Dustin Decker

  • Haystacks and Needles: Digging for Interest

    Haystacks and Needles: Digging for Interest

    While an intern with the ISC as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program, I performed a substantial amount of research and analysis on the daily. While most students install a honeypot locally on a Raspberry Pi to gather attack information, I took extra steps to deploy a personal global network of…

    Click or not…

  • Migrating Virtual Machine VMware to Proxmox

    Migrating Virtual Machine VMware to Proxmox

    With the recent announcement that VMware ESXi will no longer be made available for home users for free, many in the industry are turning to Proxmox for their virtual needs. Below find instructions I hastily cobbled together migrating a workstation today.

    Click or not…

  • Two-Person Integrity

    Two-Person Integrity

    The two-person rule is a control mechanism designed to achieve a high level of security for especially critical material or operations. Under this rule, access and actions require the presence of two or more authorized people at all times. My first experience with TPI was as a Quartermaster in the United States Navy in the 90’s. The Figure…

    Click or not…

  • Spyware in the Crosshairs?

    Spyware in the Crosshairs?

    The State Department is implementing a new policy today that will allow the imposition of visa restrictions on individuals involved in the misuse of commercial spyware. This new policy is the most recent action in the United States’ comprehensive approach to countering the misuse of commercial spyware.  The governments of Australia, Canada, Costa Rica, Denmark,…

    Click or not…

  • Cloudflare Penetration

    Cloudflare Penetration

    For me, the story began back on November 2nd, 2023. For the better part of twelve hours, I either couldn’t login at all, or received errors when attempting to manage DNS records. I even opined:“Authentication Error: Code 10000”Please tell me this ain’t some Okta or similar sh*t. (https://twitter.com/TheDustinDecker/status/1720087581575217338) “The company says that this breach did…

    Click or not…

  • Consumer Security Cameras

    Consumer Security Cameras

    Know what you’re purchasing! Everyone is selling a flavor. The decision to add wireless security cameras to your home or business property is a wise one. The peace of mind associated with knowing a record of “what really happened” is available when necessary is a huge component of the value proposition most Americans base their…

    Click or not…

  • Breaking into Cybersecurity

    Breaking into Cybersecurity

    Breaking in to the Cybersecurity industry can be difficult, but certainly not impossible.

    Click or not…

  • Alerts in Three Minutes

    Alerts in Three Minutes

    Spend three minutes examining Alerts in Security Onion.

    Click or not…

  • Random Login Failures

    Random Login Failures

    A brief look at a very small sampling of failed logins. I’ve used green to highlight IP addresses known to be “OK” – Starlink out of Denver where my own connection terminates. Others are highlighted in dark pink and represent attacks with certainty. The orange highlighter is for other “items of interest”. Namely the use…

    Click or not…

  • Apple “Point Releases”

    Apple “Point Releases”

    Apple has released significant “point releases” for all its operating systems. Along with new features, we also receive patches for 29 different vulnerabilities. There is a ZERO DAY exploit observed in the wild against the Apple Webkit. These most recent updates are absolutely essential to maintain the security of your devices. How do I update…

    Click or not…

  • Backup Migration Plugin for WordPress

    Backup Migration Plugin for WordPress

    Analysis of network traffic for the period alerted on a generic rule: “ET EXPLOIT file_put_contents php base64 encoded Remote Code Execution 2.” The specific URL requested: http://[redacted].com/wp-content/plugins/backup-backup/includes/backup-heart.php1. The payload is fragmented across six frames and reassembled in hopes of avoiding automated forms of analysis. The vulnerability allows unauthenticated attackers to execute remote code via the…

    Click or not…

  • Tor “Anonymity”

    Tor “Anonymity”

    The predominate descriptions for the Tor Project on their website include “Explore Freely” and “Defend yourself against tracking and surveillance. Circumvent censorship.” “Tor Browser prevents someone watching your connection from knowing what websites you visit. All anyone monitoring your browsing habits can see is that you’re using Tor.” Tor (The Onion Router) is a free…

    Click or not…

  • Gitlab Critical Zero-Day

    Gitlab Critical Zero-Day

    GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. The most critical security issue GitLab patched has the maximum severity score (10 out of 10) and is being tracked as CVE-2023-7028. Successful exploitation does not require any interaction.…

    Click or not…

  • QR Codes and qrDecoder

    QR Codes and qrDecoder

    Quick Response (QR) codes are two-dimensional barcodes that can store a variety of data, such as alphanumeric text, URLs, or other binary data. They were initially created by Denso Wave, a subsidiary of Toyota, in 1994 for tracking automotive parts during manufacturing. QR codes have gained widespread popularity due to their ability to store large…

    Click or not…

  • Serial to Parallel Updates

    Serial to Parallel Updates

    If you’re an old BASH head like I am, you’ve probably leaned on a FOR loop countless times. It’s become natural enough over the years to just whip one up on the command line, and I use it in scripting every day. Dear Bash FOR loop, You have indeed been trusty and true for many…

    Click or not…