One time I got asked in an interview how to estimate the number of manholes
in a city. I replied that I would google 'pretentious interview questions'
for a problem solving methodology.
On Thu, Jul 23, 2020 at 5:06 AM wrote:
> > Mark Tinka
> > Sent: Thursday, July 23, 2020 5:04 AM
> >
> > On 23
It's unlikely the routers that got exploited were the initial entry point
of the attack. The chain of events can look like this:
spearfishing email with exploit laden attachment
end user opens attachment, internal windows endpoint compromised
malware makes outbound connection to command & control
Wouldn't the calculated MD5/SHA sum for the IOS file change once it's
modified (irrespective of staying the same size)? I'd be interested to see
if one of these backdoors would pass the IOS verify command or not. Even
if the backdoor changed the verify output; copying the IOS file off the
router
Does anyone have a sample of a backdoored IOS image?
On Tue, Sep 15, 2015 at 2:15 PM, wrote:
> I'm sure most have already seen the CVE from Cisco, and I was just reading
> through the documentation from FireEye:
>
> https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.htm
> l
If someone has physical access to a Cisco router they can initiate a
password recovery; tacacs vs local account doesn't matter at that point.
On Mon, Dec 29, 2014 at 12:28 PM, Colton Conor
wrote:
> Glad to know you can make local access only work if TACAS+ isn't
> available. However, that still
In the Cisco world the AAA config is typically set up to try tacacs first,
and local accounts second. The local account is only usable if tacacs is
unavailable. Knowledge of the local username/password does not equate to
full time access with that credential. Also, you would usually filter the
i
6 matches
Mail list logo