<!DOCTYPE html> <html lang="en" data-theme="dark"><head> <meta charset="utf-8"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title> Index | tweedge's blog </title> <meta name="description" content=" A security engineer's blog about his projects, research, philosophy, and career. "> <meta name="keywords" content=""> <meta name="HandheldFriendly" content="True"> <meta name="MobileOptimized" content="320"> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> <link rel="manifest" href="/site.webmanifest"> <link rel="preload" href="/fonts/opensans-light.woff2" as="font" type="font/woff2" crossorigin=""> <link rel="preload" href="/fonts/opensans-regular.woff2" as="font" type="font/woff2" crossorigin=""> <link rel="preload" href="/fonts/opensans-bold.woff2" as="font" type="font/woff2" crossorigin=""> <link rel="preload" href="/fonts/entities.woff2" as="font" type="font/woff2" crossorigin=""> </head><body><a rel="me" href="https://cybersecurity.theater/@tweedge"></a> <a rel="me" href="https://proven.lol/75deff"></a> <meta property="og:type" content="website"> <meta property="og:url" content="https://chris.partridge.tech/"> <meta property="og:title" content=" Index | tweedge's blog "> <meta property="og:description" content=" A security engineer's blog about his projects, research, philosophy, and career. "> <meta property="og:image" content="https://chris.partridge.tech/images/card.png"> <meta property="og:site_name" content="Chris Partridge"> <meta property="og:locale" content="en_US"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@_tweedge"> <meta name="twitter:title" content=" Index | tweedge's blog "> <meta name="twitter:description" content=" A security engineer's blog about his projects, research, philosophy, and career. "> <meta name="twitter:image:src" content="https://chris.partridge.tech/images/card.png"> <meta itemprop="name" content=" Index | tweedge's blog "> <meta itemprop="description" content=" A security engineer's blog about his projects, research, philosophy, and career. "> <meta itemprop="image" content="https://chris.partridge.tech/images/card.png"> <link rel="stylesheet" href="/css/main.css"> <link rel="canonical" href="https://chris.partridge.tech/"> <link rel="alternate" type="application/rss+xml" title="tweedge's blog" href="https://chris.partridge.tech/feed.xml"> <meta http-equiv="onion-location" content="https://tweedge32j4ib2hrj57l676twj2rwedkkkbr57xcz5z73vpkolws6vid.onion/"> <main class="wrapper"> <header class="site-header"> <nav class="nav"> <div class="container"> <a id="flashbang-button"> <span id="flashbang-icon" class="entities-sym-sun"></span> </a> <ul class="navbar"> <li><a href="/">home</a></li> <li><a href="/about/">about</a></li> <li><a href="/research/">research</a></li> </ul> <script src="/js/flashbang.js"></script> </div> </nav> </header> <section class="intro"> <div class="container"> <p class="lead">Howdy, I'm <data class="author-name" itemprop="name">Chris Partridge</data>, a <data itemprop="jobTitle">Security Engineer</data>. I do cybersecurity things with a focus on effective software security and internet-scale research.</p> </div> </section> <section class="post-content"> <div class="container"> <article class="post-item"> <p> <span class="post-meta">Sep 30, 2023</span> — <strong><a class="post-link" href="/2023/malware-targeting-cybersecurity-subreddit/">So, someone tried baiting people into downloading malware on r/cybersecurity</a></strong> <br> <span>Are there Darwin awards for skids burning their C2 infrastructure?</span> <a class="post-link readmore" href="/2023/malware-targeting-cybersecurity-subreddit/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Dec 14, 2022</span> — <strong><a class="post-link" href="/2022/evolution-of-vipersoftx-dga/">50 Domains Worth Blocking: The Evolution of ViperSoftX's Underreported DGA</a></strong> <br> <span>ViperSoftX is a multi-stage cryptocurrency stealer which is spread within torrents and filesharing sites, responsible for stealing hundreds of thousands of dollar-equivalent funds, mostly from individual users. Nearly three years after it was originally discovered, this malware campaign has more surprises in store, and I'm digging into its dropper/C2 ops. The first article of a series.</span> <a class="post-link readmore" href="/2022/evolution-of-vipersoftx-dga/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Dec 9, 2022</span> — <strong><a class="post-link" href="/2022/request-amplification-in-mastodon/">Request Amplification in Mastodon</a></strong> <br> <span>Mastodon is a great replacement for Twitter, but who knew it was also a replacement for LOIC too? I'm joking - but an observed traffic amplification factor of over 36,000:1 isn't very funny, especially not for 'intended behavior.'</span> <a class="post-link readmore" href="/2022/request-amplification-in-mastodon/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Jun 5, 2022</span> — <strong><a class="post-link" href="/2022/untrusted-harica-onion-certificates/">Cross-Certificates in Practice: HARICA's Root CA 2021 Transition</a></strong> <br> <span>HARICA - the only non-DigiCert certificate authority offering .onion certificates (for Tor hidden services) - has recently switched over to signing new certificates with their 2021 CAs. Here are some cliff notes on how to use HARICA's cross-certificates in your trust chain if that becomes a problem for you or your website viewers.</span> <a class="post-link readmore" href="/2022/untrusted-harica-onion-certificates/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Mar 10, 2022</span> — <strong><a class="post-link" href="/2022/avoiding-unsolicited-calls/">How I'm Avoiding Your Unsolicited Calls</a></strong> <br> <span>It's pretty sad that I'm paying money for a phone number to post online, specifically to get it pulled into the tools used by the multi-hundred-billion-dollar talent and marketing industries, just to have some peace and quiet during the day. In case you want to do the same, here's what I do and what (little) it took.</span> <a class="post-link readmore" href="/2022/avoiding-unsolicited-calls/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Jan 18, 2022</span> — <strong><a class="post-link" href="/2022/digital-resurrection/">Miniscule Achievements in Digital Resurrection</a></strong> <br> <span>Once upon a time, I stumbled on to some dead links, and through preserved materials I easily recreated a now-defunct unitasking site about IPv6 ULAs. So why did the license on my personal blog change?</span> <a class="post-link readmore" href="/2022/digital-resurrection/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Dec 29, 2021</span> — <strong><a class="post-link" href="/2021/disclosing-wsdot-sqli/">Public Disclosure: SQLi in wsdot.wa.gov</a></strong> <br> <span>It's now been over six months since I reported an incident to US-CERT, and was still a trivially exploitable SQLi on the Washington State Department of Transportation website. I made a partial public disclosure while this was still exposing sensitive contractor PII from 1986-2021 including last 4 of SSNs, as well as nearly 73k users from 1999-2021. Around one week after, this issue has been resolved, and I have updated this article to contain complete information. Thank you to everyone that helped get this fixed!</span> <a class="post-link readmore" href="/2021/disclosing-wsdot-sqli/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Dec 3, 2021</span> — <strong><a class="post-link" href="/2021/identifying-intel-engineering-samples/">Signs an Intel CPU May Be an Engineering Sample</a></strong> <br> <span>Intel themselves don't publish any information on identifying Engineering Sample (ES) processors outside of checking the markings on the lid of the CPU. I had an ES CPU once upon a time, and here's what I saw when compared to another similar CPU - it's no definitive guide but it might be useful to some who are concerned about a secondhand CPU they've received.</span> <a class="post-link readmore" href="/2021/identifying-intel-engineering-samples/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Oct 27, 2021</span> — <strong><a class="post-link" href="/2021/observing-a-botnet/">Why is a 2,000-IP Botnet Torrenting Ubuntu?</a></strong> <br> <span>About two days ago, hundreds of thousands of leeches were reported on Ubuntu's torrent tracker - downloading gigabits of data, but never reporting that they'd completed any chunks. My precious Linux ISOs (yes, really) were under attack. But whose botnet is this, why are they all downloading Ubuntu, and just how big is the botnet they're controlling? Let's dig in.</span> <a class="post-link readmore" href="/2021/observing-a-botnet/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Oct 5, 2021</span> — <strong><a class="post-link" href="/2021/prestige/">What Happened To My Career After Joining Big Tech</a></strong> <br> <span>What happens when you work for a household name? What happens when that household name has a reputation for only hiring and developing top tech talent? What happens when many recruiters and recruiting firms make a habit of poaching only "the best?" Turns out, your career growth goes exponential - and while that might be good for me now, it wasn't good for me before, and isn't good for the tech field overall.</span> <a class="post-link readmore" href="/2021/prestige/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Aug 25, 2021</span> — <strong><a class="post-link" href="/2021/breaking-into-product-security/">My Experience Breaking into Product Security</a></strong> <br> <span>Cybersecurity is massive, and answers about "should I get certifications" or "should I get a degree" are not as one-size-fits-all as they may initially seem. So, I wrote up a ton of details and context about my first role, how I got into that role, and general advice I have for people looking into Product Security or cybersecurity as a whole.</span> <a class="post-link readmore" href="/2021/breaking-into-product-security/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Jun 9, 2021</span> — <strong><a class="post-link" href="/2021/rockyou2021.txt-a-short-summary/">rockyou2021.txt: A Short Summary &amp; Torrent Download</a></strong> <br> <span>Thanks to an anonymous Redditor, I obtained a copy of rockyou2021.txt. It's easily the largest wordlist I have - keep in mind "wordlist" and not "breached password list" - but size isn't everything. While it's not universally useful for password cracking, you can download rockyou2021.txt here for your own research, projects, or engagements.</span> <a class="post-link readmore" href="/2021/rockyou2021.txt-a-short-summary/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Oct 20, 2020</span> — <strong><a class="post-link" href="/2020/extensions-the-next-generation-of-malware/help-for-users/">Help for Users Impacted by Infected Extensions</a></strong> <br> <span>If 'User-Agent Switcher', 'Nano Adblocker', or 'Nano Defender' sound familiar to you, I might have some bad news. A malware operator I am investigating has escalated their operations and infected 350k+ users; here's what happened and what to do if you were one of them.</span> <a class="post-link readmore" href="/2020/extensions-the-next-generation-of-malware/help-for-users/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Sep 27, 2020</span> — <strong><a class="post-link" href="/2020/email-fraud-or-email-compromise-beginners-guide/">Email Fraud or Email Compromise: A Beginner's Guide</a></strong> <br> <span>A student-friendly post about email, collecting evidence, forming hypotheses, and responding to a real-world incident with imperfect information. Batteries, references, and source materials included.</span> <a class="post-link readmore" href="/2020/email-fraud-or-email-compromise-beginners-guide/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Jun 7, 2020</span> — <strong><a class="post-link" href="/2020/a-believable-attack-using-eip-cards/">A Believable Attack Using EIP Cards</a></strong> <br> <span>Turns out it would cost you between $1 and $1.50 in materials to pull off an EIP Card scam, plus procurement and assembly - the rapport you get from doing this is easily more valuable, and could be a viable attack in the real-world.</span> <a class="post-link readmore" href="/2020/a-believable-attack-using-eip-cards/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Jun 6, 2020</span> — <strong><a class="post-link" href="/2020/eip-cards-made-fraud-easier/staying-safe/">How to Ensure Your EIP Card is Real</a></strong> <br> <span>A security engineer's guide on how to stay safe with any "EIP Card" you got in the mail. Begone, scammers!</span> <a class="post-link readmore" href="/2020/eip-cards-made-fraud-easier/staying-safe/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Jun 6, 2020</span> — <strong><a class="post-link" href="/2020/eip-cards-made-fraud-easier/letter/">EIP Mailer Photo Archive</a></strong> <br> <span>It's a scam! It's identity theft! No, wait, it's actually what passes for 'effort' at a federal level!</span> <a class="post-link readmore" href="/2020/eip-cards-made-fraud-easier/letter/">Read more</a></p> </article> <article class="post-item"> <p> <span class="post-meta">Jun 6, 2020</span> — <strong><a class="post-link" href="/2020/eip-cards-made-fraud-easier/">EIP Cards Made Fraud Easier</a></strong> <br> <span>Who thought distributing debit cards in unmarked envelopes that predominantly reference a non-.gov domain was a good idea? I almost threw it away, then thought I had my identity stolen, then got so frustrated I wrote this post.</span> <a class="post-link readmore" href="/2020/eip-cards-made-fraud-easier/">Read more</a></p> </article> </div> </section> <footer class="site-footer"> <div class="container"> <small class="pull-left">© Chris Partridge 2024</small> <small class="pull-right"><a href="https://chris.partridge.tech/feed.xml" target="_blank">RSS</a></small> <br> <small class="pull-left">This page is also available anonymously <a href="https://tweedge32j4ib2hrj57l676twj2rwedkkkbr57xcz5z73vpkolws6vid.onion/" target="_blank" rel="noopener noreferrer">via Tor</a>.</small> <br> <small class="pull-left">This site is <a href="https://chris.partridge.tech/license/CC_BY-NC-SA_4.0_International.txt" target="_blank">licensed</a> under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.</small> </div> </footer> </main> </body></html>