Tech Help

Defense Penetration Testing (Pentests)      Many pentesting firms have done this for a while now so there's nothing new here, but I'd like to show you why and how pentests can be performed by shipping a raspberry pi (small, single board computer) and letting your staff power it on or setting it up to be left there. But before we do that, lets discuss why this would ever be a thing. There is a number of problems that arise that merit this sort of working as a defacto/standard operating mechanism and it only makes sense to offer the same.  Problem 1: "Scheduling/We can't perform testing during work hours"      Often employers won't have a way to get people to unlock the doors for you after hours and stay with you to perform testing, including wifi, physical, or internal pentesting techniques. This is the most common reason to say "okay well we can setup a laptop and leave it there".  This would work great for many reasons, because then they have all...

     When casually doing what I like to do and scanning the open air for fun and profit, I found something rather peculiar.       In today's world an unencrypted wireless network is pretty rare as it allows risks of spoofing, mitm, and various exploitation techniques which may be hard to defend against in courts. Many businesses offering wifi to it's customers stopped doing so because they couldn't maintain appropriate logging to prove when someone did something they shouldn't or which user it was. Captive portals weren't very affective and that was before iam services like keycloak were popular. So to see one in 2026 seemed a little bit wild.     When anything is "open" the data is shared unencrypted over the air. This can be sniffed and accessed by anyone passing by, and in the right, or I guess wrong, scenarios it can actually be mitm or spoofed without actually associating to the wifi network. This was the premise that created wep, then w...

  Much props to ImHex (https://imhex.werwolv.net/) for the awesome tool. Thanks for reading Watching! If you need any IT or CyberSecurity work remotely or within the DFW area, please contact us over at  FeemcoTechnologies .

Introduction I found that with the 1001 options for "SOC As A Service" companies, and "contract incident response", many client companies still don't understand why use them outside of a compliance check. Some companies seem to have them on retainer but refuse them any ability to act, just to notify and it may or may not be dealt with ever. It's really weird when companies want to secure their data and do secure business using that data, but not actually do the work around securing their data. I think it's the age old adage with IT that "passing the buck" is the default, then only with training and awareness do people want to take responsibility for their own security.  Then on the other side, these soc as a service companies themselves don't always provide training, understanding, or really anything more than a templated write up of the incident back to the company. That write up may contain details and even actions around what needs to ha...

     So, I made a yara rule a while back based on some suspicious phishing nonsense I found in some open (unauthenticated + file directory listing enabled) cloud storage buckets. I decided only recently to see if I could do some public hunting with these. One possibility was on hybrid analysis. After just a few days, I have 9 detections already found.       The YARA rule is hosted on my github ( https://raw.githubusercontent.com/ferasdour/SpecialYaraRules/refs/heads/main/Bucket%20Phishing%20Kits.yar ) but basically it's like this (notations added for this post): rule phishingKits3 {     meta :       description = "PhishingKits3: This was found in multiple phishing kits hosted on open/unauthenticated S3 buckets."       author = "ferasdour"     strings :       $s1 = "https://ajax.googleapis.com/ajax/libs/jquery/" ascii // adds jquery       $s2 = "https://code.jquery...

Introduction      I recently asked what tutorials I should do, and the first response that made sense to do was to write a how-to for making a lab environment. Because this is a tech blog, I think it's safe to assume this meant tech lab, or even hacking lab, not like science lab or something too crazy like that, though those are also things that probably could use a how-to these days. Generally, labs like this would be made to test new ideas, technologies, or techniques. When used for hacking labs, its usually the same with a gearing towards exploitation, with malware analysis, the same geared towards understanding the malware. So, lets go through some basic setups, the requirements for them, then follow that up with a dive into ways we can expand on that as well for different variations.       To do this, we're going to be using virtualization and containers, as this will provide us the widest range of capabilities for what we want to do. I'm going to...

Introduction      I recently found myself in need of a live wordpress system to install and test various tools against, as well as test for and validate exploits. So as part of my lab setup series, I'm going through a quick step-by-step version of configuring a quick wordpress lab.     This lab uses containers to make this an easily followed process and simplicity sake. If your specific lab needs a virtual or dedicated machine to run your testing, this may not be the ideal place to start. Either way, challenging myself to do some tutorials, so lets get into this!  Requirements:      So, there are a few requirements expected before this lab can be ran, though this should be generally cross platform: docker (or docker desktop) docker-compose an attacker system/container (in my example, I had curl, wpscan and greenbon/openvas installed on a separate container that I used to test against this) Steps: 1. To start with, just simple docker-compose f...