Posts

Navigating Internet Censorship: An In-Depth Look at Tor, VPNs, and Circumvention Strategies

It’s an unfortunate reality that governments and nation-states around the world employ sophisticated methods to control and restrict their citizens' access to the Internet. I recently received an email from a student asking about using VPNs, Tor, etc., to bypass these restrictions. I replied to their question but thought the topic may interest other people, so I decided to turn it into a blog post as well. This blog post will examine the ongoing battle between censorship authorities and those using tools like Tor and VPNs to bypass these restrictions. We'll look at the various techniques used by nation-states to block or throttle VPN usage, dive into the technical details of how these methods work, and discuss strategies for circumventing censorship. Furthermore, we'll discuss the role of proxies, the effectiveness of the Tor network, and the importance of staying informed in the face of ever-evolving censorship tactics. Understanding VPN Blocking Techniques: To effec

Introducing FaviconLocator: The Eazy Button to Searching by Favicon

Image
  Favicons (short for favorite icons) are the cute little pixelated images that appear next to the site name in web browser tabs, bookmarks, etc. In the image below we can see the iconic GitHub logo on their site and the KFC logo on a bucket of chicken on their site. Originally, favicons were designed to add a touch of professionalism and branding, but for anyone who is like me and has over a dozen tabs open at any time, favicons are the only thing displayed and how I navigate tabs. Most of us rely on favicons on a daily basis but many never think of them as a tool we can use in OSINT and CTI investigations. That’s what we’re doing to talk about here as well as introduce a new tool. In addition to branding and aiding in navigation between tabs, favicons can serve as unique identifiers for websites. These unique identifiers can help us: Trace the online presence of organizations and discover obscure digital assets Map the online infrastructure of potential threats Potentially de-ano

Automating Domain Squatting Detection with DNSTwist and Python

Image
  There’s a good chance that, at some point, you’ve received a spam email with a link that looked close to the name of a popular domain but was just a little off. Payapl.com instead of Paypal.com or similar. Domain squatting is a malicious activity where attackers register domain names similar to legitimate ones. Attackers may use these domains to deceive users into believing they are visiting a legitimate website, which can lead to phishing and other attacks. DNSTwist (available here: https://github.com/elceef/dnstwist ) is a popular tool that helps identify domain names that are similar to a given domain name. It generates a list of potential domain names by applying various fuzzing techniques to the given domain name and then checks if these domains are registered. Check out the list of Bank Of America copycat domains: DNSTwist is an amazing tool that should likely be a part of every organization's Cyber Threat Intelligence monitoring efforts, and I wanted to automate it

Why Rainbow Tables Aren't the Pot of Gold They Once Were

Image
Today I’m presenting a SANS workshop on password cracking for OSINT and digital forensics. The workshop will require no previous knowledge and will progress from explaining how things work to how you can effectively crack passwords for file formats such as Office, Zip, RAR and PDF. There are a few topics that I won’t be covering that I expect to get some questions on. That’s the purpose of this blog post. Those topics are salt and rainbow tables. It’s not that these topics aren’t interesting or worth talking about; they’re just not as relevant to password cracking as many people think they are. Let’s explain! When I mention password cracking, many people instantly respond with “rainbow tables!!”. I try to avoid speaking in absolutes so I won’t say rainbow tables are useless, but I will say they aren’t much of a thing anymore. In the workshop, we cover how to acquire password hashes from files and how to crack them. Let’s place that aside for a second and instead talk about a book.

Expanding the Boundaries of ChatGPT with LangChain - Part Two

Image
  In huge ChatGPT news this week, they rolled out web browsing capability and plugins for ChatGPT Pro subscribers. That will be what I blog about next week, but for now, I wanted to post part two of looking at LangChain. In part one of this series, we explained that LangChain was a framework of connectors that allows us to use our code to tie together data and large language models (LLMs) like ChatGPT. The new ChatGPT browsing capabilities add a lot of functionality, but there is still a need for LangChain to allow us to automate these processes. We’ll look at increased functionality and use cases in future posts, but for now, I wanted to share the code I used in the previous post.   First things first are installing the Python dependencies: pip install openai pip install langchain pip install chromadb pip install tiktoken I installed these successfully on both a Windows system and an M1 Mac OS system. On the Windows system, I needed to download some Microsoft C++ tools for Ch

Expanding the Boundaries of ChatGPT with LangChain - Part One

Image
  You have likely noticed a massive influx of applications that claim to use artificial intelligence. Many of these applications are built using a framework called LangChain. In this post, we’ll provide a basic introduction to this technology and explain why it can be beneficial in your daily taskings. Let’s start off with “normal” ChatGPT usage. Most users go to the ChatGPT website, ask ChatGPT to do something, and read the response. The technology is both awe-inspiring and currently limited. It’s limited by not having internet access, access to recent information, or the ability to incorporate the user’s files or data into its workflow. It’s also limited by the size of how big prompts or answers can be. The “normal” usage of ChatGPT looks like this. You can do some amazing things with this basic model, but think of how many things aren’t incorporated here and the potential that they could unlock if they were. This is where LangChain comes in. LangChain is a framework that allows de

Beyond the Tor Browser: Proxying Applications for Enhanced Privacy and Capabilities

Image
  Recently I had a former student reach out and ask me how they could utilize some of their favorite plugins from Chrome on the dark web. There are multiple ways to achieve this, but we’ll look at one method that is straightforward to implement and can be used with a variety of applications, just not Chrome. The Tor network is a free and open-source software project that enables anonymous communication across the internet. It routes your data through a series of volunteer-operated servers, known as nodes or relays, to obscure your location and browsing habits. This is also used to access the biggest and most widely used dark web. The most straightforward method to start using the dark web is downloading the Tor Browser, a modified version of Mozilla Firefox. This browser is designed to work seamlessly with the Tor network, ensuring that all your browsing activities are routed through the network without any additional configuration. Normal browsers like Chrome, Firefox, and Safar