Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.

Administered by:

Server stats:

1.8K
active users

mastodon.ie: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#JA3

0 posts0 participants0 posts today
Pan Żarówka<p>Masz VPN, zmieniony user-agent, prywatną przeglądarkę – a mimo to serwer wie, kim jesteś?<br>Bo dziś identyfikacja to coś więcej niż ciasteczka. W grze są JA3, JA4, PeetPrint, fingerprinting HTTP/2 od Akamai, kolejność nagłówków, ALPN, WebGL, fonty, język systemu…<br>Prywatność nie kończy się na adresie IP.<br><a href="https://pol.social/tags/Fingerprinting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fingerprinting</span></a> <a href="https://pol.social/tags/PrivacyMatters" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivacyMatters</span></a> <a href="https://pol.social/tags/JA3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JA3</span></a> <a href="https://pol.social/tags/JA4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JA4</span></a> <a href="https://pol.social/tags/PeetPrint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PeetPrint</span></a> <a href="https://pol.social/tags/Akamai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Akamai</span></a> <a href="https://pol.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://pol.social/tags/DigitalIdentity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalIdentity</span></a> <a href="https://pol.social/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> <a href="https://pol.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a></p>
Petr Lynx Balák<p>Ta hra je časový mor. Hrál jsem to celý víkend 😹 Ono to asi není až tak dlouhý, ale prolézám každý sektor a tak jsem asi za půlkou 😸 <a href="https://ohai.social/tags/JaggedAlliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JaggedAlliance</span></a> <a href="https://ohai.social/tags/JA3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JA3</span></a></p>
Petr Lynx Balák<p>Nový Jagged Alliance 3, se jeví hodně dobře a zatím mě to dost baví (i přes to že je to tahovka) 😼 <a href="https://ohai.social/tags/JaggedAlliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JaggedAlliance</span></a> <a href="https://ohai.social/tags/JA3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JA3</span></a> <a href="https://ohai.social/tags/games" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>games</span></a></p>
Andy<p>We alert on <a href="https://infosec.exchange/tags/JA3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JA3</span></a> signatures in certain circumstances via <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suricata</span></a>. I don't think we've ever had a true positive for a JA3 signature.</p>
imp0rtp3<p>New IPs &amp; some attribution clues related to the TA exploiting <a href="https://infosec.exchange/tags/CVE_2022_42475" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2022_42475</span></a>:<br>139.99.35[.116<br>139.99.37[.119<br>194.62.42[.105<br>45.86.231[.71<br>45.86.229[.220<br>185.250.149[.32<br>137.175.30[.138<br>146.70.157[.133<br>155.138.220[.254<br><a href="https://infosec.exchange/tags/JA3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JA3</span></a>:<br>bf2b95ac267823f6588b2436bc537b26<br>FG x64: <a href="https://virustotal.com/gui/file/0184e3d3dd8f4778d192d07e2caf44211141a570d45bb47a87894c68ebebeabb/details" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">virustotal.com/gui/file/0184e3</span><span class="invisible">d3dd8f4778d192d07e2caf44211141a570d45bb47a87894c68ebebeabb/details</span></a><br>Linux x64: <a href="https://virustotal.com/gui/file/23f2536aec6a4977a504312ff5863468ba2900fece735acd775d0ae455b4cd4d" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">virustotal.com/gui/file/23f253</span><span class="invisible">6aec6a4977a504312ff5863468ba2900fece735acd775d0ae455b4cd4d</span></a><br>Old Windows: <a href="https://www.virustotal.com/gui/file/61aae0e18c41ec4f610676680d26f6c6e1d4d5aa4e5092e40915fe806b679cd4" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/file/61aae0</span><span class="invisible">e18c41ec4f610676680d26f6c6e1d4d5aa4e5092e40915fe806b679cd4</span></a></p><p>TA was less careful with the windows samples - left us some clues:<br>- GBK (Chinese) encoding of the computer info (later changed to utf-8)<br>- UTC+8 compile time string inside sample (exactly 8 hours ahead of PE compile time)</p><p><a href="https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">fortinet.com/blog/psirt-blogs/</span><span class="invisible">analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd</span></a></p>
ExploreLive feeds
About