One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2109682 |
| Date de publication | 2020-12-18 11:00:00 (vue: 2020-12-18 11:41:41) |
| Titre | \'Twas the night before InfoSec |
| Texte |
This blog was written by an independent guest blogger.
‘Twas the night before Christmas, and fresh off the LAN
The packets were coming fast out of the span.
My wireshark was up with my templates in place,
In hopes that I’d find an IP I could trace.
The smart home was snug in its /28
With a meager allow-list, and a lock on the gate.
With a few hours to setup and wrap this year’s catches
I’d been charging them up, and applying their patches,
When down in the VLAN there’d been such a spike
I’d opened the logs to see what it looked like.
Away to the dashboard I stumbled and flew;
Most days I’m on Red, but tonight, I was Blue.
The DST in the headers was a weird bogon range.
“Two oh three... zero? You can’t route there... how strange.”
When what, to my wondering eyes, should come back
But a TCP handshake -- not a RST, but an ACK!
A cool sweaty IR-like calm to me came,
As the nightmares and malwares, I ruled out by name:
“The SPIDERs and PANDAs don’t care about me,
It’s not running Windows, so it’s not IcedID…
Not Trickbot, not Ryuk, not Buer or Clop,
Not Scarab or Locky, no second-stage drop.”
A session had opened on port 443,
And a download began - not one started by me.
I looked back to ensure that the capture was on,
And stood by to cut comms once the vandal was gone.
But the session closed up just as fast as it came
And the download just sat there - “GIFT.BIN” was its name.
I’d retrieved a live sample! And without any warning,
Had got something fun to unwrap Christmas morning.
I checked on the rulesets, configs, and permissions,
And rebooted each box for the sake of tradition.
I waited for more but there wasn’t a peep,
So I finished my wrapping and popped off to sleep.
And after the coffee and presents and nog,
The matching pajamas, the pickle, the grog,
Video calls with our family and friends,
Things had settled, so I went to tie up the loose ends.
I ran strings right away and my jaw opened wide,
For there, unencrypted, a message I spied:
“2020’s been awful, with so much that you’ve missed
Just to keep others healthy - so you made the Good List!
And like all of your friends, I have had to stay distant,
But your record’s been stellar, so the elves were insistent.
You already have surplus gadgets that light up
So I got you this PoC, and a CVE writeup.
The binary is an iPhone zero-day,
And I’ve left enough out that you’ll have room to play.
And once you’ve dissected and filled in the blanks,
And disclosed it responsibly, you can cash in my thanks!
Thanks for staying inside this year, hunkering down,
Thanks for wearing your mask, though you felt like a clown,
Thanks for not hoarding groceries, and for learning to cook,
Or for trying a language, or reading a book.
And following rules from your state and your county.
Now warm up your debugger, and cash in that bounty!”
  |
| Envoyé | Oui |
| Condensat | a and away “2020’s “two and as but for had i i’d in it’s most my not now or so thanks the things video when with you “gift ‘twas ” a /28 with 443 about ack after all allow already any applying away awful back been before began bin” binary blanks blog blogger blue bogon book bounty box buer but calls calm came came and can can’t capture care cash catches i’d charging checked christmas clop closed clown coffee come coming comms configs cook cool could county cut cve dashboard day days debugger disclosed dissected distant don’t down download drop dst each elves ends enough ensure eyes family fast felt filled find finished flew; following fresh friends from fun gadgets gate gone good got groceries grog guest had handshake have headers healthy hoarding home hopes hours how hunkering i’d i’m i’ve icedid… independent infosec inside insistent iphone it’s its jaw just keep lan the language learning left light like list live lock locky logs looked loose made malwares mask matching meager message missed just more morning much name name: “the night nightmares nog not off once one opened others out packets pajamas pandas patches peep permissions pickle place play poc popped port presents ran range reading rebooted record’s red responsibly retrieved right room route rst ruled rules rulesets running ryuk sake sample sat scarab second see session settled setup should sleep smart snug something span spiders spied: spike stage started state stay staying stellar stood strange strings stumbled such surplus sweaty tcp templates thanks them there’d though three tie tonight trace tradition trickbot trying twas unencrypted unwrap up so vandal vlan waited warm warning wasn’t wearing weird went what wide windows wireshark without wondering wrap wrapping writeup written year year’s you’ll you’ve your zero |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.