Sean Mackert professional headshot

Sean Mackert

- Passionate about security
- Aspiring red teamer
- Seeking mentorship

6-Minute Read

In my experience, .DS_Store is an essential line in your personal scanning lists. These days, exposed .DS_Store files can be rare, but it can be a useful string to use when trying to find hard-to-discover paths as well. Here’s a brief introduction to .DS_Store, and a recount of a time when it really paid off for me.

The .DS_Store file contains folder metadata for Mac users. These files are created automatically inside of archives, local folders, and even remotely mounted folders. More importantly, for us, these files can include file and folder names that we would have otherwise been unable to guess during normal directory bruteforcing techniques.

Luckily for us the format has been reversed engineered and you can use this simple one-liner or this Python-dsstore project to parse the file and read the contents. Additionally you can simply read the file with a text editor. You’ll just have to ignore the gibberish bits between the files/folders.

A quick grep of SeclLists’ Web-Discovery folder reveals that the file is included in all sizes of the file/word raft lists, quickhits.txt, and dirsearch.txt which are among the most popular pre-made bruteforce lists.

However, this file doesn’t always make into the pentester’s personal shortlists, which I believe is a mistake.

3-Minute Read

Since the news of Log4shell initially broke, a few news outlets have been stoking fear about an imminent attack from a devastating worm, from the usual suspects, armed with a Log4j exploit. A month later, and we still haven’t seen it — but why? And how is it actually being used?

The attack surface that a Log4j worm would have to target is very incongruous. Systems such as web servers are easy to mass scan and Java-based web applications like Elasticsearch and VMware Horizon have already been exploited in great numbers. Scanning the entire internet for a select few vulnerable services or even blindly pray-and-spraying every found web service with a payload can be done in a day.

Writing a worm for a scannable exploit is pretty much pointless. Worms like WannaCry made use of an SMBv1 service vulnerability in Windows systems meaning that the entire network could be compromised from a single exploit. Log4j, while devastating in it’s breadth, isn’t as ubiquitous as a default Windows service and the method of exploitation for this library will vary greatly depending on its implementation.

A Log4j worm would only affect the few machines running this library and internal uses of the library would be too varied to be predictable in any meaningful way. Even the operating system would

Additionally, the skill requirement of writing a worm is much higher than scanning. Only nation-state threat actors have the skill and resources to put together an impactful worm quickly enough to be competitive with scanning and even the efficacy of this is debatable.

3-Minute Read

I’ve recently purchased the GL.iNet GL-AR750S-Ext travel router, also known as Slate, and I’m so far quite pleased with it. With this handy travel router running a custom interface over OpenWRT I was easily able to configure a plug-and-play VPN solution that allows me to connect to my network at home. Now I can watch Netflix, use remote desktop, browse the web safely, and avoid triggering security measures that may lock you out of your account while traveling abroad.

Conveniently, this travel router also includes a configurable switch on the side which allows me to quickly enable and disable the VPN connection. By configurable, I mean that this switch allows you to choose whether it toggles the OpenVPN, WireGuard, or Tor connection.

select toggle button function dropdown menu

At home I use an Asus RT-AC66U-B1, but your setup will likely be very similar. Most Asus products use similar firmware and OpenVPN support is becoming a more common feature among base model routers without splurging on enthusiast-grade hardware. The Asus RT-AC66U-B1 is an older bit of kit, and it has its quirks, but it’s still supported by Asus and runs about $110.

Warning: before enabling any web-facing features on your router, you should always manually check that you have the latest firmware installed.

Recent Posts

Categories

About

Sean Mackert is an IT professional passionate about security and helping inform others.