jonahowen.com

During my time at Synack Red Team, the scope of real-world penetration tests initially felt overwhelming to me. Us researchers would often be assigned massive scopes of data to audit that is unlike anything seen in a lab environment such as HackTheBox. Fellow SRT’ers suggested I pick a vulnerability class, and get good at it - I found myself doing well with Access Control / IDOR vulnerabilites and ended up landing my first critical (CVSS 9.1) bug bounty that way. ...

This weekend I decided to run a honeypot because I wanted some more blue team experience. I initially tried to run the honeypot on a Raspberry Pi, using port forwarding to expose the SSH honeypot on my router, but this proved difficult as the router would perform NAT on the source IPs, rendering IP geolocation and fraud analysis useless. Because AWS lightsail doesn’t use NAT for incoming requests, I figured it was more practical for this project. ...

Evilmouse is a covert keystroke injector hidden inside a fully functional mouse, similar in concept to a Rubber Ducky tool. As soon as it connects, it can autonomously execute commands and begin compromising the system. The Idea These days, everyone that’s been through basic job security awareness training knows that a USB stick plugged into a computer is suspicious. A mouse, however, might not appear suspicious at all, especially when its functionality is preserved. ...