Posts
Replace Google Analytics with a shell script
I started blogging in December 2020. I wanted to collect my old stories, software and notes all in one place. I thought others may like the content and I was curious how popular it may be, so I setup Google Analytics to keep track of things.
Posts
Exfiltrate files using the DNS
Once upon a time, a government auditor insisted to me that keystroke loggers had to run as root, otherwise they would not function properly. So, I wrote a keystroke logger that ran as a normal user and showed it to him.
Posts
Cracking passwords with cheap hardware
There were roughly 30 Street teams that participated in Korelogic’s 2020 Crack Me If You Can password cracking contest at Defcon. I took 4th place.
Posts
Finding a hacked server
It was a cold Wednesday morning, about ten ‘til eight. I had been in the office a few minutes when the phone rang.
Hello. “Yes, hi, the server has been hacked!
Posts
Now they have 2FA problems
There’s an old quip about solutions causing more problems:
Some people, when confronted with a problem, think “I know, I’ll use regular expressions.” Now they have two problems.
Posts
Cavezoom
Zoom is software that facilitates remote meetings and collaboration. Its popularity soared in 2020 due to the COVID-19 pandemic. It has also been the focus of increased privacy and security concerns.
Posts
Goathgen
Since I seldom need the functionality provided by oathgen (a complete HOTP/TOTP implementation), I typically use goathgen. Goathgen is a simple TOTP library and command line executable written in Go.
Posts
Oathgen
Oathgen is a command line HOTP and TOTP one-time password generator for BSD, Linux, Mac and Windows operating systems. The goal of oathgen is to be complete, standard and portable.
Posts
Padder
Padder can encrypt and decrypt small messages using one-time pads. It can also generate fake pads so that one encrypted message can be decrypted to multiple, different plaintexts.
Posts
Types of passwords
Understanding basic password types will help you devise a strong password management strategy for all of your accounts. In general, and at a high-level, there are two basic types of passwords.