Posts

Showing posts from December, 2017

Bad information

Image
I recently found some blogs about various anonymous functions online which appear to be seeding bad information. Either by being wrong, misleading, or inadequate. To start with, here's one I saw that people were sharing in a forensics group.

https://vallejo.cc/2017/11/11/using-gathering-information-tools-through-tor-network/

Yes you can totally do an nmap scan over tor with proxychains, yes these particular copypasta scans can work. However lets discuss why a bit further. Yes, there are limitations on scanning capabilities on what can/will go through socks, there is also limitations on what scans can do what functions. As a test, I used tcpdump on the server being attacked with a monitor of my own ip address. If there was even a single packet to or from my attacking ip, it was a complete failure.


nmap attemptResults (did it hide our ip)proxychains nmap -Pn -sT -sV -O -p80 {MY HOST}Failed when added os detection (+O)proxychains nmap -Pn -sT -sV -T5 -p80 {MY HOST}Success, despit…

Training

Image
You must train for the worst; prepare for the worst, and hope for the best. training for what you have going right now is not apt for training. you must do what you need right now /and/ train for the future. That's my belief anyhow.

Data Data Data

Image
Data data data. Data data data data, data data. Data data data data data data data.

Developers developers de... oh whoops, wrong one. Data data data.

I wanted to talk a bit on data, it's perceptions, and how it is used or misused. So, to uphold this conversation, I would like people to look at the first too lines of this post. To a computer, specifically an ai, this may appear as a sequence representing some choice in lexical ambiguity or it may see it as simply some ascii strings with which we could map to known words, which we could map to known usage and habitual usage to find most likely meaning. In either case we think about this, a computer may see the first sentence by itself and assume one situation, then the second and assume it is another, or both together and assume it's a 3rd. This is a fundamental issue with data, even to a computer: perception changes how we investigate, diagnose, or define it.

Now lets say that I wanted to run this data myself, how would I figur…

PlasmaRat: why use shitty malware?

Image
I wanted to discuss some issues I find in the realm of choosing malware and why its perfectly fine to use bad software once in a while. In this, I will detail a plan of action to leverage multiple sets of well known/easily detected malware for various purposes. So lets begin with a soft story. You people love story time right? In this story a threat actor, before they become a studied attack profile by major organizations, was just a young nooblet looking to see what they could do. While developing their plans and their chess game, they found tools. Now, immediately you're probably thinking script kiddie and fundamentally you'd be right. These people used what was available to them rather than learning what it took to do it themselves. Eventually, the habbits and traits learned by doing this turned into an actionable plan and money was made. When money was made, people stop trying to perfect an art and start looking to more free answers. Instead, our protagonist decides h…

Lets play a game.

Image
http://0daz.io/index.boogiepop
Rules:

I give you a private and public key pair when you access the page. It's up to you to understand how to use them. This is a programming game. You are given my public key (same one for keybase) for when you find answers. Send your answers on keybase (chat:answers are pgp encrypted or won't be accepted), or as a get request to the server(preferred). Answers should be in the notion of http://0daz.io/boogiepop.phantom?answer={username:code}. You will get a 404, and winners will be updated to the original page along with timestamps of when they sent winning data. (future updates, I intend to make it show date since you got your username used for the challenge calculable in milliseconds, as well as time since the challenge was posted. this is not yet a feature)This is not a ctf, but if you hack my shit, the worse you can do is get it flagged or shutdown, best you can do is fix my code. I won't be hurt either way in these regards. PS: if someon…