Evading SSH Fingerprinting (HASSH) with Arbitrary Ciphers

Reading Time: 2 minutes HASSH is an SSH fingerprinting method developed by Salesforce. HASSH allows SSH servers to fingerprint SSH clients attempting to connect by examining the client’s handshake data, such as which ciphers the client is asking to use, etc. An inverse fingerprinting is also possible by using HASSHServer. HASSH is a similar idea to JA3 / JA3S … Continue reading “Evading SSH Fingerprinting (HASSH) with Arbitrary Ciphers”

Hunting for Sensitive Data in Public Amazon Images (AMI)

Reading Time: 9 minutes Table of Contents Background Building the Automation Results Attribution Remediation Final Thoughts Credits Background A while back, I watched a 2019 DEFCON talk by Ben Morris on exposed EBS volumes on AWS. EBS Volumes are attachable block storage devices, essentially virtual disks. Here is the short problem statement the talk discusses (watch it if you haven’t, it’s … Continue reading “Hunting for Sensitive Data in Public Amazon Images (AMI)”

Remote Hacking of Furbo Dog Camera

Reading Time: 4 minutes Background  For an upcoming episode of McAfee’s Hackable podcast, I was provided with a Furbo – a dog food tossing device, for a security review.  Equipped with a 160 degree High Definition camera and night vision  capabilities, Furbo is a dog camera capable of tossing food with a swipe of a button through your phone. Furbo was … Continue reading “Remote Hacking of Furbo Dog Camera”