The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
Here’s a little bedtime story about the Amass Attack Surface Mapping tool.
Category: Technology
What is GPT-2 and how do I install, configure and use it to take over the world?
OpenAPI ultimately released GPT-2, the AI model they once deemed “too dangerous” for the public, so they could transition from a non-profit to a commercial entity and rake in the dough with GPT-3 and beyond. Still, they left us with GPT-2 which is pretty cool and easy to setup and use.
Here’s an interesting targeted malware attack.
As an operator of several websites and online stores, I get hit with a multitude of attempted malware attacks on a daily basis. Most of them I can easily identify. This one, however, was quite clever in its execution.
Python worm code example – python script scans ports and copies itself to drives.
Here’s a pretty cool example of worm code written in Python. Note there are quite a few prereqs including network layer components. This examples uses nmap.PortScanner() to scan ports that are hardcoded in the code. You can change these are write a loop to iterate through a sequence of port numbers.
Cellphone jammer circuit – here’s the schematic for a simple mobile phone jammer.
In concept, a mobile phone jammer is pretty simple. It transmits signals on the same frequency as a cell phone which disrupts the radiowaves. I’ve had the circuit below in my collection of electronics schematics for quite some time.
Anonymous broadcast template
Anonymous broadcast template. https://www.youtube.com/watch?v=-eKu0LGNMdg Anonymous broadcast template.
Installing Suricata 4.* on Debian Stretch
Kept getting version conflicts trying to install Suricata 4 IDS on Debian Stretch. Looks like Suricata expects to be installed on Buster which is sort of weird. Here’s how to get past the errors (e.g. libc6 requirement not met). For Ubuntu, the OISF maintains a PPA suricata-stable that always contains the latest stable release. sudo…
Malicious sample JavaScript code – how to create an infinite loop in a modern-day browser window. Tip – don’t run on a mobile device!
This is the code the 13-year-old Japanese girl was arrested for by Japanese police with no sense of humor. I’ve run it on a Windows box and yeah, you can get out of the loop. Works on Chrome and most mobile browsers.
Here are the Russians indicted by Mueller and the most intriguing crimes they perpetrated against the United States.
The District of Columbia indicted 11 Russians for crimes against the United States. I reviewed the indictments and came up with the following items I found most interesting (or at least, thought provoking).
Here’s what a targeted Russian spear phishing attack looks like
Russian hackers are basking in a lot of cred from their recent hacks against US government institutions. In most cases, their most successful attempts where made via spear phishing attacks. Here’s what a Russian targeted spear phishing email attack looks like.