@daveaitel Do you know the best reference offhand where you compare heartbleed (useless) vs shellshock (useful)?
-
-
@dguido@daveaitel@jstnkndy@suqdiq@flyryan are you suggesting it didn't happen? Or that it was hard to see done/have evidence? -
@joshcorman@daveaitel@jstnkndy@suqdiq@flyryan 1) It's hard to find empirical breach evidence 2) It had trouble working outside a lab ... -
@joshcorman@daveaitel@jstnkndy@suqdiq@flyryan 3) even when it worked, it's not easy to scale
End of conversation
New conversation -
-
-
@dguido@daveaitel@jstnkndy@suqdiq@flyryan in redteams, I've used it on unpatched boxes in a loop and grabbed admin creds for masquerade.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@dguido@daveaitel@jstnkndy@flyryan yeah but like remember, lots of huge data breaches arent public for tons of reasons ;D -
@suqdiq@dguido@daveaitel@flyryan it's also tough when a majority of orgs wouldn't even realize they were breached, let alone how -
@jstnkndy@dguido@daveaitel@flyryan yeah i seen the whack-a-mole twice (where these attackers coming from),turns out getting creds from HB
End of conversation
New conversation -
-
-
@dguido@daveaitel@jstnkndy@flyryan i'll revisit this thread in early 2018 and contribute more to it :DThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@dguido@daveaitel@jstnkndy@flyryan hard to document public data breaches and avoid the gap with what really goes on the internet ;)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.