Decrypting TLS traffic

In Firefox

A Docker image that runs Chromium headless with SSLKEYLOGFILE set, opens an HTTPS page and dumps the decrypted TLS traffic to the terminal. Also runs in Play with Docker. Pull and run docker run --net host deanturpin/ssldump Dockerfile FROMkalilinux/kali-linux-dockerRUN apt updateRUN apt install -y chromiumRUN apt install -y ssldumpRUN apt install -y psmiscCMD \ # Kill the ssldump in the future or the container won't terminate ((sleep 10s && killall ssldump && cat ~/dump. [Read More]

Linux security


Creating a Linux password hash like you find in /etc/shadow.

mkpasswd --method=sha-512 --salt=Kf0TqvhN

Cracking a KeePass2 master password with John the Ripper.

john <(keepass2john easy.kdbx)

Cyber-security resources

Search tools Use different search engines Banner grab httrack inspy metagoofil intitle:“index of” DNS poison/spoof Infosec websites - website hacking training - the IoT search engine - what’s that site running? Considerations Language vulnerabilities Common cyber attacks Tor Crypto attacks - frequency analysis Data encryption standard AES advanced encryption standard Substitution permutation network Kali Linux Vulnerability research with reverse engineering, penetration testing and ethical hacking Low level Linux programming and/or comprehensive knowledge in operating system security and associated network/platform design, hardening and deployment. [Read More]

Creating a rogue Wi-Fi access point

Using a Kali Linux bootable USB drive

Disclaimer: I think it goes without saying that you should only be doing this sort of caper on networks you own. But if nothing else it should disuade you from using public Wi-Fi networks. Download the latest Kali Linux ISO and create a bootable USB drive. Restart your computer and boot into Kali via the BIOS. You need two network connections so tether your phone with a cable leaving the built-in Wi-Fi for your rogue access point. [Read More]

Security through absurdity

It was recently suggested that I consider using “unusual [TCP] ports” at work as a security measure. After I got my breath back I found these quotes. Security experts have rejected this view as far back as 1851. Rogues are very keen in their profession, and know already much more than we can teach them. System security should not depend on the secrecy of the implementation or its components. [Read More]

Imagine you're a browser...

Technologies and protocols

An example of technologies encountered when a browser requests a page from a server. In this case the browser is running on a laptop connected by Wi-Fi. Forming a request User types a URL into the browser: Host performs DNS resolution to convert the URL into an IP address (the web server) The DNS server (and host IP) could be set manually but it will probably be part of a DHCP offer The application (browser) attempts a TCP connection with the server IP If no protocol is specified (http, https, ftp) the browser will default to 80 The browser must now work out how to reach the server The netmask is ANDed with the host IP address, if they’re on the same network then the request can be emitted immediately Otherwise, the host must send the packet via the default gateway (also configured by DHCP) The information makes its way down the TCP stack Layer two adds the MAC header Frame is transmitted between devices Frame is encrypted as it is transmitted through the air At the gateway the request makes its way back up to the TCP layer where it can be forwarded to the next gateway The browser will probably be running from a private network so the router must translate the local to the WAN network (NAT) Reaching the server Upon reaching the destination the server will probably send a redirect to the HTTPS version of the website (. [Read More]