In my experience, .DS_Store is an essential line in your personal scanning lists. These days, exposed .DS_Store files can be rare, but it can be a useful string to use when trying to find hard-to-discover paths as well. Here’s a brief introduction to .DS_Store, and a recount of a time when it really paid off for me.

The .DS_Store file contains folder metadata for Mac users. These files are created automatically inside of archives, local folders, and even remotely mounted folders. More importantly, for us, these files can include file and folder names that we would have otherwise been unable to guess during normal directory bruteforcing techniques.

Luckily for us the format has been reversed engineered and you can use this simple one-liner or this Python-dsstore project to parse the file and read the contents. Additionally you can simply read the file with a text editor. You’ll just have to ignore the gibberish bits between the files/folders.

A quick grep of SeclLists’ Web-Discovery folder reveals that the file is included in all sizes of the file/word raft lists, quickhits.txt, and dirsearch.txt which are among the most popular pre-made bruteforce lists.

However, this file doesn’t always make into the pentester’s personal shortlists, which I believe is a mistake.

I’ve recently purchased the GL.iNet GL-AR750S-Ext travel router, also known as Slate, and I’m so far quite pleased with it. With this handy travel router running a custom interface over OpenWRT I was easily able to configure a plug-and-play VPN solution that allows me to connect to my network at home. Now I can watch Netflix, use remote desktop, browse the web safely, and avoid triggering security measures that may lock you out of your account while traveling abroad.

Conveniently, this travel router also includes a configurable switch on the side which allows me to quickly enable and disable the VPN connection. By configurable, I mean that this switch allows you to choose whether it toggles the OpenVPN, WireGuard, or Tor connection.

At home I use an Asus RT-AC66U-B1, but your setup will likely be very similar. Most Asus products use similar firmware and OpenVPN support is becoming a more common feature among base model routers without splurging on enthusiast-grade hardware. The Asus RT-AC66U-B1 is an older bit of kit, and it has its quirks, but it’s still supported by Asus and runs about $110.

Warning: before enabling any web-facing features on your router, you should always manually check that you have the latest firmware installed.

The AWS marketplace link in this post has been updated in 2021 to point towards the newer Kali release 2020.4

There are times when I’m either away from home, having a slow day at work, or my machine’s limits are already being pushed by other processes but I still need (CTF’s get addicting!) to run Kali. Alas the perfect solution has been right in front of me all along! For some time now I’ve been using the AWS EC2 free-tier to host an Ubuntu server running TinyProxy to keep my personal traffic separated from untrusted networks. So why not host a Kali image? Luckily Kali Linux is already an available free-tier OS on the AWS Marketplace! It’s simple as SSH or remote desktop in and now I can feed my new addiction, HackTheBox.eu, during my lunch breaks instead of Arby’s.