google: hey, go grab the push notification to log in to your account.me: clicks the button, button clickergoogle: "WHO THE FUCK IS THIS? YO, SOME DUDE LOGGED INTO MY ACCOUNT."

@xssfox hahaha what the fuck

@da_667 xD

@xssfox I remember way back when, I ran some server 2003 VMs on vmware server, and I got negative round trip times for ping, but I've never seen anything like that.

@da_667 I'm mostly the same way. I have started using a little bit of raw meat in wasp traps at home and it works pretty well. Unfortunately it does attract some flies as well and they don't do harm, it doesn't attract the other pollinators besides the wasps.

today I've learned that GET requests can technically have a request body. In most normal cases, the server ignores the client body on the get request.Additionally if a content-length header is specified and you include a body on a GET request, that Snort2.9 and Suricata5+ will inspect the client body.why do I bring this up?This is a great write-up by ESET on GhostRedirectory and their Rungan backdoor:https://www.welivesecurity.com/en/eset-research/ghostredirector-poisons-windows-servers-backdoors-side-potatoes/I forged this pcap, and got my rule to fire:alert http any any -> $HOME_NET any (msg:"ET MALWARE GhostRedirector Rungan Backdoor Access M1"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"action|3d|cmd"; fast_pattern; http.request_body; content:"cmdpath|3d|"; content:"ming1|3d|"; reference:url,www.welivesecurity.com/en/eset-research/ghostredirector-poisons-windows-servers-backdoors-side-potatoes/; classtype:trojan-activity; sid:1; rev:1;)