Posts

Showing posts from November, 2017

scopin'

Image

Unrelated ranting

Image
So, I wrote this earlier elsewhere, but I feel I need to expand on it more so let me tell you a story:

Once upon a time people could say that things would never happen, it's all just some people's wild imagination. People thought things would never happen, are the same who built paths towards the rejection of belief in orwellian or similar dystopian existences. Can you believe it? A day existed where people could challenge this with arbitrary means and be considered right?

I guess some examples are in order. We would never burn books en masse, we would never absorb ourselves so much that we don't understand functional principles of life, we would never be stuck with governance over our minds and thoughts and it would never be illegal to think about things that don't fit in with the masses. Governments wouldn't poison their own people, that would make them look bad and hence they wouldn't do it. Governments wouldn't spy on their own people or fraudulently re…

Dear self

do you think that people understand when you make allusions to anything? Pop culture to dark humor, sometimes it seems like no one will ever get it. But, allusions are so fun sometimes because of the things you can say with them. Like building a story that shortens sentences or paragraphs as it progresses so that you can identify a rushing or crumbling ideology. Or like references of situations that are built of the situations, one after another/in sequence to each other, in the idea of showing a common pattern of events without ever stating a single event only references to them. These are the joys of communication but sometimes people just never bother to pay attention. In a world full of those who refuse to pay attention, I guess it could be assumed this will never have a place in people's hearts or minds.

Oh well, lets go back to drinking. That's one way to waste time.

Apathetically.

Ferasdour
https://keybase.io/ferasdour

away from the tech

Image
You know, I find myself often curious about the world. I find myself wondering what topology is used to inform the state about car specifics so they can print a little tag for you. I find myself curious how to poll cell towers for gps locations of people at another tower. I find myself curious about the atm protocol and how atms (machines/systems) work. I find myself picking apart nfc devices to find what their data is and wanting to write these to something else. If these activities seem criminal to you, then I guess I am a criminal. Oh, you want me to get licensed to be able to do these things with a magnifying glass waiting for me to fuck up? Why allow myself to be beaten out of existence?
At a young age, I found myself interested in taking things apart and studying them. As a kid it seems like innocent curiosity and no one cares when a kid makes a new method for absorption and storage of ambient/static energy. Well, some people cared, but only because people pushed it under their f…

Passive Intelligence

Image
Now, I'm not some fancy big shot who wanted to define things my way and tell everyone else to piss off. However, I don't entirely understand how other people claim passive intelligence the way they do. So, as an example, I continue on my dive into finding various notions from data within comparing unique malware domain resolutions. In this case, over on http://0daz.io/useful.log I found several domains were being built on a common provider (000webhostapp). The domains that were shown on that, were found to be malicious and put on the malware domains list of domains (http://malwaredomains.lehigh.edu/files/domains.txt). So, first thoughts would be that there is some unique design on how malwaredomains finds those specifically while very few, if any, no-ip and similar sites are on there. Regardless, I took the approach of how much I can find about 000webhostapp based on these.

curl http://0daz.io/useful.log 2>/dev/null|grep -i 000webhostapp.com|awk '{print $2}'|sort|uni…

Malware Domains and Botnet Jacking

Image
Okay, now some of you white hat "the rules make ethics" types may not like anyone discussing it, but lets do this. Domain and botnet jacking, as it pertains to not only threat actors but for blueteamers as well. In this thread, we discuss how a simple script can find domains to take over, how to monitor changes in botnets, and identify how people build their domain resolution pools. Protip: a lot of people just fake it. That 200 bot domain is actually more like 4 and a vpn, at best. But we're not actually messing with that yet.


We start today with this little bit of nonsense. It's simple python script designed to create a webpage based on domain resolution tracking. The page shows numerous domains and how they change.

lists=[ ]filetowrite="/var/www/html/index.html"failedtowrite="./faileddomains.log"initialinfo="<html><head><title>DomainTracking</title></head><body>Begin Run<br>Domain ip loggedtime<b…

Fancy toys

Image
Now that I finally got me some fancy toys and a fancy blog, I guess all that's left to do is brag about my fancy toys.

The wifi pinapple sucks.

There, I fucking said it.

But it's not like it's hardware sucks, it's just the people who put it together (hak5?) shouldn't do this anymore. Needs more space, needs better control, needs package management that works, needs to alert on conflicts instead of silently failing, don't need to log it as much as it needs any details of what happened, though logging would be nice too.

The modules and setup for web interface is almost not worth having, might as well skip that for just an interactive shell. Pineap? This is like if a pi had better wifi hardware and someone didn't know how to setup a malicious ap. "Push the configure button" "no wait, not that one, the other one hidden behind a drop down you can't see and don't really know what it's there anyway." If this is years of design please…

Easy Start

Image
Lets start this off easy by saying, hi my name is irrelevant and everything should stay disassociative, however if you spent 30 seconds of google, especially because of using a google service, you can find me and I encourage it. I have no ill-will towards those who want to spend the effort to learn something, even the trivial things. That is what we do, as a species and as the infosec/hacking community. We live to peer into things you would rather hide, we see things others would rather lie about. No reason to sugar coat it, laws are irrelevant and only the truth exists. It's the "white hat" community that gave the title of blackhats and whitehats and this (ugh) claim of grey hats. By blackballing people who were willing to commit crimes you segregated the world into black and white instead of accepting that they do the same things you do but use it for other purposes. With that said, if anyone is still paying attention, today I've been playing with a few rats and wa…