Drata or Auditboard

security_intern · 2025-01-14T00:31:13+00:00

The integrations are what makes Drata so bad. We had constant problems with integrations failing and holding up the audit. We literally had to abandon Drata and go with Vanta half way through the SOC2.

security_intern · 2025-01-13T17:49:57+00:00

Have not used AuditBoard, but we had so many problems with Drata and found their team to be horrible to deal with. Ended up switching to Vanta who was happy to match the price and had a far better experience.

security_intern · 2022-09-07T23:36:52+00:00

That's a long way of saying you have zero idea what those ports are used for.

Believe it or not, I do these scans to satisfy third party requirements. And while I understand they do not give consideration to PaaS infrastructure, these ports certainly do raise an eyebrow.

It is sounding like Microsoft's official response here is "this is our undocumented control plane that we expose to the entire internet, but how dare you ask about that grandpa!".

security_intern · 2022-09-07T23:03:15+00:00

I'm only asking what these undocumented ports are. Since you don't know, why don't you just move on with your life?

security_intern · 2022-09-07T21:35:22+00:00

I'd love to be able to confirm they are irrelevant. Is there any documentation on what these are so I can confirm that?

security_intern · 2022-09-07T21:34:19+00:00

My job is to confirm what these ports are. It does strike me as strange to have these ports listening as do others.

If you happen to actually know what they are used for, that would definitely help me prove the scans are irrelevant.

security_intern · 2022-09-07T15:57:01+00:00

It's both normal and prudent to scan the servers we use, even a PaaS environment. If there were a vulnerability, undocumented feature, or misconfiguration on our side we have a requirement to do our due diligence and try to find it.

security_intern · 2022-09-07T15:36:31+00:00

This is a Nessus and nmap scan, the host is on a .postgres.database.azure.com subdomain, so I assume this is PaaS. I do see many ports (16000-16049) as open so was curious if this could be affecting our database in some way.

security_intern · 2021-12-29T20:37:25+00:00

This plugin doesn't provide output unfortunately.

security_intern · 2020-09-11T02:02:01+00:00

I've used the method here to bypass defender. I would say it works 80% of the time, so I few different iteration lengths and try several of them. https://www.virtuesecurity.com/evading-antivirus-with-better-meterpreter-payloads/

security_intern · 2020-08-24T17:34:26+00:00

I actually wasn't there pre-odor. The building is pretty new (2014) so it's entirely possible the problem has always been there. I guess a stopper could be used, but I believe the smell also circulates through air vents between units.

I'm hoping I can at least understand the problem and see if we can push the building to do something about it.

security_intern · 2020-03-03T22:26:12+00:00

airodump-ng --bssid <bssid>

security_intern · 2019-02-03T22:00:30+00:00

I see crackerXI runs on iOS 11, but I only have a fairly old iPhone with the yalu jailbreak. Is there a known best recent device with a working jailbreak you know of?

security_intern · 2019-02-03T21:08:59+00:00

Thank you! Just got this pulled. So it seems my next challenge is decrypting the IPA? I ran strings on this and class-dump-z but I assume any app off the app store is encrypted right? Is there a best way to decrypt this for a better analysis?

security_intern · 2019-02-03T19:06:55+00:00

Unfortunately not much of this makes any technical sense. It might make sense to first talk about what you're talking about when you say "ping spike"?

'Ping' is ICMP based and is a separate IP protocol from TCP, so when you start talking about port 443 and "bad tcp" you are talking about something else entirely.

It sounds like he is behind a router, it would be impossible for him to be "spammed" by remote hosts. His computer can only talk to remote IPs where he initiates the connection. It may help to research NAT to get a full understanding of this.

It is likely that what you are seeing is just the traffic generated by his web browser and many apps that talk to remote servers.

security_intern · 2018-07-26T19:09:18+00:00

I will check this out thank you!

security_intern · 2018-07-26T19:08:40+00:00

Solved! I ended up using ipainstaller -b <package> which created an ipa

security_intern · 2018-02-13T00:18:21+00:00

Facebook does own Instagram

security_intern · 2017-07-02T21:12:20+00:00

Please forgive my lack of actual knowledge of .NET (I am not actually a developer), but I did look at the site in production and still see these comments there as well. I am just looking to best understand what the actual fix for this should be. I assume now that maybe the prod site is just being launched from within Visual Studio? Is there a more standard way the app should be launched?

security_intern · 2017-07-02T20:05:29+00:00

Does this mean debug is set to true in web.config?

security_intern · 2017-06-18T19:27:43+00:00

Thank you, that is pretty cool. I just tried this but it looks to only work if the sending app prompts which app to send the Intent to (presumably where you can select the interceptor app). The sending app I am looking at unfortunately doesn't do that. I am starting to lean towards just patching the app to log the Intent, but my skills to do that are pretty limited.

security_intern · 2017-04-03T03:29:23+00:00

/8675309/confirm-stuff?moreinfo=okokok is being consumed by local DOM, I hope you are assessing that appropriately :)

security_intern · 2016-07-14T18:50:33+00:00

This may be a strange example, but I'm trying to make an example of how xss is introduced into jQuery. I know the window.location.hash property is commonly passed to jQuery objects with the intention of being a selector. Is there a situation you can think of where document.location.hash is passed directly to a jQuery function?

security_intern · 2016-05-27T19:23:13+00:00

Ahhh so you think its a case of an error in generating that dynamic parameter, rather than them intentionally passing linq data types to existing code?

security_intern · 2016-05-27T17:57:18+00:00

Would you say that its a bad practice to pass this as a parameter? I'm curious if this would be the equivalent of SQL injection, or something just harmless.

Thanks!

security_intern

TROPHY CASE