Multicast DNS (mDNS) and Service Discovery (DNS-SD) are ubiquitous protocols that are enabled by default in many modern tech products, especially those designed for home and small office environments. They are part of Zeroconf, a suite of technologies that helps network devices automatically discover each other. When you go to print a document, and your computer automatically suggests nearby printers, it might be using Zeroconf to do that!

In this blog post, I’ll break down what pen testers should know about mDNS and DNS-SD and how to use these technologies on your own assessments.

In today’s installment of the Dark Web Map series, I am going to take a deeper dive into its contents. Mainstream coverage of the dark web portrays it as a spooky morass of stolen identities and top secret documents. But is that a fair representation? My goal here is to draw objective conclusions and to let the data speak for itself.

If you are a programmer, pen tester, or reverse engineer, you probably find yourself needing to manipulate data between various representations, such as URL encoding, base64 encoding, etc. There are a lot of web sites and utilities to do this sort of thing interactively, but I’ve never been totally satisfied with any of them.

So… I built my own! Today I am releasing Encoding Tools, an open source, browser-based utility for transforming text and binary strings.

If you like How It’s Made, that weird and wonderful documentary series that reveals the manufacturing processes for goods ranging from rubber bands to medieval axes, then you will love this installment in my Dark Web Map series. This post describes how the map was created and explains some of the key design decisions. I am about to get technical and nerdy in here. If that’s not your bag, then look out for the next post in the series where I will explore the content of the map in greater detail.

I am publishing a new project called the the Dark Web Map. It is a visualization of ~6.6k web sites running on Tor’s onion services (née “hidden services”).

This post explains what the Dark Web Map is, what it means, and why I created it. If you already know what the term dark web means, then you may want to skip to the next section.

During some downtime for the holidays, I have been looking into some public bug bounty programs. One of these programs brought me across an interesting SQLi vulnerability: a value is obtained from a cookie and used in a dynamic SQL query without sanitizing. This would be trivial to exploit but for one thing: the contents of the cookie are protected from tampering by a simple “signature”. This post explores whether the signature can be cracked with John The Ripper.

I have been using Full Disk Encryption (FDE) on all my devices for about 5 years now. In the first few years, I had learned that FDE was a robust defense against physical access. Then one day I stumbled across Evil Maid, a threat model where an adversary has physical access for only a brief time. This threat model has deep implications for FDE and physical security in general, but it is relatively obscure: it doesn’t even have a Wikipedia page! In this post, I develop a very simple Evil Maid proof-of-concept (POC) against the default FDE configuration in Lubuntu 16.04.

The most popular posts on my blog have been my harsh reviews of the CISSP and CEH certifications. You might just think that I don’t like certifications in general, and I probably would have agreed with you before I signed up for PWK/OSCP. Today, I’m going to tell you about my experience working through this unusual infosec certification.

I recently ran into a memory issue with Python: a long-running script would use more and more memory until the kernel would eventually kill it. Python doesn’t have “memory leaks” in the same sense that lower level languages do, but it is possible to tie up memory by maintaining a reference to it somewhere that you forgot about. As it turns out, there are some awesome tools for troubleshooting this kind of bug in Python.