Cody Thomas

if it's not shared, what's the recommended solution to have the csrf value shared across workers?

I was chatting with the devs for Sanic (https://community.sanicframework.org/t/restructuring-create-server-to-leverage-workers/832/8?u=its-a-feature) and it appears that the value I set for the `"WTF_CSRF_SECRET_KEY"` is duplicated for each worker. So, if each worker gets...

or is it specifically this piece that's the issue: https://github.com/pyx/sanic-wtf/blob/master/examples/guestbook.py#L16-L19

So, I mentioned in that thread (https://community.sanicframework.org/t/restructuring-create-server-to-leverage-workers/832/7?u=its-a-feature) that even when i set that value to something static, like "5" in that message i just linked, i still get the same...

Mythic tracks a lot more data than cobalt strike and is a lot more descriptive about it too. It'll be pretty easy for me to push an update for it....

This capability is included in Mythic 2.1.1. Specifically, I initially only included the following types: - file_upload (file staged on mythic as part of tasking with the intent to get...

Glancing through it, I think pretty much everything is covered. Since Mythic has everything broken out into individual Docker containers, the C2 profile information might need to be pulled from...

Awesome! Yup, here's examples: ``` {"timestamp":"10\/09\/2020 17:01:28","mythic_object":"task_new","message":{"id":39,"agent_task_id":"269ce9b4-b949-4f6d-b193-747f19b694c3","command":"screenshot","command_id":84,"status_timestamp_preprocessing":"10\/09\/2020 17:01:28","status_timestamp_submitted":"10\/09\/2020 17:01:28","status_timestamp_processing":null,"status_timestamp_processed":null,"timestamp":"10\/09\/2020 17:01:28","callback":13,"operation":"Operation Chimera","operator":"mythic_admin","status":"submitted","original_params":"","comment":"","comment_operator":null,"completed":false}} {"timestamp":"10\/09\/2020 17:01:28","mythic_object":"task_mitre_attack","message":{"id":18,"attack":"T1113","attack_name":"Screen Capture","task":39,"task_command":"screenshot","task_params":""}} {"timestamp":"10\/09\/2020 17:01:38","mythic_object":"file_screenshot","message":{"id":39,"agent_task_id":"269ce9b4-b949-4f6d-b193-747f19b694c3","command":"screenshot","command_id":84,"status_timestamp_preprocessing":"10\/09\/2020 17:01:28","status_timestamp_submitted":"10\/09\/2020 17:01:28","status_timestamp_processing":"10\/09\/2020 17:01:38","status_timestamp_processed":null,"timestamp":"10\/09\/2020 17:01:38","callback":13,"operation":"Operation Chimera","operator":"mythic_admin","status":"processing","original_params":"","comment":"","comment_operator":null,"completed":false}} {"timestamp":"10\/09\/2020 17:01:50","mythic_object":"task_completed","message":{"id":39,"agent_task_id":"269ce9b4-b949-4f6d-b193-747f19b694c3","command":"screenshot","command_id":84,"status_timestamp_preprocessing":"10\/09\/2020 17:01:28","status_timestamp_submitted":"10\/09\/2020 17:01:28","status_timestamp_processing":"10\/09\/2020 17:01:38","status_timestamp_processed":null,"timestamp":"10\/09\/2020 17:01:38","callback":13,"operation":"Operation Chimera","operator":"mythic_admin","status":"processing","original_params":"","comment":"","comment_operator":null,"completed":true}} {"timestamp":"10\/09\/2020 17:01:50","mythic_object":"response_new","message":{"id":27,"response":"{\"file_id\":\"a4fcf1d8-9039-4cff-bbdf-85069dc64c4c\"}","timestamp":"10\/09\/2020...

Is RedELK updated with the latest MITRE ATT&CK Sub-Techniques? That's one piece that I still need to update. I'm hoping it won't change the messages too much, but I haven't...

Ah, good catch! I'm releasing a new version next month that'll properly parse out the error messages for kerberos errors like this 👍