Google Hacking in 2017

It has been some time since my last post. Then again, I've been busy taking the Cracking The Perimeter course from Offensive Security (probably a future blog post): https://www.offensive-security.com/information-security-training/cracking-the-perimeter/ So, let's talk about "Google hacking" in 2017 and how we used it in a pentest. This is just a quick post; I need to get more content out. Google Hacking If you are in the information security realm, you know what "Google hacking" is. For those that aren't aware, it's the use of Google to find indexed information that may contain…

Read More

Why We Moved To Cloudflare

Ensuring our infrastructure is running smoothly and a few other concerns are always on the back of our minds here at protoxin.net. 2016 was a big year for the ProToxin.net team and me; we launched this site and a it's just been a fun adventure since. During this time, we've been harassed and DDoS'd many times. Due to this, we transitioned our systems to [redacted] to try and offload DDoS as well as do some moderate content caching, as they also provided CDN capabilities. $20USD/month was [redacted]'s price. Not bad, really. Unfortunately, we came into a…

Read More

Holiday Message - 2016

2016 has been a crazy year. Though not everyone got what they wanted in various different ways, we're all still alive. If you're observing Christmas, Hanukkah, or Kwanzaa, please have a happy and safe holiday! I don't plan on any posts before the new year. If there aren't any posts, then I will see you all in 2017! Be excellent to each other. Cheers, ProToxin…

Read More

CopperheadOS - A Review Pt. 1

Full disclosure: I am an Apple user (haters gonna hate). Also, I was not paid nor compensated in any way by Copperhead. This is just my take and review on the Android OS variant produced by some hard working people. This is the first part of this review. I plan on using this OS as a daily driver and making a follow up post. Intro First off, what the heck is CopperheadOS? From their site: A hardened open-source operating system based on Android Is it really that simple? yes. It is what they say it is. No more, no less.…

Read More

Hacking an Election - Truth is in what you see. pt. 1?

"Just because something isn't a lie does not mean that it isn't deceptive. A liar knows that he is a liar, but one who speaks mere portions of truth in order to deceive is a craftsman of destruction." - Criss Jami Ever wonder how to hack an election in the United States? Well, here's a start! In this post, we'll talk about how to make our hypothetical candidate win with low-tech tactics. "Hacking and election", in the post, refers to influencing an election. Stop No, this isn't a post/guide on hacking election systems nor any…

Read More

'Tis The Season - Beware Holiday Phishing

I cannot believe that it is that time of the year already. I, of course, am talking about that it is time for the holidays. With all the holiday spirit and cheer, attackers are certainly near. With that being said, here are two phishing tactics commonly seen around the holidays. That's not my package! One of the best scams for this time, in my opinion, are the fake notifications from UPS, FedEx, DHL, USPS, etc... Many of these scams rely on the fact that you've probably ordered something these holidays. Generally, the email will state that there has been an…

Read More

Protecting Your Privacy - Recommendations

It's quite frequent that I see a blog post on "How to remain anonymous online" or something similar. To me, however, some of these posts seem to be pushing a VPN or similar product in your face for a referral click or due to sponsorship and don't really do much to help you/provide resources. As you, a reader of this blog may know, I do not post referrals nor do I push products (though, I may recommend one) because they sponsor me or whatever. So, here's my take to help you protect your privacy. This will be…

Read More

Beyond Criticality - Consider Business Impact

This isn't some crazy-advanced post. This post, however, is about a fun situation that I usually have to explain to clients and fellow business partners when it comes to understanding their vulnerability scans/assessments. What's in a number?#### Generally, vulnerability scanners will assign a value to a vulnerability it discovers; generally in the form of a number (1-low, 5-critical). Additionally, some products may represent a discovered vulnerability in readable text (low, medium, high, critical). This provides some context to how bad a vulnerability may be. Many companies will use these tool-assigned values as a focus point. When determining remediation strategies,…

Read More

Join EFF!