@thegibson - in 2002/3 ish I was performing a security assessment of a bank when they insisted I perform the internal Nessus scan during business hours. 30 seconds after the scan started their AIX server crashed taking all business with it. Noticed I had accidentally clicked “enable dangerous plugins” in Nessus.
@thegibson - about a year after that I was testing an ISP’s out of band management network when I noticed a flood of ICMP TTL expired fly across my tcpdump window. (Always recorded all my tests)
A second later their two largest, most powerful, routers crashed due to a routing loop.
The worst part was before I started I confirmed with the network team there were no routing loops because I wanted to be more aggressive with scanning.
@thegibson - impressively, not my failure , but my team mate somehow deleted everyone from domain/enterprise administrators.
The recovery was amazingly dumb. After several failed attempts to hack in and elevate privs one of us realized Tripwire ran as administrator. He threw together a batch script to add himself to domain admins and within minutes he was in.
In hind site we spent a lot of time hardening AD and the controllers. Don’t get to see that as much as I’d appreciate
@thegibson - wow.
Either I fail a lot or I am really good at remembering my failures. I am thinking of so many.
That isn’t even counting my social failures while on the job! 😅
INDICATORS OF COMPROMISE (IOC)
InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.
We have a Getting Started Guide here: https://ioc.wiki/mastodon
HAVE FUN and STAY SAFE!