{"id":4855,"date":"2025-01-11T17:53:13","date_gmt":"2025-01-11T22:53:13","guid":{"rendered":"https:\/\/control-h.org\/?p=4855"},"modified":"2025-01-11T17:53:13","modified_gmt":"2025-01-11T22:53:13","slug":"shmoocon-day-2-part-2","status":"publish","type":"post","link":"https:\/\/control-h.org\/index.php\/2025\/01\/11\/shmoocon-day-2-part-2\/","title":{"rendered":"ShmooCon Day 2 Part 2"},"content":{"rendered":"\n<p>Bring-It-On.  <a href=\"https:\/\/www.twitch.tv\/shmoocontrack3\" target=\"_blank\" rel=\"noreferrer noopener\">This<\/a>.  Analysis of logs to see what happens when security researchers hit known bad hosts.<\/p>\n\n\n\n<p>They seem to be looking at clients accessing known C2 hosts, then looking to see if they can access those clients.  I&#8217;m trying to be shocked that these, largely, are coming from places like Iran and China.<\/p>\n\n\n\n<p>Curiosity made me look at IPv6 adoption in Iran.  Hmm.  <a href=\"https:\/\/pulse.internetsociety.org\/blog\/understanding-the-sudden-drop-in-ipv6-adoption-in-iran\" target=\"_blank\" rel=\"noreferrer noopener\">Interesting<\/a>.  While I really do think that there should not be government efforts to block traffic, I wholeheartedly support individuals\/companies blocking traffic to\/from that part of the Intertubes.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Next up is <a href=\"https:\/\/www.shmoocon.org\/speakers\/#rattlesnakes\" target=\"_blank\" rel=\"noreferrer noopener\">this<\/a> on deception operations. Interesting, but really not a lot that I have any insight into.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Was kind of in and out on <a href=\"https:\/\/www.shmoocon.org\/speakers\/#millionaccounts\" target=\"_blank\" rel=\"noreferrer noopener\">this<\/a>;  mislaid something and was looking for it.  Anyway, I understand what they were trying to do and assume abandoned domains.  It&#8217;s good information to have, but I&#8217;m not exactly sure what he&#8217;s really trying to do.  Okay, it&#8217;s abandoned.  If you&#8217;re worried about things like a dominate, there&#8217;s always something you can do with a wildcard, then narrow down from the bucket once you see something you want.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Did see all of <a href=\"https:\/\/www.shmoocon.org\/speakers\/#optoutagain\" target=\"_blank\" rel=\"noreferrer noopener\">this one<\/a>.  I understand, and sympathize with, her motivations and concerns.  Yes, you should be able to make it harder to get your personal information.  Yes, it should be protected by whomever collects it.<\/p>\n\n\n\n<p>If CFPB is the answer, you asked the wrong question.  There are very few things government does well;  protecting consumers isn&#8217;t one of them.  Hell, if you look at what&#8217;s going on in LA this week, you could easily extend that to delivering water, and providing fire protection,  How about that TSA?<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"TSA Further Complicates Their Inspection Process - SOUTH PARK\" width=\"580\" height=\"326\" src=\"https:\/\/www.youtube.com\/embed\/QK3YkCjk8_o?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><a href=\"https:\/\/www.shmoocon.org\/speakers\/#malwarecabal\" target=\"_blank\" rel=\"noreferrer noopener\">This one<\/a> is interesting when it comes to things like cheap network cameras.  Ubiquity for the hardware is a problem with so many of them sending foreign places, but I think probably a lot of it can be solved by just paying attention to what you purchase.  I&#8217;m just wondering if you don&#8217;t need to do better with blocking outbound traffic.  They talk about measures put into the firmwares that are there to circumvent protections, but I have to admit my skepticism.  If you have a halfway-decent Layer-3 device, you can shut down traffic.  If it&#8217;s this type of traffic coming from this device, it&#8217;s blocked.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>As someone who is plugging through all of the <em>Beavis &amp; Butthead<\/em> , &#8220;<a href=\"https:\/\/www.shmoocon.org\/speakers\/#trackingnexus\" target=\"_blank\" rel=\"noreferrer noopener\">Silent Push<\/a>&#8221; sounds flatulent.<\/p>\n\n\n\n<p>But this is about FUNNULL, something I&#8217;ve never heard about.  <\/p>\n\n\n\n<p>Interesting that this is all because of gambling run offshore.  These work for money laundering.<\/p>\n\n\n\n<p>People like to gamble.  People like to drink, smoke, do other drugs.  It&#8217;s almost as if these are innately human behaviors.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>And the <a href=\"https:\/\/www.shmoocon.org\/speakers\/#meshtastic\" target=\"_blank\" rel=\"noreferrer noopener\">last one<\/a>.  I&#8217;m thinking it&#8217;s stuff where I&#8217;ve completely lost the bubble.  Intersting things at the site.<\/p>\n\n\n\n<p>It&#8217;s absolutely interesting, but I really don&#8217;t have the stuff, or th time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bring-It-On. This. Analysis of logs to see what happens when security researchers hit known bad hosts. They seem to be looking at clients accessing known C2 hosts, then looking to see if they can access those clients. I&#8217;m trying to be shocked that these, largely, are coming from places like Iran and China. Curiosity made [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[36],"class_list":["post-4855","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-uncategorized"],"_links":{"self":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts\/4855","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/comments?post=4855"}],"version-history":[{"count":0,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts\/4855\/revisions"}],"wp:attachment":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/media?parent=4855"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/categories?post=4855"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/tags?post=4855"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}