imo, it's a general mentality that attackers have. I blogged about this 14 years ago and it seems still applicable today ( https://blogs.securiteam.com/index.php/archives/170 )
Indecision can stem from too little information or too much information. The defender *should* have the ability to influence both of those... John On Fri, Jan 24, 2020 at 10:28 AM Dave Aitel <[email protected]> wrote: > So I went to S4 this week, which is a good conference here in Miami Beach, > mostly about hacking/protecting utilities and other critical infrastructure > components. But I had the good fortune to run into a friend > <https://www.gocomics.com/calvinandhobbes/2018/01/16> I'd never met > before. Anyways, they were telling me about how some Android State > surveillance spyware installed at the border on everyone's phone looked for > some file hashes and then sent in some data via what was essentially a > public web API. > > There's a lot of stuff that works like this, EDR systems, SIEMs of various > types, etc. And one of the classic attack patterns is that usually these > systems don't have client-certificates signing the data the client sends. > So you can send fake data as a large number of real and not-real hosts. . . > corrupting the database or simply filling it up and making it a lot less > useful because every query takes about ten minutes, especially if you > know how the indexer > <http://www.phpinternalsbook.com/php5/hashtables/hash_algorithm.html> > works. > > In other words, for some reason, one malicious host is weirdly not usually > a threat model that most defensive systems have considered. > > -dave > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave >
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
