The Complexities of Hoarding S3 Buckets

The Complexities of Hoarding S3 Buckets

I originally was interested in S3 Buckets because I continually saw all the places getting breached and suffering data leaks. I thought to myself "how cool would it be to find one of these and report it ?!" A noble idea at the time. I then realised that there were few resources to actually just find buckets. Sure, there were tools to collect the names, but few place to actually search through discovered buckets. That all led to my searchable list of S3 Buckets. I then realised that several other researchers felt the same way. Sure, they were collecting…

Read More

But What About WebApps? - SSH to the Rescue

So, there I was, on a penetration test and needed to see some web apps that a client had in-house. I had a PwnPro plugged in, however, the VPN proxy script provided was not working and my connection became wonky--and eventually FUBAR--when trying. In comes SSH to the rescue. As usual for these posts, this is really a personal instructional for later. That being said, you are more than welcome to use whatever you can. The Setup Just so there is an overview, I was recently on an internal penetration test. For this test, however, I was completely remote and…

Read More

Evasion is Getting Easier?

This is a bit of an odd one. While on an assessment, I was tasked with evading detection from an external perspective. I noticed some weird things this industry is doing to make external evasion easier for us attackers. As usual, I could be entirely wrong. Noise Perhaps one of the largest issues when it comes to SIEM is noise. In other words, a ton of offenses that are false positives or not of any business concern. Generally speaking, this is where companies will 'tune' a SIEM. This involves creating rule sets, specifying thresholds, etc. When it comes to the…

Read More

A Quest For Data and The Adventure It Took Me On

Those that know me know that I love messing with data. For some time now, I've operated several collection nodes for data ranging from pastebin scraping, Twitter "stuff", open systems on the net, and more. Over the past weekend, I decided that I wanted to collect data from Twitter via specified keywords. Having done this numerous times, it was decided that things needed to be done a bit differently. This time, I was going to actually see my data. I'll try to make this as quick as possible. The Problem Perhaps a big problem with someone like me;…

Read More

Assessing IOT pt. 1 - Preparing for the assessment

"How you climb a mountain is more important than reaching the top." -Yvon Chouinard Perhaps one of the largest issues in IoT isn't the fact that you can hack it, rather, the lack of a formal process for evaluating it and lack of how to begin assessing/evaluating IoT. In this post (part 1), we will take the perspective of a consultant hired to perform an assessment on an IoT device. What questions should I ask? Do I need to buy additional hardware or software? I hope to address these questions and many more via this post. Go…

Read More

Hacking an Election - Truth is in what you see. pt. 1?

"Just because something isn't a lie does not mean that it isn't deceptive. A liar knows that he is a liar, but one who speaks mere portions of truth in order to deceive is a craftsman of destruction." - Criss Jami Ever wonder how to hack an election in the United States? Well, here's a start! In this post, we'll talk about how to make our hypothetical candidate win with low-tech tactics. "Hacking and election", in the post, refers to influencing an election. Stop No, this isn't a post/guide on hacking election systems nor any…

Read More

Protecting Your Privacy - Recommendations

It's quite frequent that I see a blog post on "How to remain anonymous online" or something similar. To me, however, some of these posts seem to be pushing a VPN or similar product in your face for a referral click or due to sponsorship and don't really do much to help you/provide resources. As you, a reader of this blog may know, I do not post referrals nor do I push products (though, I may recommend one) because they sponsor me or whatever. So, here's my take to help you protect your privacy. This will be…

Read More

Beyond Criticality - Consider Business Impact

This isn't some crazy-advanced post. This post, however, is about a fun situation that I usually have to explain to clients and fellow business partners when it comes to understanding their vulnerability scans/assessments. What's in a number?#### Generally, vulnerability scanners will assign a value to a vulnerability it discovers; generally in the form of a number (1-low, 5-critical). Additionally, some products may represent a discovered vulnerability in readable text (low, medium, high, critical). This provides some context to how bad a vulnerability may be. Many companies will use these tool-assigned values as a focus point. When determining remediation strategies,…

Read More

Join EFF!