Tool Drop! Time Keep by Ben from 7 February 2019


I find it hard to keep track of the amount of things I am doing all day long. Especially when I am at work clacking away at my keyboard with a vigor that only adult ADHD can possible muster.
I have to multitask a lot for work. I have to overlap meetings and tasks regularly. I have to switch gears and work on something new at a movements notice. I have to be track issues and outages all day some times. This makes it hard to properly keep track of time for the individual tasks I am doing. It makes planning resources for projects almost impossible as all my time is multi-use time.
So I bring to you my solution to this daily headache, Time Keep!


Updates

1.0.0.1 - Initial Release

To download Time Keep click here.


Tools Update! by Ben from 30 January 2019


Hey Team,
As I previously said. I moved back to Visual Studios. I have rebuilt all the apps using visual studios and as such have put out updates for all of. Now instead of being stand alone applications they are one click install applications which need to be install. This isn't bad though as it allows me to make fun start menu entries.


HiHoHiHo Its back to Visual Studios we go. by Ben from 13 January 2019


So... I have been trying SharpDevelop for some time to make my programs and such with. Why? Because I was trying to reduce my reliance on Microsoft when it come to development. Mainly I was concerned that if I ever become serious as a developer I think that Visual Studios is kinda expensive. I know that I can use the community version for free. But $1200 should I go pro is pretty steep IMHO. SharpDevelop, for what it is, is super great. It handles my crappy level of newbie programing just fine. It has almost all the features that I want. So what is the problem with SharpDevelop? Nothing, except that it hasn't been updated since 2016. I think it may be dead. I can't be releasing up to date software with an IDE that itself isn't up to date.

So Because of this, I am going back to Visual Studios. I mean, there really is now other options out there. Plus, I also would also like to dabble in game dev some. I would like to put out an Android game or two. For this I have downloaded Unity and will be trying my hand at some Android game dev.

Also, I am going to take this as an opportunity re-write all my applications and possibly rework their UI layout. I also want to fix a number of issues that I have found over time. Plus I think this would also be a good time to learn how to spool threads properly.


I had no idea. by Ben from 7 January 2019


I really had no idea that this was even a thing. Good read, quick primer on a subject that I think can probably go very deep.

Open redirects - the vulnerability class no one but attackers cares about from r/netsec


Yo Team! It's been a while. by Ben from 6 January 2019


Hey Guys, It's been a while since I have made any posts or updates to this site. Well, That's changing today. Instead of using social media for posting and sharing content with people I am instead going to move all my sharing and posting to this site or my other blogs depending on the interest. Check back regularly for more posts.


Why are you like this? by Ben from 30 Nov 2018

Internet... I have one question for you. Why are you still like this?

What could we as a society have to gain from this? Why are we still doing shit like this to ourselves? It makes me wonder. Why have you not moved on? Are you literally still running a pentium? Is this just like throw away virtual machines or are these legitimate boxes still running Windows XP? Is this just some wayward internet soul being puppetted around by some bot? Why are you still like this internet?

Tool Drop! TraceMON. by Ben from 14 Feb 2018

Hey Team! It's time for more free stuff! I have built a new tool called TraceMON. TraceMON is a route monitoring tool. Why would I need this you might ask? Because it can help you get to the bottom of many internet related issues, and I think it looks cool while its running. Many times one website will take a long time to load but others will load almost instantly. Why is this? Because the internet is global and the route your computer takes to reach one website might be totally different than the route it takes to reach another. This is where TraceMON comes in. Not only does TraceMON discover you route to a website, but TraceMON then monitors every single hop on the way continually so you can know exactly where the slowdown is. Wanna learn more?


To download the tool and get the full deatils click here.

It has been way to long! by Ben from 11 Feb 2018

It has been way way to long since I have made a post on this blog. Life sorta gets in the way sometimes and projects can slip to the side and become forgotten if we don't prioritize them. Well, I want to start prioritizing producing content for this blog again.

First things first, I switched from Visual Studios Community to SharpDevelop. I didn’t know if Microsoft would come after me or not for using their IDE to develop tools and code that I was giving away to people and businesses. Frankly, I am to lazy to look up, read, and understand their licensing around the community edition. So I switched to an open source alternative. SharpDevelop so far has been very easy to get the hang of and in many way is exactly the same as Visual Studios Community. I think the thing I like about it the most is how lightweight it is. However, one drawback I have found is that you have to build an installation package yourself, or you can have your apps function as standalone EXEs. Which is what I have opted to do for now. I think this will actually allow for more portability of the apps so I’m not sure if I really consider it a loss. Secondly, I have fully redone the Ping Scanner and the Port Knocker using SharpDevelop. I have also added a couple new features to each application. Check the update notes for each, as well as the updated source code!

Come on guys, this is getting old. by Ben from 31 Jan 2017

Just letting everyone know that I dont use myphpadmin.... Y'all can stop scanning for it.

I know this is just bots, but this is basically half of my damn webserver logs.

Tool Drop! Port Knocker. by Ben from 6 Jan 2017

It's been a while since I have been able to post anything. But I wanted to bring the new year in with a bit of style. So I give to you... free of charge... The Port Knocker.


To download the tool and get the full article click here.

Updating Tools and Programs! by Ben from 2 Jan 2017

So, anyone that develop programs that are distributed to other people runs into the problem of updates. How do you update a program on a computer controlled by someone? Or how do you let them know they need to update it? Well, I have updated the Ping Scanner to do just that! I will release an article in the future detailing how the code works. If you really cant take the suspense you can check out the source code of the Ping Scanner yourself.

How I hopefully secured a webcam to spy on my turtles. by Ben from 26 Oct 2016

I have 5 Red Eared Slider turtles or “RES” that I keep as pets. I like them a lot, and I have spent a good amount of time and money caring for them. They actually require quite a bit of things to care for them properly. After having spent all this energy and effort caring for them it kinda sucks to not be able to see them all the time. So I setup a webcam. However, I am security minded so I wanted to setup a cam in a secure way. I don't want to contribute to the current global crisis of webcam botnets destroying the internet. And I also would like to obscure my home IP as well so that hordes of the internet are one step removed from me.

Let’s first walk through the gear I used first. Then we can dive into how all the various things are configured. And lastly we can discuss some of the steps I have taken to secure this entire setup. The gear list is as follows.


To get the full story click here.

Tool Drop! Ping Scanner. by Ben from 9 Oct 2016

Keeping with the DIY nature of this entire endeavor I have made a tool called "Ping Scanner". Why call it exactly what it does? Because it have no imagination. What does it do? It simply sends pings out to a range of IP addresses you set and outputs their responses to a file. When attacking a company's public facing servers or after you're on a company's network, you need to have a way to determine what other machines are also online. That's what this tool will do.

To download the tool and get the full article click here.

Mystery flashdrives... An investigation. by Ben from 09 Sept 2016

This morning I was handed a stack of random thumbdrives and told “Five hundred of these showed up in the bosses office and we need to know if they are safe to use.”. This is a new occurrence for me but I welcome the challenge. We’ve all heard about malicious USB sticks spreading viruses, so to me the threat is credible.

First thing I did was open one of these things up and take pictures of the USB chip. It has “TW218B1552AACB020” on the back of the chip itself. A bit of googling did not turn up any information about the chip itself based on this only real identifiable marker.
To get the full story click here.

Let's Code! An HTTP/HTTPs Bruteforcer. by Ben from 28 Aug 2016

Welcome back for another round of Let's Code! Last week we built an SSH Bruteforcer, so sticking with the bruteforcing theme we are going to make an HTTP/HTTPs bruteforcer. And since I am lazy, we are going to be reusing almost of all the code from last week. We are just going to modify it to work with HTTP/HTTPs login prompts. Here is the code that we will be reusing.


function HTTP-Bruteforcer {
	Param
		(
		 [string] $PathtoUsernames,
		 [string] $PathtoPasswords,
		 [string] $PathtoOutput
		)
	
	$usernames = Get-Content $PathtoUsernames
	$passwords = Get-Content $PathtoPasswords	
		
	Foreach ($urlofserver in $servers)
		{		
		Foreach($username in $usernames)
			{
			Foreach ($password in $passwords)
				{
				#This is where the login code goes
				}
			}	
		}
}


As you can see we are going to be making the HTTP Bruteforcer into a function. Unlike the SSH bruteforcer which we could use wholesale without modification as all SSH servers basically function exactly the same way, unfortunately every website uses a different method or fields to login. It could be a POST or GET request, and the email or id form field could function as the username. Because of this variability in HTTP logins I think we should actually make multiple HTTP bruteforcing functions. For the sake of this article we will first make a bruceforcer for facebook, then we will make a bruceforcer for twitter.The code below will login to Facebook but I will be using it to also test the login system of every site we want to bruteforce. I have saved it as Http-Bruteforcer-Tester.ps1
To get the full story click here.

Let's Code! An Ssh Bruteforcer. by Ben from 21 Aug 2016

Since this is the first Let's Code! I am going to describe my setup and why I am doing things the way I am going to do them. I am going to do most of my early coding on this site in either powershell or C#. I use PowerGUI for coding powershell in. It has excellent syntax highlighting; and I find the variables window to be indispensable when trying to figure out what my code is doing. And for C# I use Visual Studio 2015 Community, as it is industry standard, but mainly becuase I absolutely LOVE LOVE it's indentation fixing.

I am going to be using the default powershell that comes with a fully updated Windows 10 install. I have not specifically updated powershell. But why would I not download the most up to date powershell to write my code in? I want my code to be as compatible as possible. Powershell regularly releases entire functions in new versions which will not be compatible with older versions. I know that Windows 7 uses powershell 2.0 by default and that my powershell version is 5.0(Windows 10). At work, I limit my code to 2.0 compatible only functions and code as Windows 7 is heavily deployed. At home, I am fine with running 5.0 as I only have the one Windows machine and its 10. But why am I fine with this for code intended to be used in unknown environments? Well, as we all know Microsoft has sorta been dicks about shoving Windows 10 down everyone's throats! They brag about having 300 million plus installs already. So, I would say that's a decent target base and so again to maximize compatibility I limit myself to the default version.

Ok, So with that out of the way I'll get to the meat of today's Let's Code!
To get the full story click here.

What's to come. by Ben from 20 Aug 2016

Ok.. Ok.. I have finally talked myself into starting this project. I am going to be starting 3 different series of articles. Let's Code!, Bypass.., and In The News. Let's Code! is going to be a series of articles in which I write, search for, and examine code. Bypass.. is going to be a series of articles in which I discuss various different ways to bypass different supposed security in as fun or novel of a way as possible. And lastly In The News; which is going to a be a series of articles in which I simply discuss the latest news related to security.

So why would I want to do this at all? Well, ever since I was a kid I have had a deep passion for tech and electronics. I don't know anything about security currently. I mean, not really. I've maybe done some poking and prodding before, and I have alot of skills I believe may translate. But mostly I just want to learn. I am starting in the place as that of a complete novice. I don't have a rep, or any certs, or creds, I don't really know anything. This is simply going to be my attempt to learn and document it all.

This is just the beginning. by Ben from 11 Nov 2015

This is the first post of what I hope will be many to come. This site is primarily going to consist of my thoughts and analysis of current and trending security news and topics. However, I am also currently working on unique content that I hope the security community will find valueable. I will be open sourcing tools and scripts that I am also in the process of making as well. Please check back here regularly to keep updated on my latest research.