Another speaking date announced

I have added another presentation to my schedule of upcoming events. If you will be attending the BSides Seattle Event February 20th, 2016

Coding the Vigenère Square Cipher

Since I was a young boy, one of my favorite things to play around with has always been ciphers. Although they have largely fallen out of use I still enjoy studying different ciphers and trying to break them down into python algorithms. Today  I will share one such project. The Advanced Vigenère Square Cipher.

Speaking date announced

I have recently confirmed my acceptance to speak at the Security BSides: Tampa Bay event later this year. I am excited to be presenting a topic on Bot Net Architectures.

Here Hold This: Loading malware with legitimate Win32 applications

I do not often talk about OS specific topics. Even more rarely is that OS Windows. I am, after all, an OS agnostic with a "slight" lean towards Linux. Sometimes though, there is a method that is just too good to pass up writing about. "Here, Hold This" is the name I gave to a tactic for Windows post-exploitation persistence in which you cause a legitimate program run at boot to call your Malware startup routine. The exact method has been around pretty much since the inception of the Windows NT model. It takes advantage of the Windows DLL location search order to trick the program into loading a malicious DLL it believes to be legitimate.

Station to Station Encryption in Python

Alice and Bob are looking for a more secure way to communicate than HTTPS. Sure, HTTPS is good for securing their messages against basic eavesdroppers. However, they want to secure their communication, even if someone steals their server's private key. Furthermore, Alice and Bob want to make sure that if an encryption key for any communication is broken it does not compromise the rest. The method they settle on is called the "Station To Station Protocol".

DarkDuino Payload 1: Powershell DnE

The first payload I came up with for the DarkDuino was a simple powershell payload to download a given file off the network and then to execute it. I will co over the code in detail below. This is the main loop in a sketch uploaded to an Arduino Micro Microcontroller. At a high level what happens is, when connected to a target system and pinButton is pressed (brought to GND) the DarkDuino fires off a powershell command to download a python file and execute it. It does assume the network allows local area network traffic on port 80 or 443 if you're using HTTPS (and you should be!). It also assumes that the system has the python executable in it's PATH. here is the commented code:

SSHCommander Use Case 0: Example MITM Network Build

SSHCommander is a tool I am working on to help manage large clusters of systems using the SSH protocol. It is currently setup to use Public/Private key encryption to protect against eavesdropping, brute force password cracking, and repetitive stress injuries from typing commands across 50+ nodes.