Dailydave mailing list archives
Re: "Defending Forward" in time
From: John Lampe <jlampe () tenable com>
Date: Fri, 24 Jan 2020 11:03:28 -0500
imo, it's a general mentality that attackers have. I blogged about this 14 years ago and it seems still applicable today ( https://blogs.securiteam.com/index.php/archives/170 ) Indecision can stem from too little information or too much information. The defender *should* have the ability to influence both of those... John On Fri, Jan 24, 2020 at 10:28 AM Dave Aitel <dave.aitel () gmail com> wrote:
So I went to S4 this week, which is a good conference here in Miami Beach, mostly about hacking/protecting utilities and other critical infrastructure components. But I had the good fortune to run into a friend <https://www.gocomics.com/calvinandhobbes/2018/01/16> I'd never met before. Anyways, they were telling me about how some Android State surveillance spyware installed at the border on everyone's phone looked for some file hashes and then sent in some data via what was essentially a public web API. There's a lot of stuff that works like this, EDR systems, SIEMs of various types, etc. And one of the classic attack patterns is that usually these systems don't have client-certificates signing the data the client sends. So you can send fake data as a large number of real and not-real hosts. . . corrupting the database or simply filling it up and making it a lot less useful because every query takes about ten minutes, especially if you know how the indexer <http://www.phpinternalsbook.com/php5/hashtables/hash_algorithm.html> works. In other words, for some reason, one malicious host is weirdly not usually a threat model that most defensive systems have considered. -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- "Defending Forward" in time Dave Aitel (Jan 24)
- Re: "Defending Forward" in time John Lampe (Jan 24)