Zeus My Adventure with a Infamous Bot

NOTE! THIS IS FOR EDUCATIONAL PURPOSES ONLY. CHANCES ARE, IF YOU TRY THIS WITHOUT PERMISSION, YOU WILL GET CAUGHT AND GET THROWN INTO A DARK PLACE WITH NO INTERNET Bots for the masses. Recently at a conference that I attended, I sat in a class that was talking about Botnets and general ‘How Easy They Are’ related things. 90% of the technical discussions did not really come as a surprise to me, however, I came to realize that I am not 100% aware of how ( and I dare say this lightly ) easy they have it. The technical competency of the adversary really doesn’t have to be at a jaw droppingly high level. In fact, if you can operate the keyboard and mouse, heck, even a tablet/phone once its all setup, then you could potentially be a successful botnet operator. ...

September 23, 2013 · 17 min · Leon Jacobs

KVM Redirecting CentOS Kernel and tty output to a virtual serial console

Console all the things! First and foremost, I will start with a warning. Like any other virtualization software, you risk leaving the console open. This is a often overlooked part of securing your infrastructure. An administrator may have been required to do some work on the virtual console, and forget to log out. What if that account that is still logged in, is r00t? Having administrative access to a VM Host gives you access to the consoles, but not necessarily to the guests. Remember to log out! Or, setup shells to auto-logout after a few minutes of inactivity. ...

August 3, 2013 · 3 min · Leon Jacobs

URL Expansion - I'm paranoid like that

So there is a good use URL Shorteners, as they are most commonly known, are pretty useful in places where you are limited to the amount of characters you are allowed to type. Twitter being the prime example. However, it is not only because of services like that that these URL shortening services exist. Sometimes, URL’s are are just plain crazy long, and very error prone when you have to copy and paste/link them someone. I guess we can call this a useful feature? ...

July 31, 2013 · 3 min · Leon Jacobs

'stuff' to Gource.

Stuff to what…? Not too long ago, a colleague introduced me to Gource. In case you have not heard of Gource before, I highly suggest you take a few minutes and check out the project home page here. If you have been developing, or are part of a development project that has been around a while, then Gource should be able to tell you a tale in a strangely mesmerising way about its progression. Go ahead, download and install it. You are going to need it to try the rest of the stuff anyways. Be warned though, watching the output is highly addictive and strangely entertaining, so if you value your productivity, don’t continue reading this post. ...

July 27, 2013 · 7 min · Leon Jacobs

dtob.py: Digest to Basic authentication; A simple example of a authentication 'downgrade' attack

Introduction Lets start by saying that I am by no means an expert at any of what I am about to write. Primarily this post is purely for research purposes. Think of it as one of those something to do scenarios. I’d like to cover some basics around HTTP Authentication, and then show a PoC of how this can be abused in a real world scenario. Hopefully this will help educate people to use more secure authentication mechanisms! :) ...

June 25, 2013 · 11 min · Leon Jacobs

Quick Win: Quickly Execute Last Shell Command

Work clever, not hard This will be the first post of a series of quick shell tips for getting things done, fast. Infact, it will probably just serve as a notepad for me on the topic ;) Last shell command If you are using a shell, such as Bash, which is pretty much the default on most Linux distributions, then you probably know that you can just use the up arrow to get the last command....

June 23, 2013 · 1 min · Leon Jacobs

Jabber to Email using SleekXMPP

So, why would you even want this..? Well, to be honest, I am not really sure of many use cases for this, however maybe someone, somewhere will need to do something like this, and I would have done my deed and saved someone some time :☀: Introducing SleekXMPP SleekXMPP is a python XMPP framework. It takes a bit to get your head around it, but once you have some basics covered its quite a rewarding library to work with. :) To start, you need to install 2 dependencies. Python Mailer and SleekXMPP itself. Something like pip install mailer sleekxmpp or for the older school, easy_install sleekxmpp mailer should do the trick. It can’t hurt to check if the distro you use has these are packages already too. ...

June 7, 2013 · 6 min · Leon Jacobs

How To: Extremely simple python Jabber Broadcast Bot

Bots! Bots! Bots! Generally speaking, a ‘‘bot’’ is something that like does work for you. But, for this purpose, the need for a jabber bot came from the fact that I had to deal with a lot of email on a daily basis. This large amount of mail sometimes would cause me to completely miss critical mail alerts. Realising later that I could have prevented a catastrophe if I didn’t miss that one email was just not on anymore. So, I started investigating ways to get the important stuff delivered faster. As a team at work, we have long gone dropped the whole Skype group chat thing for our own Jabber server. My privacy related concerns back then was recently heightened here when a trap URL received a HEAD request from 65.52.100.214. The user that received the URL in a chat was under strict instructions not to actually click it… ...

May 25, 2013 · 4 min · Leon Jacobs

Hello World! Oh and here's some code!

Introduction Finally! A blog engine I like! :) No exceptionally bloated backend database with plugins that just get hacked. Yup, slim and sleek. And, I get to make posts using Vi :D Want in on this love? Have a look at Octopress . Yes, it was a real ball ache to get setup thanks to the ruby dependencies, but now that were rollin' this should be good :D ...

May 24, 2013 · 3 min · Leon Jacobs