@daveaitel @dguido @flyryan with juniper sslvpn ive seen cases where HB was used 2 dump AD creds & thus enabling IP theft remotely
-
-
Replying to @p_____o_____q
@suqdiq@daveaitel@dguido@flyryan pulling valid creds or sessions is not useless, not sure why Dave said the vuln was1 reply 0 retweets 0 likes -
Replying to @jstnkndy
@jstnkndy@suqdiq@daveaitel@flyryan It requires attention to detail and does not easily scale as an attack vector. Shellshock does.3 replies 0 retweets 1 like -
Replying to @daveaitel
@daveaitel@dguido@jstnkndy@suqdiq@flyryan What? Have you talked to many IR folks? HB was *definitely* used in the wild. A lot.1 reply 0 retweets 1 like -
Replying to @dguido
@dguido on another note, wtf am i blocked by trailofbits? is it because of my "non-standard" twitter name? ;)pic.twitter.com/0Q6u7KJ1gW
1 reply 0 retweets 0 likes
Replying to @p_____o_____q
@suqdiq huh, I have no idea. I can take that off. Sorry!
8:40 AM - 4 May 2016
1 reply
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.