The Complexities of Hoarding S3 Buckets

The Complexities of Hoarding S3 Buckets

I originally was interested in S3 Buckets because I continually saw all the places getting breached and suffering data leaks. I thought to myself "how cool would it be to find one of these and report it ?!" A noble idea at the time. I then realised that there were few resources to actually just find buckets. Sure, there were tools to collect the names, but few place to actually search through discovered buckets. That all led to my searchable list of S3 Buckets. I then realised that several other researchers felt the same way. Sure, they were collecting…

Read More

A Quest For Data and The Adventure It Took Me On

Those that know me know that I love messing with data. For some time now, I've operated several collection nodes for data ranging from pastebin scraping, Twitter "stuff", open systems on the net, and more. Over the past weekend, I decided that I wanted to collect data from Twitter via specified keywords. Having done this numerous times, it was decided that things needed to be done a bit differently. This time, I was going to actually see my data. I'll try to make this as quick as possible. The Problem Perhaps a big problem with someone like me;…

Read More

Owntracks - Creeping on IoT with MQTT

It seems that IoT is everywhere these days. While many people love to see what things can be done with IoT, some see much of it as a privacy (maybe even safety) concern. I was recently contacted by a friend asking to do an evaluation of their IoT setup for their house and see if someone could easily spy on them or potentially even harm them. In this post, I'll show how IoT (to me) became horrifying. Before I begin, I was authorized to perform testing on my friend's connection. Always get consent before poking things you do not own.…

Read More

PLC Research - The Beginning

Not a lengthy post, however, I figured that I would post an update. I've been slowly building an ICS lab that includes PLCs. Well, here's a display that's connected to the PLC! Am I excited? You bet! Currently it does not do much as I am still setting up all other requirements and components. It is network enabled; with a few TCP ports found to be open on the network. I'll post more updates as I progress. Progress may be slow on this one as I am self funded and this stuff isn't easy to come by on a budget.…

Read More

iMessage Preview Forging - Research Update 1

It appears that I am not the only researcher who had found that iMessage on the latest iOS and Mac OS gives away your IP and device information. Perhaps I should have distributed that post more; seeing as research by others has gotten more traction. meh. Here is my previous post on iMessage: https://protoxin.net/your-iphone-mac-is-giving-you-away-imessage/ This post is going to be quite lengthy compared to my usual; go grab some coffee. Here we go!!! Intro#### Regardless of the basic privacy concerns for iMessage previews, another issue became greatly recognised. I realised that I can be the one that…

Read More

Join EFF!