--- Log opened Thu May 31 00:00:00 2018 --- Day changed Thu May 31 2018 00:00 < JFDkthx> k 00:00 < Hunterkll> this happens when TPM is enabled trying to boot the windows installer -> https://i.imgur.com/FbFu5k9.png 00:01 < Jekotia> Hunterkll: Did enabling TPM have any other dependent settings you had to change? 00:01 < Hunterkll> nopoe 00:01 < Jekotia> Then it's (╯°□°)╯︵ ┻━┻ time 00:02 < Hunterkll> also, windows has always had background encryption? 00:02 < Hunterkll> since vista anyway 00:03 < Jekotia> I only recall that the last time I tried to enable encryption on an active system (before windows 10), it wouldn't allow me to use the system for the duration of the process 00:04 < Hunterkll> then that wasn't bitlocker 00:04 < Jekotia> IK 00:04 < Hunterkll> even when bitlocker was introduced, it'd block out most of the drive and leave like 5GB of scratch space for you to keep functioning 00:04 < Hunterkll> and that was back in ... 2006? 00:04 < Jekotia> I'm really liking selfhosted gitlab so far 00:07 < Jekotia> Feels really good when the different things you're experimenting with come together to make a solid system 00:08 < xe0n> feels really good when you eat different things you're experimenting with come together for a solid poo 00:09 < Jekotia> xe0n: What is this engrish? 00:11 < corn266> I have a question about masking malicious traffic with cdn traffic 00:12 < corn266> the book says the attacker has a sdn subdomain that points to the master C2 server, but how do you get a cdn subdomain? 00:12 < corn266> s/sdn/cdn 00:15 < coderphive> sdn? 00:15 < coderphive> oh 00:15 < coderphive> Well, like in AWS you can have use an S3 bucket to intercept CDN traffic 00:15 < coderphive> or you used to be able to 00:15 < corn266> currently reading this: https://www.cyberark.com/threat-research-blog/red-team-insights-https-domain-fronting-google-hosts-using-cobalt-strike/ 00:15 < corn266> but it's using cobalt strike and that's fucking expensive 00:16 < coderphive> ohhh 00:16 < coderphive> So, do you know what domain fronting is? 00:17 < corn266> I have an inkling... using well known domains to cover your actual path ie. using cdn traffic to mask actual routes from the infected client / network 00:17 < coderphive> Nah, this isn't specific to attack vectors 00:17 < coderphive> It's actually just a CDN trick 00:17 < corn266> oh? 00:18 < coderphive> so CDN's serve multiple websites 00:18 < coderphive> say AWS's CDN is cdn.amazon.com 00:18 < coderphive> err 00:18 < coderphive> cdn.aws.com 00:18 < coderphive> That CDN serves amazon.com, netflix.com, and your site stupid.com 00:19 < corn266> hey that's registered 00:19 < coderphive> haha 00:20 < coderphive> Say some country doesn't like stupid.com 00:20 < corn266> yea you provide the cdn URL in your HTML