This is a collection of ideas, writing, and thoughts considered worth sharing. Generally infosec focused, and generally longer form than thoughts shared on Twitter.
- blog.0x0e.org mergedJust a note that the older / dead blog at https://blog.0x0e.org has been merged into this stream.More
- Using ‘jq’ to query JSONjq is great for CLI manipulation of JSON data! Handy little bit of knowledge here, stashing so i can remember. You’re probably familiar with the fact that you…More
- Spectre & Meltdown: Mitigation StatusUPDATE 20170104: US-CERT has published an alert with aggregated links to vendor guidance and updates. Rather than requiring you to chase info all over the Internet (or on…More
- Visualizing Pentest FindingsQuick blurb so I can remember this. A bubble chart can make a handy display for pentest findings – and prioritize them. It’s a simple way to identify…More
- You and Your ResearchI was recently pointed to a great speech entitled “You and Your Research” given by Richard Hamming of Bell Labs (and Hamming codes!) fame. It’s essentially Hamming giving…More
- Getting started in Information SecurityI recently had a college student ask about getting into Information Security. Here’s his question: My biggest issue with my current education is the broad scale and lack…More
- Regional Internet RegistriesHandy reference list of links, storing in a single place for future use. A Regional Internet Registry (RIR) is an organization that manages the allocation and registration of…More
- Cybersecurity tips for traveling abroadThis was originally written in early 2017 for a friend of mine that asked for advice about how to avoid being hacked when traveling abroad. It mirrors much…More
- Pentestify.i’m over here now.More
- password hangoverJust saw the Hangover 2. – funny (and true) bit on passwords… as an international drug dealer tranfers money between accounts: “your password is bologna1?” “it used to…More
- throwaway osx post (until i need it again)use homebrew (instead of ports) for installing software. grab the rdio and soundcloud apps. trying bind an applescript to a key? use fastscripts (for open-terminal-here functionality). pay for…More
- System Event Monitoring with Prosody and jablog.rbThe tl;dr version of this post is: – apt-get install prosody (Tested on ubuntu 10.04.2 LTS) – configure a VirtualHost for your domain in the config file /etc/prosody/ (see: http://www.0x0e.org/x/prosody.ctl.lua) – set up srv records, (use this generator: http://www.jms1.net/jabberd2/srv.shtml) – create 2 accounts – prosodyctl adduser gawd@domain && prosodyctl addusser minion@domain (one for you, one for your bot/minion) – gem install xmpp4r, add a sigs.txt and run the scriptMore
- pianobar is epic!@mrbarrett just pointed me at pianobar, a command-line client for pandora. It gets rid of the need for flash player, and allows you to bypass some of the…More
- Loading only the Metasploit modules you useThe framework is taking quite a while to load on my machine these days, so i decided to stop loading all modules by default, and load only those…More
- IP List to KML generator (Create a google map from a list of IPs)Pretty simple, it takes a file with a list of ips, one/line and generates a kml file. Very handy if you’re working on a large pentest and want…More
- Metasploit HowTo: Standalone Java Meterpreter Connect-BackHere are some quick notes on how to create a connect-back Java Meterpreter .jar file. The process is very straightforward, simply generate the .jar, setup a handler. Then…More
- searching ruby source codecontributing to open source? need to search & understand ruby code faster? This bash function should save you some time. I use it atleast 50-60 times a day.…More
- ruby hash per-value defaultsHere’s a quick tip for assigning default values with a ruby hash. It’s well publicized that you can set an overall default (i think this is called “default…More
- 10 min project hosting & sharingNeed a simple way to backup (and share) local files & scripts? Yeah yeah, another svn/websvn howto – but my brain sucks, and i forget this stuff if…More
- scrape scrape scrapetotally half-finished thought. maybe it’ll spawn an idea for you… there’s a zillion+1 ways to scrape information from the web these days. here’s the easiest i’ve found:More
- Apt-proxy installation notesNo big secret that i’m a huge fan of ubuntu as a pentesting platform, and run it as my main OS. Recently I’ve had enough systems to justify…More
- Scripting Post-ExploitationA common question that comes up with post-exploitation is the need to run multiple things when a meterpreter session is initiated. You can easily run a single command…More
- Thoughts on Recommendations (Prevention vs Detection & Reaction)I started thinking about some of the findings we make and the recommendations around them – and how unrealistic we’re being as penetration testers. Take ‘Information Leakage’ for…More
- Phishing Attacks – Are your technical controls helping?Phishing is one of those things people either love or hate (A lot of it depends on which side of the fence you’re on). That said, the subject…More
- what should be considered a vulnerability?…And now, a rant. What should be considered (and reported) as a vulnerability when auditing a network? Is weak network architecture? What if i can hit a critical…More
- pentesting with an ubuntu boxhere’s a recent drop of a script i use to configure my ubuntu box for pentesting. yes, i could use backtrack (and i do — especially if i’m…More
- WiFiFoFum for locating rogue access points!what’s that you say? The PCI DSS (wireless supplement) now requires that you have to do quarterly wireless scanning at your facility? oh? you have no budget? no…More
- local network enumerationUPDATED: 11/19/2009 little script i threw together for local network enumeration – uses arp-scan, propecia, and nmap. was going to use it to dynamically generate my subnet (hence…More
- owning a windows networkso… you say you were able to grab LM / NTLM hashes from a windows box??? cool. now use them in the scanner/smb/login to check & see which…More
- checking valid windows logins with metasploitso you have some windows creds, and you want to check if they’re valid or not. turns out there’s a bunch of ways to do this: 1) auxiliary/scanner/smb/login2)…More
- exploiting suid binariesjust had a quick refresher on exploiting suid bits (and why they’re so darn evil): jcran@aldatmak:/usr/bin$ ls -la id-rwxr-xr-x 1 root root 35232 2008-06-26 20:31 id jcran@aldatmak:/usr/bin$ iduid=1000(jcran)…More
- exception has been thrown by the target of an invocation (bing + mono = fail)
- security product recommendations in a pentest?is there room for it? after reading this post on the metasploit blog, i started thinking about how well I currently evaluate product implementations within a typical penetration…More
- security tools with personalityi love tools with personality: Caught exit of DirBuster Writing report Report saved to 192.168.254.8.dirbuster.html Enjoy the rest of your day The compilation process of nmap comes to…More
- Automate basic web server checks#!/bin/bash#webservercheck.shfor i in `cat $1` ## for all lines in the file provided to the scriptdo echo “Nikto’ing $i” ##NOTE: Nikto needs to have been untarred here. /home/jcran/toolkit/nix/attack-net-webserver/nikto/nikto.pl…More
- Google is the new AV.Doing a little research on an exploit, i came across SecurityDot.Net. Google provided the link. However, when i clicked on it, i got this: Of the 174 pages…More
- Call an arbitrary library with JavaScript? I think i will.This is a handy way to execute code within the browser. Kudos to Jesse Ruderman and Dan Kaminsky for the bug discovery and POC. Essentially, in Firefox up…More
- Scott Hanselman’s 2009 Utils ListI followed Scott Hanselman around for a year when I was touring with the Dead^W^W^W^W a build / team system admin. He always puts out a good utils…More
- this is the only reason why facebook is so valuable…
- (Error code: sec_error_untrusted_issuer )ever get this error in firefox? if i accept a ssl certificate with an attack proxy (such as burp suite) in the middle, then later go back to…More
- Security Reputation MonitoringRecently I had a financial-sector client contact me regarding tools and techniques for security and reputation monitoring. The client had recently had their web site scraped and placed…More
- SCHED: Black Hat USA 2009 Briefings & Training: jcran’s scheduleSCHED: Black Hat USA 2009 Briefings & Training: jcran’s scheduleMore
- gift cardsIMG_0231, originally uploaded by jonathancran. notice anything conspicuous about those serial #’s?More
- didn’t get your facebook vanity url?that’s okay, a vanity phone number will do. google voice now allows you to search for numbers when you sign up. it’s the little things. and you can…More
- simply awfuli currently have the worst bio i’ve ever seen. must fix that. fyi, wordpress has issues: http://seclists.org/fulldisclosure/2009/Jul/0057.html (thank you, core) A vulnerability was found in the way that…More
- custom.dic could really end up being one.Typing up a report tonight and i realized I had been adding a number of exceptions to my custom Microsoft Word dictionary (‘Add to Dictionary’) . Thinking about this as…More
- Google Voice (was Grand Central) is a pentester’s best friendGoogle Voice turns out to be really handy for phishing attacks. When you send out a phishing email, it’s useful to include a phone number, in case of…More
- Scoping a Penetration TestScoping a penetration test is difficult. This is why Statements of Work and Requests for Proposals are necessary evils. It’s not an exact science. There’s a lot of…More
- Raising the BarI often hear technologies or controls disregarded on the basis of “It can’t protect against X scenario.” or “It doesn’t completely protect me.” For example, take a web…More
- Back|Track 4 First ImpressionsIt’s damned liberating to take this distro and be able to update it. This, along with specialized security-tool repositories, is the killer feature of the new Back|Track 4…More
- Just about right…
- ShmooCon 2009 Wordle VisualizationVisualization of the 2009 Shmoocon talks created byWordle.net.More
- ShmooCon 2009 picksJust arrived in DC for ShmooCon 2009. Here’s the move: Day 1: Automated Mapping of Large Binary Objects Watching the Watcher: The Prevalence of Third-party Web Tracking Day…More
- john, meet amazon. amazon, john.These are a rough set of notes I put together when figuring out Amazon’s EC2. I’ve been using the boxes quite extensively to crack passwords. This has turned…More
- Top Web Hacking Techniques of 2008Jeremiah Grossman & co’s “Top Web Hacking Techniques of 2008” have been released. Go check’m out, update your own techniques, and add anything they might have missed (I…More
- OWASP v3.0Just in case you missed this one, the OWASP v3.0 Testing Guide has been released. If you are involved in application security at all, building or breaking, you…More
- How to suck at infosecpassed along by jabra: http://isc.sans.org/diary.html?storyid=5644&rssMore
- HP Mini 1000 Series – HP 1030nrjust picked up a HP 1030NR on a lark at best buy. super tiny, but powerful enough to run most of what i need. the thing makes my…More
- New DOS attack technique: sockstressThe guys from outpost24 are releasing a new tool (sockstress) that exploits problems with TCP state tables. Apparently, you can disable most any windows/linux/firewall box with minimal attack…More
- Framing via Facebook ==> FaceFraming?So, i was posting on the wall of a friend in facebook today, alluding to how we should steal my car back from the fascist towing company who…More
- The future will be 0day.Browsing through my collection of papers & presentations and ran across these: The IPO of 0day by Justine Aitel and 0day – How hacking really works by Dave…More
- McCain vs Obama on the InternetInteresting & enlightening article on Slate. Details the difference between the Obama & McCain camp on Internet policy. Essentially, boils down to: McCain: Internet is a Product, and…More
- Firefox Extensions DumpThis is a dump of my current set of Firefox extensions. Some of these are absolutely critical for pentesting: HackBar, TamperData, FireBug and ModifyHeaders. Some are not so…More
- The OneIf you want a glimpse into the future of the web, you NEED to watch this video. Kevin Kelly of WIRED raps on on the semantic web, the…More
- Google Calendar Search for Fun & ProfitIn the same vein as the earlier post on searching for vulnerabilities with Google Code Search, I realized tonight that you can search for private calendars on Google…More
- webFileScanner.pl – simple file & directory brute-force utilityHere’s a simple utility i coded up using perl + lwp to blindly request files from a webserver + print the status code that’s returned. Functionally, it’s similar…More
- HTTP Response Splitting Explainedj0e of LearnSecurityOnline.com recently mentioned that he was actively looking for examples of ‘HTTP Response Splitting.’ I was aware of the vulnerability, but always considered it somewhat theoretical,…More
- Google Code Search for Fun & ProfitWhile toying around with Google code search to look for HTTP Response Splitting vulnerabilities, i discovered that code search is a treasure trove of vulnerabilities. For instance, simply…More
- Mager Twitter TourA friend of mine, Andrew Mager, recently got the chance to go through the new Twitter offices in San Francisco. He took the opportunity to snag a few…More
- Defcon MBTA Madness!Wow, the MBTA is in deep shit. If you haven’t heard about this, 3 kids from MIT did some analysis on the MBTA fare system and found out…More
- Pentesting TimelinesI’ve often run into the case of the network that simply can’t be satisfactorily tested in the time allotted to it. There are a couple reasons for this:…More
- Pentesting SkillsetI’ve been fumbling together a list of skills necessary to succeed as a pentester. This was prompted by mapping out my own short-term education and by gathering a…More
- Sublime says…what happened? You may notice the new blog (or not). I’ve recently switched everything over to hosted wordpress. Why? because i’m lazy. Looks like this will make it…More
- DisclosureAbout Me: A pentester for a growing vulnerability assessment (product) firm. My background is in computer science and i have no strict formal education in security. I’ve only…More
- Hello world!Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!More