A new twitterbot

So I got a little bored the other day and decided I needed something to do. I so happen to see a story about someone creating an amazing twitter bot which would troll the evangelist Joel Osteen. Essentially this bot would get his latest tweet, and re-tweet (under the account Joel Dongsteen) the the post. This is fine and dandy, only it would edit the tweet. It would look for the word “God” and replace them with the words “Your dick”.

After laughing pretty hard for some time, I decided I wanted to make something similar and publish the code, so anyone could troll whomever they wish.

So I created a quick python script (which is still under development) to do just this. I havent fully tested it quite yet, but I am sure it wont take long to get running 100%

Joel Dongsteen’s twitter feed is here
https://twitter.com/JoelDongsteen

The link to my gitub twitter bot is here
https://github.com/jasonbernier/twitterbot

Enjoy!

PHPMailer-Checker python script for the phpmailer exploit

With the new phpmailer exploit, which provides remote code execution, that was released a few days ago, I decided to create a simple python script called phpmailer-chcker. I released this to check for the vulnerable versions of the phpmailer application. I’m sure ill make it easier to use in the future, but its a start for now.

The vulnerability and exploit was discovered by David Golunski

The original full advisory can be located here
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html

PoC Video:
https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html

Disclaimer:
For testing purposes only. Do no harm.

It can be found here.
https://github.com/jasonbernier/phpmailer-checker

CompTIA Security+ CEUs

CompTIA Security+ CEUs

A quick overview of the CompTIA Security+ CEU program

So today a coworker was working on getting his administrative accounts setup. Part of the process to get the accounts created by our help desk is that you have to have a current, the keyword being current, Security+ certification offered by CompTIA. My coworker was unaware that CompTIA had changed its program which now requires that certification holders complete CEUs in addition to paying a yearly maintenance fee. After looking at his certification he discovered that he would have to take the exam all over again in order to be compliant to receive his administrative accounts. Was he ever mad. He just assumed that since he has one of the good for life certifications that he would be “good to go”.

This got me thinking that I should probably check my account standing since it has been a while since I have submitted any CEUs. So I head on over to CompTIAs website at https://www.certmetrics.com/comptia/default.aspx and of course I discover I have some catching up I need to do. After logging in I find that I can write a blog of no less than 500 words about the Security+ certification and receive one CEU for this action. Score! So here I am writing about this experience, trying to catch up on CEUs, and of my coworkers experience.

For those that also hold the Offensive Security Certified Professional (OSCP) certification, it does not count for CEUs under CompTIA’s program. I have not reached out to EC-Council yet. Hopefully it does so that I can knock those CEUS for the year out of the way as well.

Some other items you can submit CEUS for are as follows:
(Note that this isn’t a complete list)
Write a book
Publish a blog
Publish a white paper/Article
Work experience (once per year)
College courses
Other certifications.

Since I completed my Master’s degree this year, I was able to add the last two courses I took to get me 20 credits toward my 3 year goal of 50 CEUs. Each one of the graduate courses I finished this year gave me 10 CEUs per class.

So now I am almost half way toward my goal of 50 CEUs. I may have to go and take the CASP exam sometime soon. If you are able to pass an exam equal to or higher in regards to difficulty, it would give you the max amount of CEUs. This means that if you have Security+ and pass the CASP exam, you would be all caught up on CEUs for Security+. However, you would still have to do the CEUs required for the CASP exam, which I believe is a lot more.

The point of this program is to ensure certification holders are staying up to date on security and are staying aware of the latest types of attacks and ways to mitigate those attacks. I do wish that CompTIA would be more accepting of other certifications (like the OSCP) so that the time I spent on that course and exam would also give me CEUs for my other certifications such as Security+ and CEH.