For those of you that have been the targets of SPAM or phishing or perhaps for those of you that are cyber defenders, how many times have you heard "I have no idea how the attacker got my personal email address." I have a secret to share with you. [Come a little closer to the... Continue Reading →
WhatsMyName Project
What Is It? I've created the WhatsMyName project on Github (https://github.com/WebBreacher/WhatsMyName) to help with #OSINT searches by using target user names. Here's how it works: We understand that people use the same username across multiple web sites. For example, I am "WebBreacher" on both the Github and BitBucket web sites. Some web sites make it... Continue Reading →
Trump Twitter Bot
What I just made a thing on Twitter. It is a "bot". This python computer program runs on my computer and retweets Donald Trump's (https://twitter.com/realDonaldTrump) Twitter account only if the original tweet came from an Android device. Here's what it looks like for both a tweet from Trump and one that is probably not: Why... Continue Reading →
Changing your location manually in Chrome and Firefox
Our modern web browsers such as Google Chrome and Mozilla Firefox (as well as Internet Explorer, Opera and Safari) have the abilities to use our current location using a variety of techniques. Most of the time, the browser will prompt the user and ask for permission to use the current location on some web site. That... Continue Reading →
Watching You Drink Beer
Announcement of a tool I wrote for OSINT beer drinking purposes. It grabs public data from the Untappd.com web site and analyzes drinking behavior.
Career Days
I have had (and continue to have) the pleasure of helping my two children learn and grow into the amazing, wonderful young adults that they are today. Every year their schools have "Career Days" where people in the community take some time away from their work and share with students what it is like to... Continue Reading →
Fake Name Generator
When performing testing activities, whether it is web application penetration or usability testing, it is helpful to have example content to submit in web form fields. The same can be said for people trying to create sock-puppet or alias accounts on the Internet. We need to have sample/fake information so that we can set up... Continue Reading →
The Problem after a Raise
I spoke to a junior employee today. He was upset with his latest pay raise. It was smaller than he wanted and, as a result, he stopped putting in extra effort at work. No more going above and beyond, staying late, or trying hard. So I said to him, "Were you upset like this before... Continue Reading →
Offensive Interviews
Just a quick blurb that I've started a Github project called Offensive Interviews. The goal of this project is to open source many interview questions that can be used to screen offensive infosec practitioners (i.e., pentesters/red teamers). It is a collection of questions and scenarios that you can use to help screen candidates. Of course,... Continue Reading →
Complex Knowledge-based Password Reset Strings
With all of the data breaches recently, I urge everyone I know to use a password manager application like KeePass (http://keepass.info/) or LastPass (Yes I know they too got hacked) to store complex, long passwords. The benefit to using these apps is that you can make your responses to those knowledge-based password reset questions (e.g.,... Continue Reading →