Posts

2020 OSINT Quiz Writeup 3/6 – Source & JSON

Image
I continue with the 2020 OSINT quiz, this time doing questions for the Soruce & JSON category.

2020 OSINT Quiz Writeup 2/6 – Video and Images

Image
I continue with the 2020 OSINT quiz, this time doing questions for the Video and Images category.

2020 OSINT Quiz Writeup 1/6 - Social Media & Forums

Image
A short writeup of the 2020 OSINT Quiz, as I play it.

A brief writeup of @BlownlyFans, the biggest waste of time of my life so far

Image
On Monday the sixth of April I made a brief joke about the website onlyfans. The done-to-death funny and original joke was basically “What if onlyfans lived up to its name and was solely dedicated to fans of the ‘air go speedy’ kind?” I then thought “You know what , I could make a twitter bot for this.” And so began my four day journey into insanity, all in the name of a joke that isn’t actually funny. So, the program begins by importing a whole load of stuff. I don’t know what is necessary and what isn’t anymore, but to be honest I don’t want to. Tweepy is the library I use to make requests to the twitter API, requests is used to get the URL of an image from the quant API time is used to wait for a bit, and PIL and IO are used to save images. The code Down below is doing all the basic stuff. I set the name of the image to egg.jpg for no reason other than I wanted the image to have the same name each time. Sometimes the image won’t convert to a jpeg, but if it doesn’t it’ll

Writing malware in scratch

Image
Is is possible to create malware in scratch? Let’s face it, probably not, but that won’t stop me from trying. There is one programming language that rises above all others. While almost all programming languages require libraries, the ability to type and a basic understanding of syntax, not so for scratch, the free and block based programming language from MIT. It is designed to offer young children a taste of basic programming, but without a lot of the difficulties of a programming language where you have to write things, and with the ability to get a some basic visual output very quickly. This isn’t, however, to say that programs written in scratch are always basic – in fact, quite the opposite. Some people have created incredible things in scratch. If you can create raycasted first-person shooter with online multiplayer then you can create pretty much everything – and that should include malware. After all, scratch does run on JavaScript, and you can compile a scratch progra

Google account cookie theft via blogspot

Image
Intro Hi all, I'm going to run through this as I do it. That's because, even if it doesn't work on , I don't think this is a bad idea per se. It could work on other sites similar to blogspot that allow you to directly edit HTML and add scripts to a site with external cookies on them. If this comes to an abrupt end, then I'll definitely try some of those. I'm also pretty sure this has limited use see. Idea After seeing some examples of XSS being used to steal sessions. Now XSS is usually used to steal the cookies of someone else's site, but I had a thought - what stops you from stealing other website's cookies on your website, from other websites. For example, if you have a google account cookie on your blog, can you steal that? This has probably been thought of before, and it has probably been thought of. However, I feel like knowing something has been done before, or knowing that it isn't possible, can often get in the way of a good learning experie

Ridiculous ways of controlling a computer remotely part 1: Telegram

Image
So, recently I heard about a virus that exfiltrates data via telegram, and it got me thinking. What if you could use telegram for a reverse shell? What other ways are there which you could do for this? And I feel like I've come up with pretty good answers to each of these questions. Telegram Possibly the only kind of useful thing on this list, the fact that telegram is encrypted end-to end, meaning that is is very difficult to glean info on what is being send to received, the fact that it is a relatively innocuous and widely used messaging app, and the fact that it is relatively anonymous. However, there are some things which make the jobs of blue teams everywhere a little bit easier. It's not completely anonymous, as you need a phone number to sign up, and the phone number needs to be verified. This fact alone would make this a rather silly idea for people in countries that care, because once that sim connects your government gets a decent idea of where you are. However,