Access Check, Malicious Life, Node.js, Tor, SQL Server, Outlook
Funny access story. This made me really laugh. I watched for a while how the guard checked persons passing into a restricted space which required a permission. I did notice that she didn't have a proper procedure of checking people in ordered fashion. I had a colleague whom I wanted to get into the space, but she didn't have a permission with her. First I thought about providing her a copy of my valid entry badge, but because those had unique QR-codes and were scanned upon entry, I immediately thought that it wouldn't be a good plan, because it's highly likely to fail. After watching the process for a while and figuring out that the guard was bit tired and unfocused. I just whispered her that when it's time for us to be checked, just stand directly behind me so she won't see you. And guess what, it worked. The woman checking IDs and badges just looked a bit around seeming slightly confused, but let me (us) go. I guess she might have had some kind of small memory clue of seeing her with me earlier. But at the time, she didn't see her. Nor bothered to check the situation slightly afterwards again. One of the funniest things ever. Just like tailgating, some things just work so well in real-life. When people don't really pay attention. Of course this isn't anything new. As we've seen so many different magic shows. No need for any kind of distraction which might bring in extra attention, if just the as boring as possible way works well. Because there were some not so funny warning sings, like unauthorized access might lead to prosecution. But isn't the version where it says "Trespassers will be shot, survivors will be shot again" much more efficient, or simply "mines"? - Anyway, she did have a badge, but she forgot it. In case it would have lead to some kind of investigation, it would have been totally possible to talk yourself out of it. - Great example of things that possibly can't work out, but did after all.
Malicious Life - Multi-Stage Ransomware (@ malicious.life)- Good stuff. Yeah, it's really scary how advanced some attacks are, execute by professional ransomware / extortionist teams. Are your backup systems / solutions up to the challenge.
Helped a friend to setup a Node.js instance on Red Hat (RHEL 7.8), as well as configure required cloud firewall rules and port forwardings, etc. Fun stuff! Job done, and it works. Now the server servers static pages and node.js javascript apps nicely through Cloudflare. And it took just a few hours, even if it was first time on this specific stack ever. Launching servers, configuring cloud firewall, port forwardings (yes, some enterprise providers still don't provide public IPs to all systems, because "it's a risk", duh), configuring server firewall, ssh, adding keys, installing Node.js and MongoDB, securing settings and leaving the system for further development use.
Large number of - Tor Exists found out running sslstrip (@ blog.torproject.org). I think I couldn't say I'm surprised. Looks like pretty obvious attack vector and hardly anything new. Nothing to add, if you don't follow security basics, you're vulnerable to attacks like this one. Only interesting part about this news, is large percentage of exit nodes being involved, ie. run by the attacker. Should make it pretty reasonable to expect that any plaintext traffic over tor exit nodes is highly likely to be captured, either by authorities or possibly malicious actors.
How to stop the onion denial (@ blog.torproject.org). Read the article. Yes, as mentioned, DDoS attacks worked well against onion and non-onion sites (via tor) by using swarm of Tor-clients and torified load generator behind that. And back in days the new identity APi call also worked well, so it was possible to easily switch to new exit / fresh routes.
One colleague said that you can't backup SQL Server Database without access to local file system. Which of course isn't true. You can back it up to URL or Generate Scripts including schema and DATA. Yep, both options work for disaster recovery. In case you don't have direct access to the SQL Server instances file system. Once again, so much disinformation.
Microsoft Outlook (desktop) and ultra bad code, it keeps creating more and more .nst files. Honestly who (if nobody ever) thought or verified logic of this code? (This was also probably linked to the TPM failure (?!?)).
2021-10-03