I recently had to set up testing against our Akamai Staging environment which uses a different IP address than production. This required me to get a new MacBookPro that would support the latest version of MacOS, as well as the latest version of Xcode, just so that I could have sudo access to change add an entry in /etc/hosts in order to build the application from source and run it in the iOS simulator (since the Simulator doesn’t come packaged with the iOS AppStore). Then I had to carry around another computer in my backpack simply because I refuse to separate from Arch Linux and i3-gaps (which can perfectly emulate the Android version without issues), but I digress…Read More
Brutalist is a cross-platform Python3+ based command line tool that can be used to generate very large word dictionaries based on minimal input. It can take a single word like “password” and generate up to 13,198,680 combinations using common special character substitutions and suffixes, and up to all possible 3-digit numerical suffixes with all variations of special characters appended. It is a highly-specialized tool, which should be a regular go-to in the tool belt of all red teamers and pentesters.Read More
With the new wave of ransomware attacks we have seen at the beginning of this week, especially targeted toward Spain, we can see that mostly Windows attack vectors are mostly being utilized, in what appears to be a variant of the Bitpaymer family, related to the Dridex group of malware.
But what does the future hold for attacks such as these? When will we see the attack vector change drastically to target something that your company is most-likely unprepared for? We are seeing bad actors targeting low-hanging fruit on Windows, while the world of end-users are going mobile. If iOS development is part of your enterprise, then whether you like it or not, MacOS literally has to be an integral part of your infrastructure…because XCode. Is it possible that this is something that has gone unnoticed in the threat detection landscape, or is the perception of the threat level just perceived to be so low that we haven’t yet come up with a good way to protect against it?Read More
I have recently been hearing about Hugo and how easy it is to manage for blogs and such (it uses/renders Markdown), and ever since I heard about Heroku’s free tier, I’ve been wanting to give it a shot. This article will be documenting how I went about doing both.Read More