Stole a goons lunch money today. When I said I wanted to just see @jaysonstreet today, I didn’t know that was going to turn into a conversation and him giving me this sweet chip! Great meeting you! You made this first defcon experience even better!
@SecShoggoth You can still get the exploit to work for the creation of a new account, but anything that requires authentication, like the RCE, you need a license to finish setting up the server. At least from what I’ve seen.
My MacBook and VMware users. I seem to be having a hard time finding VMs for analysis that support ARM. So far, remnux doesn’t support it and Ubuntu. Anyone have any recommendations? I’d like to build a Linux VM similar to Remnux and maybe one close to Ubuntu
For any of us who aren’t Cisco IOS experts, regarding the Cisco IOS XE exploits (CVE-2023-20273 and CVE-2023-20198), what “logs” are you checking to look for suspicious commands being run? @TalosSecurity had a great write up, but I’m wondering what “logs” are reviewed.
@reprise_99@DebugPrivilege More so, root cause analysis. Identifying patient zero, initial access and along the way, get a good understanding of behaviors and IOCs.
For anyone that works at an MSSP in DFIR. Once you get called to investigate an incident, how do you scope the incident at scale? For example, you analyze 3 systems, identify TTPs and IOCs, how do you then scope what other systems may be impacted.
Anyone have any recommendation on a good technique or client to view both EML and MSG files? For example, a user provided the above file type, and you want to view what the email looks like, attachments, and header information. Outlook is difficult to setup without an account.
@JackRhysider@BHinfoSecurity I collect interesting stuff like this to hang in my office. Been a big fan of both BHIS and your podcast for quite a few years! What are the chances I can get you to sign this for it to be forever in my office? DMs are open @JackRhysider 😂