[L1S] Level1Security thread

Format seems fine, you could link to a discussion thread or something else and keep this as news posts only. The forum already acts as an RSS feed.
just add .rss to the URL


I'm aware of the RSS forum feature. It's just really messy and all the discussion is also featured in it. I would be making a clean RSS feed that people can subscribe to and get just the articles and content.

And may be do what @Ethereal said and post them in the News section with [L1S] prefix and security tag at first, maybe separate category later. But we'll see I'll have to first do this for a while and see how it builds up.

If they make it a category people can follow it in their preferences and get notifications whenever there is a post in that category.


Problem is we cant stop people posting without them being nice.

There's possibly two solutions.

  • A single topic like this and make a "news group" that can reply in it.
  • Do it the same way but no groups, just trust people to follow the rules of the thread.
  • make separate topics for each news story (may get cluttered, but maybe we can work something out)
1 Like

Those where pretty much my concerns there. How to prevent clutter and keep the rules and in a nice readable format that isn't just a links dump.

I will start my RSS feed anyway since it's just the cleanest and most lightweight solution anyhow.
On the forum side, we'll still have to work something out.

  1. Separate topics for each story in a category that can be followed is a nice idea. (Clutter be damned) :laughing:
  2. How would the news group work, only approved users may post? That could work, would then have to approve users that have proven themselves with quality submissions. But that adds a lot of work.
  3. I somewhat trust that the community wont post rubbish in the thread, I have not been disproven yet, that's anyway what the lounge is there for, it diverts & absorbs all of the junk posts for the main part.

There are 9 active mods:
There are less active mods on top of that, but that is the main active mod group.

The active admins are @wendell and @kreestuh


I like the thread, but it would be better to have a tag instead of a summarizing thread, because having a solution for those problems or a patch or workaround would be really useful info imo.

So I would prefer a thread for every problem, with the opportunity for people to post fixes for that problem. The list of problems would then be a search on the security tag.

If you want, an "InfoSec" tag that would only be used for these topics, would be a solution to group them.

Grouping in threads is something we would want to avoid, we'd rather have the community use tags to group content, out of search facilitation reasons.

1 Like

That seems like a plan. I've been leaning that way mostly after hearing everyones input.
The main thing is to just keep the format for the thread nice and clean so the first post can have the primary info and article + fixes and the rest can be discussion. With fixes commented in the discussion making it into the intro post.

Is there a specific name for a first post on a thread with all the info etc in it?

An InfoSec tag would be nice to group them by yes.

1 Like

I considered making one of these at some point but didn't since this is a forum. Security is too fast paced for forum style posting since days after a post a fix is usually applied negating the benefit off the post. Then you have a megathread of just outdated risks. It could be useful though as lomy as the CVE is attached... maybe.

1 Like

An idea would be to make the title of the thread start with "InfoSec:" and then the subject. Makes it even easier to find them in a listing that is not filtered by the InfoSec tag.

I'm usually quite involved with security so I often hear things before the CVE shows up. Myself I'm qualified in Information Security, Business InfoSys Risk Assessment & 'Ethical' hacking to keep it short. That term... :shudders:

My main aim of this thread is as the title [somewhat] implies. 'Level 1' security.
A way to bring Security and more in depth discussion to the less security involved that aren't able to keep up with everything but in a simpler form. It also gives the opportunity to cover aspects and topics that don't usually get coverage.

I'm planning to also write up some articles from time to time on various security topics and practices as regards to the power user (level1 community members).

Maybe covering some light hacking related topics, depending on interest and community policy.

Probably would be putting those on the L1T wiki since that seems to be in severe need of some TLC and attention.

1 Like

You could use @Eden 's format of his LinuxNews threads that he used to do. Those worked well.

1 Like

I've been thinking of a way to make them contrubtable as I've not kept up with it as fast as i like. It would work for others.

It just gave me an idea as well. A news Room group with private sub forum for making news threads? Depends on numbers other option is a PM thread for each news topic for the week.

Thanks I'll have a look for those

EDIT: That could work yes. Then I'd have to split them into sort of biweekly chunks of articles.
Linked here as reference:

I'm with you, I'm a blue team member myself working is security for the financial secto. I'm more on the management side than anything though so, even though I do as much research as possible, I'm usually defending against known threats and putting in temporary fixed for zero days if possible.

I say all of that just to show you were on the same page here and I'm not just trying to dismiss your idea, it just needs to be done in a manner that makes it useful. I'll 100% be contributing to it if successful. I've been thinking about making videos on active directory hardening, golden ticket mitigation, proper security setups, etc. This would be a good place for me to start.

1 Like

I'm Red Team for the most part. Very very Red Team :imp:

:grin: But honestly for the most part I'm more acting as a Blue team assistant to test fixes etc.

That would only make the content better.

Yeah I'm just not sure what the community guidelines are on that sort of thing.
I also don't exactly want to turn L1T forums into HackForums :laughing:

It's fine, i usually suggest people position it to show how its used in a good way, e.g for testing in companies etc.

1 Like

Governments were also using MS Word 0-Day Exploit


It turns out that the previously undisclosed vulnerability in Word (CVE-2017-0199) used for Dridex was also actively being exploited by government-sponsored hackers to spy on Russian targets since at least this January.
The news comes after security firm FireEye, that independently discovered this flaw last month, published a blog post, revealing that FinSpy spyware was installed as early as January using the same vulnerability in Word that was patched on Tuesday by Microsoft.

FinSpy or FinFisher is associated with the controversial UK-based firm "Gamma Group", which sells so-called "lawful intercept" spyware to governments around the world.

Extra References

  1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199
  2. https://www.theregister.co.uk/2017/04/11/patch_tuesday_mess


  • Office/Word Pad
  • Internet Explorer
    (All being actively targetted in the wild)


These fixes can now be installed automatically via Windows Update. Reboot and you're done. But there are caveats. For example, the patch bundles KB4015549, KB4015546, KB4015550, KB4015547 that install the security fixes on Windows 7 and 8 have an unfortunate side-effect on computers using AMD Carrizo-based processors – they'll be blocked from receiving further software updates until Microsoft sorts that out. (probably never)

"If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates. Microsoft is working on a resolution and will provide an update in an upcoming release," was Microsofts official statement.