How To: Scanning For SSL Certificates From the Command Line

Background Recently, there was a Remote Code Execution (RCE) vulnerability discovered in Palo Alto Firewalls. I found out about this through a post on the Full Disclosure mailing list by the researcher who discovered it. Even more recently, another post was made, with a script to test for the vulnerability. In that post, the author states they used a Shodan search to locate Palo Alto firewalls. While they don’t specify what search they used, I suspect it is something similar to: [Read more...]

How To: Enriching IPs With Python

I need a certain amount of enrichment on IP addresses multiple times per day. While certain tools and controls have built-in enrichment, I often find myself sitting at a shell prompt needing the same or similar info quickly. So, I decided to write something that will take an IPv4 address as an argument, and return the data I need in an easily-parsable format. The code is available here. Usage The code takes an IPv4 address as input, and outputs the following: [Read more...]

How To: Mitigating Web Session Replay Information Leakage

Background There has been a lot of talk in the news lately about security issues surrounding web-based session replay. The issue is a simple one: many popular websites are now running scripts that record every keystroke and every mouse movement, allowing them to replay your entire visit to their website, as though they’re looking over your shoulder. However, that data’s being collected and retained by third parties, not the websites themselves. [Read more...]