!xBRJadUtxNCiIKdwZT:matrix.org

Cybersecurity-General

508 Members
· Part of the +cybersec:matrix.org community · RSS feeds for discussion are here: #cybersec-rss:matrix.org · Got a tech support question? Ask it in #cybersec-helpdesk:matrix.org! · Off-topic chat is fine. Keep it brief and/or move it to #cybersec-offtopic:matrix.org · Don't be a dick. 86 Servers

Load older messages


Timestamp Message
15 Nov 2019
15:17:17@luke:matrix.lhackworth.comLukeI think dud1337 was talking about running a bug bounty program for their application
15:19:03@dud1337:chat.138.iodud1337yeah, but that's good info anyway
15:20:08@dud1337:chat.138.iodud1337at the moment, we have our own ad-hoc system, but it could incentivise vagrant hackers to help find bugs if we're listed on a bigger website
15:34:11@Matrix8967:matrix.orgMatrix8967

Ohhhh, I missed the key word

running

My bad! We ran a small internal one for students at a former job. It worked out really well for everyone, but it was really lowscale / lowkey. I'd mostly just help the students fill out good reports to the major software vendor that had the issue. (And usually it came back with it being the instructor not using the software correctly. 😂 )

16:19:07@hendrik.mueller:matrix.mayflower.deoida left the room.
22:18:29@SonicEP3:matrix.orgSonicEP3 changed their display name from Seth to SonicEP3.
22:18:40@SonicEP3:matrix.orgSonicEP3 changed their profile picture.
22:19:32@SonicEP3:matrix.orgSonicEP3 left the room.
16 Nov 2019
01:50:22@comer:librem.oneJordan 🇨🇦 joined the room.
02:37:20@peter:ohare.ukpeter I'd not do a beg bounty tbh. But it's definitely set up a security@ type contract and make it as easy as possible for people to contact someone about security.
03:31:26@peter:ohare.ukpeter Even if you don't run a beg bounty you'll get emails from people demanding payment because your X-Frame-Options header isn't set or there's my favourite, "plaintext content injection".
11:38:29@dud1337:chat.138.iodud1337hahah, yeah, that has happened already and we do have the contact system
13:13:40@florinb:matrix.orgflorinb joined the room.
14:40:01@kalidas:diasp.inkalidas joined the room.
15:36:04@bob2938:matrix.orgbob2938what IDS/ firewall do hackers use?
15:37:49@peter:ohare.ukpeterpf or iptables/nftables I guess
17:54:40@excelsior666:matrix.orgexcelsior666 joined the room.
17 Nov 2019
06:50:25@terabit:matrix.org
In reply to @takeitdowntommy:matrix.org
Splunk question: I want to take a search output, compare a field of IP Addresses from that output with a file that has a list of IPs, and if there's a hit I want to remove the IP from the output. I've got the output and the file, but I have no idea how to compare then. Any clues?

Curious, why ask me in particular ?
You would upload the file as a lookup table first.
Then you would do something like:

index=myindex source_ip=* 
| lookup .... OUTPUT somecolumn as somefield
| eval source_ip=if(source_ip=somefield,source_ip,"0.0.0.0")

but quite peculiar how you asked me this ...

06:51:49@terabit:matrix.orglookup tables and "if" eval basically does wonders. IIRC splunk also comes with a 'dnslookup' lookup table if you want to enrich your logs by doing PTR record lookups
06:52:10@terabit:matrix.orgs/logs/searches,reports,dashboards
10:27:02@krznv:matrix.orgκṛẓṇv joined the room.
11:55:33@krznv:matrix.orgκṛẓṇv joined the room.
12:37:14@eclipse:chat.weho.stEclipse (恢复) changed their display name from Eclipse to Eclipse (新宿ゴールデン街).
12:45:40@eclipse:chat.weho.stEclipse (恢复) changed their display name from Eclipse (新宿ゴールデン街) to Eclipse (恢复).
12:48:28@lobsterclaws:matrix.orglobsterclaws left the room.
14:26:30@foxo:foxo.meFoxo joined the room.
14:42:34@takeitdowntommy:thomcat.rockstakeitdowntommy@terabit:matrix.org: Thanks! Sorry, you and I had talked about Splunk before.
22:04:25@g00nz1:matrix.orgg00nz1 joined the room.
23:45:19@kasia23:matrix.org@kasia23:matrix.org joined the room.
23:49:32@kasia23:matrix.org@kasia23:matrix.org left the room.

There are no newer messages yet.


Back to Room List