Creating a Sock Puppet: Developing a Persona

A sock puppet is a fake account which can be used to hide the true identity of the owner for operational security reasons (used by both attackers and security researchers). Developing a convincing persona is key to the success of your sock puppet. Your goal is to create a very…

Creating a Sock Puppet

A sock puppet is a fake account which can be used to hide the true identity of the owner for operational security reasons (used by both attackers and security researchers). They can either be used for passive recon, active engagement, or honeypots. Passive recon sock puppets are often used by…

Traceroute and Ping

Ping and traceroute are common commands used for trouble shooting network problems. Ping is a simple command that can test the reachability of a device on the network. Traceroute is a command used to 'trace' the route that a packet takes when traveling to its destination. It's useful for tracing…

Building a Botnet

A botnet is a collection of internet connected devices (anything from PCs to IoT devices) which are infected by the same malware. A hacker uses the malware the botnet is infected with to control it and launch botnet attacks. The attacks are more effective when launched using hundreds, or thousands,…

Protecting Yourself Against SIM Swapping Attacks

What is a SIM swap? SIM swapping is when a hacker convinces your cell phone carrier to switch your phone number to a different SIM - one that they own. This is a relatively normal thing for a retail employee to do, which means that someone asking for a swap…

Protecting Against DDoS Attacks

Distributed Denial of Service (DDoS) attacks aim to take an organization or service offline and originate from multiple, distributed hosts. The difficult part of defending against DDoS attacks is that the hosts are distributed – if it were a single host or small group, you could easily block the traffic with…

Cross Site Scripting (XSS)

Cross Site Scripting is the second most prevalent issue in the Open Source Foundation for Application Security (OWASP) top 10 – it's found in roughly 2/3 of all applications. While automated tools can find some of these problems, there are also automated tools designed to detect and exploit these vulnerabilities.…

Block and Stream Ciphers

Cryptography is the science of using codes and ciphers to protect messages. And encryption involves encoding messages so that only the intended recipient can understand the meaning of the message. It's often used to protect data in transit. Encryption is a two way function – that is, you need to be…