KemoNine is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

KemoNine @kemonine@mastodon.social

KemoNine boosted

@xyzzy Where do you get your XMPP service from?

KemoNine boosted

One of the #GSOC projects from @matrix is building an altenrative to GCM push for #matrix. This will directly benefit the #fdroid version of #riot!

KemoNine boosted

Feedback needed:

I am tired of getting bike parts stolen while locked at the Bart station, so I am thinking of building a diy electric skate to commute and take it with me in the subway.

What do you use ? What did you found convenient ? What didn't worked ?

I wonder how many infosec/opsec types will flinch when I tell them I want unconstrained access to areas of the system from a container?

With good reason too.

I want to control the whole of the network 'engine' from a container using a distro that's tuned for exactly this purpose.

I want to containerize services off to the side of that.

Seems quite reasonable. I want a base distro that gets me the device nodes spun up and the like and the containers doing the magic.

Sounds like vsphere huh?

KemoNine boosted

Hey uh, I know I've tooted a lot about this, but I'm gonna do it again.

Who out there is an animal lover and wants an account on birb.site? Come on over.

I just saw this thread from @tinker

infosec.exchange/@tinker/99909

This seems odd. Could it be some kind of red herring or random thing to keep eyes off what's actually going on?

🤔

KemoNine boosted

@iamtheky - Yeah... The key thing to me, is they don't seem to have that experience writing malware proper. There's none of that back and forth "reading between the lines" that you see in IT malware. Where the malware coder is playing games with the reverse engineer.

They only concerned themselves with the specific task at hand. They didn't concern themselves with being caught or having their code analyzed.

KemoNine boosted

Of great interest to me here is how this malware was written. I don't have a direct sample, but I've seen some screenshots.

It's in python, unobfuscated, easily readable, and with decent comments! There's none of the standard malware obfuscation / AV evasion!

It's almost as if someone grabbed an ICS developer. Told him to write code to kill people. And the guy did so, while following standard Agile SDLC methodology.

It's just so... odd...

KemoNine boosted

Missed this - Posted on April 10, 2018.

Update on HatMan (aka TRISIS, TRITON) malware. Specifically targets Industrial Control System Safety Controllers.

By attacking safety controllers, the attackers appear to be specifically attempting to damage physical equipment and harm people.

#ICS #InfoSec #Malware #Hacking

(PDF)

ics-cert.us-cert.gov/sites/def

KemoNine boosted

Anyone know how to properly manage access to individual devices via LXC?

I need to pass through more than a few directly (if possible) and...

I'm not quite sure how to tease apart the docs.

KemoNine boosted

Question for shared hosting Masto.host instances Show more

KemoNine boosted

A couple of ideas re the OneNote exfil:

1. See what the API can do.
2. If the API sucks, then go onenote to Evernote and filter out picture notes (mostly recipes)
3. Nextcloud Notes github.com/brantje/nextnote hosted on vps using Evernote HTML import
4. Alternatively, evernote to plain text offering: github.com/claytron/ever2simpl
5. orgzly and syncthing locally and vps medium.com/@JosephKiran/replac

KemoNine boosted

😪 Anyone have any tips for chronic early awakening? I really shouldn’t be waking up an hour early all the time. I don’t feel rested.

KemoNine boosted

@PinkCathodeCat looks like has an API dev.onenote.com/ so you could code something to get your stuff into Nextcloud Notes apps.nextcloud.com/apps/notes which has an API as well (although it's not WYSIWYG). Free instance is provided by disroot.org

KemoNine boosted

mh (-), financial emergency, housing needed, pdx, please boost? Show more

I also get some really odd crashes when i ctrl-c while running a ping.

The whole LXC container likes to reboot and/or bark about not having the ability to create device nodes.

I'm quickly descending into territory that's full of 'YOU REALLY DON"T WANT THIS!!!'

No, I kinda do. I understand the implications of dev/proc/sys being exposed fully to an LXC container and I actually want that container to affect state on the main OS.

Even poweroff kind of...

🤔

It really is interesting how far I managed to take this.

I don't think the LXC folk envisioned someone wanting to overtake the standard network stack and prevent the main OS from doing any management of it...

But I do want to make networking an LXC containers problem.

Having a self-contained router that's 100% of my network stack for management is a *good* thing.

That and it simplifies putting app containers on the box too.

It's an edge case but a very important one.

The complete lack of wpa and what seems to be a regression in iw tools worries me.

I really hope this is very temporary....

If nothing else I've made serious progress?

Still curious why I seem to be lacking WPA support though.

Well....

You have to create the /etc/config/wireless file with the device entry.

Yay?

At least it kinda sorta, maybe works?