June 26th 2013 - Downtime
As of about a week ago, my server provider was compromised and the majority of their data, including my VPS was deleted. While I can't say that this is all that surprising, their handling of the situation has been completely terrible; it's not like they don't have enough experience with being in this situation. More on this later though!
Sometime in the not to distant future I will move everything over to a new host which should be able to accomodate the service scan data. Either way, restoring everything from my local backups should not take too long, but I have not had any free time over the past week. Check back soon, and everything should indeed be back online and running again. Sorry for the inconvenience!
June 13th 2013 - BIOS based rootkit research posted
Over on the research page I've posted a write-up of how to create a BIOS based rootkit, along with a PoC and source code. I originally completed this project several years ago, but it is still fairly relevant.
I've tried to structure the code and scripts so that they are easy to try out and modify, but there's also a sample patched BIOS that can be tried with most versions of VMware. Patching your motherboard's BIOS probably isn't for everyone, so it's nice that this can also be effectively tested in VMware.
In other news, the Internet Census service scan data is coming along, but it's a bit of a slow process. I hope to have an update regarding it sometime in the next week.
May 21th 2013 - Internet Census 2012 search update
The reverse DNS (rDNS) data is now available for searching as well. Currently only terms longer than 5 characters can be searched, and the number of results will be limited to a few thousand.
Fun queries that can be run now that hostname searching is available include:
- Looking up companies. Try
- Looking for data or systems that should not be public. Try
- Looking for systems that probably have poor security or otherwise should not be available. Try
- Looking control system equipment. Try
automation, etc (start by looking up interesting ports like 502 or 20000!)
- Looking up random services. Try
Upcoming updates (in order):
- rDNS exact matching, and support for subterms shorter than 5 characters
- Port scan data reliability rankings, to help filter out false positives
- Service/banner scan data
May 5th 2013 - Website online!
After much delay, this website is now online. The driving reason behind this website (initially) at least is to get the Internet Census 2012 data online in a searchable form. Over the next week I plan to post some updates with some of my past research, tools, etc, so please check back every so often! Going forwards I plan to host any new projects or research here as well.
I don't have any comment boxes or anything like that on this website, but I would love any feedback anyone has! Please send any thoughts, suggestions, or hate mail
to my email on the contact page (I don't recommend hate mail, will get you on "the list").