Splunk Join search with time issue

Search Case:

Join search between two sources (IPS & DHCP log)

IPS log : Threat, IP, Hostname

DHCP log : IP, Hostname

Objective: Finding Host’s IP is triggered in IPS. Considering DHCP is providing same IP to multiple host.

index=ips | join IP type=inner [search index=dhcp | fields _time,IP,HOSTNAME] | stats count by Threat,IP,Hostname 

Problem: Getting only the last value from my DHCP index. If IP x.x.x.x was used by three hosts during the day: Host A, Host B, and Host C. Host B is the host that was triggered in IPS at 12 PM, but Host C is the last host that used the IP at 4 PM.

Now when I check my search at 5 PM, it shows the Threat in IPS was triggered at 12 PM with Hostname as Host C, which is wrong. It needs to show Host B.

Is there any way I can fix this so that the correct host is showing for IPS Threat?

When does a semaphore issue a wait and when does it issue a signal?

In my textbook, Operating Systems: Internals and Design Principles (9th Edition) by William Stallings in chapter 5, it explains how semaphores work:

The fundamental principle is this: Two or more processes can cooperate by means of simple signals, such that a process can be forced to stop at a specified place until it has received a specific signal. Any complex coordination requirement can be satisfied by the appropriate structure of signals. For signaling, special variables called semaphores are used. To transmit a signal via semaphore s , a process executes the primitive semSignal (s) . To receive a signal via semaphore s, a process executes the primitive semWait (s) ; if the corresponding signal has not yet been transmitted, the process is suspended until the transmission takes place.

I can’t find a description in chapter 5 of when a semaphore would issue a semSignal vs a semWait (which are also sometimes called signal and wait). Can anyone describe the conditions under which semSignal would be issued vs a semWait?

[ Renting & Real Estate ] Open Question : Renter Issue?

I am trying to purchase a home (using VA loan) with a mortgage payment way less than my current rent, but I asked about cutting my apartment lease early. I was told I would have to pay almost $ 2000-$ 4000 in fees. I’m not able to pay that at all within their 60 day notice. Is there any legal way around this for those who can’t afford their fees an have to end up staying paying for rent they can’t afford anymore? As well I’d like to note my husband renewed the lease in February but the apartment office assistant manager pointed out it was signed April. Can we dispute this too and will it have an effect on the current situation? 

Issue of thumbnails in mobile search results snippets [on hold]

Please help me understand how google is picking up images for mobile search results differently for profile pages having the same structure.

Ref URLs:

  • https://www.mckinsey.com/our-people/chris-mulligan

  • https://www.mckinsey.com/our-people/kate-smaje

  • https://www.mckinsey.com/our-people/liz-hilton-segel

  • https://www.mckinsey.com/our-people/werner-rehm

In these webpages, the og: image is different from the one which is visible on the page. For the actual image there is an attribute as itemtype=”schema.org/Person” added to the picture element in the markup. Google is picking up og: image for the first 2 links and actual images for the others. For these search queries:

  1. searching “Chris mulligan” – shows an actual image which is getting displayed in the webpage Chris Results

  2. Searching “Liz Hilton Segel” – shows image given as og: image in the webpage Liz results

  3. Searching “Kate Smaje” – shows the actual image which is inside the page Kate result

  4. Searching “Werner Rehm” – showing the og: image given inside the page. Werner result

The same inconsistency is appearing for other profiles as well.

Am trying to bypass SSL pinning in an android app using a couple of tools and facing this issue?

I will tell everything form the beginning, I installed frida and objective by pip and pip3 respectively. Post that I downloaded adb from web and using adb script I connected to my genymotion android virtual device. (I checked if am really connected by gaining shell access and listing down app installed on that device)

Android version on genymotion virtual android device: 7.1.1

Command am using:

objection patchapk -s <apk_file> 

Error am getting:

No architecture specified. Determining it using `adb`... Failed to determine architecture. Is the device connected and authorized? 

Am currently on a windows machine with genymotion on vbox and Kali on VM. Am doing all this from my Kali VM, connected to genymotion virtual android device via Kali only. Can this be an issue by any means?

Please let me know if any other information is required.

Is there any Security issue if we not used SSL between AWS Cloudfront and AWS ALB?

I have an application that is hosted on AWS. It has an Application Load Balancer in its front and it is also attached to the Cloudfront to handle a heavy load. In my case, I have enabled SSL only on Cloudfront and haven’t had SSL on ALB. Now the application works fine without any issue. It is showing a secured lock symbol on all browsers. But I had a feeling that the communication between the CloudFront and ALB is not secure. Anyone who tries to intercept the traffic between them can achieve it.

Is there any security risk like that? Can anybody intercept the traffic or all communications inside AWS are secured?

I heard about the SSL offloading feature of AWS ALB where we are not enabling SSL between ALB and EC2 servers behind it. I thought this case is also applicable between Cloudfront and its origin ALB. Is that correct or is there any security issue if we doesn’t enable SSL between Cloudfront and ALB.

Unable to See Network Clients during Deauth Capture Issue

bit of a general question here, would hope to learn more about exactly what is going on technically.

I’m attempting to test and capture a handshake from my own AP (an older Apple Airport router).

I’ve used various tools from airgeddon to wifite to fluxion to manual airodump-ng and the weird thing is: I cannot see a single client connect to the AP.

But my laptop and two mobile devices are connected. I’ve even disabled/enabled WiFi on the mobile device during a fluxion passive listening attack, mdk3 doesn’t work, nothing sees any clients.

I’ve also run the same experiment on a new Airport Extreme AP, and it captures just fine and sees clients.

For this, I’m using an ALFA adapter with the Ralink RT3070 chipset (802.11b/g/n) @ 2.5Ghz.

I’ll boot up the Nano which I just got recently next, but just curious as to WHY various tools are unable to see clients, therefore unable to deauth (or even passively listen) to ultimately capture the CAP

SP 2013 – Access Issue

The access problem started just after i removed all users and try to add them in to back. After adding them back i had given edit permissions to http:\{MYSITE}* and http:\{MYSITE}Documents/Forms/AllItems.aspx, but nobody can able access the page or library and it showing “Let us know why you need access to this list“.

But when i change the user policy from central administration by adding one user for a test. He could able to view all the folders and files beyond his limits. Can you help me to give site and folder access in a right way?

Note: When i give permissions to users for list or list item an additional permission ‘Limited access’ automatically assigning to them. Is that causing this issue?

Much appreciate if you could help me!!