up

Gemfile

@@ -11,7 +11,7 @@ source "https://rubygems.org"
 gem "jekyll", "~> 3.9.1"
 
 # This is the default theme for new Jekyll sites. You may change this to anything you like.
-gem "minima", "~> 2.0"
+gem "minima"
 
 # If you want to use GitHub Pages, remove the "gem "jekyll"" above and
 # uncomment the line below. To upgrade, run `bundle update github-pages`.
@@ -31,3 +31,4 @@ gem "wdm", "~> 0.1.0" if Gem.win_platform?
 
 gem 'jekyll_github_sample'
 gem 'jekyll-sitemap'
+gem 'kramdown-parser-gfm'

Gemfile.lock

@@ -48,6 +48,8 @@ GEM
       jekyll (>= 3.0, < 5.0)
     kramdown (2.3.1)
       rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
     liquid (4.0.3)
     listen (3.5.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
@@ -85,7 +87,8 @@ DEPENDENCIES
   jekyll-feed (~> 0.6)
   jekyll-sitemap
   jekyll_github_sample
-  minima (~> 2.0)
+  kramdown-parser-gfm
+  minima
   tzinfo-data
 
 BUNDLED WITH

_config.yml

@@ -14,14 +14,18 @@
 # You can create any custom variable you would like, and they will be accessible
 # in the templates via {{ site.myvariable }}.
 title: patrickrbc
-#email: "@patrickrbc"
-author: ""
-description: >- # this means to ignore newlines until "baseurl:"
-  Olá! My name is Patrick and I am a software and security engineer based in Recife, Brazil. Welcome to my blog!
-baseurl: "" # the subpath of your site, e.g. /blog
-url: "" # the base hostname & protocol for your site, e.g. http://example.com
-twitter_username: patrickrbc
-github_username:  patrickrbc
+
+author: ''
+description: ''
+baseurl: '' # the subpath of your site, e.g. /blog
+url: 'https://patrickrbc.com' # the base hostname & protocol for your site, e.g. http://example.com
+
+social:
+  github: patrickrbc
+  linkedin: patrickrbc
+  telegram: patrickrbc
+  twitter: patrickrbc
+  mastodon: patrickrbc
 
 # Build settings
 markdown: kramdown
@@ -37,7 +41,6 @@ permalink: /:categories/:year/:month/:day/:title
 plugins:
   - jekyll-feed
   - jekyll-sitemap
-
 # Exclude from processing.
 # The following items will not be processed, by default. Create a custom list
 # to override the default setting.

_includes/footer.html

@@ -0,0 +1,39 @@
+<footer class="site-footer h-card">
+  <data class="u-url" href="{{ "/" | relative_url }}"></data>
+
+  <div class="wrapper">
+
+    <div class="footer-col footer-col-1 post-meta">
+      GPG: 53CA 9711 9A55 0C86
+    </div>
+
+    <!--<h2 class="footer-heading">{{ site.title | escape }}</h2>-->
+
+    <div class="footer-col-wrapper">
+      <div class="footer-col footer-col-1">
+        <ul class="contact-list">
+          <li class="p-name">
+            {%- if site.author -%}
+              {{ site.author | escape }}
+            {%- else -%}
+              {{ site.title | escape }}
+            {%- endif -%}
+            </li>
+            {%- if site.email -%}
+            <li><a class="u-email" href="mailto:{{ site.email }}">{{ site.email }}</a></li>
+            {%- endif -%}
+        </ul>
+      </div>
+
+      <div class="footer-col footer-col-2">
+        {%- include social.html -%}
+      </div>
+
+      <div class="footer-col footer-col-3">
+        <p>{{- site.description | escape -}}</p>
+      </div>
+    </div>
+
+  </div>
+
+</footer>

_includes/social.html

@@ -0,0 +1,93 @@
+<ul class="social-media-list">
+  {%- if site.social.mastodon -%}
+  <li>
+    <a
+      rel="me"
+      href="https://infosec.exchange/@{{ site.social.mastodon |
+      cgi_escape | escape }}"
+      target="_blank"
+      title="{{ site.social.telegram | escape }}"
+    >
+      infosec.exchange/@patrickrbc
+    </a>
+  </li>
+  {%- endif -%} {%- if site.social.telegram -%}
+  <li>
+    <a
+      rel="me"
+      href="https://t.me/{{ site.social.telegram | cgi_escape | escape }}"
+      target="_blank"
+      title="{{ site.social.telegram | escape }}"
+      ><svg class="svg-icon">
+        <use
+          xlink:href="{{ '/assets/minima-social-icons.svg#telegram' | relative_url }}"
+        ></use>
+      </svg>
+      <span class="username">{{ site.social.telegram| escape }}</span>
+    </a>
+  </li>
+  {%- endif -%} {%- if site.social.github -%}
+  <li>
+    <a
+      href="https://github.com/{{ site.social.github| cgi_escape | escape }}"
+      target="_blank"
+      ><svg class="svg-icon">
+        <use
+          xlink:href="{{ '/assets/minima-social-icons.svg#github' | relative_url }}"
+        ></use>
+      </svg>
+      <span class="username">{{ site.social.github| escape }}</span></a
+    >
+  </li>
+  {%- endif -%} {%- if site.social.instagram -%}
+  <li>
+    <a
+      href="https://instagram.com/{{ site.social.instagram| cgi_escape | escape }}"
+      target="_blank"
+      ><svg class="svg-icon">
+        <use
+          xlink:href="{{ '/assets/minima-social-icons.svg#instagram' | relative_url }}"
+        ></use>
+      </svg>
+      <span class="username">{{ site.social.instagram| escape }}</span></a
+    >
+  </li>
+  {%- endif -%} {%- if site.social.linkedin -%}
+  <li>
+    <a
+      href="https://www.linkedin.com/in/{{ site.social.linkedin| cgi_escape | escape }}"
+      target="_blank"
+      ><svg class="svg-icon">
+        <use
+          xlink:href="{{ '/assets/minima-social-icons.svg#linkedin' | relative_url }}"
+        ></use>
+      </svg>
+      <span class="username">{{ site.social.linkedin| escape }}</span></a
+    >
+  </li>
+  {%- endif -%} {%- if site.social.twitter -%}
+  <li>
+    <a
+      href="https://www.twitter.com/{{ site.social.twitter| cgi_escape | escape }}"
+      target="_blank"
+      ><svg class="svg-icon">
+        <use
+          xlink:href="{{ '/assets/minima-social-icons.svg#twitter' | relative_url }}"
+        ></use>
+      </svg>
+      <span class="username">{{ site.social.twitter| escape }}</span></a
+    >
+  </li>
+  {%- endif -%} {%- if site.social.rss -%}
+  <li>
+    <a href="{{ 'feed.xml' | relative_url }}" target="_blank"
+      ><svg class="svg-icon">
+        <use
+          xlink:href="{{ '/assets/minima-social-icons.svg#rss' | relative_url }}"
+        ></use>
+      </svg>
+      <span>{{ site.social.rss | escape }}</span></a
+    >
+  </li>
+  {%- endif -%}
+</ul>

_layouts/default.html

@@ -15,17 +15,36 @@
 
     {%- include footer.html -%}
 
-    <script async
-      src="https://www.googletagmanager.com/gtag/js?id=UA-137241651-1"></script>
+    <script async src="https://www.googletagmanager.com/gtag/js?id=G-Q4C55092PY"></script>
     <script>
       window.dataLayer = window.dataLayer || [];
       function gtag(){dataLayer.push(arguments);}
       gtag('js', new Date());
-      gtag('config', 'UA-137241651-1');
+
+      gtag('config', 'G-Q4C55092PY');
     </script>
+
     <script>
-      document.querySelector('.night-mode').onclick = function (e) {
-        document.querySelector('body').classList.toggle('dark')
+      window.onload = function () {
+        setTheme(localStorage.getItem('theme'))
+      }
+
+      document.querySelector('.night-mode').onclick = function () {
+        let current = localStorage.getItem('theme')
+        setTheme(toggleName(current))
+      }
+
+      function toggleName (theme) {
+        return theme === 'dark' ? 'light': 'dark'
+      }
+
+     function setTheme (theme) {
+        theme = theme || 'light'
+
+        localStorage.setItem('theme', theme)
+
+        document.querySelector('body').classList.add(theme)
+        document.querySelector('body').classList.remove(toggleName(theme))
       }
     </script>
   </body>

_posts/2021-07-31-wildcard-subdomain-enum.md

@@ -0,0 +1,67 @@
+---
+layout: post
+title: 'Subdomain enumeration with wildcard records '
+date: 2021-07-31 13:49:00 -0300
+comments: true
+categories: footprinting, subdomain, dns
+---
+
+**TL;DR**
+
+Enumerating subdomains with wildcard records is tricky but not impossible, here
+are some tips. Also, don't trust wildcards as a security mechanism for hiding
+sensitive apps.
+
+# The problem
+
+If you did some subdomain brute-force enumeration in the wild you already
+bumped into a record that resolves for any type of prefix. This is called a
+wildcard record and it can be configured by inserting a record entry with a
+label "**\***". This record will also resolve for other sublevels unless it is
+inhibited by another record entry.
+
+Many companies use wildcard records as part of their architecture. A well-known
+example is Slack which uses it for their workspaces. For example, today I asked
+my favorite DNS server to resolve the following records and got the same IP
+address:
+
+```
+shopify.enterprise.slack.com 18.231.0.250
+enterprise.slack.com 18.231.0.250
+big-name-non-existent.slack.com 18.231.0.250
+```
+
+In this case you might conclude that there is a wildcard record
+**\*.slack.com** and maybe we should ignore this domain in your subdomain
+enumeration. However, you could end up missing something like
+**status.slack.com** which does not resolve to this address. Instead it has a
+CNAME pointing to another infrastructure that could be interesting to you.
+
+It is curious how often subdomain enumeration tools mess up or do not handle
+this kind of behaviour. Many times the wildcard records are just dropped
+without any further check. The problem is that you might lose some interesting
+apps by discarding them .
+
+With that in mind, adding a wildcard record can be a tempting strategy to hide
+your own services like a needle in the haystack. I can't blame anyone for doing
+that, but just keep in mind that this is not going to save you for long.
+
+# Finding interesting stuff
+
+Thinking about how to make a better reconnaissance one could try to overcome
+this problem by treating enumeration in wildcard records differently. The
+response returned by the wildcard could be stored (sorted if it is multiple
+entries) and every subsequent DNS response would be compared with this one.
+Everytime we find a new response it would be saved in a map structure.
+
+This would make sure we have at least one subdomain that points to that new
+location that we found. However, *the world ain't all sunshine and rainbows*
+and we could obviously have a different application sitting on a machine that
+will only show up when we set a specific Host header in the HTTP request.
+
+Therefore, this is just something you could use to have more places to look for
+security vulnerabilities. There are many other more edgy cases (for example
+when including CNAME) that can happen when trying to find assets using DNS. I
+hope I can dig into that more in future posts.
+
+Do you have any tips for finding apps on records with wildcard?

_posts/2022-12-26-the-social-media-trap.md

@@ -0,0 +1,29 @@
+---
+layout: post
+title: The social media trap
+date: 2022-12-26 21:32:00 -0300
+comments: true
+categories:
+---
+
+There's no way one can avoid social media completely. We are social creatures.
+Even if you close all your accounts and remove all the apps, you would still be
+influenced by other people's behaviors and opinions, and those probably got a
+high load of influence from social media and so on.
+
+You can indeed make money producing content online. It is also true that social
+media platforms can boost your reach. However, the majority of the population is
+just consuming and creating poor content that will never lead to a financial
+reward.
+
+I would consider myself in the above situation. I'm not in a fair trade with
+social media. Not that I ever felt I could be. But the fear of missing out makes
+me play the game without even thinking about it.
+
+Most of the value generated from our actions is turned into revenue for the big
+techs. In exchange for that, you will be gifted with a subtle dependency on the
+feedback you could receive if you saw something good enough. 
+
+If you can't escape from it, maybe it's a good idea to spend some time
+implementing filters to avoid the consumption of unhealthy content. You need to
+feed yourself, just not with junky food.