Header Image -

Category Archives

16 Articles

How to Host a Hidden Service .onion Site on the Dark Web

by Jamey 0 Comments
How to Host a Hidden Service .onion Site on the Dark Web

Warning: the recommendations made here are in reference to hosting your own personal content, not to become a web hosting provider on the dark web. You are responsible for the content that you host (maybe depending on region — I’m not a lawyer), but you don’t want to find yourself anywhere in the distribution pipeline related to the nefarious goods and services of others.

This guide is tuned toward hosting on Amazon Web Services (AWS) on Ubuntu 18.04. The same things can be achieved using RPM-based distros by substituting the packaging commands and tweaking the instructions as necessary.

3 views

How to SSH to a Jailbroken iOS Device over USB

by Jamey 0 Comments
How to SSH to a Jailbroken iOS Device over USB

I recently had to set up testing against our Akamai Staging environment which uses a different IP address than production. This required me to get a new MacBookPro that would support the latest version of MacOS, as well as the latest version of Xcode, just so that I could have sudo access to change add an entry in /etc/hosts in order to build the application from source and run it in the iOS simulator (since the Simulator doesn’t come packaged with the iOS AppStore). Then I had to carry around another computer in my backpack simply because I refuse to separate from Arch Linux and i3-gaps (which can perfectly emulate the Android version without issues), but I digress…

15 views

Optimizing Python Code Using Cython: A Beginner’s Introduction

by Jamey 0 Comments
Optimizing Python Code Using Cython: A Beginner’s Introduction

There are much better resources than this blog that will lead you down the rabbit hole of Cythonizing your Python code, but this is just a very easy introduction, outlining my own personal experiments as a Cython beginner, myself. In this tutorial, we will use my dictionary creation tool, brutalist, as a really bad example of how to Cythonize some Python code.

0 views

Generating Large Password Dictionaries Using Brutalist

by Jamey 0 Comments
Generating Large Password Dictionaries Using Brutalist

Brutalist is a cross-platform Python3+ based command line tool that can be used to generate very large word dictionaries based on minimal input. It can take a single word like “password” and generate up to 13,198,680 combinations using common special character substitutions and suffixes, and up to all possible 3-digit numerical suffixes with all variations of special characters appended. It is a highly-specialized tool, which should be a regular go-to in the tool belt of all red teamers and pentesters.

2 views

Enabling Full Disk Encryption on Legacy MBR BIOS with LVM on LUKS and GRUB Bootloader

by Jamey 0 Comments
Enabling Full Disk Encryption on Legacy MBR BIOS with LVM on LUKS and GRUB Bootloader

This was obviously somewhat of an edge case, but I’m sure it will apply to many other users out there, and I hope it finds them well. This was one particular case where the Arch Wiki was a little shady and left me figuring out a lot of stuff on my own — as is the case for any Arch user — which is one of the reasons we punish ourselves by using it in the first place. That being said, this method should work with minimal tweaks for just about any OS, because the main things being modified here are the underlying disk formats, partitions, kernel, and bootloader. Everything else is left untouched.

10 views

A High Level Overview of IT and Security Industry Standards

by Jamey 0 Comments
A High Level Overview of IT and Security Industry Standards

This may sound like a boring article to many, but it is a basic overview of some very important information that is crucial to include in the repertoire of knowledge for all IT and security professionals.

In this article, we will be going over the high points for the following industry standards: PCI DSS, ISO 27001/27002, HIPAA, and the NIST/DoD frameworks, and adding some comments along the way on the relationships and effects that these policies and frameworks have on network architecture, as well as what possible implications they could have on architectural solutions. Most of the architectural solutions provided come from an Amazon Web Services perspective, but the same basic principles apply, regardless of which cloud service provider (CSP) you use, or even if your infrastructure is hosted on-premises.

52 views

Ransomware. Ransomewhere? Inside malicious installers on MacOS, that’s where.

by Jamey 0 Comments
Ransomware. Ransomewhere? Inside malicious installers on MacOS, that’s where.

With the new wave of ransomware attacks we have seen at the beginning of this week, especially targeted toward Spain, we can see that mostly Windows attack vectors are mostly being utilized, in what appears to be a variant of the Bitpaymer family, related to the Dridex group of malware.

But what does the future hold for attacks such as these? When will we see the attack vector change drastically to target something that your company is most-likely unprepared for? We are seeing bad actors targeting low-hanging fruit on Windows, while the world of end-users are going mobile. If iOS development is part of your enterprise, then whether you like it or not, MacOS literally has to be an integral part of your infrastructure…because XCode. Is it possible that this is something that has gone unnoticed in the threat detection landscape, or is the perception of the threat level just perceived to be so low that we haven’t yet come up with a good way to protect against it?

14 views

This Cruel Design by Emily Suvada

by Jamey 0 Comments
This Cruel Design by Emily Suvada

I promised a follow-up review to This Mortal Coil for the sequel, This Cruel Design by Emily Suvada. I also promised to follow up on the technological themes posed by this series, and how in the very near future, we could easily see this work of fiction merge more into an account of fictional events based on non-fiction technology. Personally, I think this series to be slightly ahead of its time [in a good way], as to show readers what kind of scenarios could play out in our future. For readers who are not tech-savvy, this would probably be a 3-star read. For me, knowing about the underlying technology and just how realistic this book is, boosts that up to a 5-star read. Emily Suvada knocked it out of the park with this one, which was equally as good (if not better) than This Mortal Coil.

5 views

HSTS – The Missing Summary

by Jamey 0 Comments
HSTS – The Missing Summary

HSTS (HTTP Strict Transport Security) is a feature supported by all major browsers, and it’s a method for websites to declare that they should ONLY be accessed securely over HTTPS and never over an unencrypted HTTP connection. If a site has an HSTS policy, browsers will refuse all insecure connections to that site AND prevent users from accepting insecure SSL certificates. This, however, can come with certain risks to availability if not implemented correctly, as you will read later…

9 views

HTTP/2 – The Missing Summary

by Jamey 0 Comments
HTTP/2 – The Missing Summary

We know our browsers support it, and we know AWS, Akamai, and other big players support it within their infrastructure already…but do your applications and/or on-prem infrastructure have what it takes to leverage the awesomeness that is HTTP/2?

Think about it. We went from HTTP/0.9, to HTTP/1.0, to HTTP/1.1…to a full version upgrade of HTTP/2. That alone should tell you that there are some very interesting features lurking underneath the hood. This is the missing in-depth summary that you have been missing while being overloaded with too much information reading official specs and getting lost in sensory-overload-causing diagrams. Welcome to HTTP/2 – the missing summary.

3 views