daddycocoaman

Bypassing Python3.8 Audit Hooks [Part 1] 8 min read - Jul 11, 2019

First of all, if you think you’re being cool and edgy by still using Python2.7, I’m gonna need you to unthink that ASAP. Python2.7 is reaching end-of-life very soon and we should all be moving on up…to the 3 side…and finally get async with that Py. That joke might go over a lot of heads. Anyway, this post is likely to be the first in a multi-part series of talking about a new feature that is coming in Python 3.

BeaconGraph v0.69 Released 5 min read - May 15, 2019

Beacongraph Wireless Graph Python Dash Cytoscape

Why from v0.2 to v0.69? Cause I’m immature AF and it probably made you want to read this blog post. Back in October 2018, I released a tool called BeaconGraph after attending the SANS SEC617: Wireless Penetration Testing and Ethical Hacking course taught by James Vidal. I released a PoC of BeaconGraph after I realized that airgraph-ng could use a more modern look. However, that version of BeaconGraph was not very user-friendly, as it was more of a Proof-of-Concept than a usuable tool.

Bug Bounty Adventures: This Is the Wrong Porn! 10 min read - May 7, 2019

Bug Bounty Android Mobile Pornhub Malware

I haven’t had much luck with bug bounties. At the time of writing, all of my submissions except one have been duplicates, which can be really demotivating. But instead of giving up, I decided to shift my focus over to learning how to analyze mobile applications, particularly Android APKs. Since then, I’ve glanced through a number of APKs while looking for low hanging fruit. With only a minor understanding of the mobile world, I looked through previously disclosed bounties in order to see what kind of things I should be looking for.

BlackPlanet: Why Proper SSL Implementation Matters 8 min read - Mar 6, 2019

BlackPlanet SSL HTTP Android

UPDATE: A few hours after writing this post, BlackPlanet correctly implemented HTTPS redirects on their site! While it likely had nothing to do with this blog, it’s great to see they are taking a more serious approach to security. There’s no doubt that there’s been an increase of demand on companies and websites to ensure that user data is protected from end-to-end. This includes both transmission and storage of data, particularly sensitive information such as passwords.

Pentesting With IronPython 2 min read - Dec 16, 2018

IronPython Python Pentesting Tools .NET

After digging into IronPython more with the intent to create more modules for SILENTTRINITY, I decided I would release some of the other tools I’ve been working on. As Python is more my speed than C# and PowerShell currently are, I decided I would get more practice learning my way around the .NET Framework by converting C#/PowerShell scripts into IronPython to determine the limits of the language, if any.

SILENTTRINITY and the Python of Iron 3 min read - Oct 26, 2018

SILENTTRINITY Python .NET IronPython Tools

A few weeks ago right after DerbyCon (which I wasn’t able to attend), I heard about a new post-exploitation tool called SILENTTRINITY by byt3bl33d3r, a tool developer with a l33t name with some pretty l33t tools (…I’ll stop now) such as CrackMapExec and DeathStar. This project is unique in that it utilizes Python, IronPython, and C#/.NET in order to perform post-exploitation activities similar to other frameworks such as Empire.

Beacongraph v0.2 Released 5 min read - Oct 22, 2018

Beacongraph Wireless Graphs

Last week, I released a tool called BeaconGraph aimed at supporting wireless auditing. As of this post, v0.2 has been released with some pretty big improvements over the initial release and can be found by clicking the logo below. BeaconGraph is an interactive tool that visualizes client and Access Point relationships. Inspired by airgraph-ng and Bloodhound, BeaconGraph aims to support wireless security auditing. It is written in Python with some GUI support by pywebview and a Neo4j database backend.

Black Men in Infosec 4 min read - Dec 5, 2017

Black Men Minorities Infosec

The title is a bit vague, I know. I grew up in Brooklyn, NY and I’m about to turn 28 years old, and I can say for sure that 10 years ago, I did not see myself achieving as much as I have so far. Recently, Google granted a non-profit organization $1M to expose young black men to technical careers. This, of course, drew the “All Kids Matter” crowd to many conversations on social media.

First Time Red Team Experience 9 min read - Nov 17, 2017

Red team

I was invited to be a part of a red team as part of a practice for a cyber defense event. I didn’t really know what to expect but I couldn’t miss the opportunity to learn, so I accepted. We had two days to learn our infrastructure and two days to actively engagement. In a team of four, this was the first time red teaming for two of us. A lot of learning occurred between the four of us and ultimately for the blue team.