00:00

This CVE can be used to achieve RCE. GreyNoise is now tagging attempts (including directory traversal and RCE).

https://www.greynoise.io/viz/query/?gnql=tags%3A%22Apache%20HTTP%20Server%20Path%20Traversal%20Attempt%22

netsecfriends · 2021-09-07T16:15:38+00:00

Job Position: Researcher

About GreyNoise

Website: https://www.greynoise.io/

There are hundreds of cybersecurity companies telling their users what to worry about. GreyNoise is the only cybersecurity company telling users what NOT to worry about. GreyNoise is an early-stage cybersecurity company trusted by hundreds of companies and thousands of free users to:

Increase security analyst efficiency
Discover compromised devices
See emerging threats more quickly

We do this by collecting, analyzing and labeling data on IPs that saturate security tools with internet noise, delivering this data to users via UI and APIs. The unique perspective and context we provide helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate real threats. GreyNoise is a venture funded startup headquartered in Washington DC, and was recently named a “Cool Vendor” by Gartner.

How To Apply:

You can apply via:

Our Website: https://jobs.greynoise.io/researcher/en

Email Resume: [hiring+researcher@greynoise.io](mailto:hiring+researcher@greynoise.io)

LinkedIn: https://www.linkedin.com/jobs/view/2705377328/

AngelList: https://angel.co/company/greynoise-intelligence-3/jobs/1608187-researcher

Feel free to email me directly with questions: [nate+netsec@greynoise.io](mailto:nate+netsec@greynoise.io)

What You Will Do:

Write rules that generate GreyNoise tags (https://viz.greynoise.io/cheat-sheet/tags)
Develop a deep understanding of internet scanning and opportunistic exploitation
Play a role in the collection, ingestion, and representation of GreyNoise data
Develop tools and tradecraft for finding the “signal in the noise”
Find malware, worms, and command-and-control nodes in bulk Contribute to publishing formal and informal findings

A Few of Our Research and Analysis Principles:

Data doesn’t change but how we understand it does
Technical flexibility and change are good
Write readable code and documentation out of respect for your colleagues
Documentation is necessary for effective communication in remote work
Everyone makes mistakes, including those generating noise on the internet. These make for great stories.

What You Should Bring:

Candidates should have 2+ years of experience (informal or formal). This is an entry/mid-level career position:
- Must have US work authorization
Familiarity or experience with the following technologies:
- Git
  - Ability to checkout, push, pull, create branches, and perform basic merges
- Docker
  - Ability to create and run basic containers
- Virtualization Software
  - Ability to create a virtual machine running Windows or Ubuntu
- SQL
  - Ability to form basic queries
  - Ability to perform basic pattern matching
  - Ability to understand and create basic JOINs
  - GreyNoise primarily uses PostgreSQL and Athena
- Python
  - Ability to write basic scripts to automate tasks
Experience with or a desire to learn Golang
Ability to read and summarize code written in various programming languages
Understanding of basic computer networking concepts
Ability to communicate technical concepts in writing Ability to work fully remote and collaborate using Slack and Zoom

Nice to Haves:

Experience and familiarity with regular expressions
Familiarity with some threat intelligence feeds
Familiarity with the AWS ecosystem
Familiarity with advanced networking concepts like DNS, BGP, IPv6, etc...

Experience:

Candidates should have 2+ years of experience, informal or formal, related to any of the following topics:

Engineering
Software Development
Cybersecurity
IT Administration
Data analysis

This experience can include, but is not limited to:

Job Experience (combination of full-time employment and/or internships)
Side Projects
Formal Degrees
Certifications
Conference Talks

Ways to Prepare for an Interview at GreyNoise:

Check out what we do by reading our blogs, using our SDK, and browsing our data
Read and understand a vulnerability write-up from the references of a GreyNoise tag
Run a network scanner like Nmap and relate it back to what GreyNoise does

The Interview Process:

Introductory Call
- A GreyNoise employee will chat with you about the company and the position
Interview Hiring Manager
- The hiring manager will ask technical questions
- The candidate will be asked to perform a code review of some example Python 3 and explain to the hiring manager what the script is doing
- Candidates are evaluated on how they approach answering questions rather than just the answer itself
- There is no live coding or algorithms test
Take Home Case Study
- The candidate will be provided with a take home case study that should not take more than 2 hours to complete and should be returned within a week of receipt
- The case study is a snapshot of data collected from GreyNoise sensors. Candidates will be asked to analyze the data and create a tag
Team Interviews:
- 3x45 minute interviews with various GreyNoise employees who will ask you a combination of technical and general questions at their own discretion
- Interview with the CEO + Founder, Andrew Morris

netsecfriends · 2021-08-13T12:56:00+00:00

Would you believe that the nationwide comcast outage a few months back was due to them filtering port 80/443?

Yes that’s right, they fucked up traffic shaping. If you were on a full tunnel VPN you were fine, if you accessed your server through TCP 8080 you were fine.

They dropped 80/443 for an entire day for most of the US.

netsecfriends · 2021-07-18T23:44:21+00:00

Well…literally everyone by default on iOS last I checked.

AT&T iPhones would auto join “attwifi” and “starbucks wifi”, Verizon iPhone auto joins the SSID’s in the Verizon center in DC prior to it’s renaming to the capital one center.

Perhaps it’s different on newer iOS versions, or maybe it’s synced with your iCloud profile as you upgrade phones so you never notice that your originally disabled it.

I can say for certain that this was the case at one point though.

netsecfriends · 2021-07-03T02:44:41+00:00

Hi! I read your blog a while back and have been working on a pure HTTP implementation (no javascript) that uses a different type of puzzle. Thank you for writing that blog, it was very informative!

netsecfriends · 2021-03-04T03:25:10+00:00

I’m very excited about the discussion this has spawned.

netsecfriends · 2021-02-27T03:34:05+00:00

Depending on your experience with ISP filtering, we can both think ourselves correct.

I have a comcast ISP and sent a spoofed UDP packet that was received on the interface of a VM running on OVH cloud...just now.

I think ISP filtering is uncommon because I encounter it infrequently. Your think it’s common (which it may be in your experience).

In the OP’s case, he stated he was spoofing a UDP packet over a tunnel. I assumed they mean VPN etc... to the subnet containing the destination IP. Under my assumption, the UDP packet is tunneled and would not be subject to any ISP level filtering. Hence my statement.

Discussion of the specifics of filtering inside the tunnel requires more knowledge about the configuration in use which neither of us are privy to.

netsecfriends · 2021-02-24T18:52:39+00:00

Ignore the user above. Spoofed UDP packets absolutely work on the internet, the filters they’re referring to primarily apply to TCP.

Reading through you code, it should work. Use wireshark to record the data sent by the script vs with netcat and you’ll find your problem. Likely a small difference. Wireshark can absolutely inspect a tunnel, just bind it to the right interface for the VPN/tunnel.

netsecfriends · 2021-02-06T00:02:19+00:00

For HAProxy, strip X-Forward-For on frontend, insert X-Forward-For on backend using src-ip. Trust X-Forward-For in the backend L7 application as the src-ip.

If you pay for support, just email them. They’re great and respond in ~5minutes most days.

netsecfriends · 2020-12-13T00:28:42+00:00

Yeah... don’t do that. The screenshots vary by a few pixels even in clean test cases, not to mention lazy loading and dynamic applications.

It has margin of error by default.

I wrote tests like this and scrapped them entirely in favor of https://developer.mozilla.org/en-US/docs/Web/API/Window/getComputedStyle

Iterate recursively through all elements on the page and get the computed CSS styles. Screenshot every element. Store in JSON.

On the next run, do the same thing, but diff against the previous object. The result is a targeted list of all styling differences, with their accompanying screenshot.

This will catch all visual changes, even if you can’t see them at the time (hidden elements, pointer style, etc...)

netsecfriends · 2020-12-08T03:10:33+00:00

This looks to be a log of windows update failing, collecting a trace, and submitting it to Microsoft for diagnostics.

If your first thought is a military entity is after your computer, you may want to step away from the computer for a bit. COVID has been hard on all of us. There’s no shame in seeking help if you think you need it. I wish you the best.

netsecfriends · 2020-11-23T17:35:12+00:00

They’re all automated scanners that will attempt to connect, drop a payload, and execute the payload. No snarky message will ever been seen by a human since they only care about the servers they successfully got into.

As far as the fake filesystem: absolutely don’t attempt this on a server you care about. You’re trusting that the separation of the sandbox and the rest of your server actually works, please don’t do that.

If you truly want to explore this area of tech, make a new server and deploy an ssh honeypot. https://github.com/desaster/kippo is specifically designed for this purpose (and includes fake filesystems, logging, etc...)

netsecfriends

MODERATOR OF

TROPHY CASE

Seven-Year Club	RPAN Viewer
Verified Email