Cody Kretsinger

Want to find out how to get ahold of me? Find me on CodyKretsinger.com

I found a couple of vulnerabilities in RapidFire Tools Network Detective. You should probably make sure they're all updated. galacticadvisors.com/release/critic…

Real American Patriots support Ukraine. We're with you @ZelenskyyUa 🇺🇦Slava Ukraini🇺🇦

We've made it to Gleba and made some much needed design choices that are familiar, but I just can't quite put my finger on where I know it from...

Does "Lightly Encrypted" mean they held the salt? pcmag.com/news/hot-topic…

@Mandiant Some new refined searches get this total closer to 5,000 Internet exposed #fortimanager devices. The average device count in the hundreds would mean 500,000 or more potentially impacted devices.

@Mandiant Also, stop putting shit on the internet on non-standard ports like its going to do something. 4443, 8443, and 10443 isn't going to hide the service from anyone. All you're doing is making it take a little longer to script and make it 1% harder for the bad guys to #badguy.

Yesterdays headline about the #FortiManager #Vulnerability included a stat: 60,000 vulnerable devices. That may have been a bit misleading. You see, the search done on Shodan identified devices that likely *receive* updates from FortiManager using port 541+some magic.

@UK_Daniel_Card Not to mention how absolutely tragic Fortinet's response was and how they "handled" this patch. I've not talked to one admin who has been happy with the communication around it.

@CodyKretsinger Also just the fact this exists will have imposed cost and diverted attention from other things…

@CodyKretsinger think that might have already occurred...

@UK_Daniel_Card You're 100% spot on. And its only going to take a couple of these appliances getting popped to cause an absolute mess.

the FGFM Port + XAB or something query was probably a good idea of potential targets then as you say: how many firewalls are they managing. you can tell from the NCSC notice (if you read between the lines) how this might look... it's very complex from an external pov to know... I would imagine even Fortinet don't really know either.

This FortiManager vulnerability is *wild* folks. Trivial to exploit, impacts are incredibly bad. If you haven't patched already I'd be doing it ASAP and check the logs for the bad guys.

Todays a 'coffee run start' kind of day

That nationwide outage a week ago seems a little more suspicious all of a sudden. Time to break out the tinfoil hat.

Man, I cannot believe we're one week away already. We've got some pre-event announcements coming but only a few tickets left. So get them while you can.

@TomLawrenceTech ok, good. I'm not alone then! Next question, do you all do it in front of execs as well?

@CodyKretsinger Yes!

Does anyone else call "incognito" or "private browsing" Porn Mode or is it just me?