Finally got around to a blog post about how to block Lan Turtle / poison tap / bash bunny type devices in windows: http://passing-the-hash.blogspot.com/2017/03/blocking-lan-turtle-poison-tap-bash.html …
-
-
Replying to @passingthehash
Isn't the whole thing only an issue if you're submitting credentials or private data to unauthenticated servers or in clear?
1 reply 0 retweets 0 likes -
Replying to @RichFelker @passingthehash
you can use an smb relay attack as the turtle is a MiTM
1 reply 0 retweets 0 likes -
Replying to @UK_Daniel_Card @passingthehash
SMB is unauthenticated to the client. Broken protocol. Don't use.
1 reply 0 retweets 1 like -
Replying to @RichFelker @passingthehash
it's the NTLM 2.0 packets that are the issue, need to use kerbs
1 reply 0 retweets 0 likes -
Replying to @UK_Daniel_Card @passingthehash
Another broken protocol that should not be in use. Right fix is disabling broken protocols not devices.
3 replies 0 retweets 1 like -
Replying to @RichFelker @passingthehash
the challenge is not that easy to fix the protocol that is in use on millions of systems. hell look at sha-1
1 reply 0 retweets 1 like -
Replying to @UK_Daniel_Card @passingthehash
The challenge is bad legacy enterprise crap. Normal users don't need this stuff anyway.
2 replies 0 retweets 1 like
And TBF theses protocols are broken a lot worse than sha1. Takes <$50 to crack, vs $Ms.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.