Hi
from AnOtterCity
This is an example.
Reader
Read the latest posts from Infosec Press.
Looking ahead to 2024
from Personal Blog
2023 has been a huge year for me, for many lows in my career, as well as amazing highs. However I’ve always felt something missing, an urge left unscratched, so I’m making this post to plan out my 2024 personal projects and learnings that I want to undertake; a sort of “reflection journal” if you will.
Throughout 2024, I plan to revisit this post to reflect on what I’d like to achieve and how I’m tracking in achieving my goals. This will be followed up with a post detailing how everything is going, what my highlights have been and any potential blockers I’m facing. So, let’s begin with the goal setting!
In no particular order: – Publishing 2-3 articles on my security blog: I’m already in the draft stages of 1 post, however I got lazy and sort of lost interest. Once I can get that closed off, I have a feeling the rest will come more naturally and I should be able to achieve this quite comfortably. – Filling out my repo with content: Standing up my repo and filling it with content is a huge item on my list for the coming year. This will not only help my personal understanding of my security work but also give me something tangible I can use throughout my career. – Filling up my Wazuh instance with agents and directing logs to it via Syslog: Mid-2023 I stood up a Wazuh instance on my internal network, on a Raspberry Pi 4. Currently, I only have 1 agent connected to it and I don’t check it nearly as often as I should. Going forward, I want all computers to have agents installed, and gather logs from my IoT devices to ensure nothing dodgy is connecting to my network. On top of this, working on automations so I don’t have to check things manually will be a huge assist. Having an internal SIEM isn’t something I’ve stood up because I’m paranoid, rather it will help me gain skills across other platforms to help further my career. – Stick to a fitness plan: Looking after my health isn’t something that’s been top priority for me through my 20s, but with 30 fast approaching I’m starting to feel the repercussions of not taking it seriously. In 2024, I want to become much more disciplined with my health, going for runs, lifting weights and generally being more healthy so I’m around on this Earth for as long as possible.
Here’s to a prosperous 2024, for everyone! 🥂
The "olux" and/or "oxo" or whatever guys
from Ducks
Their telegram account: hxxps://t.me/oluxshopsite/ 2 336 subscribers Olux Buy Tools, Shells, web shell, RDP, SSH, cPanel, Mailer, SMTP, Leads, Webmail, Cards, Account, Pages, olux, Olux SHOP, olux store
hxxps://t.me/oluxshopsite/729: Tutorial Video Cpanel & shell & Smtps & Mailler 1$-10$ Rdps & Office logs & Leads & Numbers 1$-20$ Accounts & webmails & Pages & Methods 1$-500$
you can top up your account instantly few seconds with bitcoin Send the exactly number of Bitcoin or more don't close the payment page. u can refresh page
Any Problem with the order:Submit report to seller Seller didn't fix problem within 5 hours.We will refund Buyer. Buyer didn't reply within 24 hours after seller.We will Close report. Note:avoid multi reply. hxxps://olux.li hxxps://oluxshop.li t.me/oluxshopsite/729 edited Sep 28 at 07:43
cdn4.cdn-telegram.org/file/cff2fa7546.mp4 —> not able to catch that one.
IP-address 162.55.238.94
I first stumbled across a cryptofraud site on that IP. But I also found sites on the same IP with hidden content. One or more lines with the following content on one or more pages on the same domain, first example: view-source:hxxps://www.bitwealthasset.com/ : hxxps://www.oxo.si/'>Buy Spamming Tools, Shells, web shell, RDP, SSH, cPanel. I don't know the value of this, some kind of “seo” maybe? Other domains with the same or variations of the code:
bluerichfoods.com bxplorer.online tocpharmaceuticals.com euphoriaeventplace.com (24 rows with the code) abbasheartinternationalministries.com abdanielstradomedhospital.com caishencharteredtrust.com capitalgrowinvest.com capitecfin.com cattyinvest.com cheeckstox.com educurrency.top
citricosartaca.com is apparently a blank page, but contains almost 40 lines, but with additional domains and keywords in the code. Contains links to the following domains: oxo.vc (gone), oxo.si (127.0.0.1) and oxo.is (which celebrates christmas). “Buy Leads”and “SMTP” has sneaked in some places in what “services” they seem to provide.
clarity-options-trade.com climaxpaytrading.com coinswalletsapp.com commercial-trading.com conexriseltd.com crescent-funds.com crownenergy-investment.com cryptohive.online cryptohubmine.com cryptoinxhange.com cryptotradinggai.com bettercryptoinvestment.net climatefitsolutions.com educurrency.top (redirectet from chuksblog.top) clarity-options-trade.com climaxpaytrading.com cloudminingcity.com coinstitude.com combdb.com commercial-trading.com corporateuniontrustbank.com couttss.com cryptnetverse.com cryptoevolution.info cryptohubmine.com cryptoinxhange.com cryptoref.info cryptospotpro.online daily-gt.com dashtradefx.com debulad.com decentralisedincome.com deroyaleservices.com doubleyielders.com empablockmarket.live eqtycdf.com euphoriaeventplace.com expertminer.online firstcornerstoneb.com firstmidwsb.com firstspringcu.online flaretrustline.app ftxdailyincome.com fx-primetradhub.com fxnetworktrading.com getmypins.com/manage/ ggemfx.com glimcoinfx.com globalbestcutbutchers.com (in total 190 lines of code) globalbinarycpro.com globalprimefinance.com globalsignalexpertmarkets.com globewritershub.com glockamory.com gnbancorp.com godfelhrconsultancy.com goldenmovicltd.com grandoption.org grantbakingonline.com greencoastonline.org greenpathtb.com greenpathtrust.com gricunashr.com hakkbully.com hakkdomain.com hakknocrat.com haloinvestpro.com hashmarketfx.com heritagecapitalfx.com heritagecf.net heritagepvltd.com hfplatform.live hoardblockexplorer.info hoardfx.com hoperbookings.online horizonjury.com icbcsbnk.com iconiccanna.com trades.idealtradesignal.com instaplug01.com intconib.com intertrustbk.com itechglobehack.com jkcostant.online kathleencahillmariconda.com kryptofxcore.com legacycrf.com legcreditf.com liamfinancing.com liteinterext.online luminerybank.com lumineryfb.com luxorrtech.com masterfxtrade.live mauricugointernational.com mectomfx.com megafxoptions.com midascryptotrade.com milesassetltd.com digitechcompany.cloud/en/public/ (redirects from minecoins.online) moleystonescapitals.com mycrypai.com mypnconline.com myviasupport.com nationalcreditunion.online niketradeprime.com northcelly.com northernsb.com omegafinanceleasing.com optimoser.com optimuminternationalmarkets.com ordezenterprise.com peakhash.com pinb.online premier-option.com primeglobalinvestments.live/home/ profxcrypto.com prohakks.com propertiesloans.com prudcrb.comstockstradersfx.com standardcorpb.com stuartfellstaffordshirebullterriers.com successfulfx.online suisepay.com surfhakks.com swisslitebank.online syngenresources.com tcloudusdt.com tescoinv.com titantrustb.com (site copied from cnl.com, which was registered in 1995 and seems “legit”) tnbancorp.com tocpharmaceuticals.com (on a buttload of links on this domain) tokssphere.com tonensiadiamonds.com top-m.online topromedics.com torchcart.com trippydelics.store tsbcadvisor.com ualliancecrdu.com ultimafxoption.com ultimaterealistic.com ultimatexplorer.info
ultrafxoption.com * A bit interesting is that the code did not exist on ultrafxoption.com on November 30th 2022 according to urlscan.io. But shows up in a scan in December 2023. Did all sites got this code injected in this timeframe? Can only speculate. Or use a lot of time trying to find out.
uniqueglobaloptions.com vacationdepts.info vertextradings.com vitalityplc.online waxiprofit.com wcouservice.biz web-gmd.com westagefinance.com * According to urlscan this domain contained the code also on December 4th 2023 winnersviewoptioninvestment.org wisgodynamic.com wmovelogistics.com wolf-trademarket.cfd world-miners.com wourld-cour.com xiloans.com xpressct.com xtrafcb.com xtrainterextcorp.com xtrainterextfb.com xtrainterextfcb.com xtratreasury.com ysmbundle.com ziraatinternationalcorporation.com * According to urlscan this domain contained the code also on September 11th 2023
citricosartaca.com is apparently a blank page, but contains almost 40 lines, but with different additional domains and keywords in the code. Contains links to the following domains: oxo.vc (gone), oxo.si (127.0.0.1) and oxo.is which celebrates christmas. “Buy Leads”and “SMTP” has sneaked in some places in what “services” they provide.
Various search engines gives hits to other sites on the same IP, but the hidden stuff is now gone: fujowillbusiness.com/sample-page/ wmtips.com/tools/info/sh3elltools.to hxxps://www.hotelfontana.de/magazin/tag/ayurvedische-reinigungskur/ hxxps://albertfinni.com/gva_template/crowdfunding-single-template/
Some sites appear in searches, but are now gone: lufix.pro, lufix.to, oluxshop.to
Domains, variatons of oluxshop.[tld] oluxshop.to (127.0.0.1)
Domains, variatons of olux.[tld] olux.to
ICQ: hxxps://icq.im/oluxshop
A now apparent dead facebook account: hxxps://www.facebook.com/groups/buywebshell/ sh3elltools.to seems somwehat related.
from Dr. Sbaitso
Why I won't buy Androids
I was talking about new phones with a friend a few days ago, and he asked about Android choices. I told him I won't buy any Androids, for a bunch of reasons. This is social media, I'm into my second boozy eggnog. I figure I'll share those reasons here too. Most of the reasons are around Google itself, and some how it's handled Android. Only one is because I'm a petty bitch with a collection of heirloom grudges.
First and foremost, Google is an advertising company with a search engine and a browser and a video hosting service and a mobile operating system all designed to keep your eyes and ears on their advertisements. For FY2022, 80% of Google's revenue came from advertising. Given the lengths I go to avoid ads everywhere else, putting a little ad machine in my pocket doesn't make much sense.
Aside: I go to extreme lengths to block ads. I have a very aggressive PiHole setup. My daily browsing is through Vivaldi (which has a built-in ad blocker) (But the new Direct Match stuff defaulting to On is pretty fuckin' shitty, Vivaldi) and also running an over-packed μBlock extension. Secondary browsing goes through Firefox with a similarly-configured μBlock. I also have a WireGuard VPN running on my iPhone so whenever I'm not on my own WiFi network I'm tunneling back in just to use my PiHole. Vivaldi on iPhone also has a built-in ad-blocker.
Besides the ad biz, I don't trust Google overall. It started with Google Reader, but Google is quick to drop the blade on the neck of any product/service/app that doesn't have a VP championing it. The other recognizable names include Google Wave, Google+, Google Fiber, and Google Stadia. What's going to be the 300th entry in the Google Graveyard? They're at 293 right now, so I expect we'll hit 300 by April 2024.
Zooming back out to the state of the internet today, I honestly think Google and Facebook are tied for doing the most damage to the internet and society at large. Their pervasive advertising is enough for me to stay far away from them. But their stains run far deeper. Google Search is now completely useless. Everything is a webpage now. I've lost count of the companies they've either acquired and killed or cloned and killed. They've built data profiles to rival Facebook. And Youtube will gleefully auto-play viewers into misogyny, conspiracy, and rightwing fascism.
On Android specifically, Google has been an exceptionally poor steward of the ecosystem. Flagship devices now get a few years of updates, but anything down-market may get a year of updates before being forgotten like the fifth child at an after-school activity. Google could enforce feature and security updates for a minimum period of time, but they've chosen not to. And it's only improved to the shameful level now somewhat recently.
And they've been spreading this fast-fashion/ewaste-speedrun philosophy to the laptop formfactor too. They're goddamned laptops, not milk. I have an Alienware M11x R1. It's from 2010. It still runs Windows 10. Poorly. But it can still get OS and security updates 13 years after release. It's a functional print server for my old Brother laser printer that I bought in ~2007 that only has a USB-B interface.
Beyond the shameful state of Android updates, the Google app store is a fraudulent mess. It's been a problem for years and it's still a problem today. It's impacted millions of users at this point. If the Google Play store is going to be the premier source of Android apps, Google needs to get a lot better at protecting users from bad actors. For devices that contain so much of our lives, failures to protect against financial theft is unacceptable.
And Google themselves are part of the problem. We're over-due for Google's next chat app shakeup. I think. And that's just Google. The phone OEMs can replace it with their own uniquely crappy SMS/RCS/Proprietary pile of crap. Going back to the problem of executive champions and vision, nowhere is than absence clearer than the absolute clusterfuck of Google chat apps.
Finally, I mentioned above that I'm a petty bitch. My family holds onto grudges like most folks hold onto fine tableware or farmland. Case in point: My grandfather got screwed over by a Shell gasoline station. He wrote to corporate to explain the situation, and found their answer... unsatisfactory. Nobody in my family has gone to a Shell station since.
My grandfather died over a decade before I was born.
But I have a very personal grudge against Google. They blamed me for something they broke, and have never to my knowledge apologized for it.
Many, many years ago I worked at a small firm. This was when Windows 7 was at its peak, and Windows XP was still very common/well-supported. We had a line-of-business app that was dependent on certain components of Internet Explorer. If you tried to access the web launcher from something other than IE, it would break in really unpleasant ways. Since some of the LOB usage was time-critical, when it broke it was a priority issue.
This was also the time Google started to spread Chrome like herpes. We weren't a big firm, and we didn't have great tools for controlling third-party applications and their updates at the time. Remember, this was almost 15 years ago. I've learned a lot since then, and the toolsets have improved a lot since then.
So folks would just push the button to update Adobe reader, next next next finish. The work we did was highly technical, and again: ~15 years ago, small business, most folks had local admin. We didn't have the tools to do a good job controlling these things. And updating an existing Adobe reader install would “helpfully” install Chrome and set it as the default browser. The LOB “app” was a shortcut on the All Users desktop that pointed to the webpage.
Google Chrome could not support the critical application. So I'd get a panicked phone call from a user because the critical LOB app was failing. I'd either walk over to their desk or RDC into their machine and uninstall Chrome. They'd go back to work, fill out the time-sensitive information, everyone was acceptably content.
Until they tried to click a link outside IE. Say, a link to something important in Outlook. Turns out, Google did a shit job coding the Chrome uninstaller, and left HTML file associations (what Windows uses under the hood to understand it needs to pass data to a browser) just... empty. And in Windows 7, that leads to a specific error message: “This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.” Hey guess who the System Administrator was. Guess who everyone thought was blocking something they needed to do for work?
Eventually I got the tooling and controls in place to prevent Google Chrome from installing itself where it shouldn't (part of the user profile), and finally blocked the garbage of early Chrome from my corporate domain. It wasn't technically a virus, but it sure acted like one. It sure caused a lot more headache than any actual malware. And I still carry a grudge for the shitass job Google did when spreading their little browser-glitter all over my matte black Thinkpads.
So now my phone is built by Apple. They have plenty of different problems, but Google products are absolutely disqualified.
I really wish Microsoft hadn't given up on Windows Mobile/Phone. A third player with real marketshare would be good for everyone. And comparing the ROG Ally to the Steamdeck highlights how weak Windows is on smaller devices and interfaces that aren't keyboard & mouse. Having an ARM-based processor base would have put Microsoft in a better place to really compete with Apple's M processors. Having an XBox Mobile/Handheld/Go would be amazing. #RIPWindowsPhone
So yea. I don't trust Google for many reasons. Android itself is a mess. And I'm petty as fuck. That means an iPhone is my only option.
from Impossible Umbrella
A while back I bought a The C64 – and found it to have a broken (stuck) key.
https://infosec.exchange/@ImpossibleUmbrella/111433640609308825
In that thread @markkrueg@treehouse.systems expressed an interest in my posting some photos of how the keyboard mechanism works.
Well with Christmas coming I've had a few days off work, and have finally had time to do that.
To open the case, you just need to undo the three screws along the front edge. It then opens like a book – you just need to carefully unclip the back edge. Note that all of the screws are just self-tapping screws so be careful not to over-tighten when putting it back together. Also note that there are a number of distinct sizes – so keep careful note of which screws go where!
There's very little to see inside the machine. The keyboard is fixed to the “top”, there's a small PCB for the side ports of the bottom, and then everything else (inclduing the CPU) in on that tiny main board.
To remove they keyboard to work on it, undo the nine screws in the black plastic part that hold the keyboard to the case. (You can't see very well from the photo – but the 9th screw is in the top-left corner by the keyboard connector. You can (or at least I could on this model) undo that without removing the keyboard connector – but as you'll see I later took that off too, to make it easier to wok on the keyboard itself. There are two screws holding down that small metal bar, and there's a rubber piece underneath that. (Note for reassembly, that goes with the smoother side up, and the textured side down – I'm not sure it makes a huge difference – but always best to put things back the way you found them right!).
Having removed the keyboard, the next step is to disassemble it. For that, you'll need to remove the ten screws holding the metal plate in place. Given that this plate is the only thing holding the keyboard together, it might be worth propping the keyboard up so it's not resting on it's keys when you do this.
It's just a membrane keyboard inside – with they keys actuated by their stems, and with little rubber domes to provide the return. It was one of these that was glued in upside down on my model, leading to my previously having removed it, and placed it back in without any glue.
You can see in this detailed close-up how they keyboard works. It's three layers of plastic film, with traces on the top and bottom sheet – and with the middle sheet providing just enough separation to keep them apart when a key isn't being pressed.
At this point I was now able to glue the loose dome in place. As suggested by # @mos_8502@oldbytes.space I used some RTV silicone, applied with a dental tool.
I don't think I did too bad a job of this – although you can clearly see which was the one that I glued. I make a very particular effort to avoid getting glue anywhere but this top sheet to plastic (I inserted a sheet of paper whilst I did the glueing).
Reassembly was just the reverse of the above – taking careful note (as I said at the top – but it's worth repeating!) to use the correct screws for each part of the operation. Helpfully there are a different number of each type of screw, so providing you don't drop them you should be okay.
24-hours later, I can report that the keyboard is working fine. They key works perfectly, and now feels the same as all of the other keys (unlike when it wasn't glue in – when it felt a bit wobbly in comparison).
Hopefully this & the accompanying photos is helpful and or interesting.