@ian-riley
Active 6 years, 10 months ago-
Ian Riley commented on the post, Progress Report for Week Ending, September 29, on the site 6 years, 10 months ago
Following up- now I can log into my server, but it has no ability to reach any other machine. My only interfaces are /32, and loopback. I can still reach the internet (commands like curl still work), but I don’t have any other machines on my network that I can hit.
-
Ian Riley wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 10 months ago
IF you’re getting this error when you try to open a web browser SSH into a google cloud instance for this class:
“You do not have sufficient permissions to SSH into this instance. You need one of […]
-
Ian Riley commented on the post, Progress Report for Week Ending, September 22, on the site 7 years ago
This was pretty cool- I dug a little deeper [link below] and it looks like they were getting the credit card data by scraping the memory of other processes. If I were writing this Malware, I’d just use a keylogger, since most Magstripe readers are just treated as keyboards by the machines they’re attached…[Read more]
-
Ian Riley wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years ago
Pretty simple story here- the hospital determined that they’d rather not have the downtime while they restored their backups, so they just paid the ransom. While the decision makes sense, it’s definitely […]
-
I always find cyber-attacks on the healthcare industry quite interesting because of the type of business it is and the data they have stored. Since the attack was not due to an employee opening a scam email, I am very curious how the ransomware spread throughout the hospital. Also, I did find it a bit comical that they were hanging up posters to notify employees to shutdown their laptops/computers. The hospital decided to pay the ransom since it was much quicker than restoring back-ups. I am wondering why it would take so long if they did choose the restore method or what was their recovery plan if something like this is to happen? Or did they have one at all? I am also wondering what their security is like or how they educate their employees regarding cyber security and attacks. Additionally, hospitals hold patients’ personal information which they need access to. Maybe from their perspective paying the ransom made the most sense, but I am hoping their security changes after experiencing this incident.
-
-
Ian Riley posted a new activity comment 7 years, 4 months ago
Barcodes have been an interest in since I first noticed a “shaped” barcode on the side of my Tecate. Like Magstripes, it’s interesting to see how many times a barcode is used as a direct representation of the data that it’s next to. Especially in circumstances where the code might be scanned without verifying against the original.
If this is of…[Read more]
-
Ian Riley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years, 5 months ago
For anyone who hasn’t worked in or with the military, the government acquisition and stock systems are constantly derided for the huge amount of time and expense added to any purchase. In an effort to combat […]
-
Ian Riley posted a new activity comment 7 years, 5 months ago
Pretty weird that “The group… removed the stolen information from its website on Vevo’s request.” Especially once you consider the fact that once it’s downloaded once, pulling it off their website doesn’t really do anything to stop the flow of info.
-
Ian Riley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years, 5 months ago
Web Summary
Original PDF Source (See Page 8)
tl;dr: >10 GB of data was exfiltrated from a North American casino using a recently installed Internet of Things fishtank.
There’s not a TON of info on this […]
-
Ian Riley posted a new activity comment 7 years, 5 months ago
Two things:
1) I am still unable to start a thread- my UI is as follows https://pasteboard.co/GK6RXoN.png
2) For the presentation / summary, are we supposed to be writing this as if presenting to the company? Should we be talking about what we found, or how we found it? -
Ian Riley posted a new activity comment 7 years, 5 months ago
@Fraser, I work full time for the DoD and this is actually the first I’m hearing about login.gov. Given how terrible and opaque some government processes I’ve had to go through have been, there’s definitely a lot of room for improvement. Getting my security clearance, for example, took about a year, three application submissions, and I never knew…[Read more]
-
Ian Riley posted a new activity comment 7 years, 5 months ago
And I’m just gonna reply to myself here because I failed to finish my point- the whole idea of entering the last SIX on a website is bonkers. Prior to 2011, your Social Security was formed XXX-YY-ZZZZ. XXX is based on where you were born, YY is based on WHEN you were born, and ZZZZ was assigned in ascending order. This means that really, your last…[Read more]
Following up- now I can log into my server, but it has no ability to reach any other machine. My only interfaces are /32, and loopback. I can still reach the internet (commands like curl still work), but I don’t have any other machines on my network that I can hit.