Twitter | Search | |
David Redekop May 12
Replying to @GossiTheDog
If Sophos is blocking the killswitch domain, it's unintentionally allowing to continue?
Reply Retweet Like
Jeroen Bobbeldijk May 12
Replying to @DRtheNerd @GossiTheDog
Well... It's still getting some response for the domain, just not the sinkhole response. The killswitch should still work.
Reply Retweet Like
2sec4u NOT CISSP May 13
Replying to @GossiTheDog
That's fine, as long as it returns a page :)
Reply Retweet Like
Flemming Riis May 13
Replying to @GossiTheDog
Airgapped need to add this to internal DNS zones with a http responding correct ?
Reply Retweet Like
Doc Chis May 13
Replying to @2sec4u @GossiTheDog
That's almost funny! Block the sinkhole. Sigh.
Reply Retweet Like
K Beaumont Not CISSP May 13
Replying to @2sec4u
It doesn't sadly it appears. Screenshot is Web Intelligence which does browsing, Malicious Threat Detection blocks non-browser traffic ☃️
Reply Retweet Like
K Beaumont Not CISSP May 13
Replying to @2sec4u
That said they added definitions at 6pm yesterday for that exe.
Reply Retweet Like
2sec4u NOT CISSP May 13
Replying to @GossiTheDog
Oh fuck
Reply Retweet Like
2sec4u NOT CISSP May 13
Replying to @GossiTheDog
Test the sample and confirm - I'll reach out to people if it still runs
Reply Retweet Like
K Beaumont Not CISSP May 13
Replying to @jerbob92 @DRtheNerd
Nae, screenshot is Web Intelligence, Malicious Threat Detection hooks non-browser and blocks. However they have definitions for exe now.
Reply Retweet Like
K Beaumont Not CISSP May 13
Replying to @2sec4u
It shouldn't work. Sophos detects the exe now. I guess I could crypt it, but I don't want to start a new worm exe 💩
Reply Retweet Like
Rob Smith May 13
Replying to @GossiTheDog @2sec4u
Strangely, Sohpos on my mac blocks access to that URL in my browser, but not through telnet on port 80 within terminal?
Reply Retweet Like
K Beaumont Not CISSP May 13
Replying to @iopsGent @2sec4u
Malicious Threat Detection is Windows only.
Reply Retweet Like
Rob Smith May 13
I think has just dropped the block
Reply Retweet Like
K Beaumont Not CISSP May 13
👍
Reply Retweet Like
Richard Bartlett May 13
Ditto, just tested from our network with Sophos Endpoint Protection 10.7 and I can see the page text fine.
Reply Retweet Like
K Beaumont Not CISSP May 13
Yay! Cheers guys.
Reply Retweet Like
K Beaumont Not CISSP May 13
Replying to @GossiTheDog
Update - Sophos have fixed this, thank you. Malicious Web Detection was blocking sinkhole.
Reply Retweet Like
operations6 May 13
Replying to @GossiTheDog
Reply Retweet Like