Posted by jpluimers on 2024/09/06
[Wayback/Archive] MokupiPogisho👁️ on Twitter: “How to find hidden cameras in AirBnB 👁 “ quoted a TikTok movie that basically both that a lot of devices can contain very tiny cameras and how to find many of them in a reliable way:
[Wayback/Archive] https://video.twimg.com/ext_tw_video/1475152238213484555/pu/vid/320×5…
Posted in Awareness, LifeHacker, Power User, Security | Leave a Comment »
Posted by jpluimers on 2024/08/21
This is cool: [Wayback/Archive] aspnet-contrib/AspNet.Security.OAuth.Providers: OAuth 2.0 social authentication providers for ASP.NET Core.
Based on ideas at [Wayback/Archive] TerribleDev/OwinOAuthProviders: OAuth providers for Owin.
Via [Wayback/Archive] David Fowler 🇧🇧🇺🇸 on Twitter: “Since we’re on the auth topic, there’s a repository maintained by @martin_costello and @kevin_chalet for interacting with pretty much every oauth provider on the planet github.com/aspnet-contrib/AspNet.Security.OAuth.Providers… #dotnet #aspnetcore”.
OAuth 2.0 providers covered at the time of writing are in the [Wayback/Archive] AspNet.Security.OAuth.Providers/README.md: Providers at dev · aspnet-contrib/AspNet.Security.OAuth.Providers.
–jeroen
Posted in .NET, .NET Core, Authentication, C#, Development, OAuth, Power User, Security, Software Development | Leave a Comment »
Posted by jpluimers on 2024/08/01
Remember to adapt what you pack and tailor it for each red team training event as the blue team should expect the unexpected. Believable pretext is key.
[Wayback/Archive] jilles.com 🔜 MCH2022 🏳️🌈🏳️⚧️ on Twitter: “Need to pack enough breaking and entering stuff to pull a good show during the RedTeam training but not too much to get arrested on my way to work. Then again, I might pull it off when I put YMCA on in a loop, in case I get pulled over. “
[Wayback/Archive] jilles.com 🔜 MCH2022 🏳️🌈🏳️⚧️ on Twitter: “This will do for now ;-)”
Posted in Blue team, Power User, Red team, Security, Uncategorized | Leave a Comment »
Posted by jpluimers on 2024/07/12
There is a Blast-RADIUS exploit that makes many uses of RADIUS vulnerable as they depend on MD5, and MD5 collisions have been sped up considerably. Basically only RADIUS TLS seems safe now.
The Blast-RADIUS logo on the right reminded me about using grenades in a game 40+ years old, so lets digress: Archive.org is such a great site, with for instance the original Apple ][ Manual of Castle Wolfenstein by MUSE Software (the manual is written in Super-Text which they also sold):
The PDF from [Archive] Instruction Manual: Castle Wolfenstein from Muse Software : Free Download, Borrow, and Streaming : Internet Archive is at
[Archive.org PDF view/Archive.is] archive.org/download/1982-castle-wolfenstein/1982-castle-wolfenstein.pdf
The trick in that game when entering a room full of SS-officers was to throw a grenade into a chest of grenades in the middle of that room, then quickly leaving the room, waiting a few seconds then re-entering that room.
Not many moves further, you would find the chest with the war plans and find the exit, then finish the game.
Posted in 6502, Apple, Apple ][, Authentication, Hashing, History, md5, Power User, Security | Leave a Comment »
Posted by jpluimers on 2024/06/28
Een aantal PDF bestanden, omdat we Kidde rookmelders hadden en deze daarmee koppelbaar zijn: “Koppelmogelijkheden: 24 Firex en Kidde melders zijn bedraad koppelbaar”
Montage methode
De Firex melders zijn voorzien van een “push-fit” stekker met 15 cm bekabeling om de melder op de huisbedrading aan te sluiten.
De KF20 en KF20R passen direct op de montageplaat van de eerdere modellen Firex 4973 en 4985. Om stof tijdens verhuizing te voorkomen wordt een stofkap bijgeleverd.
Koppelmogelijkheden
Maximaal 24 Firex en Kidde rook-, hitte-, en CO-melders kunnen doorgekoppeld worden, met 6 melderaccessoires (relaismodule, flitslicht, trilkussen etc.).
Vervuilingscompensatie
Vervuiling van de optische kamer wordt automatisch gecompenseerd om onnodige alarmen tegen te gaan.
…
Rookmelders worden toegepast in ontsnappingsroutes en verblijf- ruimtes van woonhuizen waar gevaar is voor ontbranding van meubilair en/of elektrische installaties. Plaats de Firex hitte- melder KF30 of KF30R in stoffige, vochtige ruimtes of in keukens.
Posted in DIY, Power User, Security | Leave a Comment »
Posted by jpluimers on 2024/06/28
[Wayback/Archive] Thread by @malmoeb on Thread Reader App: Visibility is key for eradication.
The thread is about attacks on networks with Windows machines, but the concept works on all networks.
Start of thread: [Wayback/Archive] Stephan Berger on Twitter: “1/ Visibility is key for eradication 🥷 In a recent IR case, the TA created persistences with #QakBot on almost every system in the network. If only individual systems in the network were forensically examined, one or more infected systems would undoubtedly be missed. 🧵”
The gist is to setup your network monitoring in such a way that you can quickly identify compromised systems based on network traffic patterns.
–jeroen
Posted in LifeHacker, Pen Testing, Power User, Security, Windows | Leave a Comment »
Posted by jpluimers on 2024/06/17
With the ever decreasing content on Teletekst and and Teletext, this is so cool: [Wayback/Archive] Cyberteletekst
Via:
cyberteletekst.nl 👌 (via @sannemaasakkers)”–jeroen
Posted in Cable TV/Radio, Hardware, History, Power User, Security | Leave a Comment »
Posted by jpluimers on 2024/05/23
More than a decade ago I wrote about Programmatic alternatives to Windows-L keyboard shortcut (SwitchUser / LockWorkstation).
Still, I see many scripts invoke rundll32.exe or to call the [Wayback/Archive] LockWorkStation function (winuser.h) inside user32.dll. Don’t!
The BOOL LockWorkStation()function has a calling convention that is incompatible with rundll32.exe () which will corrupt the call stack likely will lead to random problems as after two decades, this post from Raymond Chen still holds: [Wayback/Archive] What can go wrong when you mismatch the calling convention? – The Old New Thing
Posted in .NET, Batch-Files, C#, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Security, Software Development, Windows, Windows 10, Windows 11, Windows 7, Windows 8, Windows 8.1, Windows Server 2016 | Leave a Comment »
Posted by jpluimers on 2024/05/09
If you have an prepaid Dutch AH-mobiel SIM card, topping it up or refilling is a hell as none of the web-links you get via SMS or top vouchers function.
When you get an SMS warning that your account is almost running out, it contains the link to [Wayback/Archive] ah.nl/opwaarderen which has no indication how to refill.
When buying a refill voucher at the Albert Heijn store, it contains two links that lead to HTTP 404 error pages:
Albert Heijn has their own [Wayback/Archive] ah.nl domain (which sometimes is totally down), but the refill link is on a completely different domain which – from a phishing point of view – is ideal to lure people into other refill pages.
The only Albert Heijn web-page linking to the actual refill link is [Wayback/Archive] Sim Only | Albert Heijn: ah.nl/over-ah/winkelservices/mobiel/sim-only.
The on-line refill link is [Wayback/Archive] AH mobiel opwaarderen: https://reload.alphacomm.network/web/ah which raises all kinds of red phishing flags:
Posted in Cellular telephony, Development, Power User, Security, Software Development, Telephony, User Experience (ux), Web Development | Leave a Comment »
Posted by jpluimers on 2024/04/01
From a while ago, but a good day to share this:
Although for some scenarios, having two roles “all access” and “no access” is quite sufficient.
–jeroen
Posted in Access Control, Apri1st, Fun, Power User, Security | Leave a Comment »
The Wiert Corner - irregular stream of stuff 