[ Beneath the Waves ]

This is the personal website of Ben Lincoln.

Summon the Lulz

Summon the Lulz.

Assorted New Material

In this completely random collection of updates, I present:

A long-overdue rewrite of Thermal versus Near Infrared, prompted by a discussion I had in email with Dr. David Wilson.

A look at how I made my Destiny Costume for Halloween, 2017.

A list of the vulnerabilities I've discovered which have been publicly-disclosed: Hack the Planet.

UW/ISACA Presentation Slide Deck

Early tonight I gave a presentation at the University of Washington demonstrating some penetration testing tools. A video should be available eventually. In the meantime, if you'd like to download the slide deck I used:

Penetration Testing Slide Deck - PowerPoint Format [ 760 KiB ]

Penetration Testing Slide Deck - PDF [ 51 MiB ] (yes, it's enormous compared to the PowerPoint file :( )


I've finally made time to post a handy utility VBScript I hacked together late last year: wg.vbs. It's a quick and dirty way to download files via HTTP from the command-line on versions of Windows® too old to support other mechanisms (e.g. PowerShell).

I've also made a few other minor updates I've been meaning to get to for awhile, such as noting in Mimikatz 2.0 - Brute-Forcing Service Account Passwords that Mimikatz already included the capability to launch OS commands — it just wasn't well-documented when I wrote that article.

Mimikatz 2.0 Golden/Silver Ticket Walkthroughs

Back in October I had the opportunity to see Benjamin Delpy (the author of Mimikatz) give a presentation on the new features in the 2.0 alpha release of that tool. I haven't run across any walkthroughs that I really felt conveyed the power of the "Golden Ticket" and "Silver Ticket" functionality, so I made some of my own: Mimikatz 2.0 - Golden Ticket Walkthrough and Mimikatz 2.0 - Silver Ticket Walkthrough. Forge your own Domain Admin tickets! Inject XSS attacks into upstream logging/monitoring systems! Corrupt forensic evidence! Misuse trusted web applications to alter the membership of privileged domain groups!

But some of you already knew about all of those things. What about using the Silver Ticket functionality to launch brute-force or dictionary attacks against the password for trusted service accounts used to run SPN-enabled web applications, even if the target domain locks out accounts after some number of failed login attempts? That's covered in Mimikatz 2.0 - Brute-Forcing Service Account Passwords.

Yield-Focused Vulnerability Score

I've been building an experimental vulnerability scoring system designed to give more accurate results (especially for penetration testing) than other existing systems (e.g. CVSS). You can read about it in the Yield-Focused Vulnerability Score (YFVS) article. The live YFVS 0.4 score calculator includes some fancy radial bar graphs that I'm pretty pleased with. You can read more about those in the Nightingale Charts article.

I am definitely looking for feedback on the scoring system — it is most certainly a work-in-progress.

Wax seal, etc.

I went to Metrix on Capitol Hill in Seattle on Thursday, 2014-10-02, and had a wax seal made out of my personal symbol using a computer-controlled laser. You can see some photos and whatnot in the What Does This Symbol Mean? article. Metrix is a great place, and their rates are outstanding. I thought it would cost $50-$100 to have that seal made, but it was actually more like $15-$20.

Unofficial ShellShock logo/symbol

Like several other people, I'd read over the last few days a number of comments about how the fantastic ShellShock vulnerability disclosed this past week wasn't quite as cool as Heartbleed because it didn't have a custom logo, and decided to do my part to help remedy the situation. Consider it my tribute to Stephane Chazelas' work.

License: Creative Commons Attribution-ShareAlike CC BY-SA

A few of the other unofficial logos/symbols I've seen:

A British accent for your Android phone

A few weeks ago I discovered how to Give Your Android Phone A British Accent — and that it's possible to compel it to speak arbitrary text. I think you'll agree that the results are pretty great.

Thermal imaging

Another update I've had on my list for awhile — I obtained a FLIR E4 thermal imager in early 2014 and used the modification developed by Mike Harrison and company to bump it up to 320x240 resolution. I've added several sets of Thermal Imaging Examples, and the Thermal versus Near Infrared article has been updated.

[ Page Icon ]