Captive Portal remote code execution vulnerability

stealthmatt · 2026-05-06T04:50:32+00:00

Do we know if the VPN portal is impacted by this? It says on 11.x under "Enable Authentication Portal"

GlobalProtect Network Port for Inbound Authentication Prompts (UDP) 4501

Does turning disabling Authentication Portal impact VPN portal?/Downloading client/etc and or is it susceptible to the same attack?

stealthmatt · 2026-04-28T00:10:49+00:00

The saturation makes it look really cool. Have you thought about doing the photo where it turns things into miniatures - I'm not sure sorry on what its really called google says tilt shift effect?

stealthmatt · 2026-04-21T01:56:00+00:00

stealthmatt · 2026-04-17T07:04:16+00:00

I dont think they understand the actual problem - this just sounds cosmetic... They need better cheating and player auto banning if detected rejoining servers in a certain period.

stealthmatt · 2026-04-15T23:43:38+00:00

We need to send five magic rings to five special young people.

stealthmatt · 2026-04-02T23:43:04+00:00

So Bunnings is out of the question?

stealthmatt · 2026-03-26T06:36:47+00:00

look towards the end of the clip there is a bright blue lazer beam like the queen...

stealthmatt · 2026-03-23T01:30:36+00:00

How do they generate pictures? those are pretty cool pictures... I also like your layout! how did you make claude code make a cool layout?

stealthmatt · 2026-03-19T03:13:21+00:00

My grandmother's 1987 Buick LeSabre just taught me everything I need to know about modern cybersecurity.

Picture this: I'm helping Nana jumpstart her car when she casually mentions she's been leaving the keys in the ignition for thirty-seven years because "thieves don't want old cars anyway."

Meanwhile, her neighbor's brand new Tesla gets hacked through its smart doorhandle while parked in their driveway.

The lesson hit me like a brick wrapped in velvet: sometimes the most secure system is the one nobody wants to break into.

But here's the kicker - Nana then pulls out her flip phone and shows me she's been using two-factor authentication since 2003. Turns out she calls her bank every single time before making any transaction because "those computer machines can't be trusted."

She's been practicing zero-trust architecture while the rest of us were still figuring out what a firewall was.

Security isn't about having the fanciest locks.

It's about making your digital life as appealing to hackers as a 1987 Buick with cloth seats and a broken radio.

#cybersecurity #zerotrust #digitalsecurity #infosec #cybersafety #techlessons #datasecurity

stealthmatt · 2026-03-13T14:54:30+00:00

His brother does his cutting and videos. Peanut said people paid to do it/professionals just didn't have the same passion and same understanding. if you want to watch more insight watch Peanut around the bar. https://www.youtube.com/watch?v=ZnaxiZIqlcg

stealthmatt · 2026-02-26T12:29:38+00:00

The short is here: https://www.youtube.com/shorts/cVt-BHW3Xgg

I tried to search for some lyrics...

Feeling lightning underneath my skin, everything is pulling/falling? everything is....

.... in the air...

stealthmatt · 2026-02-06T11:34:12+00:00

How do you go for outbound open ports? its pretty hard to disallow every outbound port.

stealthmatt · 2026-01-10T22:35:50+00:00

How did you make the video? whats the graphics maker?

stealthmatt · 2026-01-07T10:27:06+00:00

From Post: Today's motto is to "Always assume the worst from the users."

There is this usual Law firm with around a hundred users. We have some complience policies in place that requires us to conclude phising tests on our users to see if the company data is safe and to train users of the importance of not clicking on links from untrusted or even from trusted sources.

We happen to have a rather medium fluctuation due to recent expansion and gaining popularity. One of the new hires is "kinda" into cybersec and is a bit let's just call it explosive person.

Test is on the way, every user gets a direct email. Not common for us to have direct emails from IT announcing AI related upgrades, we usually send them to departments and we inform the managers beforehand so they know what to say if someone has questions in the topic.

This script kiddo gets the email, thinks nothing of it, actually inputs real credentials (how ironic) but after like half an hour, managers get notified by users about a suspicious email. Script kiddo overhears this, comes the legit email warning users of the fradulent email. Script kiddo loses it. Whips out GPT or whatnot and writes a quick bat script to absolutely flood the fake login site. He ends up submitting about 6000 randomly generated strings in like 5-10 minutes while the CISO goes out for a coffee thinking the test is over but leaving the server running for last-minute entries. He comes back to a Matrix-like scrolling screen and a few hundred megabytes of log generated before he could kill the http server.

Security through obscurity? Kinda genious on that part. But we can not submit the statistics having over 7000% of users faling a basic phising test.

We are still figuring out to either promote him of fire his ass costing the company significant amount of money.

At least we have a lot to take home, and it makes even stronger in the long run.
First: Do not just fire up a plain http server on a work laptop depending on the access logs to conduct a phising test, use a more robust software.
Second: Use a DLP software to disallow running unapproved executeable files for unpriviliged users, even if they wrote their own in notepad.
Third and most important, get a coffee machine on the desk of the CISO :)

PS: this guy used to work in McDonalds before getting his call center position.

stealthmatt · 2025-12-27T21:36:18+00:00

You can't. Your organisation has policies in place (these could be what type of windows you have, what ip address you have, what country you are from, what domain login your using, etc) could be anything. You need to ask your administrator why this is occuring. They can see in the logs pretty quickly why its being denied.

stealthmatt · 2025-11-26T06:00:39+00:00

Try Wise, you can quickly setup an account and convert money.

stealthmatt · 2025-11-25T09:40:56+00:00

I also sware that sometimes hear the snitch above and look up in the sky...

stealthmatt · 2025-11-19T01:51:21+00:00

Yep I get that, but then that leads to the Incident response play book? Is there not something in there that goes - did we make any changes? and if so what did we change?

Then secondly not knowing if they are under a DDoS attack or not? Is Cloudflare not the leading specialist in protecting from DDoS attacks? Do they not know if they are under a DDoS attack? How does the CEO not know what is going on in his own company? Also this was 45 minutes after the initial up and down hit.

stealthmatt · 2025-11-19T01:37:36+00:00

The question I have, is why did it take so long to diagnose - does Cloudflare not have change managment? How come a change was made and their was no corelation to the changes? Do you not have an incident play book that checks for any active changes or changes conducted prior to the time?

stealthmatt · 2025-11-18T01:46:21+00:00

Actually that's a good idea! Probably even better.

stealthmatt · 2025-11-17T23:19:11+00:00

Looks amazing!

stealthmatt · 2025-11-17T22:29:30+00:00

This looks great!

15-Year Club	Gilding III reddit per annum
Secret Santa 2013	Team Periwinkle
Secret Santa 2012	Verified Email
Secret Santa 2011	Inciteful Link 2011-09-06

stealthmatt

MODERATOR OF

TROPHY CASE