@BaroqueInMind@kbin.social avatar

BaroqueInMind

@BaroqueInMind@kbin.social

Cyber security analyst, software and hardware exploitation geek.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

Is that the one where humans are consensually employed by all the comparatively more advanced alien species of our galaxy as their warriors or executives because even our weakest human is significantly more powerful to any of the nearest alien due to the nature of us all having been evolved from an ancient ape species that were prone to violence?

Why do most people refuse to accept that they are wrong

I have come across a lot’s of people like these. like 99% of them. Sometimes it makes me think twice if what i am saying is wrong? What’s wrong with them. Is it so hard to swallow your pride and acknowledge that the other person is speaking facts? When they come to know they are wrong they proceed to insult/make fun of...

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

Because I'm not wrong, you are.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

I'm a neovim user and I'm better than you :!q

BaroqueInMind, (edited )
@BaroqueInMind@kbin.social avatar

a buddy gave her an old cast iron pan and told her to hear applesauce in it

Did she mention how the apple sauce sounded like? Why even involve the cast iron pan, and just simply squirt some directly into the ear canal?

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

Send us all a maps pin on where y'all are getting hitched.

BaroqueInMind, (edited )
@BaroqueInMind@kbin.social avatar

To anyone wondering why, it is because it is Arch linux with pre-configured drivers and also it is one of the few distros that are on the bleeding edge of updates and features. Bleeding edge because one update might cut you and break everything for no reason. That being said, I've used Arch for almost a decade for my gaming PC and never had huge issues that reverting to the previous kernel at reboot did not fix.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

a keyboard

Corollary: unplugging the mouse?

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

There is none. It's all conjecture or circumstantial.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

I do this already and also am inside an encrypted Cloudflare tunnel... Still getting EMOTET warnings from my IDS.

BaroqueInMind, (edited )
@BaroqueInMind@kbin.social avatar

I have nginx setup and acessing through a Cloudflare tunnel but still getting EMOTET issues detected by my IDS.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

I have a refurbished server rack system that is running Zeek and also Suricata. I have a managed switch that will duplicate all network traffic to the system that is running those applications and a JBOD setup to store the countless logs. I have scoured through nearly all the CISA documents and alert reports to copy the various Snort rules they mention in each report and also purchased a specific modem to connect with my ISP that provides a service to monitor my traffic that has Minim.

I am a cybersecurity expert and still don't know what I'm doing most of the time, so this is literally scratching the surface, as well as only detecting threats not really stopping them which requires more knowledge.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

I will simply copy/paste here then:

I have a refurbished server rack system that is running Zeek and also Suricata. I have a managed switch that will duplicate all network traffic to the system that is running those applications and a JBOD setup to store the countless logs. I have scoured through nearly all the CISA documents and alert reports to copy the various Snort rules they mention in each report and also purchased a specific modem to connect with my ISP that provides a service to monitor my traffic that has Minim.

I am a cybersecurity expert and still don't know what I'm doing most of the time, so this is literally scratching the surface, as well as only detecting threats not really stopping them which requires more knowledge.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

First read this

Then use the following:

alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"[CIS] Emotet C2 Traffic Using Form Data to Send Passwords"; content:"POST"; http_method; content:"Content-Type|3a 20|multipart/form-data|3b 20|boundary="; http_header; fast_pattern; content:"Content-Disposition|3a 20|form-data|3b 20|name=|22|"; http_client_body; content:!"------WebKitFormBoundary"; http_client_body; content:!"Cookie|3a|"; pcre:"/:?(chrome|firefox|safari|opera|ie|edge) passwords/i"; reference:url,cofense.com/flash-bulletin-emotet-epoch-1-changes-c2-communication/; sid:1; rev:2;)

And the following:

alert tcp any any -> any $HTTP_PORTS (msg:"EMOTET:HTTP URI GET contains '/wp-content/###/'"; sid:00000000; rev:1; flow:established,to_server; content:"/wp-content/"; http_uri; content:"/"; http_uri; distance:0; within:4; content:"GET"; nocase; http_method; urilen:<17; classtype:http-uri; content:"Connection|3a 20|Keep-Alive|0d 0a|"; http_header; metadata:service http;)

And also this one:

alert tcp any any -> any $HTTP_PORTS (msg:"EMOTET:HTTP URI GET contains '/wp-admin/###/'"; sid:00000000; rev:1; flow:established,to_server; content:"/wp-admin/"; http_uri; content:"/"; http_uri; distance:0; within:4; content:"GET"; nocase; http_method; urilen:<15; content:"Connection|3a 20|Keep-Alive|0d 0a|"; http_header; classtype:http-uri; metadata:service http;)

BaroqueInMind, (edited )
@BaroqueInMind@kbin.social avatar

Mines behind an NGINX reverse proxy as well. EMOTET is a very advanced malware and can get around those now. My IDS detected data exfiltration to an unknown Brazilian IP, and I have a VPN with an IP tunnel on top of my reverse proxy, as well as everything on port 443. It still found a way.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

My Jellyfin server keeps getting pinged by EMOTET malware lately. Everyone here should be aware if you expose the Jellyfin port to the internet it will get data exfiltration attempts. Use strong passwords.

BaroqueInMind, (edited )
@BaroqueInMind@kbin.social avatar

Terminal app for iOS

Terminal app for Android

Expensive premium Windows tablet to use PowerShell

Cheap Windows tablet to use PowerShell

Expensive linux tablet

Cheap linux tablet

Cheap Chromebook tablet to use CroSH chrome terminal

Problem?

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

I bet you money that you statistically use the touch screen keyboard on your phone significantly more than you ever are to your hardware keyboard for your PC.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

Just buy a tablet at that point.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

I can’t think of a method for rn is viewing/editing documents

What is the extension of document? I bet you money it's possible in terminal. PDF? docx?

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

Literally all the extensions you mentioned can be viewed and edited in terminal by various tools.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

Do you actually want to know the tools for each of the extensions you mentioned or just having a conversation here?

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

Just install Arch without a desktop environment.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

Most realistic depictions are from the Klingons because tactically you should always face with your weapons oriented towards everyone at all times, including your allies.

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

Hey Feds... Fuck me plz daddy uwu 💦🍆🍑😘

BaroqueInMind,
@BaroqueInMind@kbin.social avatar

She was a Ukrainian sniper conscripted by the Soviet Union. Get your fucking facts straight, OP. Fuck Russia.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #