@thegibson - in 2002/3 ish I was performing a security assessment of a bank when they insisted I perform the internal Nessus scan during business hours. 30 seconds after the scan started their AIX server crashed taking all business with it. Noticed I had accidentally clicked “enable dangerous plugins” in Nessus.

@thegibson - about a year after that I was testing an ISP’s out of band management network when I noticed a flood of ICMP TTL expired fly across my tcpdump window. (Always recorded all my tests)

A second later their two largest, most powerful, routers crashed due to a routing loop.

The worst part was before I started I confirmed with the network team there were no routing loops because I wanted to be more aggressive with scanning.

Follow

@thegibson - impressively, not my failure , but my team mate somehow deleted everyone from domain/enterprise administrators.

The recovery was amazingly dumb. After several failed attempts to hack in and elevate privs one of us realized Tripwire ran as administrator. He threw together a batch script to add himself to domain admins and within minutes he was in.

In hind site we spent a lot of time hardening AD and the controllers. Don’t get to see that as much as I’d appreciate

@thegibson - wow.

Either I fail a lot or I am really good at remembering my failures. I am thinking of so many.

That isn’t even counting my social failures while on the job! 😅

Sign in to participate in the conversation
IOC.exchange

INDICATORS OF COMPROMISE (IOC)
InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

We have a Getting Started Guide here: https://ioc.wiki/mastodon

HAVE FUN and STAY SAFE!