Admin of lemmy.CapeBreton
Mastadon: https://mstdn.ca/@videodrome
There is nothing stopping it.
Proper verification is a good start.
Yes, but just added to the haveibeenpwnd db
FROM THE ARTICLE:
Exploitation and Impact
In GuardLapse, there are two main exploitation routes:
1. Cracking the Password Hash
Malicious Malory can set up a rogue SMB server. Instead of working as expected, this server accepts authentication requests and grabs the password hash.
If she cracks the password hash successfully, she gains access to whatever the WatchGuard AD account can access.
Even with ZERO privileges assigned to the WatchGuard AD account, authenticated access to the domain in AD environments exposes many attack avenues - Kerberoasting, user enumeration for password spraying, BloodHound recon, and more.
2. SMB Relaying
If other domain PCs don’t require SMB signing, she can directly relay the authentication requests to access targeted hosts, eliminating the need to crack the password hash! (This depends on the AD account having admin privileges on targeted hosts).
To show the impact, in my recent engagement, we transitioned from an unauthenticated device on the network to Domain Admin using this issue. We relayed WatchGuard authentication requests to get an initial foothold on several devices. We then exploited other vulnerabilities to secure Domain Admin privileges.
WatchGuard’s Response
When I contacted WatchGuard about the behaviour I observed, they responded promptly and helpfully.
They pointed me to the documentation about WatchGuard’s Clientless AD SSO methods, which they thought explained what I saw. When I asked about their plans to retire or rework this feature, WatchGuard said they might retire AD Mode but would keep the Event Log Monitor.
They also said they were exploring options to enhance the visibility of security risks associated with Clientless SSO based on my report.
Action
If you use a WatchGuard firewall and rely on clientless SSO, my current, unvalidated recommendation is:
Switch off AD mode and rely on the SSO Client. Remove the Event Log Monitor if you’ve installed it. NOTE: I haven’t validated this fix because I don’t own a WatchGuard firewall. If you want to collaborate to validate this fix, please get in touch!
I’ve also asked WatchGuard for their remediation advice given their customers’ current risk. Once they reply, I’ll update this post with their guidance.
deleted by creator
He’s very, very wrong and there are some good answers above as to the why.
Did he give you an example application where he practices this password-free lifestyle?
What are your opinions about this?
I just don’t understand his statement , can you elaborate more?
deleted by creator
deleted by creator
Fixed it … The image url appears to have overwritten the actual URL when I posted
https://thehistoryoftheweb.com/postscript/aol-pretends-to-be-the-internet/
If it’s not related to the topic of the community, report and I will remove.
I’ll be doing a cleanup of some of the feeds to remove some of the lower content sites over the coming days
Amass
The OWASP Amass project performs network mapping of attack surfaces and external asset discovery using open-source information gathering and active reconnaissance techniques.
Osmedeus
Osmedeus is a workflow engine for offensive security that allows you to build and run a reconnaissance system on a wide range of targets, including domains, URLs, CIDRs, and GitHub repositories. It was designed to establish a strong foundation and can adapt and function automatically to perform reconnaissance tasks.
PhoneInfoga
PhoneInfoga is an advanced tool to scan international phone numbers. It allows you to gather basic information such as country, area, carrier, and line type, then use various techniques to find the VoIP provider or identify the owner. It works with a collection of scanners that must be configured for the tool to be effective.
Sherlock
Sherlock allows you to search social media accounts by username across social networks.
Shodan
Shodan is a search engine for Internet-connected devices. Discover how internet intelligence can help you make better decisions. The entire Shodan platform (crawling, IP lookups, searching, and data streaming) is available to developers. Use their API to understand whether users connect from a VPN, whether the website you’re visiting has been compromised, and more.
Social Analyzer
Social Analyzer is an API, CLI, and web app for analyzing and finding a person’s profile across social media and websites. It includes different analysis and detection modules; you can choose which modules to use during the investigation process. The analysis and public extracted information from this OSINT tool could help investigate profiles related to suspicious or malicious activities such as cyberbullying, cyber grooming, cyberstalking, and spreading misinformation.
SpiderFoot
SpiderFoot is an OSINT automation tool. It integrates with just about every data source available and utilizes a range of methods for data analysis, making that data easy to navigate. SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line.
theHarvester
theHarvester is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red team assessment or penetration test. It performs OSINT gathering to help determine a domain’s external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using multiple public resources.
Great story!
Love reading all the nostalgia these historical tidbits inevitably bring up
That is an excellent interview … Thanks for sharing.
That certainly adds to the whole problem with payouts.
I sadly missed those days :(
“Eager to clear his name, Barker said he shared with the police copies of his credit card bills and purchase history at Amazon. But on April 21, the investigator called again to say he was coming to arrest Barker for theft.”