Log File To Google Map with Python

Opening up a computer to the world exposes it to a plethora of bots scanning for default credentials, unpatched vulnerabilities, among other things. It’s important to take this into consideration when configuring a publicly facing service. Key exchange or a strong password, access control, and keeping on top of updates are a must. When I first got to campus which has a mostly public facing network, I was amazed at the number of bots constantly scanning everything and anything.

Read More

Breaking into Windows with Sticky Keys

The good ol’ sticky keys exploit. As a security centric IT intern, I was elected to break into the old machine an employee had forgotten the password to. The machine ran XP - easy. This exploit works on at least XP and Windows 7. The only thing required is a bootable Linux live USB and a handful of Linux and Windows commands. If all goes smoothly, you can expect to be back in the machine in roughly 5 minutes. #What The sticky keys prompt is titled ‘sethc.exe’. This application is called by name when shift is pressed 5 times. By changing the contents of this executable, we can run whatever code we want at system level. Since this hotkey is listening even before login, it’s very useful for resetting a lost password. By changing the command prompt’s name to sethc.exe, we gain a system level shell which can manage users.

Read More

Save Time On The Command Line With These Two Tools

Command-line interfaces (CLI) give users the ability to quickly execute commands and change virtually anything about a machine. However, sometimes remembering  or researching the write command or syntax can take more time than clicking through a GUI. These two tools will help save you time by simplifying commands and making your everyday work more efficient.

Read More

Introduction to OpenVPN and Other Virtual Private Networks

Virtual Private Networks were first deployed in business settings for remote workers. They have the ability to provide secure access to a local network from a remote computer. Today, VPNs are useful even for common individuals. Masking an IP address, evading geolocation, and using a secure connection are just a few reasons any person may want to use a VPN.

Read More

Gone Phishing with Go Phish

A basic phishing attack is one of the easiest and least technical social engineering attacks to perform. Crafting a fraudulent email and replicating a website is something anyone with basic knowledge of computers can do. The Social Engineering Toolkit (SET) makes this process even easier by guiding the attacker through the process. SET contains many tools for targeted attacks against a singular person or organization. Phishing is just one attack vector in the toolkit.

Read More