Recent Writing

This is a collection of ideas, writing, and thoughts considered worth sharing. Generally infosec focused, and generally longer form than thoughts shared on Twitter.

• blog.0x0e.org mergedJuly 3, 2022
  Just a note that the older / dead blog at https://blog.0x0e.org has been merged into this stream.More
• Using ‘jq’ to query JSONJune 8, 2019
  jq is great for CLI manipulation of JSON data!  Handy little bit of knowledge here, stashing so i can remember. You’re probably familiar with the fact that you…More
• Spectre & Meltdown: Mitigation StatusJanuary 4, 2018
  UPDATE 20170104: US-CERT has published an alert with aggregated links to vendor guidance and updates. Rather than requiring you to chase info all over the Internet (or on…More
• Visualizing Pentest FindingsJune 19, 2017
  Quick blurb so I can remember this. A bubble chart can make a handy display for pentest findings – and prioritize them. It’s a simple way to identify…More
• You and Your ResearchJune 19, 2017
  I was recently pointed to a great speech entitled “You and Your Research” given by Richard Hamming of Bell Labs (and Hamming codes!) fame. It’s essentially Hamming giving…More
• Getting started in Information SecurityJune 19, 2017
  I recently had a college student ask about getting into Information Security. Here’s his question: My biggest issue with my current education is the broad scale and lack…More
• Regional Internet RegistriesJune 19, 2017
  Handy reference list of links, storing in a single place for future use. A Regional Internet Registry (RIR) is an organization that manages the allocation and registration of…More
• Cybersecurity tips for traveling abroadJune 19, 2017
  This was originally written in early 2017 for a friend of mine that asked for advice about how to avoid being hacked when traveling abroad.  It mirrors much…More
• Pentestify.June 22, 2011
  i’m over here now.More
• password hangoverJune 10, 2011
  Just saw the Hangover 2. – funny (and true) bit on passwords… as an international drug dealer tranfers money between accounts: “your password is bologna1?” “it used to…More
• throwaway osx post (until i need it again)April 16, 2011
  use homebrew (instead of ports) for installing software. grab the rdio and soundcloud apps. trying bind an applescript to a key? use fastscripts (for open-terminal-here functionality). pay for…More
• System Event Monitoring with Prosody and jablog.rbMarch 22, 2011
  The tl;dr version of this post is: – apt-get install prosody (Tested on ubuntu 10.04.2 LTS) – configure a VirtualHost for your domain in the config file /etc/prosody/ (see: http://www.0x0e.org/x/prosody.ctl.lua) – set up srv records, (use this generator: http://www.jms1.net/jabberd2/srv.shtml) – create 2 accounts – prosodyctl adduser gawd@domain && prosodyctl addusser minion@domain (one for you, one for your bot/minion) – gem install xmpp4r, add a sigs.txt and run the scriptMore
• pianobar is epic!November 13, 2010
  @mrbarrett just pointed me at pianobar, a command-line client for pandora. It gets rid of the need for flash player, and allows you to bypass some of the…More
• Loading only the Metasploit modules you useNovember 12, 2010
  The framework is taking quite a while to load on my machine these days, so i decided to stop loading all modules by default, and load only those…More
• IP List to KML generator (Create a google map from a list of IPs)November 11, 2010
  Pretty simple, it takes a file with a list of ips, one/line and generates a kml file. Very handy if you’re working on a large pentest and want…More
• Metasploit HowTo: Standalone Java Meterpreter Connect-BackOctober 17, 2010
  Here are some quick notes on how to create a connect-back Java Meterpreter .jar file. The process is very straightforward, simply generate the .jar, setup a handler. Then…More
• searching ruby source codeJuly 19, 2010
  contributing to open source? need to search & understand ruby code faster? This bash function should save you some time. I use it atleast 50-60 times a day.…More
• ruby hash per-value defaultsJuly 19, 2010
  Here’s a quick tip for assigning default values with a ruby hash. It’s well publicized that you can set an overall default (i think this is called “default…More
• 10 min project hosting & sharingJuly 13, 2010
  Need a simple way to backup (and share) local files & scripts? Yeah yeah, another svn/websvn howto – but my brain sucks, and i forget this stuff if…More
• scrape scrape scrapeJuly 12, 2010
  totally half-finished thought. maybe it’ll spawn an idea for you… there’s a zillion+1 ways to scrape information from the web these days. here’s the easiest i’ve found:More
• Apt-proxy installation notesJuly 5, 2010
  No big secret that i’m a huge fan of ubuntu as a pentesting platform, and run it as my main OS. Recently I’ve had enough systems to justify…More
• Scripting Post-ExploitationJuly 2, 2010
  A common question that comes up with post-exploitation is the need to run multiple things when a meterpreter session is initiated. You can easily run a single command…More
• Thoughts on Recommendations (Prevention vs Detection & Reaction)January 11, 2010
  I started thinking about some of the findings we make and the recommendations around them – and how unrealistic we’re being as penetration testers. Take ‘Information Leakage’ for…More
• Phishing Attacks – Are your technical controls helping?December 16, 2009
  Phishing is one of those things people either love or hate (A lot of it depends on which side of the fence you’re on). That said, the subject…More
• what should be considered a vulnerability?December 15, 2009
  …And now, a rant. What should be considered (and reported) as a vulnerability when auditing a network? Is weak network architecture? What if i can hit a critical…More
• pentesting with an ubuntu boxNovember 20, 2009
  here’s  a recent drop of a script i use to configure my ubuntu box for pentesting. yes, i could use backtrack (and i do — especially if i’m…More
• WiFiFoFum for locating rogue access points!November 20, 2009
  what’s that you say? The PCI DSS (wireless supplement) now requires that you have to do quarterly wireless scanning at your facility? oh? you have no budget? no…More
• local network enumerationNovember 18, 2009
  UPDATED: 11/19/2009 little script i threw together for local network enumeration – uses arp-scan, propecia, and nmap. was going to use it to dynamically generate my subnet (hence…More
• owning a windows networkNovember 6, 2009
  so… you say you were able to grab LM / NTLM hashes from a windows box??? cool. now use them in the scanner/smb/login to check & see which…More
• checking valid windows logins with metasploitNovember 6, 2009
  so you have some windows creds, and you want to check if they’re valid or not. turns out there’s a bunch of ways to do this: 1) auxiliary/scanner/smb/login2)…More
• exploiting suid binariesOctober 14, 2009
  just had a quick refresher on exploiting suid bits (and why they’re so darn evil): jcran@aldatmak:/usr/bin$ ls -la id-rwxr-xr-x 1 root root 35232 2008-06-26 20:31 id jcran@aldatmak:/usr/bin$ iduid=1000(jcran)…More
• exception has been thrown by the target of an invocation (bing + mono = fail)October 4, 2009
• security product recommendations in a pentest?September 29, 2009
  is there room for it? after reading this post on the metasploit blog, i started thinking about how well I currently evaluate product implementations within a typical penetration…More
• security tools with personalitySeptember 16, 2009
  i love tools with personality: Caught exit of DirBuster Writing report Report saved to 192.168.254.8.dirbuster.html Enjoy the rest of your day The compilation process of nmap comes to…More
• Automate basic web server checksSeptember 16, 2009
  #!/bin/bash#webservercheck.shfor i in `cat $1`  ## for all lines in the file provided to the scriptdo    echo “Nikto’ing $i”    ##NOTE: Nikto needs to have been untarred here.    /home/jcran/toolkit/nix/attack-net-webserver/nikto/nikto.pl…More
• Google is the new AV.September 13, 2009
  Doing a little research on an exploit, i came across SecurityDot.Net. Google provided the link. However, when i clicked on it, i got this: Of the 174 pages…More
• Call an arbitrary library with JavaScript? I think i will.September 13, 2009
  This is a handy way to execute code within the browser. Kudos to Jesse Ruderman and Dan Kaminsky for the bug discovery and POC. Essentially, in Firefox up…More
• Scott Hanselman’s 2009 Utils ListSeptember 8, 2009
  I followed Scott Hanselman around for a year when I was touring with the Dead^W^W^W^W a build / team system admin. He always puts out a good utils…More
• this is the only reason why facebook is so valuable…September 3, 2009
• (Error code: sec_error_untrusted_issuer )September 2, 2009
  ever get this error in firefox? if i accept a ssl certificate with an attack proxy (such as burp suite) in the middle, then later go back to…More
• Security Reputation MonitoringAugust 4, 2009
  Recently I had a financial-sector client contact me regarding tools and techniques for security and reputation monitoring. The client had recently had their web site scraped and placed…More
• SCHED: Black Hat USA 2009 Briefings & Training: jcran’s scheduleJuly 27, 2009
  SCHED: Black Hat USA 2009 Briefings & Training: jcran’s scheduleMore
• gift cardsJuly 26, 2009
  IMG_0231, originally uploaded by jonathancran. notice anything conspicuous about those serial #’s?More
• didn’t get your facebook vanity url?July 18, 2009
  that’s okay, a vanity phone number will do. google voice now allows you to search for numbers when you sign up. it’s the little things. and you can…More
• simply awfulJuly 10, 2009
  i currently have the worst bio i’ve ever seen. must fix that. fyi, wordpress has issues: http://seclists.org/fulldisclosure/2009/Jul/0057.html (thank you, core) A vulnerability was found in the way that…More
• custom.dic could really end up being one.April 24, 2009
  Typing up a report tonight and i realized I had been adding a number of exceptions to my custom Microsoft Word dictionary (‘Add to Dictionary’) . Thinking about this as…More
• Google Voice (was Grand Central) is a pentester’s best friendApril 20, 2009
  Google Voice turns out to be really handy for phishing attacks. When you send out a phishing email, it’s useful to include a phone number, in case of…More
• Scoping a Penetration TestFebruary 19, 2009
  Scoping a penetration test is difficult. This is why Statements of Work and Requests for Proposals are necessary evils. It’s not an exact science. There’s a lot of…More
• Raising the BarFebruary 19, 2009
  I often hear technologies or controls disregarded on the basis of  “It can’t protect against X scenario.” or “It doesn’t completely protect me.” For example, take a web…More
• Back|Track 4 First ImpressionsFebruary 17, 2009
  It’s damned liberating to take this distro and be able to update it. This, along with specialized security-tool repositories, is the killer feature of the new Back|Track 4…More
• Just about right…February 16, 2009
• ShmooCon 2009 Wordle VisualizationFebruary 6, 2009
  Visualization of the 2009 Shmoocon talks created byWordle.net.More
• ShmooCon 2009 picksFebruary 6, 2009
  Just arrived in DC for ShmooCon 2009. Here’s the move: Day 1: Automated Mapping of Large Binary Objects Watching the Watcher: The Prevalence of Third-party Web Tracking Day…More
• john, meet amazon. amazon, john.January 31, 2009
  These are a rough set of notes I put together when figuring out Amazon’s EC2. I’ve been using the boxes quite extensively to crack passwords. This has turned…More
• Top Web Hacking Techniques of 2008January 27, 2009
  Jeremiah Grossman & co’s “Top Web Hacking Techniques of 2008” have been released. Go check’m out, update your own techniques, and add anything they might have missed (I…More
• OWASP v3.0January 15, 2009
  Just in case you missed this one, the OWASP v3.0 Testing Guide has been released. If you are involved in application security at all, building or breaking, you…More
• How to suck at infosecJanuary 9, 2009
  passed along by jabra: http://isc.sans.org/diary.html?storyid=5644&rssMore
• HP Mini 1000 Series – HP 1030nrNovember 29, 2008
  just picked up a HP 1030NR on a lark at best buy. super tiny, but powerful enough to run most of what i need. the thing makes my…More
• New DOS attack technique: sockstressOctober 1, 2008
  The guys from outpost24 are releasing a new tool (sockstress) that exploits problems with TCP state tables. Apparently, you can disable most any windows/linux/firewall box with minimal attack…More
• Framing via Facebook ==> FaceFraming?September 30, 2008
  So, i was posting on the wall of a friend in facebook today, alluding to how we should steal my car back from the fascist towing company who…More
• The future will be 0day.September 26, 2008
  Browsing through my collection of papers & presentations and ran across these: The IPO of 0day by Justine Aitel and 0day – How hacking really works by Dave…More
• McCain vs Obama on the InternetSeptember 24, 2008
  Interesting & enlightening article on Slate. Details the difference between the Obama & McCain camp on Internet policy. Essentially, boils down to: McCain: Internet is a Product, and…More
• Firefox Extensions DumpSeptember 23, 2008
  This is a dump of my current set of Firefox extensions. Some of these are absolutely critical for pentesting: HackBar, TamperData, FireBug and ModifyHeaders. Some are not so…More
• The OneSeptember 13, 2008
  If you want a glimpse into the future of the web, you NEED to watch this video. Kevin Kelly of WIRED raps on on the semantic web, the…More
• Google Calendar Search for Fun & ProfitSeptember 2, 2008
  In the same vein as the earlier post on searching for vulnerabilities with Google Code Search, I realized tonight that you can search for private calendars on Google…More
• webFileScanner.pl – simple file & directory brute-force utilitySeptember 1, 2008
  Here’s a simple utility i coded up using perl + lwp to blindly request files from a webserver + print the status code that’s returned. Functionally, it’s similar…More
• HTTP Response Splitting ExplainedSeptember 1, 2008
  j0e of LearnSecurityOnline.com recently mentioned that he was actively looking for examples of ‘HTTP Response Splitting.’ I was aware of the vulnerability, but always considered it somewhat theoretical,…More
• Google Code Search for Fun & ProfitSeptember 1, 2008
  While toying around with Google code search to look for HTTP Response Splitting vulnerabilities, i discovered that code search is a treasure trove of vulnerabilities. For instance, simply…More
• Mager Twitter TourAugust 16, 2008
  A friend of mine, Andrew Mager, recently got the chance to go through the new Twitter offices in San Francisco. He took the opportunity to snag a few…More
• Defcon MBTA Madness!August 12, 2008
  Wow, the MBTA is in deep shit. If you haven’t heard about this, 3 kids from MIT did some analysis on the MBTA fare system and found out…More
• Pentesting TimelinesJuly 7, 2008
  I’ve often run into the case of the network that simply can’t be satisfactorily tested in the time allotted to it. There are a couple reasons for this:…More
• Pentesting SkillsetJuly 5, 2008
  I’ve been fumbling together a list of skills necessary to succeed as a pentester. This was prompted by mapping out my own short-term education and by gathering a…More
• Sublime says…July 5, 2008
  what happened? You may notice the new blog (or not). I’ve recently switched everything over to hosted wordpress. Why? because i’m lazy. Looks like this will make it…More
• DisclosureJuly 5, 2008
  About Me: A pentester for a growing vulnerability assessment (product) firm.  My background is in computer science and i have no strict formal education in security. I’ve only…More
• Hello world!July 5, 2008
  Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!More