book and code

Tag Archives

3 Articles

DEF CON 29 Takeaways (and missing out on a CVE)

by Jamey 0 Comments
DEF CON 29 Takeaways (and missing out on a CVE)

I started attending DEF CON in Las Vegas a few years ago in 2018, so I guess I could be considered a newb in the eyes of The Con, but because I work in the field of cybersecurity, my work would reimburse all expenses, so it was a sweet deal. I instantly fell in love with everything there, and I met some new friends, who I would later discover to be brothers. I was inducted into The Illuminati Party at DEF CON 26, and upon entering the IP Suite the next year at DEF CON 27, when I was met by the big booming voice of, “Welcome Home,” it truly did feel like home.

Last year, because of the pandemic, DEF CON was actually cancelled, and instead we had the first ever DEF CON Safe Mode, which took place entirely online. I missed being around all my hacker friends in person, but it was still a great year. This year, DEF CON 29 was a hybrid of both on-prem and online events, so it was a bit scattered. My workplace is still on a business travel lockdown, and I wasn’t going to make things difficult, so I opted to stay at home and enjoy the virtual side of things, and The Illuminati Party did the same — conducting all of their private talks and events on a private Discord server.

In this post, I will go over some of the high points (and bittersweet points) of DC29.

7 views

Generating Large Password Dictionaries Using Brutalist

by Jamey 0 Comments
Generating Large Password Dictionaries Using Brutalist

Brutalist is a cross-platform Python3+ based command line tool that can be used to generate very large word dictionaries based on minimal input. It can take a single word like “password” and generate up to 13,198,680 combinations using common special character substitutions and suffixes, and up to all possible 3-digit numerical suffixes with all variations of special characters appended. It is a highly-specialized tool, which should be a regular go-to in the tool belt of all red teamers and pentesters.

5 views

Ransomware. Ransomewhere? Inside malicious installers on MacOS, that’s where.

by Jamey 0 Comments
Ransomware. Ransomewhere? Inside malicious installers on MacOS, that’s where.

With the new wave of ransomware attacks we have seen at the beginning of this week, especially targeted toward Spain, we can see that mostly Windows attack vectors are mostly being utilized, in what appears to be a variant of the Bitpaymer family, related to the Dridex group of malware.

But what does the future hold for attacks such as these? When will we see the attack vector change drastically to target something that your company is most-likely unprepared for? We are seeing bad actors targeting low-hanging fruit on Windows, while the world of end-users are going mobile. If iOS development is part of your enterprise, then whether you like it or not, MacOS literally has to be an integral part of your infrastructure…because XCode. Is it possible that this is something that has gone unnoticed in the threat detection landscape, or is the perception of the threat level just perceived to be so low that we haven’t yet come up with a good way to protect against it?

26 views