donut is such a fun tool

It's been quite a bit since I have been on here. A small update:
- I have a security analyst working with me, the help has been great!
- I going back to Penn State for the third time to do a security talk about process injection!
- I am prepping our annual penetration tests against our web app!

I continue to grow and learn more about my field in Security and am so grateful for the fun I get to have!
#security #updates #gratitude #processinjection #pennstate

I'm FINALLY enrolling Linux endpoints into Ninja One now that infrastructure is completed. There was a lot of time sitting around and waiting but I'm now making progress again.

#security #linuxpatching #ninjaone

Why running strings over an executable is important:
https://polaryse.github.io/posts/pureland_analysis/#MacOS

#security #macos #infostealer #strings #reverseengineering

Roughly two years ago I hacked together a small tool to automatically download the
#windows #docker images, extract the ntdll.dll from them and extract the #syscall numbers for that Windows version. This can be used for #shellcode and other #malware dev activities.

I've finally pushed the code to GitHub and redeployed the website.

All the data is either available in the HTML tables, or as a JSON by appending ?format=json to the URL.

Because it's just been redeployed, it's re-downloading all the images, so it will take a few hours until more Windows versions are indexed. It's now indexed more than 200 different version of ntdll.dll :)

Fascinating read on how commands are interpreted by shell and the kernel. Most shell users take such things for granted, but for those writing rules to detect malware, this is probably the type of thing which needs to be paid attention to.

https://redcanary.com/blog/linux-security/detection-engineer-guide-to-linux/

This was so fun!
#security #exitTheGame

Several vulnerabilities have been discovered in #nscd, the Name Service Cache Daemon in the #glibc which may lead to denial of service or the execution of arbitrary code.

The vulnerability details:
- CVE-2024-33599: https://sourceware.org/bugzilla/show_bug.cgi?id=31677
- CVE-2024-33600: https://sourceware.org/bugzilla/show_bug.cgi?id=31678
- CVE-2024-33601: https://sourceware.org/bugzilla/show_bug.cgi?id=31679
- CVE-2024-33602: https://sourceware.org/bugzilla/show_bug.cgi?id=31680

https://lists.debian.org/debian-security-announce/2024/msg00087.html #vulnerability #infosec #cybersecurity #CVE202433599 #CVE202433600 #CVE202433601 #CVE202433602

I had a fun time at the 2600 meet up :D

#security

#Cuttlefish #malware targets enterprise-grade #SOHO routers
https://securityaffairs.com/162603/malware/cuttlefish-malware-targets-routers.html
#securityaffairs #hacking

I got a promotion :D I'm now a security engineer lad!

#security

@MR_E IMO this should be part of on-boarding training, but found this helpful https://github.com/EqualExperts/slack-guide

For those needing it, this was the kind of Ansible playbook I was looking for: https://github.com/simeononsecurity/ansible_linux_update/blob/main/tasks/main.yaml

#security #Ansible #automation

I watched The Matrix with my son last night and it was the first time we both saw the movie. Not only was the movie awesome, but it was a great memory with my son. We are watching Reloaded tonight :D

As for work stuff, I am almost wrapped up with my Linux patching project, working on a cloud security SaaS solution, then more detection stuff!

#security #thematrix #linuxpatching #cloudsecurity #detection #overworking

#ics #vulnerability #poc #exploit #mitsubishielectric

https://github.com/Ox6e3062306479/mitsubishi.git

I've also failed to mention the state of our Linux environment after our first sweep. It's actually not as bad as I thought it was going to be. We even managed to find some servers that were cleared for decom. Some key security and library updates and we should be sound as a pound.

Linux patching has been life the past week due to a tight project deadline, but I have made so much great progress. 99% of the production inventory is added and tomorrow I start collecting all the System76 endpoints.

#security #linux #patching #vulnerabilitymanagement #ninjaone

@Ryan It's been really great! It was a very easy process to get policies set up and endpoints enrolled. Automation was wicked easy as well. I don't believe I've used your solution, I'll have to check it out. A big thing for us was the approval process for Linux updates. We are currently needing to avoid certain libraries and Ninja One makes it easy to set all of that up.

I see you Ninja One 😉
#security #linux #patchmanagement #ninjaone

My eyes are bleeding send help