• 0 Posts
  • 21 Comments
Joined 1 year ago
cake
Cake day: August 2nd, 2023

help-circle





  • Holy shit, that’s actually hilarious, I imagine someone would have noticed when their paste/auto type password managers didn’t work

    For those confused, this sounds like instead of making a real website, they spin up a vm, embed a remote desktop tool into their website and have you login through chrome running on their VM, this is sooooo sketch it, its unreal anyone would use this in a public product.

    Imagine if to sign into facebook from an app, you had to go to someone else’s computer, login and save your credentials on their PC, would that be a good idea?



  • sorry I don’t have any real documentation but I have a snippet of powershell that explains it pretty well here this comes from a user creation script I wrote back when they removed the unix UI.

    I was using Get-AdUser and discovered that the properties still existed but you have to manually shove those in, when an sssd “domain bound” linux machine has a user with these props login, they get the defined UID and GID and homefolder etc.

    $otherAttributes = @{}
    Write-Host -ForegroundColor Yellow "Adding Linux Attributes"
    
    # get the next numeric uid number from AD
    $uidNumber=((get-aduser -Filter * -Properties * | where-object {$_.uidNumber} | select uidNumber | sort uidNumber | select -Last 1).uidNumber)+1
    
    $otherAttributes.Add("unixHomeDirectory","/homefolder/path/$($samAccountName)")
    $otherAttributes.Add("uid","$($samAccountName)")
    $otherAttributes.Add("gidNumber","$($gidNumber)")
    $otherAttributes.Add("uidNumber","$($uidNumber)")
    $otherAttributes.Add("loginShell","$($loginShell)")
    
    $UserArgs = @{
        Credential = $creds
        Enabled = $true
        ChangePasswordAtLogon = $true
        Path = $usersOU
        HomeDirectory = "$homeDirPath\$samAccountName"
        HomeDrive = $homeDriveLetter
        GivenName = $firstName
        Surname = $lastName
        DisplayName = $displayName
        SamAccountName = $samAccountName
        Name = $displayName
        AccountPassword = $securePW
        UserPrincipalName = "$($aliasName)@DOMAIN.COM"
        OtherAttributes = $otherAttributes
    }
    
    $newUser = New-ADUser @UserArgs
    

    basically the “OtherAttributes” on the ADUser object is a hashtable that holds all the special additional LDAP attributes, so in this example we use $otherAttributes to add all the fields we need, you can do the same with “Set-Aduser” if you just wanna edit an existing user and add these props

    the @thing on New-ADuser is called a splat, very useful if you’re not familiar, it turns a hashtable into arguments

    lemme know if you have any questions






  • The thing is, if there’s a wireless exploit/hack that can cause “patient harm” the FDA+Health Canada would force a recall the sec its publicly known.

    The flipper wouldn’t be the only thing able to exploit it, anybody with a radio and some software would be able to. It just so happens the flipper can also do it cause its a swiss army knife and has a general purpose radio.

    Generally by the time an attack exists on the flipper, its already been mastered on laptops and raspberry pis and stuff, putting it on the flipper is more to make it available to test easily without having to lug out the laptop. Nobody is inventing new exploits for such underpowered hardware as the flipper. People are porting known exploits to it.

    I can’t say how concerned you should be, but this won’t make her any safer than before, equal risk. Just as likely someone with a laptop in a backpack doing that. We don’t make laptops illegal tho.

    What I would be concerned about is the idea that the company that makes the implant would not be able to easily test for issues in the implant with such an “illegal” device. Yes they could use a laptop, but you don’t use an xray machine to find a stud, you use a handheld studfinder cause its cheap and easy.

    Hope that helps explain a bit


  • Im a security professional who works to harden medical devices. I use the flipper zero to easily test many different protocols that would be a pain in the ass to do “manually”.

    The flipper makes it easy for me to verify IR, sub GHz, USB, SPI, and many other protocols while being able to walk around the devices I test.

    Without the flipper I could totally do these checks with homebrew tools, a pi and an rtlsdr (unless thats gonna be illegal too?) But it would take me writing new tools and procedures rather than the ease of the flipper.

    Anybody in the know can tell you that the hardware isn’t anything special, and like many others have said, its like making a swiss army knife illegal cause the toothpick can be used to pick a lock.

    This isn’t gonna stop anybody, if pentest tools are showing flaws in your product, maybe we should send flippers to the car manufacturers and tell them to fix their shit. You shouldn’t be allowed to sell a car that can be wirelessly hacked like this, just like how the FDA doesn’t let you sell medical devices that can be hacked like that.

    You don’t just put the cat back in the bag…







  • I’ve read some of the comments and it sounds like you’ve already tried installing proton VPN and tailscale on the same machine, but depending on your setup maybe you could make a “VPN gateway”

    Like take your pi, install protonvpn, then enable IP forwarding and use a little nat IP tables script to nat your lan to your proton VPN interface like a home router would with the wan and lan ports.

    Then on your tailscale gateway set the default route to be that box instead of your normal router. Then just use the tailscale node as the exit node on your client and check your IP.

    In theory this would be similar to a qubes type setup which is what I tend to use for this kind of work.