I've been messing around with crawling the netdb with snex to see whats out there. Found 2 destinations this way that gave us access to add torrents through a web panel. If this can be done, be prepared to receive clown porn, maybe a podcast or show for good measure

The second case also gave us access to the router console, torrents were added through snark. A message was sent and they seemed to have fixed it now. I don't think any "real" damage was done (we did try to get access to filesystem) besides changing the router console language to spanish. Also, susimail will leave the username available this way, very dangerous obviously, as this allowed us to link the ident with an ip address obtained from the router console as well as see any services they were hosting.

please use auth / encrypted leasesets

Operations Security

What is OPSEC?

Operations Security, or OPSEC, OPSEC is about minimizing attack surfaces and single points of failure through proper habits and policies. It's a systematic and proven process that we can use to deny adversaries information they need to do us harm or interrupt our plans. It's also a mindset that can be applied to any mission or plan.

Although the term originated in the military, OPSEC is now used for so much more. This includes law enforcement, computer and network security, home safety, travel, and so much more.

OPSEC isn't a list of rules, and it's not as simple as using a VPN and keeping your mouth shut. It includes elements of INFOSEC, APPSEC, NETSEC, COMSEC[TRANSEC/SIGSEC/EMSEC], PHYSEC[PERSEC], and (CO)INTEL.

THE OPSEC PROCESS

Identify the information you need to protect
Analyze the threats
Analyze your vulnerabilities
Assess the risk
Apply countermeasures

Understand your own risk/threat model: Who is your adversary? What needs protecting?

The OPSEC Two-Step: Know what to protect and know how to protect it.

Created December 10, 2020

Subscribe via RSS

PSA - I'm trying to give you clown porn, how to stop me

Comments