After a few days trying to get this working I finally got it. I created a wendigo module that can import python packages. The original scripts remote import functionality could pull single files from GitHub and import them, but with the design intention that they had been designed to be modular code pieces, and not … Continue reading GitHub package imports →

Today I finished Advanced Penetration Testing by Wil Allsopp. I don't know what quantifies the term "advanced" when it comes to security, but I do see difficulty ratings on a lot security things, I think I'll just leave it. The heart of the book was about emulating an advanced persistent threat, or APT, which is … Continue reading Advanced Penetration Testing →

#throwback to a couple of semesters ago. I have an assignment that was pretty much free reign, it just had to be remotely security related, and I decided to write a perl script that solves mono-alphabetic substitution ciphers in most European languages (it's on my GitHub). You know, the ones where each letter is replaced … Continue reading Cipher Decoder →

Now that things are looking pretty close if not finished (the framework that is), I've been working on scripts to generate obfuscated versions of wendigo, as well as some other helper scripts to make things easy to use. Pending a last testing round with everything in place everything should be working. The main generation script … Continue reading Generation Scripts →

I recently finished the third iteration of The Hacker Playbook by Peter Kim. Having read the second edition a little while ago I was slightly disappointed. I found it to be a little rushed and sloppy compared to the previous edition. It stayed true to the name of a tips and tools book (without too … Continue reading The Hacker Playbook →

Tested the upload encryption and the the module/config file decryption and everything is working correctly. This testing lead me to create some scripts to generate key pairs and encrypt/ upload module files. I'm currently in the process of updating those scripts to be more general purpose and have option parsing capability with the argparse library. … Continue reading Wendigo Update →

I had always been interested in security, even before I got into programming. I was that kid in high school that would hack your wifi instead of asking for the password (ah, the days of WEP). So, after a break from uni I decided that when I went back I was going to change majors … Continue reading Where it all began →

Wendigo is now in a pretty good place and everything I've tested is in good working order. (Yet to test any encryption or generally pushing to GitHub, but that's easy enough.) Although my perfectionism is being triggered because there's always something I could tune (even if there's not), I've decided to move onto writing a … Continue reading Obfuscation →

My current project is wendigo, a malware framework written in python, which uses GitHub for C2. The inspiration was taken from Black Hat Python by Justin Seitz, which featured an example skeleton and the main concepts that are used. I've taken some of the design and the basic ideas, but have rewritten almost all of … Continue reading The Wendigo Framework →

This week, after a long and arduous battle, I finally finished the Web Application Hackers Handbook. And let me tell you, it wasn't giving up without a fight. This was definitely one of the longest and driest books I have ever laid my eyes on. 800 pages of pure textbook. It was glorious. Now, that … Continue reading The Webapp Hackers Handbook →