Jordan Wright

Introduction

Tor is an anonymity tool used by those who want to stay private and uncensored when browsing the Internet. Over time, it’s grown to be pretty darn good at this. This makes the security, stability, and speed of the underlying network critical to those depending on it.

But how does Tor work under the hood? In this series of posts, we’ll take a deep dive into the structure and protocols used by the Tor network in order to see first-hand how Tor operates.

Introduction

It’s been a busy couple of months!

I thought it would be worth providing a long-overdue update into the development status of gophish. Overall, the project is getting closer to beta status every day, and I’m hoping to see a 0.1 release at the end of March.

Without further ado, let’s dive in and see where we’re at.

Introduction

During the process of planning a vacation, I came across a nice hotel I wanted to stay at. When looking at some possible dates, I noticed the nightly rate would fluctuate dramatically. This made me question if I was going to wind up paying way more just because I wanted to stay at the hotel on a certain day.

Then I considered the alternative - maybe I could scrape the prices every day to find the cheapest nightly rate. Sounded like a job for Python, BeautifulSoup, and some whiskey.

Introduction

Back in December, SANS released another installment of their annual holiday challenge. I enjoyed taking on the 2012 challenge, so I was excited to see what SANS had in store this year. This year’s challenge didn’t disappoint with a nice mix of basic network recon, web application hacking, and some forensics. This post will detail how I found each required “secret” to solve the challenge.

I’d like to extend a personal thanks for all the hard work SANS puts in to putting on this challenge every year.

So you accidentally committed a password or API key to Github. Ouch.

“No problem!”, you think, “I’ll just follow Github’s helpful information on how to delete sensitive information and I’ll be fine!”

Just today, I saw a great article detailing one developer’s experience with committing sensitive information to Github. Unfortunately, this article missed the main point. In this post, I’m going to show exactly how hackers instantly harvest information committed to public Github repositories, and why deleting this information doesn’t solve the problem.

Busy year.

It seems as though each year brings more and more events that throw our industry into the forefront of attention - and they’re never good. At the same time, it’s key to remember that these events allow us to learn and evolve as an industry. Let’s take a look at some of the key things we as an infosec industry can learn from 2014:

Introduction

The Tor Project has announced that they have received threats about possible upcoming attempts to disable the Tor network through the seizure of Directory Authority (DA) servers. While we don’t know the legitimacy behind these threats, it’s worth looking at the role DA’s play in the Tor network, showing what effects their seizure could have on the Tor network.*

Friendly Reminder: Browser makers may track every key you type in the URL bar

Introduction

Technologies like Google Chrome’s Omnibox makes searching easier. However, these quick search suggestions come at a price. This post is a friendly reminder that you may want to consider turning off predictive search to protect your privacy.

Introduction

I’ve always been a proponent and contributor of open-source projects and information. I strongly believe that information and knowledge should be shared as much and as freely as possible - progress happens this way.

As such, I’ve decided to “open-source”, if you will, the academic essays I wrote regarding information security and software development my last couple of semesters at Texas Tech. It’s my hope that people find these useful, either by provoking thought and discussion or simply by serving as material to help people fall asleep a little easier.

Please bear in mind some of these papers were written the night before in a short time-span.

Introduction

Tor is often used to protect the anonymity of someone who is trying to connect to a service. However, it is also possible to use Tor to protect the anonymity of a service provider via hidden services. These services, operating under the .onion TLD, allow publishers to anonymously create and host content viewable only by other Tor users.

The Tor project has instructions on how to create hidden services, but this can be a manual and arduous process if you want to setup multiple services. This post will show how we can use the fantastic stem Python library to automatically create and host a Tor hidden service.