Category Archives: Today I Learned: InfoSec

TIL: They should have called it DHCPDOS

TIL: They should have called it DHCPDOS

Most mornings, you wake up and think you at least have a semblance of what your day will be like. But if someone tells you that you now have to worry about your DHCP server messing up your network, you might want to just go back to bed and stay there. If you haven’t yet made DHCPwn an acquaintance, get yourself a cup of coffee and wake up to the sweet smell of IP Exhaustion.…

Today I Learned: There are some things you REALLY don’t want in bulk

Today I Learned: There are some things you REALLY don’t want in bulk

Everybody knows that you can have too much of a good thing: high impact yoga, deep water yodeling, reading TIL posts while unicycling, or any hobby where you’re required to “shuck” things. But what if you take an ordinary bad thing and raise it to the power of awful! In other words, you ratchet up the potential consequences of what otherwise would be been a fairly minor issue. A great example of this is bettercap…

Today I Learned: Keeping Up with the Cryptolockers

Today I Learned: Keeping Up with the Cryptolockers

It’s tough to keep up with CryptoLocker and the several quintillion other ransomware variants that have been released in the last couple years. If you’re unfamiliar with ransomware, it’s the digital equivalent of an Adam Sandler movie. Your files are encrypted into mumbo-jumbo and you can’t get them back without paying way more than you should. What’s really terrifying is that the ransomware packages have become robust enough through pure Darwinian Internet Evolution. Currently, recovery…

Today I Learned: Automatic Isn’t Always Good

Today I Learned:  Automatic Isn’t Always Good

As the world moves even faster and becomes more interconnected, we’ve come to accept that being automated is a good thing. Automatic cars outsell stick shifts, software updates automatically install, and Autobots have beaten the Decepticons three films running. But what you probably don’t want is to have your network peeled apart at the web application by SQLMap – the Automatic SQL injection and database takeover tool. SQLMap is a terrifying, python-based, open source pentesting…

Today I Learned: HSTS Supercookies Taste Bad

Today I Learned: HSTS Supercookies Taste Bad

If this were still the 90s and I still had Zack Morris style hair, this is where I’d make a pun, or clever ‘TeeHee’ about cookies. However, as we’re now living in what I once thought of as the far distant future, I’ll make a joke about how I’m really glad that the doctor came back and said I tested negative for HSTS. With that out of the way, it’s important to know that HTTP…