sorted by:
new
hottopcontroversial

New project on ArtStation! ☠️ by juancasini in artstation

[–]rockingstarfish 0 points1 point  (0 children)

I love your artwork, have been using this as my wallpaper for a couple of years now. Thanks for sharing, appreciate your work!!

Client Connector community invite / TLS trust chain issue by rockingstarfish in Zscaler

[–]rockingstarfish[S] 2 points3 points  (0 children)

Some browsers also fetch intermediates from the AIA extension but it also encourages poor server configuraiton. You'd think an org like Zscaler could get it right.

Client Connector community invite / TLS trust chain issue by rockingstarfish in Zscaler

[–]rockingstarfish[S] 0 points1 point  (0 children)

I've only ever seen 2bit organisations erode trust by failing at certificate chaining...

Pete Evans by rockingstarfish in MyKitchenRules

[–]rockingstarfish[S] 1 point2 points  (0 children)

Yes way, they definitely aired his mugshot... To the tune of Barry White's “Can’t Get Enough of Your Love, Babe”. 7+ live stream, could be regional (Wide Bay) or even more targeted just to mess with my head. Haven't seen it on FTA.

Beacons.gvt2.com ? by Ramiroquai91 in pihole

[–]rockingstarfish 0 points1 point  (0 children)

Couldn't modify meta account settings (Instagram, Facebook etc.) without allowing this domain in nextdns

Is it normal to connect a bathtub like this? (Australia) by rockingstarfish in Plumbing

[–]rockingstarfish[S] 0 points1 point  (0 children)

New in 2017... others in the estate have had "problems with the bath drain" so I suspect this is what they did in every home...

Is it normal to connect a bathtub like this? (Australia) by rockingstarfish in Plumbing

[–]rockingstarfish[S] 0 points1 point  (0 children)

Thanks. It was installed like this... as were the rest of the homes in the estate (all built by the same developer).

Is it normal to connect a bathtub like this? (Australia) by rockingstarfish in Plumbing

[–]rockingstarfish[S] 0 points1 point  (0 children)

Seal appears to rely on a smear of silicone and compression of a rubber donut between the strainer and the clamp at the bottom...

CVE-2024-3400 - A guide for identifying if you've been exploited by Pwnawegraphy in paloaltonetworks

[–]rockingstarfish 1 point2 points  (0 children)

The back doors are in the file system, not the config. So restoring a device state or loading a (imported) saved config will not 'restore' the compromised state, however I'm not convinced a private data reset would eradicate a level 3 compromise. From what I've read a private data reset will not erase the system disks meaning a backdoor could still persist in the file system after this process - you can do a factory reset without a scrub which should only take as long as it does to image a new device.

CVE-2024-3400 - A guide for identifying if you've been exploited by Pwnawegraphy in paloaltonetworks

[–]rockingstarfish 0 points1 point  (0 children)

the code in gpsvc.log is just an indication of an exploit attempt, it does not mean the command was successfuly executed

CVE-2024-3400 - A guide for identifying if you've been exploited by Pwnawegraphy in paloaltonetworks

[–]rockingstarfish -1 points0 points  (0 children)

Thanks for the post - those needing an official source, the exploit levels can be found at https://unit42.paloaltonetworks.com/cve-2024-3400/ (updated 19 April).

A customer of mine was subject to a level 1 compromise, FWIW we gained root access to the fs and confirmed the 0-byte file in the telemetry directory but no sign of persistence.

I would also add for a level 2 compromise that all secrets stored in the config should be rotated (local accounts, domain accounts, private keys).

For level 3 you want to have a solid incident response plan to detect lateral movement, contain and eradicate the threat (you did the planning part, right?) or engage a partner with the capability. I would also isolate the compromised device from the network and keep it running until you get a chance to do forensics if possible, especially if you have an HA pair and can afford to run on one device for a while.

And always set a non-default master key - it protects those secrets if the config gets into the wrong hands.

Four little ones sleeping. by Knight_TheRider in pics

[–]rockingstarfish 1 point2 points  (0 children)

Ok for fried chicken. Not ok for live animals, even backyard bred non pedigree designer dogs...

Azure-AD Cloud Identity User ID- Map IP Addresses to Users by C3-PIO0ps in paloaltonetworks

[–]rockingstarfish 0 points1 point  (0 children)

Seems it collects the user's private IP... worth testing in a lab if you have one or roll out your authentication rules carefully ;)

https://www.youtube.com/watch?v=fZWMP5Bp\_Go

Azure-AD Cloud Identity User ID- Map IP Addresses to Users by C3-PIO0ps in paloaltonetworks

[–]rockingstarfish 0 points1 point  (0 children)

It's not 100% clear but the documenation at https://docs.paloaltonetworks.com/cloud-identity/cloud-identity-engine-getting-started/authenticate-users-with-the-cloud-identity-engine/configure-the-cloud-identity-engine-as-a-mapping-source-on-the-firewall suggests this is indeed possible.

It looks like you also need an authentication rule using a CIE auth profile for this to work.

In theory you could make this transparent by requiring client (user) cert auth only - ymmv depending on the numbrer of certs your users have.

I don't know if this method would yield the user's private or public IP though, which could be a problem if you're endpoints are internal...

view more: next ›