| 00:02:33 | | le0n quits [Ping timeout: 252 seconds] |
| 00:07:45 | | sralracer quits [Quit: Ooops, wrong browser tab.] |
| 00:58:17 | <@JAA> | 'Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization' https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a |
| 00:58:21 | <@JAA> | > the red team (also referred to as ‘the team’) gained initial access through a web shell left from a third party’s previous security assessment. |
| 00:58:24 | <@JAA> | *facepalm* |
| 01:01:24 | <that_lurker> | I wonder if there is/was an investigation to the reason a "backdoor" was left |
| 01:09:20 | <that_lurker> | s32 unix clock https://retr0.id/stuff/2038/ |
| 01:35:47 | <nicolas17> | JAA: damn, lots more fun stuff in that report |
| 01:36:27 | <nicolas17> | they ran a simulated ransomware on user machines (probably showing the scary screen but not encrypting anything) and only 2 out of 9 users reported it to IT |
| 01:37:29 | <kpcyrd> | JAA: I wish we could eventually stop clowning around with the kind of computer security that web shells are a part of |
| 01:37:51 | <kpcyrd> | you need to approach computers in a very specific way to have this kind of problem |
| 01:39:41 | <kpcyrd> | stuff like this is simply not a thing if the service was written in go/rust for example |
| 01:42:09 | <nicolas17> | kpcyrd: keep reading for more facepalms :P |
| 01:42:40 | <nicolas17> | "stuff like this is simply not a thing if you update your Windows Server 2012" |
| 01:44:08 | <kpcyrd> | > to fully compromise the organization’s domain |
| 01:44:17 | <kpcyrd> | ah yes, windows |
| 01:47:55 | <nicolas17> | and EDRs are for decoration |
| 01:48:42 | <@JAA> | nicolas17: Thanks, will give the rest a read tomorrow. :-) |
| 01:58:22 | <kpcyrd> | the full report does not mention what kind of tech stack was used for web shells to be a problem, if it was php this bug class could be killed with https://snuffleupagus.readthedocs.io/config.html#readonly-exec (or not using php in the first place) |
| 02:02:00 | <kpcyrd> | essentially your web app has no business writing into files that may get picked up for execution. this is like the silly brother of https://en.wikipedia.org/wiki/Weird_machine |
| 02:04:05 | <kpcyrd> | they don't seem to be listing this as a finding however |
| 02:11:32 | | jacksonchen666 quits [Client Quit] |
| 04:05:44 | | etnguyen03 quits [Remote host closed the connection] |
| 04:39:01 | | le0n (le0n) joins |
| 04:47:31 | <pabs> | ugh, mastodon are taking the piss. their "JavaScript-required" pages have the content in non-JS form *twice*: <meta content='...' name='description'> <meta content="..." property="og:description"> |
| 04:48:07 | | pabs working on a WebExtension for zygolophodon and just noticed... |
| 05:06:40 | | ducky quits [Read error: Connection reset by peer] |
| 05:08:29 | | ducky (ducky) joins |
| 05:20:37 | <steering> | >abuse sudo >no_root_squash enabled oh boy oh boy |
| 05:21:09 | <steering> | why was the web server able to sudo, yeesh |
| 06:21:23 | | ducky quits [Ping timeout: 260 seconds] |
| 06:27:45 | | ducky (ducky) joins |
| 06:33:03 | | ducky quits [Ping timeout: 260 seconds] |
| 06:40:19 | | ducky (ducky) joins |
| 06:51:25 | | immibis buys another 72 terabytes of youtube archive storage |
| 06:54:44 | | Jake quits [Quit: Leaving for a bit!] |
| 06:56:13 | | mls quits [Quit: leaving] |
| 07:08:23 | | Jake (Jake) joins |
| 07:29:21 | | Jake quits [Client Quit] |
| 07:29:44 | | Jake (Jake) joins |
| 07:39:31 | | riteo joins |
| 07:54:50 | | riteo is now authenticated as riteo |
| 07:55:35 | | riteo quits [Remote host closed the connection] |
| 07:55:44 | | riteo (riteo) joins |
| 08:52:02 | | BlueMaxima quits [Read error: Connection reset by peer] |
| 09:03:46 | <pabs> | https://libera.chat/news/llm-etiquette |
| 09:46:03 | | Naruyoko5 joins |
| 09:49:45 | | Naruyoko quits [Ping timeout: 260 seconds] |
| 10:45:38 | | ducky quits [Ping timeout: 260 seconds] |
| 10:49:38 | | ducky (ducky) joins |
| 11:35:20 | | rappet quits [Quit: https://quassel-irc.org - Komfortabler Chat. Überall.] |
| 11:36:44 | | MrMcNuggets (MrMcNuggets) joins |
| 11:37:19 | | rappet (rappet) joins |
| 12:00:02 | | Bleo182600722719623 quits [Quit: The Lounge - https://thelounge.chat] |
| 12:02:50 | | Bleo182600722719623 joins |
| 12:15:35 | | Matthww quits [Quit: The Lounge - https://thelounge.chat] |
| 12:20:22 | | sralracer (sralracer) joins |
| 12:25:30 | | le0n quits [Ping timeout: 260 seconds] |
| 12:36:02 | | le0n (le0n) joins |
| 13:11:12 | | le0n quits [Client Quit] |
| 13:12:19 | | Froxcey quits [Remote host closed the connection] |
| 13:14:23 | | le0n (le0n) joins |
| 13:19:49 | | Froxcey (Froxcey) joins |
| 13:21:28 | | Matthww joins |
| 14:37:32 | | etnguyen03 (etnguyen03) joins |
| 15:07:03 | | etnguyen03 quits [Client Quit] |
| 15:24:19 | | systwi_ joins |
| 15:38:35 | | etnguyen03 (etnguyen03) joins |
| 16:09:55 | <nicolas17> | pabs: https://invent.kde.org/frameworks/baloo/-/issues/7 |
| 16:36:17 | | Froxcey quits [Remote host closed the connection] |
| 16:44:00 | | Froxcey (Froxcey) joins |
| 17:38:06 | <@arkiver> | immibis: yay, for the archive in #youtubearchive ? |
| 17:38:12 | <@arkiver> | or your personal one |
| 17:38:19 | <immibis> | my personal one |
| 17:38:40 | <immibis> | i'm not really affiliated with anything archive team does apart from running workers sometimes |
| 17:39:03 | <immibis> | at some point i'll index it on distributed youtube archive, or maybe not, because they were dicks to me |
| 17:41:27 | <@arkiver> | what is "distributed youtube archive"? |
| 17:41:33 | <@arkiver> | immibis: but sounds good, that's a lot of youtube :) |
| 17:41:53 | <@arkiver> | also "another 72 TB", so you get 100+ TB now of youtube? |
| 17:44:57 | <TheTechRobo> | arkiver: Distributed YouTube Archive is a Discord server; I think you're in it |
| 17:45:11 | <immibis> | mind the distinction between raw storage capacity and amount of data redundantly stored. 72 TB of storage is 36 TB of data (i'm not doing erasure coding yet), is all drives from the same batch (so can't be the only copy of a file) and my storage pool in general holds more things than youtube |
| 17:46:26 | <@arkiver> | TheTechRobo: ah, it's been a while since i checked discord |
| 17:46:42 | <@arkiver> | immibis: impressive for a personal project, very nice :) |
| 17:46:53 | <immibis> | i estimate to have about 15TB of youtube, probably with a pretty stupid allocation of video quality |
| 17:51:11 | | ducky quits [Read error: Connection reset by peer] |
| 17:52:28 | | ducky (ducky) joins |
| 17:54:11 | | MrMcNuggets quits [Quit: WeeChat 4.3.2] |
| 17:55:39 | <kiska> | When I finish moving I plan to have 10RU of drives, and if my plan goes to plan(and I have the money to), it'll have about about 900TB of raw disks |
| 18:03:11 | <@arkiver> | that's crazy as well :P |
| 18:08:27 | <nicolas17> | a friend finally finished the slow Synology array enlarge process |
| 18:08:28 | <nicolas17> | https://cdn.discordapp.com/attachments/1067236365714083960/1309829662314070026/Untitled.png?ex=6743aa2e&is=674258ae&hm=268cc29749805242c276afdc5a85731d74dc2f2f6baadc28449fa42237bf253b& |
| 18:08:51 | <nicolas17> | raw storage 238TB (8x16 + 5x22) |
| 18:15:47 | | etnguyen03 quits [Client Quit] |
| 18:27:07 | | etnguyen03 (etnguyen03) joins |
| 18:50:55 | | murb quits [Quit: gone] |
| 19:01:11 | | etnguyen03 quits [Client Quit] |
| 19:31:18 | | th3z0l4_ quits [Ping timeout: 252 seconds] |
| 19:32:15 | | th3z0l4 joins |
| 19:35:26 | | etnguyen03 (etnguyen03) joins |
| 19:41:35 | | BlueMaxima joins |
| 20:51:38 | <myself> | how long did that enlarge take? |
| 20:56:30 | | nicolas17 quits [Ping timeout: 260 seconds] |
| 20:59:53 | | nicolas17_ joins |
| 21:01:59 | | nicolas17_ is now known as nicolas17 |
| 21:02:06 | | nicolas17 is now authenticated as nicolas17 |
| 22:37:10 | | franga2000 leaves [The Lounge - https://thelounge.chat] |
| 23:07:25 | | Naruyoko5 quits [Read error: Connection reset by peer] |
| 23:08:17 | | Naruyoko joins |
| 23:46:10 | | etnguyen03 quits [Quit: Konversation terminated!] |