While I’m still reading, here seems a quick typo. “this is the first time that an attack against against WPAD”
-
-
-
Fixed! Thanks.
End of conversation
New conversation -
-
-
-
-
Just kidding actually i stayed there after everyone else went home and worked on my talk for a week in
@detobate 's foyer. First kiwicon, first infosec con presentation ever, was terrified
End of conversation
New conversation -
-
-
LLMNR is also enabled by default making it trivial to spoof a WPAD response
-
At least LLMNR (and NetBIOS) are trivial to disable. WPAD is pesky and disabling the WinHttpAutoProxy service across an org often breaks things.
-
yep, broke outlook 2016 here...
- 1 more reply
New conversation -
-
-
Awesome write up!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Awesome write-up! Learnt a few new things.. thanks all for sharing!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Send a paper to
@OPCDE !Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The especially bonkers bit is the "search up the DNS domain tree" thing. Crazy idea.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Another small typo: "(note: can be smaller than array.lenght)"
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.