Tech Help

      What started off as an interesting read on how DNS rebinding attacks work, and how they're leveraged to scan internal networks. The high level gist of the scenario is that if you have multiple A records, or the ability to rapidly change A records during someone's visit to a page, you can cause them to run push requests to other pages. This may include things like scanning a web-page visitor's local network, or replaying known addresses (maybe due to public dns resolving internal addresses) there is potential for attempting things like xss to steal credentials. Since it's the same domain being resolved, the browser often won't have any issue attempting requests.     Now, what this turned into was my general thought of "I've seen attacks before where people used webrtc, wasm, flash, vbs, etc... to port scan a network, I wonder if you could just use javascript targeting subdomains of other websites that have sub-domains pointing to private ips. This woul...

     Hey there folks, I just wanted to drop in to mention an issue that's actually come up probably even more than data recovery or ransomware. Throughout my almost 20 year career in IT, I've had one consistent issue that people ask for all the time that I simply can't help with, and I really want to bring this up as a "please understand what you're asking before you ask it" type thing.     The issue I speak of is any of the many variations of "hack my spouse" type issues. This could be "I need access to my spouse's facebook," "I need access to my spouse's email," "can you monitor my spouse's computer remotely," "my ex did this and I want evidence, it's on his phone," etc...  There's even been some variants with people dumb enough to say "I need access to this girl I'm stalking" and variants around e-girls and doxxing. The short and sweet of the problem isn't just that thes...