Posts

Introducing FaviconLocator: The Eazy Button to Searching by Favicon

Image
  Favicons (short for favorite icons) are the cute little pixelated images that appear next to the site name in web browser tabs, bookmarks, etc. In the image below we can see the iconic GitHub logo on their site and the KFC logo on a bucket of chicken on their site. Originally, favicons were designed to add a touch of professionalism and branding, but for anyone who is like me and has over a dozen tabs open at any time, favicons are the only thing displayed and how I navigate tabs. Most of us rely on favicons on a daily basis but many never think of them as a tool we can use in OSINT and CTI investigations. That’s what we’re doing to talk about here as well as introduce a new tool. In addition to branding and aiding in navigation between tabs, favicons can serve as unique identifiers for websites. These unique identifiers can help us: Trace the online presence of organizations and discover obscure digital assets Map the online infrastructure of potential threats Potentially de-ano

Automating Domain Squatting Detection with DNSTwist and Python

Image
  There’s a good chance that, at some point, you’ve received a spam email with a link that looked close to the name of a popular domain but was just a little off. Payapl.com instead of Paypal.com or similar. Domain squatting is a malicious activity where attackers register domain names similar to legitimate ones. Attackers may use these domains to deceive users into believing they are visiting a legitimate website, which can lead to phishing and other attacks. DNSTwist (available here: https://github.com/elceef/dnstwist ) is a popular tool that helps identify domain names that are similar to a given domain name. It generates a list of potential domain names by applying various fuzzing techniques to the given domain name and then checks if these domains are registered. Check out the list of Bank Of America copycat domains: DNSTwist is an amazing tool that should likely be a part of every organization's Cyber Threat Intelligence monitoring efforts, and I wanted to automate it

Why Rainbow Tables Aren't the Pot of Gold They Once Were

Image
Today I’m presenting a SANS workshop on password cracking for OSINT and digital forensics. The workshop will require no previous knowledge and will progress from explaining how things work to how you can effectively crack passwords for file formats such as Office, Zip, RAR and PDF. There are a few topics that I won’t be covering that I expect to get some questions on. That’s the purpose of this blog post. Those topics are salt and rainbow tables. It’s not that these topics aren’t interesting or worth talking about; they’re just not as relevant to password cracking as many people think they are. Let’s explain! When I mention password cracking, many people instantly respond with “rainbow tables!!”. I try to avoid speaking in absolutes so I won’t say rainbow tables are useless, but I will say they aren’t much of a thing anymore. In the workshop, we cover how to acquire password hashes from files and how to crack them. Let’s place that aside for a second and instead talk about a book.

Expanding the Boundaries of ChatGPT with LangChain - Part Two

Image
  In huge ChatGPT news this week, they rolled out web browsing capability and plugins for ChatGPT Pro subscribers. That will be what I blog about next week, but for now, I wanted to post part two of looking at LangChain. In part one of this series, we explained that LangChain was a framework of connectors that allows us to use our code to tie together data and large language models (LLMs) like ChatGPT. The new ChatGPT browsing capabilities add a lot of functionality, but there is still a need for LangChain to allow us to automate these processes. We’ll look at increased functionality and use cases in future posts, but for now, I wanted to share the code I used in the previous post.   First things first are installing the Python dependencies: pip install openai pip install langchain pip install chromadb pip install tiktoken I installed these successfully on both a Windows system and an M1 Mac OS system. On the Windows system, I needed to download some Microsoft C++ tools for Ch

Expanding the Boundaries of ChatGPT with LangChain - Part One

Image
  You have likely noticed a massive influx of applications that claim to use artificial intelligence. Many of these applications are built using a framework called LangChain. In this post, we’ll provide a basic introduction to this technology and explain why it can be beneficial in your daily taskings. Let’s start off with “normal” ChatGPT usage. Most users go to the ChatGPT website, ask ChatGPT to do something, and read the response. The technology is both awe-inspiring and currently limited. It’s limited by not having internet access, access to recent information, or the ability to incorporate the user’s files or data into its workflow. It’s also limited by the size of how big prompts or answers can be. The “normal” usage of ChatGPT looks like this. You can do some amazing things with this basic model, but think of how many things aren’t incorporated here and the potential that they could unlock if they were. This is where LangChain comes in. LangChain is a framework that allows de

Beyond the Tor Browser: Proxying Applications for Enhanced Privacy and Capabilities

Image
  Recently I had a former student reach out and ask me how they could utilize some of their favorite plugins from Chrome on the dark web. There are multiple ways to achieve this, but we’ll look at one method that is straightforward to implement and can be used with a variety of applications, just not Chrome. The Tor network is a free and open-source software project that enables anonymous communication across the internet. It routes your data through a series of volunteer-operated servers, known as nodes or relays, to obscure your location and browsing habits. This is also used to access the biggest and most widely used dark web. The most straightforward method to start using the dark web is downloading the Tor Browser, a modified version of Mozilla Firefox. This browser is designed to work seamlessly with the Tor network, ensuring that all your browsing activities are routed through the network without any additional configuration. Normal browsers like Chrome, Firefox, and Safar

Lowering the Cost of Education with SANS: A Guide to Affordable Programs for Prospective Students

  Years ago, I wanted to learn digital forensics and started researching what trainings were available. The consensus seemed to be that SANS training courses were amazing, but not inexpensive. I was going to have to pay out of pocket so I also researched if SANS had any programs to help reduce the cost. Thankfully they did, and still do. Many people aren’t aware of what’s available so I wanted to write a post about some of the programs SANS offers.   SANS Work Study Program The first SANS program that I utilized was the SANS Work Study Program, also known as the SANS Facilitator Program. Work Study allows students to attend a SANS training event at a significantly reduced cost. In exchange for facilitating the event, students can save up to 70% on their course fees. Facilitators must be available for the entire duration of the training event and be able to handle various logistical tasks including showing up a day early to help set the conference up and help take it down when it’