Toots for jjtech@infosec.exchange account

Written by JJTech on 2025-01-05 at 06:44

I even saw comments saying “just hire someone to professionally design your IPv6 network”…

If the network design needs to be so complex that it can’t be explained to someone who doesn’t specialize in it… that is completely unworkable

All developers need to be able to correctly reason about the (security) properties of the network, at least at a basic level. It shouldn’t be black magic.

=> More informations about this toot | View the thread

Written by JJTech on 2025-01-05 at 06:41

For another thing, stuff like RAs are poorly understood and poorly implemented…

I keep seeing even larger businesses who can setup IPv6 properly with their ISP just disabling it entirely because of vulnerabilities and poorly understood consequences:

https://www.reddit.com/r/sysadmin/comments/1ciykzc/ipv6_leave_enabled_or_remove_proscons_lessons/

=> More informations about this toot | View the thread

Written by JJTech on 2025-01-05 at 06:38

So we either need to accept reality and start implementing NATv6/NPTv6… or we can just take another couple decades with abysmal adoption levels

=> More informations about this toot | View the thread

Written by JJTech on 2025-01-05 at 06:36

All the IPv6 “purists” keep telling me that I should “just BGP peer with my ISP(s)” and “upgrade to business class internet”

Like, sure, we all know that would be the ideal option. But it’s not an option.

=> More informations about this toot | View the thread

Written by JJTech on 2025-01-05 at 06:34

Does anyone actually use #IPv6 in a prosumer/small business setting?

For example #UniFi has abysmal support for it, basically if you want failover, dual WAN, etc. you just have to completely disable IPv6

=> More informations about this toot | View the thread

Written by JJTech on 2024-11-13 at 17:31

in theory I should be able to use sparserestore to overwrite the LaunchServices DB and do some funky things, but the database format is completely custom and difficult to work with.

=> More informations about this toot | View the thread

Written by JJTech on 2024-11-13 at 17:29

I’ve been experimenting with Launch Services, it’s integral to how apps are launched on iOS and macOS and yet seems almost completely unexplored.

Publishing my notes here for anyone interested https://github.com/JJTech0130/launchservices

=> More informations about this toot | View the thread

Written by JJTech on 2024-09-11 at 21:49

@doronz discovered the #visionpro has a secret mechanism for restoring backups over USB that is vulnerable just like the one on iOS

So now the same exploit that powers TrollRestore can be used for arbitrary file-write on VisionOS! 🎉

https://github.com/doronz88/pymobiledevice3/commit/6e40a11a5011c5d8ca850e9319470a5f4d0891f4

=> More informations about this toot | View the thread

Written by JJTech on 2024-09-02 at 21:00

Announcing a new #TrollStore installation method for iOS 17.0: TrollRestore 🎉

Uses an interesting method related to backup restoration rather than a kernel exploit. Details to follow.

https://github.com/JJTech0130/TrollRestore

=> More informations about this toot | View the thread

Written by JJTech on 2024-08-02 at 03:01

For example, 192.168.1.0/24 less 192.168.1.1/32 becomes:

192.168.1.0/32, 192.168.1.2/31, 192.168.1.4/30, 192.168.1.8/29, 192.168.1.16/28, 192.168.1.32/27, 192.168.1.64/26, 192.168.1.128/25

Which would be next to impossible to come up with by hand.

=> More informations about this toot | View the thread

Written by JJTech on 2024-08-02 at 02:59

I have no idea if anyone else has issues like this, but I just found this small website's tool extremely useful:

WireGuard AllowedIPs calculator

For some reason I've now run into several situations where software wants a list of IP blocks, and I want to exclude just a single IP from the block.

=> More informations about this toot | View the thread

=> This profile with reblog | Go to jjtech@infosec.exchange account