Authentic8 Blog Author: A8 Team

To TOR or Not to TOR?

Posted by: A8 Team
Published on:

Recent mass shootings in Christchurch, Poway, and El Paso, as well as the lesser-known attack on a synagogue in Halle, Germany all have something in common other than being acts of violence. The perpetrators all had an online presence on a forum known as "8chan".

After the El Paso attack, 8chan was dropped by service providers and went offline. The shooter in Halle couldn't announce the attack on the forum; however, it was still live-streamed, similar to the attack in Christchurch. The attacker also used the name "anon", short for anonymous, a typical username used for privacy in forums such as 8chan.

8Chan has since rebranded as "8kun" and is back online as of November 3rd, 2019. The screenshot below shows 8kun's landing page in TOR.

Screenshot: 8kun Landing Page in TOR (Authentic8 Blog)

Forums such as 8kun are not only a gathering place for users to gain inspiration to commit attacks.  They also serve as dissemination points for manifestos furthering the spread of this type of terrorism.

The Christchurch

Interview: HTTPS Interception, TLS Fingerprinting, and the Browser

Posted by: A8 Team
Published on:

Use HTTPS, they said. Make sure your browsers shows that green padlock, they said. You’ll be safe, nobody can eavesdrop, they said.

IT security teams and threat hunters, who are familiar with the inherent security weakness of the web’s underlying protocols, know better.

The problem with HTTPS internet connections is similar to the problem with VPN. Or, as Larry Loeb put it in his post HTTPS: Beware the False Sense of Security on this blog: “[U]sers think that it does more than it actually does.”

For starters, a basic HTTPS connection gets established when the browser (client) connects directly to an origin server to send requests and download content protected by TLS-based  encryption. Still, this communication is vulnerable to interception.

The reason is simple. Often, the browser doesn’t connect directly with the web server serving the website. Instead, data gets routed through a proxy or middlebox, a.k.a. "monster-in-the-middle" (MITM). HTTPS interception, for benign or malign reasons,

Interview: James Kettle Explains HTTP Desync Attacks (In Under 3 Minutes)

Posted by: A8 Team
Published on:

$70k - how's that for a bug bounty total netted from an almost forgotten web exploit?

At Black Hat USA 2019 in Las Vegas, James Kettle of Portswigger Web Security demonstrated how he pulled it off. The security researcher used an old (by internet standards) technique called HTTP Request Smuggling, which was first documented back in 2005.

It still works. Kettle's exploit schemes, dubbed Desync Attacks, leverage the HTTP protocol support for sending multiple HTTP  requests over a single underlying TCP or SSL/TLS socket.

HTTP requests are traditionally understood as isolated entities that are placed back to back. In his presentation of request smuggling attacks for cybersecurity researchers, Kettle showed how he was able to overcome this compartmentalization.

The British threat hunter's approach enabled him to splice requests into others, as he said, to "gain maximum privilege  access to internal APIs, poison web caches, and compromise what's possibly your most trusted login page."

How did he do it? And what does

How to Conduct Social Media Investigations and Remain Anonymous

Posted by: A8 Team
Published on:

How can professional investigators securely conduct research on social media without exposing their organization? Authentic8’s Nick Finnberg, OSINT training specialist and former intelligence analyst, shared insights and tradecraft insights, tips and tools at a webinar on social media investigations.

*

There are more than 3.5 billion active social media users across the world. Facebook, Instagram, Twitter, LinkedIn, Reddit, 8chan and Co. can be a treasure trove for law enforcement, fraud investigators, corporate security specialists, and Open Source Intelligence (OSINT) analysts. Provided, that is, the researchers have tools at their disposal that are up to the task.

That’s a big IF. Online investigators need to be able to quickly and efficiently collect, save, and collaboratively analyze data while maintaining adequate operational security (OpSec). This often poses a challenge, because they also grapple with budget constraints, inadequate online tools with inherent security vulnerabilities, and an acute shortage of properly trained cybersecurity personnel.

How to safely, effectively, and anonymously use social media for

GDPR Outlook: After First Record Fines, What’s Next?

Posted by: A8 Team
Published on:

Following the record penalties for Google, British Airways and Marriott under the European Union's General Data Protection Regulation (GDPR) by French and British data privacy commissioners, which industry or sector will the EU's privacy watchdogs home in on next?

European GDPR enforcement actions are just getting up to speed. All indications point to more rough waters ahead for large transnationals with a presence in the EU.

In their third conversation on the state of GDPR, Scott Petry, co-founder and CEO of Authentic8, explores with Steve Durbin, Managing Director of the UK-based Information Security Forum (ISF)

  • what impact Brexit may have on GDPR enforcement in the UK
  • how the EU is currently taking aim for the next salvo of sanctions against GDPR violators
  • why apps and tools that touch EU employee data face increased scrutiny.

Will the next headline-worthy penalty hit a US-based company for not sufficiently protecting its EU employee data? Listen to their discussion here:

Did you miss the first two