MattAndreko.com

"hostess is a code-slaying dragon found deep within the core of the earth, unearthing magma and vulnerabilities single handedly while using the other hand to pet his cat"

Compiling SSLScan With SSLv2 Support on OSX

| Comments

SSLScan is a tool that I often use when validating SSL findings on penetration tests. I had recently seen a new version come out, with color highlighting and more fanciness, but wanted it for OSX. When I tried to compile it, I noticed that it did not support SSLv2, which is something I often screenshot, so I dived into getting it all working.

Burp Icon in OSX

| Comments

Recently, I on a Google Hangout with a coworker and saw him using the Burp Suite. I noticed that he opened a text file containing the command to run burp with extra memory, so he could remember the shell command easily. I personally just ran the burp jar file by double-clicking the jar file. The only exception was when I did need that extra memory. In that situation, I had to look up the arguments on Google. I wanted a more ‘native’ feeling to launching the Burp Suite, and this post should document the process I found that worked for me.

Backdoor Modules for Netgear, Linksys, and Other Routers

| Comments

A week or so ago, I read the news of a new backdoor on several devices, including those made by Belkin, Cisco, NetGear, Linksys, and several others. A list of what seems to be affected devices can be found here. Eloi Vanderbeken, who posted his findings on GitHub made the original discovery. He also wrote a useful python proof-of-concept exploit, which allowed command injection, but I wanted Metasploit integration.

Brainpan2

| Comments

Over on #vulnhub, there has been quite a chatter about Brainpan2, a “sequel” to Brainpan, by superkojiman. They’re even offering a 50 GBP award to whoever submits the best write-up! Since I enjoy challenges like this, I took a look at the machine. However, the writeup had to wait until the contest was complete, so that people didn’t cheat to win.

Canon, Y U NO Security?

| Comments

I recently bought a new printer at home, so my wife could print coupons without manually attaching to my office printer each time (Thanks coupons.com and all the other shady sites that require spyware-like software to print coupons, and often don’t support network printers). I ended up picking up a Canon MX922. It works awesome for her, and is connected over WiFi, so any device in the house can print to it. This got me thinking though, about how secure it was.