"...Less repercussion, more discussion"
9 hours ago
I briefly covered this topic before here https://inocul8r.net/session/community/in-the-news/wannacry-hero-sic-marcus-hutchins-loses-evidence-bid/#post-1938 but in the news recently is a statement that Marcus Hutchins has pleased guilty to the ransomware charges levied against him in the US. And here's the ironic part. People within the infosec community all seemed to jump onto the "innocent" bandwagon - mostly his parents, who may now just regret the below statement they madeMr Hutchins said:...... Read More
Quora is stalking you...
3 days ago
I went looking for specific information concerning one of the custom functions I'd written for this site, and somehow, landed up at Quora. In all honesty, the information was useless, so I quickly moved on. What I didn't realise is that because I'm using Chrome, my Google account is active (so that I have access to Google's other services etc). To my unpleasant surprise, after a few days, I received an email from Quora that looked like the below[attach]42[/attach]The absolute cheek of it. Not...... Read More
Centralized authentication service suggestions
Help & Advice
Hi,I would like to know what you guys use for central authentication services. I know mainly it would be Windows AD, Kerberos, LDAP. Are there good alternatives to those? Something not to complex to set up but also robust. There are existing employees that are permanent but also there are guests that come and go and need to authenticate to the system for various reasons/tasks. Thanks
Managing credentials within automation scripts
Help & Advice
Hello Community,Let me shake off some of the dust on my keyboard as I've been absent here for some time.The question I came across recently and got no solid answer was: How do you manage credentials within automation scripts? I have a number of python/bash scripts that interact with different systems via API. The account itself that is used to call API has permissions to pull, alter, delete records etc. Now, I wonder what are the best practices in doing so. I don't think putting...... Read More
Adding code to your posts
Need to include code in your post ? Inocul8r now fully supports the addition of code. Insert the code you want to add, then select it Once selected, press the "code" icon as shown below[attach]41[/attach]Which means this<html><head><meta charset="utf-8" /><title>Making Quines Prettier</title><!-- The defer attribute is not necessary for autoloading, but is necessaryfor the script at the bottom to work as a Quine. --><script...... Read More
Help & Advice
I'm currently in the process of migrating our firewall syslogs away from our current vendor, and need a minimum of one year retention to satisfy the regulatory requirement. My problem here is that if I leave the Fortinet firewalls "as is" with logging, each one is going to effectively be dumping up to 4Gb per day. Multiply that by 10 and it's going to get expensive .I don't need the "chatter" that logs typically generate but it seems difficult from the Fortinet perspective to tune the logs down...... Read More
So here goes...I used to be a big advocate for Elasticsearch. The more I use different tools for different things, the more I find that, while the tool might be brilliant on its own for certain things, it's not exactly great on its own for what I need.Data Science is hard. The good thing though is that you can use the same dataset for multiple different types of Data Science. For example; Marketing can use data from web servers to look at trends and promote or demote products based on...... Read More
Threaded discussions !
Well, after a long weekend creating new code based on an idea for increasing engagement in discussions, it's finally here - threaded discussions. Yes, I can picture you rolling your eyes and thinking "it's been done before", but I assure you, it hasn't - at least, not in this sense. Discover and join a new community that tackles all issues - not just the popular ones - and won't treat you like something we've just stepped in. And in case you're wondering, Inocul8r really is, well, "sexy" 😊...... Read More
Getting a TON of these lately - 6 today in succession actually. Anyone else noticed a steep incline in robot recorded messages ? Typically, those pretending to be from the internet service provider.....[fill in the blanks].....please press 1 to call us back (and be charged an outrageous premium rate whilst we empty your bank account)... Seemingly, these are from mobile/cell numbers (in the UK at least) - any ISP worth their salt isn't going to call you from a mobile number 🙂
Domain credential checking
Darkweb credential checking seems to be springing up all over the place at the moment. Has anyone used one of these services or do you just rely upon haveibeenpwned?I'd be interested to know people's thoughts if you think this is a worthwhile service, if so why you think this. Personally I'm not sure on them, I'm also in the opinion do I trust such scans? Although I haven't looked into it that much.If you do use them, which ones do you use?Marcus
I went to have a look at Facebook's policy pages, and hit the F12 button - as you do if you are a nosy [email protected] and a security geek. Here's what you get[attach]40[/attach]What sort of message does this convey to a would-be criminal ! 🙂
Hi all!I'll be posting here the different free online tools that I've found, and I'll try to update this post with the new ones I find, and the ones people share. That way we'll always have on top the updated list.NoVirusThanks, has a collection of free software to downloadhttps://www.novirusthanks.org/Website Reputation Checker:https://www.urlvoid.com/I also use Fortinet's FortiGuard service (palo alto has a similar service)https://fortiguard.com/learnmore#wfFree Playbooks from Incident...... Read More
[attach]39[/attach]The UK government has put forward proposals in order to regulate social media companies over harmful content. Once (if) passed, these regulations could include large fines and the ability to block services that refuse to remain complicit. There will be a consultation until the 1st of July in relation to plans for the creation of a legal "duty of care towards users", which overseen by an independent regulator.Presently, when dealing with graphic content, social media platforms...... Read More
How efficient is your security framework ?
Anyone working in the information and infrastructure security space will be more than familiar with the non-stop evolution that is vulnerability management. Seemingly on a daily basis, we see new attacks emerging, and those old mechanisms that you thought were well and truly dead resurface with “Frankenstein” like capabilities rendering your existing defences designed to combat that particular threat either inefficient, or in some cases, completely ineffective. All too often, we see...... Read More
I read this with a mix of amazement and disgust in the paper recently. Admittedly, it's The Sun, but it's all over the news - https://www.dailymail.co.uk/news/article-6754243/British-grandfather-67-fell-10m-phishing-scam-faces-life-Japanese-jail.html[attach]38[/attach]This guy is now in serious trouble having been caught acting as a mule for West African drug smugglers attempting to enter Japan customs carrying drugs with a "street value" of one million. This is a heinous crime on the part of...... Read More
inocul8r.netMore Like This Login Register
I briefly covered this topic before here but in the news recently is a statement that Marcus Hutchins has pleased guilty to the ransomware charges levied against him in the US. And here's the ironic part. People within the infosec community all seemed to...
Last Response Mark Cutting, 9 hours ago
Thanks for the suggestions! Someone else mentioned vault to me before. I'd need to take a look and see how it can be integrated. I had another tool I was looking at - credential manager - and they had a working example of a script to pull creds from serve...
Last Response Rinat Kirimov, 1 week ago
Need to include code in your post ? Inocul8r now fully supports the addition of code. Insert the code you want to add, then select it Once selected, press the "code" icon as shown below Which means this <html><head><meta charset="utf-8" /...
Last Response Mark Cutting, 1 week ago
So here goes...I used to be a big advocate for Elasticsearch. The more I use different tools for different things, the more I find that, while the tool might be brilliant on its own for certain things, it's not exactly great on its own for what I need...
Last Response Ken Gilmour, 1 week ago