I’ve used WordPress for years. Since back in the 2.x days, even. I love it, still recommend it, and generally support everything they’re doing, but it’s quickly outgrown what I need. Truth is, y’all, I’m really not doing enough with the site to call for a dynamic php-based solution. Fact is, WordPress plugins have a rather hilarious number of vulnerabilities; as a cybersecurity professional, minimizing my attack surface is an ongoing .
Good evening, y’all. Notice anything different? Anything at all? About 90% of the changes this weekend were behind the scenes, but the more savvy of y’all - or those with a good eye - might notice a thing or two. (NB: those of you who get these posts in a feed reader might need to visit the site itself to find them) My main project this weekend, other than forensics homework of course, was moving this site to a new web host.
Well that was annoying. Spent my writing time yesterday evening and then today sorting out what I thought was a weird DNS forwarding issue that made it look like the site was down for the count. After an email to my web host I thought maybe it was something with the settings - technically, I’ve got three potential sources for DNS to be screwy on this site. I should explain first.
And now for something completely different: I promised y’all yesterday that I’d talk a little about the program I’m writing to help keep myself on track as well. Accountability is your binary accountability buddy. I’m building it using Flask and Python 3. Really, it’s a small thing and Flask is probably overkill for it, but email is hard. Yes, email. Sure, it’s just SMTP and MIME under the hood, but getting it to be reliably delivered is a big problem.
I recently got the chance to play with the results of the awesome research by Bastille and the PoC by phikshun and infamy. The tl;dr version (though you really should read the linked resources!) is that many wireless mice and keyboards can serve as a backdoor into a system! Yes, that includes delivering meterpreter and Powershell Empire, too, as well as more harmless pranks. I’m still playing with it, but it just highlights for me how truly ridiculous the Internet of Things is going to be within a few years.