diff --git a/Gemfile b/Gemfile index a7e6802..e814f0b 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ source "https://rubygems.org" gem "jekyll", "~> 3.9.1" # This is the default theme for new Jekyll sites. You may change this to anything you like. -gem "minima", "~> 2.0" +gem "minima" # If you want to use GitHub Pages, remove the "gem "jekyll"" above and # uncomment the line below. To upgrade, run `bundle update github-pages`. @@ -31,3 +31,4 @@ gem "wdm", "~> 0.1.0" if Gem.win_platform? gem 'jekyll_github_sample' gem 'jekyll-sitemap' +gem 'kramdown-parser-gfm' diff --git a/Gemfile.lock b/Gemfile.lock index f85c8bf..5ae0daf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - activesupport (6.0.4) + activesupport (6.0.6.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -10,7 +10,7 @@ GEM addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) colorator (1.1.0) - concurrent-ruby (1.1.9) + concurrent-ruby (1.2.0) em-websocket (0.5.2) eventmachine (>= 0.12.9) http_parser.rb (~> 0.6.0) @@ -48,6 +48,8 @@ GEM jekyll (>= 3.0, < 5.0) kramdown (2.3.1) rexml + kramdown-parser-gfm (1.1.0) + kramdown (~> 2.0) liquid (4.0.3) listen (3.5.1) rb-fsevent (~> 0.10, >= 0.10.3) @@ -57,7 +59,7 @@ GEM jekyll (>= 3.5, < 5.0) jekyll-feed (~> 0.9) jekyll-seo-tag (~> 2.1) - minitest (5.14.4) + minitest (5.17.0) pathutil (0.16.2) forwardable-extended (~> 2.6) public_suffix (4.0.6) @@ -73,9 +75,9 @@ GEM rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) thread_safe (0.3.6) - tzinfo (1.2.9) + tzinfo (1.2.11) thread_safe (~> 0.1) - zeitwerk (2.4.2) + zeitwerk (2.6.6) PLATFORMS ruby @@ -85,7 +87,8 @@ DEPENDENCIES jekyll-feed (~> 0.6) jekyll-sitemap jekyll_github_sample - minima (~> 2.0) + kramdown-parser-gfm + minima tzinfo-data BUNDLED WITH diff --git a/_config.yml b/_config.yml index f62693a..cc63962 100644 --- a/_config.yml +++ b/_config.yml @@ -14,14 +14,18 @@ # You can create any custom variable you would like, and they will be accessible # in the templates via {{ site.myvariable }}. title: patrickrbc -#email: "@patrickrbc" -author: "" -description: >- # this means to ignore newlines until "baseurl:" - Olá! My name is Patrick and I am a software and security engineer based in Recife, Brazil. Welcome to my blog! -baseurl: "" # the subpath of your site, e.g. /blog -url: "" # the base hostname & protocol for your site, e.g. http://example.com -twitter_username: patrickrbc -github_username: patrickrbc + +author: '' +description: '' +baseurl: '' # the subpath of your site, e.g. /blog +url: 'https://patrickrbc.com' # the base hostname & protocol for your site, e.g. http://example.com + +social: + github: patrickrbc + linkedin: patrickrbc + telegram: patrickrbc + twitter: patrickrbc + mastodon: patrickrbc # Build settings markdown: kramdown @@ -37,7 +41,6 @@ permalink: /:categories/:year/:month/:day/:title plugins: - jekyll-feed - jekyll-sitemap - # Exclude from processing. # The following items will not be processed, by default. Create a custom list # to override the default setting. diff --git a/_includes/footer.html b/_includes/footer.html new file mode 100644 index 0000000..c7bc736 --- /dev/null +++ b/_includes/footer.html @@ -0,0 +1,39 @@ + diff --git a/_includes/social.html b/_includes/social.html new file mode 100644 index 0000000..3bd6b28 --- /dev/null +++ b/_includes/social.html @@ -0,0 +1,93 @@ + diff --git a/_layouts/default.html b/_layouts/default.html index 4bc774d..83ebed2 100644 --- a/_layouts/default.html +++ b/_layouts/default.html @@ -24,8 +24,26 @@ gtag('config', 'UA-137241651-1'); diff --git a/_posts/2021-07-31-wildcard-subdomain-enum.md b/_posts/2021-07-31-wildcard-subdomain-enum.md new file mode 100644 index 0000000..023a0f4 --- /dev/null +++ b/_posts/2021-07-31-wildcard-subdomain-enum.md @@ -0,0 +1,67 @@ +--- +layout: post +title: 'Subdomain enumeration with wildcard records ' +date: 2021-07-31 13:49:00 -0300 +comments: true +categories: footprinting, subdomain, dns +--- + +**TL;DR** + +Enumerating subdomains with wildcard records is tricky but not impossible, here +are some tips. Also, don't trust wildcards as a security mechanism for hiding +sensitive apps. + +# The problem + +If you did some subdomain brute-force enumeration in the wild you already +bumped into a record that resolves for any type of prefix. This is called a +wildcard record and it can be configured by inserting a record entry with a +label "**\***". This record will also resolve for other sublevels unless it is +inhibited by another record entry. + +Many companies use wildcard records as part of their architecture. A well-known +example is Slack which uses it for their workspaces. For example, today I asked +my favorite DNS server to resolve the following records and got the same IP +address: + +``` +shopify.enterprise.slack.com 18.231.0.250 +enterprise.slack.com 18.231.0.250 +big-name-non-existent.slack.com 18.231.0.250 +``` + +In this case you might conclude that there is a wildcard record +**\*.slack.com** and maybe we should ignore this domain in your subdomain +enumeration. However, you could end up missing something like +**status.slack.com** which does not resolve to this address. Instead it has a +CNAME pointing to another infrastructure that could be interesting to you. + +It is curious how often subdomain enumeration tools mess up or do not handle +this kind of behaviour. Many times the wildcard records are just dropped +without any further check. The problem is that you might lose some interesting +apps by discarding them . + +With that in mind, adding a wildcard record can be a tempting strategy to hide +your own services like a needle in the haystack. I can't blame anyone for doing +that, but just keep in mind that this is not going to save you for long. + +# Finding interesting stuff + +Thinking about how to make a better reconnaissance one could try to overcome +this problem by treating enumeration in wildcard records differently. The +response returned by the wildcard could be stored (sorted if it is multiple +entries) and every subsequent DNS response would be compared with this one. +Everytime we find a new response it would be saved in a map structure. + +This would make sure we have at least one subdomain that points to that new +location that we found. However, *the world ain't all sunshine and rainbows* +and we could obviously have a different application sitting on a machine that +will only show up when we set a specific Host header in the HTTP request. + +Therefore, this is just something you could use to have more places to look for +security vulnerabilities. There are many other more edgy cases (for example +when including CNAME) that can happen when trying to find assets using DNS. I +hope I can dig into that more in future posts. + +Do you have any tips for finding apps on records with wildcard? diff --git a/_posts/2022-12-26-the-social-media-trap.md b/_posts/2022-12-26-the-social-media-trap.md new file mode 100644 index 0000000..452d608 --- /dev/null +++ b/_posts/2022-12-26-the-social-media-trap.md @@ -0,0 +1,29 @@ +--- +layout: post +title: The social media trap +date: 2022-12-26 21:32:00 -0300 +comments: true +categories: +--- + +There's no way one can avoid social media completely. We are social creatures. +Even if you close all your accounts and remove all the apps, you would still be +influenced by other people's behaviors and opinions, and those probably got a +high load of influence from social media and so on. + +You can indeed make money producing content online. It is also true that social +media platforms can boost your reach. However, the majority of the population is +just consuming and creating poor content that will never lead to a financial +reward. + +I would consider myself in the above situation. I'm not in a fair trade with +social media. Not that I ever felt I could be. But the fear of missing out makes +me play the game without even thinking about it. + +Most of the value generated from our actions is turned into revenue for the big +techs. In exchange for that, you will be gifted with a subtle dependency on the +feedback you could receive if you saw something good enough. + +If you can't escape from it, maybe it's a good idea to spend some time +implementing filters to avoid the consumption of unhealthy content. You need to +feed yourself, just not with junky food. diff --git a/_site/2019/04/01/re-wireless-repeater.html b/_site/2019/04/01/re-wireless-repeater.html index 4387e18..853bfdc 100644 --- a/_site/2019/04/01/re-wireless-repeater.html +++ b/_site/2019/04/01/re-wireless-repeater.html @@ -2,9 +2,9 @@ - + Reverse engineering a wireless repeater - Part I | patrickrbc - + @@ -14,8 +14,10 @@ + + +{"headline":"Reverse engineering a wireless repeater - Part I","url":"http://localhost:4000/2019/04/01/re-wireless-repeater","dateModified":"2019-04-01T17:21:00-03:00","datePublished":"2019-04-01T17:21:00-03:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/2019/04/01/re-wireless-repeater"},"description":"Do you have an old router left behind in your room? Ever wondered how it really works inside? Sit tight and get ready, because this is going to be a series of blog posts about reverse engineering a wireless repeater. The methodology here can be applied to other IoT devices.","@type":"BlogPosting","@context":"https://schema.org"}
@@ -167,7 +169,11 @@

References

-

patrickrbc

+
+ GPG: 53CA 9711 9A55 0C86 +
+ +
@@ -175,11 +181,66 @@

patrickrbc

  • -
    +
    -

    Olá! My name is Patrick and I am a software and security engineer based in Recife, Brazil. Welcome to my blog!

    +

    @@ -195,8 +256,26 @@

    patrickrbc

    gtag('config', 'UA-137241651-1'); diff --git a/_site/2019/04/06/cryptopals-the-basics.html b/_site/2019/04/06/cryptopals-the-basics.html index 860ff78..76a9f68 100644 --- a/_site/2019/04/06/cryptopals-the-basics.html +++ b/_site/2019/04/06/cryptopals-the-basics.html @@ -2,9 +2,9 @@ - + Cryptopals: The basics | patrickrbc - + @@ -14,8 +14,10 @@ + + +{"headline":"Cryptopals: The basics","url":"http://localhost:4000/2019/04/06/cryptopals-the-basics","dateModified":"2019-04-06T16:42:00-03:00","datePublished":"2019-04-06T16:42:00-03:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/2019/04/06/cryptopals-the-basics"},"description":"If you have any kind of interest in crypto you should probably check this out. Recently, I started doing the Cryptopals, which are a series of cryptography challenges created by the formerly Matasano Security team. They are a collection of 48 exercises divided in 8 sets. I have just finished the first set but I can guarantee you that it was already a lot of fun and learning.","@type":"BlogPosting","@context":"https://schema.org"}
    @@ -80,8 +82,8 @@

    Challenge 1: Convert hex to base64 
    var result = Buffer
-  .from('49276d206b696c6c696e6720796f757220627261696e206c696b65206120706f69736f6e6f7573206d757368726f6f6d','hex')
-  .toString('base64')
    + .from('49276d206b696c6c696e6720796f757220627261696e206c696b65206120706f69736f6e6f7573206d757368726f6f6d','hex') + .toString('base64')


    @@ -122,7 +124,7 @@

    Challenge 3: Single-byte XOR cipher< for (let keyChar = 0, len = 256; keyChar < len; keyChar++) { tempBuffer = cipher( - Buffer.from(ciphertext, 'hex'), + Buffer.from(ciphertext, 'hex'), Buffer.from(String.fromCharCode(keyChar)) ) @@ -153,21 +155,21 @@

    Challenge 3: Single-byte XOR cipher< /* Source: http://www.oxfordmathcenter.com/drupal7/node/353 */ const charFrequency = { - 'e': 0.12702, 't': 0.09056, 'a': 0.08167, 'o': 0.07507, 'i': 0.06966, - 'n': 0.06749, 's': 0.06327, 'h': 0.06094, 'r': 0.05987, 'd': 0.04253, - 'l': 0.04025, 'c': 0.02782, 'u': 0.02758, 'm': 0.02406, 'w': 0.02360, - 'f': 0.02228, 'g': 0.02015, 'y': 0.01974, 'p': 0.01929, 'b': 0.01492, - 'v': 0.00978, 'k': 0.00772, 'j': 0.00153, 'x': 0.00150, 'q': 0.00095, - 'z': 0.00074, ' ': 1 + 'e': 0.12702, 't': 0.09056, 'a': 0.08167, 'o': 0.07507, 'i': 0.06966, + 'n': 0.06749, 's': 0.06327, 'h': 0.06094, 'r': 0.05987, 'd': 0.04253, + 'l': 0.04025, 'c': 0.02782, 'u': 0.02758, 'm': 0.02406, 'w': 0.02360, + 'f': 0.02228, 'g': 0.02015, 'y': 0.01974, 'p': 0.01929, 'b': 0.01492, + 'v': 0.00978, 'k': 0.00772, 'j': 0.00153, 'x': 0.00150, 'q': 0.00095, + 'z': 0.00074, ' ': 1 } - return string.toLowerCase().split('') + return string.toLowerCase().split('') .reduce((sum, value) => sum + (charFrequency[value] || 0), 0) }

    If everything works fine, we will get the decrypted message:

    -
    Cooking MC\'s like a pound of bacon
+
    Cooking MC\'s like a pound of bacon
 
    
 
 

    
@@ -196,7 +198,7 @@ 
    Challenge 4: Detect single-char
 
 
    If everything works fine, we will get the decrypted message:
    
 
-
    Now that the party is jumping\n
+
    Now that the party is jumping\n
 
    
 
 

    
@@ -261,8 +263,8 @@ 
    Challenge 6: Break repeating-key XO
   var distance = 0
   var first, second
 
-  string1 = Buffer.from(string1 || '0', 'ascii')
-  string2 = Buffer.from(string2 || '0', 'ascii')
+  string1 = Buffer.from(string1 || '0', 'ascii')
+  string2 = Buffer.from(string2 || '0', 'ascii')
 
   // compose the binary representation of the strings 
   for (let i = 0, len = string1.length; i < len; i++)
@@ -287,7 +289,7 @@ 
    Challenge 6: Break repeating-key XO
 function dec2bin (dec) {
   var binaryNum = (dec >>> 0).toString(2);
   while (binaryNum.length < 8)
-    binaryNum = '0' + binaryNum
+    binaryNum = '0' + binaryNum
   return binaryNum
 }
    
 
@@ -357,7 +359,7 @@ 
    Challenge 6: Break repeating-key XO
 
    var key, keysize, blocks, msg, result
 var keyScores = []
 
-msg     = Buffer.from(fs.readFileSync('../res/6.txt', 'utf-8'), 'base64')
+msg     = Buffer.from(fs.readFileSync('../res/6.txt', 'utf-8'), 'base64')
 keysize = XOR.findKeySize(msg)
 blocks  = Util.divideInBlocks(msg, keysize)
 blocks  = Util.transposeBlocks(blocks, keysize)
@@ -388,8 +390,8 @@ 
    Challenge 7: AES in ECB mode
    
 */
 function decrypt (ciphertext, key, alg) {
   var decipher = crypto.createDecipheriv(alg, key, null)
-  var out = decipher.update(ciphertext, 'base64', 'utf-8')
-  return out += decipher.final('utf-8')
+  var out = decipher.update(ciphertext, 'base64', 'utf-8')
+  return out += decipher.final('utf-8')
 }
    
 
 
    If everything works fine, we will get the same lyrics of the previous
@@ -454,7 +456,11 @@ 
    References
    
 
   
    
 
-    
    patrickrbc
    
+    
    
+      GPG: 53CA 9711 9A55 0C86
+    
    
+
+    
 
     
    
       
    
@@ -462,11 +468,66 @@ 
    patrickrbc
    
           
  • 
       
    
 
-      
    
+      
    
 
    
 
       
    
-        
    Olá! My name is Patrick and I am a software and security engineer based in Recife, Brazil. Welcome to my blog!
    
+        
    
       
    
     
    
 
@@ -482,8 +543,26 @@ 
    patrickrbc
    
       gtag('config', 'UA-137241651-1');
     
     
   
diff --git a/_site/2019/06/01/re-wireless-repeater-2.html b/_site/2019/06/01/re-wireless-repeater-2.html
index cc5b159..c70cee1 100644
--- a/_site/2019/06/01/re-wireless-repeater-2.html
+++ b/_site/2019/06/01/re-wireless-repeater-2.html
@@ -2,9 +2,9 @@
 
   
   
-  
+  
 Reverse engineering a wireless repeater - Part II | patrickrbc
-
+
 
 
 
@@ -14,8 +14,10 @@
 
 
 
+
+
 
+{"headline":"Reverse engineering a wireless repeater - Part II","url":"http://localhost:4000/2019/06/01/re-wireless-repeater-2","dateModified":"2019-06-01T21:25:00-03:00","datePublished":"2019-06-01T21:25:00-03:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/2019/06/01/re-wireless-repeater-2"},"description":"This is the second part of a series of posts about reverse engineering a wireless repeater. Before reading this you might want to take a look at the first part, where I introduced the subject and explained how to gather some information without digging into the hardware. If you still haven’t downloaded the firmware of our target device you can get it here.","@type":"BlogPosting","@context":"https://schema.org"}
 
 
 
    
@@ -58,7 +60,7 @@ 
    Reverse engineering a wir
 
    Firstly, make sure you have extracted the zip file. Using the file command we
 can verify that the firmware was compiled for Linux MIPS.
    
 
-
    $ file fw_NPLUG_1_0_0_14.bin
+
    $ file fw_NPLUG_1_0_0_14.bin
 fw_NPLUG_1_0_0_14.bin: u-boot legacy uImage, Linux Kernel Image, Linux/MIPS, OS
 Kernel Image (lzma), 1731916 bytes, Wed Oct 12 17:28:28 2016, Load Address:
 0x80000000, Entry Point: 0x802CB000, Header CRC: 0xEC8AD091, Data CRC:
@@ -80,7 +82,7 @@ 
    Using Binwalk
    
 
    Running Binwalk against the firmware without specifying any options would
 give us the following output:
    
 
-
    DECIMAL       HEXADECIMAL     DESCRIPTION
+
    DECIMAL       HEXADECIMAL     DESCRIPTION
 --------------------------------------------------------------------------------
 0             0x0             uImage header, header size: 64 bytes, header CRC: 0xEC8AD091, created: 2016-10-12 17:28:28, image size: 1731916 bytes, Data Address: 0x80000000, Entry Point: 0x802CB000, data CRC: 0x3A3E5EAC, OS: Linux, CPU: MIPS, image type: OS Kernel Image, compression type: lzma, image name: "Linux Kernel Image"
 64            0x40            LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 3829956 bytes
@@ -92,7 +94,7 @@ 
    Using Binwalk
    
 Using the xxd tool we can examine the first bytes from the binary which
 refer to the header:
    
 
-
    $ xxd -l 64 fw_NPLUG_1_0_0_14.bin
+
    $ xxd -l 64 fw_NPLUG_1_0_0_14.bin
 00000000: 2705 1956 ec8a d091 57fe 72bc 001a 6d4c  '..V....W.r...mL
 00000010: 8000 0000 802c b000 3a3e 5eac 0505 0203  …..,..:>^.....
 00000020: 4c69 6e75 7820 4b65 726e 656c 2049 6d61  Linux Kernel Ima
@@ -100,12 +102,12 @@ 
    Using Binwalk
    
 
    
 
 
    Binwalk assumed the following chunk was related to some LZMA compressed data
-because of the signature 5d 00 00 00 02. This signature might
+because of the signature 5d 00 00 00 02. This signature might
 vary depending
-on the compression level used, but apparently it always start with 5d 00 00.
+on the compression level used, but apparently it always start with 5d 00 00.
 Here is the start of the compressed data:
    
 
-
    [...]
+
    [...]
 00000040: 5d00 0000 02c4 703a 0000 0000 0000 006f  ].....p:.......o
 00000050: fdff ffa3 b7ff 473e 4815 7239 6151 b892  …...G>H.r9aQ..
 00000060: 28e6 a386 07f9 eee4 1e82 d32f c53a 3c01  (........../.:<.
@@ -115,8 +117,8 @@ 
    Using Binwalk
    
 [...]
 
    
 
-
    The -e (--extract) flag, will extract the files identified during a
-signature scan and the -M (--matryoshka) flag will perform this
+
    The -e (--extract) flag, will extract the files identified during a
+signature scan and the -M (--matryoshka) flag will perform this
 extraction recursively. There is also another really useful option in Binwalk
 which allows an entropy analysis of the file. This can be helpful when
 Binwalk
@@ -124,7 +126,7 @@ 
    Using Binwalk
    
 
 
    For example, taking a step back, if we used Binwalk extraction only once, we
 would find a file named 40 (this number refers to its offset in hexadecimal).
-Using Binwalk with the -E (--entropy) flag in this file will pop the
+Using Binwalk with the -E (--entropy) flag in this file will pop the
 following line chart (generated with pyqtgraph).
    
 
 
    Entropy of file 40
@@ -137,7 +139,7 @@ 
    Using Binwalk
    
 
 
    The signature scan for this file would give us the following output:
    
 
-
    $ binwalk 40
+
    $ binwalk 40
 DECIMAL       HEXADECIMAL     DESCRIPTION
 --------------------------------------------------------------------------------
 2658360       0x289038        Linux kernel version "2.6.21 (root@linux-qxix)
@@ -165,7 +167,7 @@ 
    Using Binwalk
    
 course, we could have simply extracted everything with just one command like
 the following demonstration:
    
 
-
    $ binwalk -eM fw_NPLUG_1_0_0_14.bin
+
    $ binwalk -eM fw_NPLUG_1_0_0_14.bin
 $ cd fw_NPLUG_1_0_0_14.bin.extracted/_40.extracted/_2EB000.extracted/cpio-root/
 $ tree
 .
@@ -426,7 +428,11 @@ 
    References
    
 
   
    
 
-    
    patrickrbc
    
+    
    
+      GPG: 53CA 9711 9A55 0C86
+    
    
+
+    
 
     
    
       
    
@@ -434,11 +440,66 @@ 
    patrickrbc
    
           
  • 
       
    
 
-      
    
+      
    
 
    
 
       
    
-        
    Olá! My name is Patrick and I am a software and security engineer based in Recife, Brazil. Welcome to my blog!
    
+        
    
       
    
     
    
 
@@ -454,8 +515,26 @@ 
    patrickrbc
    
       gtag('config', 'UA-137241651-1');
     
     
   
diff --git a/_site/2022/12/26/the-social-media-trap.html b/_site/2022/12/26/the-social-media-trap.html
new file mode 100644
index 0000000..3c37bff
--- /dev/null
+++ b/_site/2022/12/26/the-social-media-trap.html
@@ -0,0 +1,196 @@
+
+
+  
+  
+  
+The social media trap | patrickrbc
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    
+
+  
    
+
    
+
    
+      
    
+        
    
+
+  
    
+    
    The social media trap
    
+    
    
+      
    
+  
    
+
+  
    
+    
    There’s no way one can avoid social media completely. We are social creatures.
+Even if you close all your accounts and remove all the apps, you would still be
+influenced by other people’s behaviors and opinions, and those probably got a
+high load of influence from social media and so on.
    
+
+
    You can indeed make money producing content online. It is also true that social
+media platforms can boost your reach. However, the majority of the population is
+just consuming and creating poor content that will never lead to a financial
+reward.
    
+
+
    I would consider myself in the above situation. I’m not in a fair trade with
+social media. Not that I ever felt I could be. But the fear of missing out makes
+me play the game without even thinking about it.
    
+
+
    Most of the value generated from our actions is turned into revenue for the big
+techs. In exchange for that, you will be gifted with a subtle dependency on the
+feedback you could receive if you saw something good enough.
    
+
+
    If you can’t escape from it, maybe it’s a good idea to spend some time
+implementing filters to avoid the consumption of unhealthy content. You need to
+feed yourself, just not with junky food.
    
+
+  
    
+
+
    
+
+      
    
+    
    
+
+    
+    
+  
+
+
diff --git a/_site/404.html b/_site/404.html
index fadb27a..8eb32c2 100644
--- a/_site/404.html
+++ b/_site/404.html
@@ -2,18 +2,18 @@
 
   
   
-  
-patrickrbc | Olá! My name is Patrick and I am a software and security engineer based in Recife, Brazil. Welcome to my blog!
-
+  
+patrickrbc
+
 
 
-
-
 
 
 
+
+
 
+{"headline":"patrickrbc","url":"http://localhost:4000/404","@type":"WebPage","@context":"https://schema.org"}
 
 
 
    
@@ -63,7 +63,11 @@ 
    404
    
 
   
    
 
-    
    patrickrbc
    
+    
    
+      GPG: 53CA 9711 9A55 0C86
+    
    
+
+    
 
     
    
       
    
@@ -71,11 +75,66 @@ 
    patrickrbc
    
           
  • 
       
    
 
-      
    
+      
    
 
    
 
       
    
-        
    Olá! My name is Patrick and I am a software and security engineer based in Recife, Brazil. Welcome to my blog!
    
+        
    
       
    
     
    
 
@@ -91,8 +150,26 @@ 
    patrickrbc
    
       gtag('config', 'UA-137241651-1');
     
     
   
diff --git a/_site/about/index.html b/_site/about/index.html
index e037fac..a5c5e2a 100644
--- a/_site/about/index.html
+++ b/_site/about/index.html
@@ -2,18 +2,18 @@
 
   
   
-  
+  
 About | patrickrbc
-
+
 
 
-
-
 
 
 
+
+
 
+{"headline":"About","url":"http://localhost:4000/about/","name":"patrickrbc","@type":"WebSite","@context":"https://schema.org"}
 
 
 
    
@@ -43,10 +43,16 @@ 
    About
    
   
    
 
   
    
-    
    I am a software and security engineer based in Recife, Brazil. This is a place
-where I am planning to publish all the cool stuff I am doing while working and
-researching in computer science. I hope you can find something
-useful here :)
    
+    
    I am a software and security engineer based in
+Recife with 8+
+years of experience. Since 2020, I’m also building
+Unxpose a solution that
+simplifies cybersecurity for busy companies.
    
+
+
    This is a place where I publish personal thoughts, research and things I learn
+while working with computers. I hope you can find something useful here. I
+haven’t been doing much research lately, but you can find some old references
+below.
    
 
 
    Security advisories
    
 
    
@@ -94,7 +100,11 @@ 
    Security advisories
    
 
   
    
 
-    
    patrickrbc
    
+    
    
+      GPG: 53CA 9711 9A55 0C86
+    
    
+
+    
 
     
    
       
    
@@ -102,11 +112,66 @@ 
    patrickrbc
    
           
  • 
       
    
 
-      
    
+      
    
 
    
 
       
    
-        
    Olá! My name is Patrick and I am a software and security engineer based in Recife, Brazil. Welcome to my blog!
    
+        
    
       
    
     
    
 
@@ -122,8 +187,26 @@ 
    patrickrbc
    
       gtag('config', 'UA-137241651-1');
     
     
   
diff --git a/_site/assets/main.css b/_site/assets/main.css
index ae7a468..4804771 100644
--- a/_site/assets/main.css
+++ b/_site/assets/main.css
@@ -504,28 +504,49 @@ table {
   .highlight .il {
     color: #099; }
 
+body {
+  background-color: #eeeee4; }
+
+a,
+a:visited {
+  color: #21130d; }
+
+a:hover {
+  color: #063970; }
+
 pre {
   max-height: 600px; }
 
 .night-mode:hover {
   text-decoration: none; }
 
+.footer-col {
+  float: left;
+  margin-bottom: 15px;
+  padding-left: 0; }
+
 body.dark {
-  background-color: #2F2F2F;
-  color: #DDDDDD;
+  background-color: #2f2f2f;
+  color: #dddddd;
   transition: 0.2s; }
-  body.dark a, body.dark a:visited {
-    color: #DDDDDD; }
-  body.dark .site-title, body.dark .site-title:visited, body.dark .site-nav .page-link, body.dark .footer-heading {
-    color: #FFC502; }
+  body.dark a,
+  body.dark a:visited {
+    color: #dddddd; }
+  body.dark .site-title,
+  body.dark .site-title:visited,
+  body.dark .site-nav .page-link,
+  body.dark .footer-heading {
+    color: #ffc502; }
   body.dark .post-list-heading {
     color: #828282; }
   body.dark a:hover {
     color: white; }
-  body.dark .highlight, body.dark .highlighter-rouge .highlight, body.dark pre, body.dark code {
-    background-color: #2F2F2F;
-    border: 1px solid #2F2F2F;
+  body.dark .highlight,
+  body.dark .highlighter-rouge .highlight,
+  body.dark pre,
+  body.dark code {
+    background-color: #2f2f2f;
+    border: 1px solid #2f2f2f;
     overflow: hidden; }
   body.dark .site-nav {
-    background-color: #2F2F2F;
-    border: 1px solid #828282; }
+    background-color: #2f2f2f; }
diff --git a/_site/assets/minima-social-icons.svg b/_site/assets/minima-social-icons.svg
index fa7399f..ff02f3e 100644
--- a/_site/assets/minima-social-icons.svg
+++ b/_site/assets/minima-social-icons.svg
@@ -8,8 +8,6 @@
 
 
 
-
-
 
 
 
@@ -18,7 +16,7 @@
 
 
 
-
+
 
 
 
@@ -29,5 +27,24 @@
   
 
 
+
+        
+
 
+
+        
+
+
+
+  
+
+
+
+  
+  
+
+
+
+  
+
 
diff --git a/_site/feed.xml b/_site/feed.xml
index b5a3161..b5dc100 100644
--- a/_site/feed.xml
+++ b/_site/feed.xml
@@ -1,4 +1,81 @@
-Jekyll2019-06-01T21:25:09-03:00http://localhost:4000/feed.xmlpatrickrbcOlá! My name is Patrick and I am a software and security engineer based in Recife, Brazil. Welcome to my blog!Reverse engineering a wireless repeater - Part II2019-06-01T21:25:00-03:002019-06-01T21:25:00-03:00http://localhost:4000/2019/06/01/re-wireless-repeater-2<p>This is the second part of a series of posts about reverse engineering a
+Jekyll2022-12-26T21:55:19-03:00http://localhost:4000/feed.xmlpatrickrbcThe social media trap2022-12-26T21:32:00-03:002022-12-26T21:32:00-03:00http://localhost:4000/2022/12/26/the-social-media-trap<p>There’s no way one can avoid social media completely. We are social creatures.
+Even if you close all your accounts and remove all the apps, you would still be
+influenced by other people’s behaviors and opinions, and those probably got a
+high load of influence from social media and so on.</p>
+
+<p>You can indeed make money producing content online. It is also true that social
+media platforms can boost your reach. However, the majority of the population is
+just consuming and creating poor content that will never lead to a financial
+reward.</p>
+
+<p>I would consider myself in the above situation. I’m not in a fair trade with
+social media. Not that I ever felt I could be. But the fear of missing out makes
+me play the game without even thinking about it.</p>
+
+<p>Most of the value generated from our actions is turned into revenue for the big
+techs. In exchange for that, you will be gifted with a subtle dependency on the
+feedback you could receive if you saw something good enough.</p>
+
+<p>If you can’t escape from it, maybe it’s a good idea to spend some time
+implementing filters to avoid the consumption of unhealthy content. You need to
+feed yourself, just not with junky food.</p>There’s no way one can avoid social media completely. We are social creatures. Even if you close all your accounts and remove all the apps, you would still be influenced by other people’s behaviors and opinions, and those probably got a high load of influence from social media and so on.Subdomain enumeration with wildcard records2021-07-31T13:49:00-03:002021-07-31T13:49:00-03:00http://localhost:4000/footprinting,/subdomain,/dns/2021/07/31/wildcard-subdomain-enum<p><strong>TL;DR</strong></p>
+
+<p>Enumerating subdomains with wildcard records is tricky but not impossible, here
+are some tips. Also, don’t trust wildcards as a security mechanism for hiding
+sensitive apps.</p>
+
+<h1 id="the-problem">The problem</h1>
+
+<p>If you did some subdomain brute-force enumeration in the wild you already
+bumped into a record that resolves for any type of prefix. This is called a
+wildcard record and it can be configured by inserting a record entry with a
+label “<strong>*</strong>”. This record will also resolve for other sublevels unless it is
+inhibited by another record entry.</p>
+
+<p>Many companies use wildcard records as part of their architecture. A well-known
+example is Slack which uses it for their workspaces. For example, today I asked
+my favorite DNS server to resolve the following records and got the same IP
+address:</p>
+
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>shopify.enterprise.slack.com 18.231.0.250
+enterprise.slack.com 18.231.0.250
+big-name-non-existent.slack.com 18.231.0.250
+</code></pre></div></div>
+
+<p>In this case you might conclude that there is a wildcard record
+<strong>*.slack.com</strong> and maybe we should ignore this domain in your subdomain
+enumeration. However, you could end up missing something like
+<strong>status.slack.com</strong> which does not resolve to this address. Instead it has a
+CNAME pointing to another infrastructure that could be interesting to you.</p>
+
+<p>It is curious how often subdomain enumeration tools mess up or do not handle
+this kind of behaviour. Many times the wildcard records are just dropped
+without any further check. The problem is that you might lose some interesting
+apps by discarding them .</p>
+
+<p>With that in mind, adding a wildcard record can be a tempting strategy to hide
+your own services like a needle in the haystack. I can’t blame anyone for doing
+that, but just keep in mind that this is not going to save you for long.</p>
+
+<h1 id="finding-interesting-stuff">Finding interesting stuff</h1>
+
+<p>Thinking about how to make a better reconnaissance one could try to overcome
+this problem by treating enumeration in wildcard records differently. The
+response returned by the wildcard could be stored (sorted if it is multiple
+entries) and every subsequent DNS response would be compared with this one.
+Everytime we find a new response it would be saved in a map structure.</p>
+
+<p>This would make sure we have at least one subdomain that points to that new
+location that we found. However, <em>the world ain’t all sunshine and rainbows</em>
+and we could obviously have a different application sitting on a machine that
+will only show up when we set a specific Host header in the HTTP request.</p>
+
+<p>Therefore, this is just something you could use to have more places to look for
+security vulnerabilities. There are many other more edgy cases (for example
+when including CNAME) that can happen when trying to find assets using DNS. I
+hope I can dig into that more in future posts.</p>
+
+<p>Do you have any tips for finding apps on records with wildcard?</p>TL;DRReverse engineering a wireless repeater - Part II2019-06-01T21:25:00-03:002019-06-01T21:25:00-03:00http://localhost:4000/2019/06/01/re-wireless-repeater-2<p>This is the second part of a series of posts about reverse engineering a
 wireless repeater. Before reading this you might want to take a look at the
 <a href="/2019/04/01/re-wireless-repeater">first part</a>, where I introduced the subject
 and explained how to gather some information without digging into the hardware.
@@ -8,7 +85,7 @@ it <a href="http://en.intelbras.com.br/sites/default/files/downloads/fw_
 <p>Firstly, make sure you have extracted the zip file. Using the <strong>file</strong> command we
 can verify that the firmware was compiled for Linux MIPS.</p>
 
-<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ file fw_NPLUG_1_0_0_14.bin
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ file fw_NPLUG_1_0_0_14.bin
 fw_NPLUG_1_0_0_14.bin: u-boot legacy uImage, Linux Kernel Image, Linux/MIPS, OS
 Kernel Image (lzma), 1731916 bytes, Wed Oct 12 17:28:28 2016, Load Address:
 0x80000000, Entry Point: 0x802CB000, Header CRC: 0xEC8AD091, Data CRC:
@@ -30,7 +107,7 @@ from firmware files.</p>
 <p>Running <em>Binwalk</em> against the firmware without specifying any options would
 give us the following output:</p>
 
-<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>DECIMAL       HEXADECIMAL     DESCRIPTION
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>DECIMAL       HEXADECIMAL     DESCRIPTION
 --------------------------------------------------------------------------------
 0             0x0             uImage header, header size: 64 bytes, header CRC: 0xEC8AD091, created: 2016-10-12 17:28:28, image size: 1731916 bytes, Data Address: 0x80000000, Entry Point: 0x802CB000, data CRC: 0x3A3E5EAC, OS: Linux, CPU: MIPS, image type: OS Kernel Image, compression type: lzma, image name: "Linux Kernel Image"
 64            0x40            LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 3829956 bytes
@@ -42,7 +119,7 @@ interpret the bytes in the file.
 Using the <strong>xxd</strong> tool we can examine the first bytes from the binary which
 refer to the header:</p>
 
-<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ xxd -l 64 fw_NPLUG_1_0_0_14.bin
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ xxd -l 64 fw_NPLUG_1_0_0_14.bin
 00000000: 2705 1956 ec8a d091 57fe 72bc 001a 6d4c  '..V....W.r...mL
 00000010: 8000 0000 802c b000 3a3e 5eac 0505 0203  …..,..:&gt;^.....
 00000020: 4c69 6e75 7820 4b65 726e 656c 2049 6d61  Linux Kernel Ima
@@ -50,12 +127,12 @@ refer to the header:</p>
 </code></pre></div></div>
 
 <p><em>Binwalk</em> assumed the following chunk was related to some LZMA compressed data
-because of the signature <code class="highlighter-rouge">5d 00 00 00 02</code>. This signature might
+because of the signature <code class="language-plaintext highlighter-rouge">5d 00 00 00 02</code>. This signature might
 <a href="lzma-file-format">vary</a> depending
-on the compression level used, but apparently it always start with <code class="highlighter-rouge">5d 00 00</code>.
+on the compression level used, but apparently it always start with <code class="language-plaintext highlighter-rouge">5d 00 00</code>.
 Here is the start of the compressed data:</p>
 
-<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[...]
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[...]
 00000040: 5d00 0000 02c4 703a 0000 0000 0000 006f  ].....p:.......o
 00000050: fdff ffa3 b7ff 473e 4815 7239 6151 b892  …...G&gt;H.r9aQ..
 00000060: 28e6 a386 07f9 eee4 1e82 d32f c53a 3c01  (........../.:&lt;.
@@ -65,8 +142,8 @@ Here is the start of the compressed data:</p>
 [...]
 </code></pre></div></div>
 
-<p>The <code class="highlighter-rouge">-e (--extract)</code> flag, will extract the files identified during a
-signature scan and the <code class="highlighter-rouge">-M (--matryoshka)</code> flag will perform this
+<p>The <code class="language-plaintext highlighter-rouge">-e (--extract)</code> flag, will extract the files identified during a
+signature scan and the <code class="language-plaintext highlighter-rouge">-M (--matryoshka)</code> flag will perform this
 extraction recursively. There is also another really useful option in <em>Binwalk</em>
 which allows an entropy analysis of the file. This can be helpful when
 <em>Binwalk</em>
@@ -74,7 +151,7 @@ doesn’t work properly on the target file and you have to do a manual analysis.
 
 <p>For example, taking a step back, if we used <em>Binwalk</em> extraction only once, we
 would find a file named <strong>40</strong> (this number refers to its offset in hexadecimal).
-Using <em>Binwalk</em> with the <code class="highlighter-rouge">-E (--entropy)</code> flag in this file will pop the
+Using <em>Binwalk</em> with the <code class="language-plaintext highlighter-rouge">-E (--entropy)</code> flag in this file will pop the
 following line chart (generated with <em>pyqtgraph</em>).</p>
 
 <p><img src="/assets/nplug/40.png" alt="Entropy of file 40" />
@@ -87,7 +164,7 @@ probably means compressed or encrypted data, but it could also be just garbage.&
 
 <p>The signature scan for this file would give us the following output:</p>
 
-<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ binwalk 40
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ binwalk 40
 DECIMAL       HEXADECIMAL     DESCRIPTION
 --------------------------------------------------------------------------------
 2658360       0x289038        Linux kernel version "2.6.21 (root@linux-qxix)
@@ -115,7 +192,7 @@ readable. Not surprisingly, we have found the file system of the firmware. Of
 course, we could have simply extracted everything with just one command like
 the following demonstration:</p>
 
-<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ binwalk -eM fw_NPLUG_1_0_0_14.bin
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ binwalk -eM fw_NPLUG_1_0_0_14.bin
 $ cd fw_NPLUG_1_0_0_14.bin.extracted/_40.extracted/_2EB000.extracted/cpio-root/
 $ tree
 .
@@ -395,8 +472,8 @@ familiar with the Buffer API. Needless to
 say, you shouldn’t include any third-party libraries to solve the challenges.</p>
 
 <figure class="highlight"><pre><code class="language-javascript" data-lang="javascript"><span class="kd">var</span> <span class="nx">result</span> <span class="o">=</span> <span class="nx">Buffer</span>
-  <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="s1">'49276d206b696c6c696e6720796f757220627261696e206c696b65206120706f69736f6e6f7573206d757368726f6f6d'</span><span class="p">,</span><span class="s1">'hex'</span><span class="p">)</span>
-  <span class="p">.</span><span class="nx">toString</span><span class="p">(</span><span class="s1">'base64'</span><span class="p">)</span></code></pre></figure>
+  <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">49276d206b696c6c696e6720796f757220627261696e206c696b65206120706f69736f6e6f7573206d757368726f6f6d</span><span class="dl">'</span><span class="p">,</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">)</span>
+  <span class="p">.</span><span class="nx">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">)</span></code></pre></figure>
 
 <p><br /></p>
 
@@ -437,7 +514,7 @@ best score is probably the message decrypted.</p>
   <span class="k">for</span> <span class="p">(</span><span class="kd">let</span> <span class="nx">keyChar</span> <span class="o">=</span> <span class="mi">0</span><span class="p">,</span> <span class="nx">len</span> <span class="o">=</span> <span class="mi">256</span><span class="p">;</span> <span class="nx">keyChar</span> <span class="o">&lt;</span> <span class="nx">len</span><span class="p">;</span> <span class="nx">keyChar</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span>
 
     <span class="nx">tempBuffer</span> <span class="o">=</span> <span class="nx">cipher</span><span class="p">(</span>
-      <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">ciphertext</span><span class="p">,</span> <span class="s1">'hex'</span><span class="p">),</span>
+      <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">ciphertext</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">),</span>
       <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nb">String</span><span class="p">.</span><span class="nx">fromCharCode</span><span class="p">(</span><span class="nx">keyChar</span><span class="p">))</span>
     <span class="p">)</span>
 
@@ -468,21 +545,21 @@ that.</p>
 
   <span class="cm">/* Source: http://www.oxfordmathcenter.com/drupal7/node/353 */</span>
   <span class="kd">const</span> <span class="nx">charFrequency</span> <span class="o">=</span> <span class="p">{</span>
-    <span class="s1">'e'</span><span class="p">:</span> <span class="mf">0.12702</span><span class="p">,</span> <span class="s1">'t'</span><span class="p">:</span> <span class="mf">0.09056</span><span class="p">,</span> <span class="s1">'a'</span><span class="p">:</span> <span class="mf">0.08167</span><span class="p">,</span> <span class="s1">'o'</span><span class="p">:</span> <span class="mf">0.07507</span><span class="p">,</span> <span class="s1">'i'</span><span class="p">:</span> <span class="mf">0.06966</span><span class="p">,</span>
-    <span class="s1">'n'</span><span class="p">:</span> <span class="mf">0.06749</span><span class="p">,</span> <span class="s1">'s'</span><span class="p">:</span> <span class="mf">0.06327</span><span class="p">,</span> <span class="s1">'h'</span><span class="p">:</span> <span class="mf">0.06094</span><span class="p">,</span> <span class="s1">'r'</span><span class="p">:</span> <span class="mf">0.05987</span><span class="p">,</span> <span class="s1">'d'</span><span class="p">:</span> <span class="mf">0.04253</span><span class="p">,</span>
-    <span class="s1">'l'</span><span class="p">:</span> <span class="mf">0.04025</span><span class="p">,</span> <span class="s1">'c'</span><span class="p">:</span> <span class="mf">0.02782</span><span class="p">,</span> <span class="s1">'u'</span><span class="p">:</span> <span class="mf">0.02758</span><span class="p">,</span> <span class="s1">'m'</span><span class="p">:</span> <span class="mf">0.02406</span><span class="p">,</span> <span class="s1">'w'</span><span class="p">:</span> <span class="mf">0.02360</span><span class="p">,</span>
-    <span class="s1">'f'</span><span class="p">:</span> <span class="mf">0.02228</span><span class="p">,</span> <span class="s1">'g'</span><span class="p">:</span> <span class="mf">0.02015</span><span class="p">,</span> <span class="s1">'y'</span><span class="p">:</span> <span class="mf">0.01974</span><span class="p">,</span> <span class="s1">'p'</span><span class="p">:</span> <span class="mf">0.01929</span><span class="p">,</span> <span class="s1">'b'</span><span class="p">:</span> <span class="mf">0.01492</span><span class="p">,</span>
-    <span class="s1">'v'</span><span class="p">:</span> <span class="mf">0.00978</span><span class="p">,</span> <span class="s1">'k'</span><span class="p">:</span> <span class="mf">0.00772</span><span class="p">,</span> <span class="s1">'j'</span><span class="p">:</span> <span class="mf">0.00153</span><span class="p">,</span> <span class="s1">'x'</span><span class="p">:</span> <span class="mf">0.00150</span><span class="p">,</span> <span class="s1">'q'</span><span class="p">:</span> <span class="mf">0.00095</span><span class="p">,</span>
-    <span class="s1">'z'</span><span class="p">:</span> <span class="mf">0.00074</span><span class="p">,</span> <span class="s1">' '</span><span class="p">:</span> <span class="mi">1</span>
+    <span class="dl">'</span><span class="s1">e</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.12702</span><span class="p">,</span> <span class="dl">'</span><span class="s1">t</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.09056</span><span class="p">,</span> <span class="dl">'</span><span class="s1">a</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.08167</span><span class="p">,</span> <span class="dl">'</span><span class="s1">o</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.07507</span><span class="p">,</span> <span class="dl">'</span><span class="s1">i</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.06966</span><span class="p">,</span>
+    <span class="dl">'</span><span class="s1">n</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.06749</span><span class="p">,</span> <span class="dl">'</span><span class="s1">s</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.06327</span><span class="p">,</span> <span class="dl">'</span><span class="s1">h</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.06094</span><span class="p">,</span> <span class="dl">'</span><span class="s1">r</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.05987</span><span class="p">,</span> <span class="dl">'</span><span class="s1">d</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.04253</span><span class="p">,</span>
+    <span class="dl">'</span><span class="s1">l</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.04025</span><span class="p">,</span> <span class="dl">'</span><span class="s1">c</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.02782</span><span class="p">,</span> <span class="dl">'</span><span class="s1">u</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.02758</span><span class="p">,</span> <span class="dl">'</span><span class="s1">m</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.02406</span><span class="p">,</span> <span class="dl">'</span><span class="s1">w</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.02360</span><span class="p">,</span>
+    <span class="dl">'</span><span class="s1">f</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.02228</span><span class="p">,</span> <span class="dl">'</span><span class="s1">g</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.02015</span><span class="p">,</span> <span class="dl">'</span><span class="s1">y</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.01974</span><span class="p">,</span> <span class="dl">'</span><span class="s1">p</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.01929</span><span class="p">,</span> <span class="dl">'</span><span class="s1">b</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.01492</span><span class="p">,</span>
+    <span class="dl">'</span><span class="s1">v</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.00978</span><span class="p">,</span> <span class="dl">'</span><span class="s1">k</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.00772</span><span class="p">,</span> <span class="dl">'</span><span class="s1">j</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.00153</span><span class="p">,</span> <span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.00150</span><span class="p">,</span> <span class="dl">'</span><span class="s1">q</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.00095</span><span class="p">,</span>
+    <span class="dl">'</span><span class="s1">z</span><span class="dl">'</span><span class="p">:</span> <span class="mf">0.00074</span><span class="p">,</span> <span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">:</span> <span class="mi">1</span>
   <span class="p">}</span>
 
-  <span class="k">return</span> <span class="nx">string</span><span class="p">.</span><span class="nx">toLowerCase</span><span class="p">().</span><span class="nx">split</span><span class="p">(</span><span class="s1">''</span><span class="p">)</span>
+  <span class="k">return</span> <span class="nx">string</span><span class="p">.</span><span class="nx">toLowerCase</span><span class="p">().</span><span class="nx">split</span><span class="p">(</span><span class="dl">''</span><span class="p">)</span>
     <span class="p">.</span><span class="nx">reduce</span><span class="p">((</span><span class="nx">sum</span><span class="p">,</span> <span class="nx">value</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">sum</span> <span class="o">+</span> <span class="p">(</span><span class="nx">charFrequency</span><span class="p">[</span><span class="nx">value</span><span class="p">]</span> <span class="o">||</span> <span class="mi">0</span><span class="p">),</span> <span class="mi">0</span><span class="p">)</span>
 <span class="p">}</span></code></pre></figure>
 
 <p>If everything works fine, we will get the decrypted message:</p>
 
-<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Cooking MC\'s like a pound of bacon
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Cooking MC\'s like a pound of bacon
 </code></pre></div></div>
 
 <p><br /></p>
@@ -511,7 +588,7 @@ a single-byte XOR cipher and find out the one with the best score.</p>
 
 <p>If everything works fine, we will get the decrypted message:</p>
 
-<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Now that the party is jumping\n
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Now that the party is jumping\n
 </code></pre></div></div>
 
 <p><br /></p>
@@ -576,8 +653,8 @@ calculate the number of differing bits between the two strings.</p>
   <span class="kd">var</span> <span class="nx">distance</span> <span class="o">=</span> <span class="mi">0</span>
   <span class="kd">var</span> <span class="nx">first</span><span class="p">,</span> <span class="nx">second</span>
 
-  <span class="nx">string1</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">string1</span> <span class="o">||</span> <span class="s1">'0'</span><span class="p">,</span> <span class="s1">'ascii'</span><span class="p">)</span>
-  <span class="nx">string2</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">string2</span> <span class="o">||</span> <span class="s1">'0'</span><span class="p">,</span> <span class="s1">'ascii'</span><span class="p">)</span>
+  <span class="nx">string1</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">string1</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">0</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">ascii</span><span class="dl">'</span><span class="p">)</span>
+  <span class="nx">string2</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">string2</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">0</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">ascii</span><span class="dl">'</span><span class="p">)</span>
 
   <span class="c1">// compose the binary representation of the strings </span>
   <span class="k">for</span> <span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">,</span> <span class="nx">len</span> <span class="o">=</span> <span class="nx">string1</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="nx">len</span><span class="p">;</span> <span class="nx">i</span><span class="o">++</span><span class="p">)</span>
@@ -602,7 +679,7 @@ calculate the number of differing bits between the two strings.</p>
 <span class="kd">function</span> <span class="nx">dec2bin</span> <span class="p">(</span><span class="nx">dec</span><span class="p">)</span> <span class="p">{</span>
   <span class="kd">var</span> <span class="nx">binaryNum</span> <span class="o">=</span> <span class="p">(</span><span class="nx">dec</span> <span class="o">&gt;&gt;&gt;</span> <span class="mi">0</span><span class="p">).</span><span class="nx">toString</span><span class="p">(</span><span class="mi">2</span><span class="p">);</span>
   <span class="k">while</span> <span class="p">(</span><span class="nx">binaryNum</span><span class="p">.</span><span class="nx">length</span> <span class="o">&lt;</span> <span class="mi">8</span><span class="p">)</span>
-    <span class="nx">binaryNum</span> <span class="o">=</span> <span class="s1">'0'</span> <span class="o">+</span> <span class="nx">binaryNum</span>
+    <span class="nx">binaryNum</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">0</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">binaryNum</span>
   <span class="k">return</span> <span class="nx">binaryNum</span>
 <span class="p">}</span></code></pre></figure>
 
@@ -672,7 +749,7 @@ the XOR key byte for that block;</li>
 <figure class="highlight"><pre><code class="language-javascript" data-lang="javascript"><span class="kd">var</span> <span class="nx">key</span><span class="p">,</span> <span class="nx">keysize</span><span class="p">,</span> <span class="nx">blocks</span><span class="p">,</span> <span class="nx">msg</span><span class="p">,</span> <span class="nx">result</span>
 <span class="kd">var</span> <span class="nx">keyScores</span> <span class="o">=</span> <span class="p">[]</span>
 
-<span class="nx">msg</span>     <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">fs</span><span class="p">.</span><span class="nx">readFileSync</span><span class="p">(</span><span class="s1">'../res/6.txt'</span><span class="p">,</span> <span class="s1">'utf-8'</span><span class="p">),</span> <span class="s1">'base64'</span><span class="p">)</span>
+<span class="nx">msg</span>     <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">fs</span><span class="p">.</span><span class="nx">readFileSync</span><span class="p">(</span><span class="dl">'</span><span class="s1">../res/6.txt</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">utf-8</span><span class="dl">'</span><span class="p">),</span> <span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">)</span>
 <span class="nx">keysize</span> <span class="o">=</span> <span class="nx">XOR</span><span class="p">.</span><span class="nx">findKeySize</span><span class="p">(</span><span class="nx">msg</span><span class="p">)</span>
 <span class="nx">blocks</span>  <span class="o">=</span> <span class="nx">Util</span><span class="p">.</span><span class="nx">divideInBlocks</span><span class="p">(</span><span class="nx">msg</span><span class="p">,</span> <span class="nx">keysize</span><span class="p">)</span>
 <span class="nx">blocks</span>  <span class="o">=</span> <span class="nx">Util</span><span class="p">.</span><span class="nx">transposeBlocks</span><span class="p">(</span><span class="nx">blocks</span><span class="p">,</span> <span class="nx">keysize</span><span class="p">)</span>
@@ -703,8 +780,8 @@ job of decrypting a base64 encoded ciphertext in Node.js:</p>
 */</span>
 <span class="kd">function</span> <span class="nx">decrypt</span> <span class="p">(</span><span class="nx">ciphertext</span><span class="p">,</span> <span class="nx">key</span><span class="p">,</span> <span class="nx">alg</span><span class="p">)</span> <span class="p">{</span>
   <span class="kd">var</span> <span class="nx">decipher</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nx">createDecipheriv</span><span class="p">(</span><span class="nx">alg</span><span class="p">,</span> <span class="nx">key</span><span class="p">,</span> <span class="kc">null</span><span class="p">)</span>
-  <span class="kd">var</span> <span class="nx">out</span> <span class="o">=</span> <span class="nx">decipher</span><span class="p">.</span><span class="nx">update</span><span class="p">(</span><span class="nx">ciphertext</span><span class="p">,</span> <span class="s1">'base64'</span><span class="p">,</span> <span class="s1">'utf-8'</span><span class="p">)</span>
-  <span class="k">return</span> <span class="nx">out</span> <span class="o">+=</span> <span class="nx">decipher</span><span class="p">.</span><span class="kr">final</span><span class="p">(</span><span class="s1">'utf-8'</span><span class="p">)</span>
+  <span class="kd">var</span> <span class="nx">out</span> <span class="o">=</span> <span class="nx">decipher</span><span class="p">.</span><span class="nx">update</span><span class="p">(</span><span class="nx">ciphertext</span><span class="p">,</span> <span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">utf-8</span><span class="dl">'</span><span class="p">)</span>
+  <span class="k">return</span> <span class="nx">out</span> <span class="o">+=</span> <span class="nx">decipher</span><span class="p">.</span><span class="nx">final</span><span class="p">(</span><span class="dl">'</span><span class="s1">utf-8</span><span class="dl">'</span><span class="p">)</span>
 <span class="p">}</span></code></pre></figure>
 
 <p>If everything works fine, we will get the same lyrics of the previous
diff --git a/_site/footprinting,/subdomain,/dns/2021/07/31/wildcard-subdomain-enum.html b/_site/footprinting,/subdomain,/dns/2021/07/31/wildcard-subdomain-enum.html
new file mode 100644
index 0000000..fe60128
--- /dev/null
+++ b/_site/footprinting,/subdomain,/dns/2021/07/31/wildcard-subdomain-enum.html
@@ -0,0 +1,233 @@
+
+
+  
+  
+  
+Subdomain enumeration with wildcard records | patrickrbc
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    
+
+  
    
+
    
+
    
+      
    
+        
    
+
+  
    
+    
    Subdomain enumeration with wildcard records 
    
+    
    
+      
    
+  
    
+
+  
    
+    
    TL;DR
    
+
+
    Enumerating subdomains with wildcard records is tricky but not impossible, here
+are some tips. Also, don’t trust wildcards as a security mechanism for hiding
+sensitive apps.
    
+
+
    The problem
    
+
+
    If you did some subdomain brute-force enumeration in the wild you already
+bumped into a record that resolves for any type of prefix. This is called a
+wildcard record and it can be configured by inserting a record entry with a
+label “*”. This record will also resolve for other sublevels unless it is
+inhibited by another record entry.
    
+
+
    Many companies use wildcard records as part of their architecture. A well-known
+example is Slack which uses it for their workspaces. For example, today I asked
+my favorite DNS server to resolve the following records and got the same IP
+address:
    
+
+
    shopify.enterprise.slack.com 18.231.0.250
+enterprise.slack.com 18.231.0.250
+big-name-non-existent.slack.com 18.231.0.250
+
    
+
+
    In this case you might conclude that there is a wildcard record
+*.slack.com and maybe we should ignore this domain in your subdomain
+enumeration. However, you could end up missing something like
+status.slack.com which does not resolve to this address. Instead it has a
+CNAME pointing to another infrastructure that could be interesting to you.
    
+
+
    It is curious how often subdomain enumeration tools mess up or do not handle
+this kind of behaviour. Many times the wildcard records are just dropped
+without any further check. The problem is that you might lose some interesting
+apps by discarding them .
    
+
+
    With that in mind, adding a wildcard record can be a tempting strategy to hide
+your own services like a needle in the haystack. I can’t blame anyone for doing
+that, but just keep in mind that this is not going to save you for long.
    
+
+
    Finding interesting stuff
    
+
+
    Thinking about how to make a better reconnaissance one could try to overcome
+this problem by treating enumeration in wildcard records differently. The
+response returned by the wildcard could be stored (sorted if it is multiple
+entries) and every subsequent DNS response would be compared with this one.
+Everytime we find a new response it would be saved in a map structure.
    
+
+
    This would make sure we have at least one subdomain that points to that new
+location that we found. However, the world ain’t all sunshine and rainbows
+and we could obviously have a different application sitting on a machine that
+will only show up when we set a specific Host header in the HTTP request.
    
+
+
    Therefore, this is just something you could use to have more places to look for
+security vulnerabilities. There are many other more edgy cases (for example
+when including CNAME) that can happen when trying to find assets using DNS. I
+hope I can dig into that more in future posts.
    
+
+
    Do you have any tips for finding apps on records with wildcard?
    
+
+  
    
+
+
    
+
+      
    
+    
    
+
+    
+    
+  
+
+
diff --git a/_site/index.html b/_site/index.html
index aaf670a..226e660 100644
--- a/_site/index.html
+++ b/_site/index.html
@@ -2,18 +2,18 @@
 
   
   
-  
-patrickrbc | Olá! My name is Patrick and I am a software and security engineer based in Recife, Brazil. Welcome to my blog!
-
+  
+patrickrbc
+
 
 
-
-
 
 
 
+
+
 
+{"headline":"patrickrbc","url":"http://localhost:4000/","name":"patrickrbc","@type":"WebSite","@context":"https://schema.org"}
 
 
 
    
@@ -38,7 +38,17 @@
       
    
         
    
 
    Posts
    
-    
    
 
-      
    
+      
    
 
    
 
       
    
-        
    Olá! My name is Patrick and I am a software and security engineer based in Recife, Brazil. Welcome to my blog!
    
+        
    
       
    
     
    
 
@@ -91,8 +160,26 @@ 
    patrickrbc
    
       gtag('config', 'UA-137241651-1');
     
     
   
diff --git a/_site/sitemap.xml b/_site/sitemap.xml
index 971a681..6924b00 100644
--- a/_site/sitemap.xml
+++ b/_site/sitemap.xml
@@ -13,6 +13,14 @@
 2019-06-01T21:25:00-03:00
 
 
+http://localhost:4000/footprinting,/subdomain,/dns/2021/07/31/wildcard-subdomain-enum
+2021-07-31T13:49:00-03:00
+
+
+http://localhost:4000/2022/12/26/the-social-media-trap
+2022-12-26T21:32:00-03:00
+
+
 http://localhost:4000/404
 
 
diff --git a/about.md b/about.md
index e3e01f0..432f131 100644
--- a/about.md
+++ b/about.md
@@ -5,11 +5,12 @@ permalink: /about/
 ---
 
 I am a software and security engineer based in
-[Recife](https://goo.gl/maps/zydFuxsk54fsfzDk7) with 6+ years of experience.
-Since 2020, I'm also building [Unxpose](https://www.unxpose.com/) a solution
-that simplifies cybersecurity for busy companies.
+[Recife](https://goo.gl/maps/zydFuxsk54fsfzDk7){:target="\_blank"} with 8+
+years of experience. Since 2020, I'm also building
+[Unxpose](https://www.unxpose.com/){:target="\_blank"} a solution that
+simplifies cybersecurity for busy companies.
 
-This is a place where I publish personal thoughts, research and things I learnt
+This is a place where I publish personal thoughts, research and things I learn
 while working with computers. I hope you can find something useful here. I
 haven't been doing much research lately, but you can find some old references
 below.
diff --git a/assets/main.scss b/assets/main.scss
index cc27025..b919804 100644
--- a/assets/main.scss
+++ b/assets/main.scss
@@ -3,8 +3,21 @@
 
 @import "minima";
 
-$text-color: #DDDDDD;
-$background-color: #2F2F2F;
+$text-color: #dddddd;
+$background-color: #2f2f2f;
+
+body {
+  background-color: #eeeee4;
+}
+
+a,
+a:visited {
+  color: #21130d;
+}
+
+a:hover {
+  color: #063970;
+}
 
 pre {
   max-height: 600px;
@@ -14,17 +27,27 @@ pre {
   text-decoration: none;
 }
 
+.footer-col {
+  float: left;
+  margin-bottom: 15px;
+  padding-left: 0;
+}
+
 body.dark {
   background-color: $background-color;
   color: $text-color;
   transition: 0.2s;
 
-  a, a:visited {
+  a,
+  a:visited {
     color: $text-color;
   }
 
-  .site-title, .site-title:visited, .site-nav .page-link, .footer-heading {
-    color: #FFC502;
+  .site-title,
+  .site-title:visited,
+  .site-nav .page-link,
+  .footer-heading {
+    color: #ffc502;
   }
 
   .post-list-heading {
@@ -35,14 +58,16 @@ body.dark {
     color: white;
   }
 
-  .highlight, .highlighter-rouge .highlight, pre, code {
+  .highlight,
+  .highlighter-rouge .highlight,
+  pre,
+  code {
     background-color: $background-color;
     border: 1px solid $background-color;
     overflow: hidden;
   }
 
   .site-nav {
-    background-color: #2F2F2F;
-    border: 1px solid #828282;
+    background-color: #2f2f2f;
   }
 }
diff --git a/assets/minima-social-icons.svg b/assets/minima-social-icons.svg
new file mode 100644
index 0000000..ff02f3e
--- /dev/null
+++ b/assets/minima-social-icons.svg
@@ -0,0 +1,50 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+  
+
+
+
+        
+
+
+
+        
+
+
+
+  
+
+
+
+  
+  
+
+
+
+  
+
+