• Ephera@lemmy.ml
      link
      fedilink
      arrow-up
      7
      ·
      6 months ago

      Man, during my apprenticeship, I spent a month in the offensive security department, so white-hat hackers. My most memorable experience there was us scrolling through a WireShark log of a server (which a user had conveniently placed into a web-hosted folder, so our automated scanners could pick up on it).

      Then we found an unencrypted FTP connection in there, which meant the password got logged in plain text and then we tried the same password for SSH. In roundabout 10 minutes, we had root access. On a real-world system.

      And yeah, watching him scroll through those Recall logs, that felt eerily similar. Like you just need the right Ctrl+F, the right screenshot or any clue that they’re using some insecure technology which you can exploit. If you can extract those logs, it’s likely just a matter of time until you find something.