OSINT on Decentralised / Federated Softwares (Mastodon, Pixelfed and more)

Decentralized federated social medium (aka fediverse) is the talk of the town especially with the twitter drama that’s unfolding right now. To know more about fediverse softwares https://fediverse.party/en/miscellaneous/ is the best list of softwares.

I was curious about OSINT activities that are possible with this ecosystem. I have been spending some time exploring mastodon, pixelfed and other softwares and building some basic understanding of how interactions work or some part of it.

Introducing: https://github.com/anantshri/fediverse_osint

This is the first alpha version of the code base and can perform some very basic operations.

  1. It can detect if the provided domain is participating in Fediverse
  2. It can detect if the specific fediverse exists (username@domain.tld)
  3. It can also search for a specific username across a large array of fediverse servers. List sourced from fediverse.party

This is just the start and there is a lot more to be done.

Do you like what you read, What to share it

Cybersecurity: Passion or Profession

This blog post takes notes from an excellent talk by “Richard Hamming” called “You and Your research”

full transcript here. Its interesting how some talks leave a mark and you derive your own conclusions and way forward when you spend enough time thinking about the topic. Over a period of time my thought’s have changed on this particular discussion and I have tried to outline those points below. A large number of people have talked about this talk in various manners so i would not like to do that again but rather point you to this and this.

There was a time when I used to refer to this to almost anyone of my fellow colleagues in the information security industry that this is a must read / watch and look at what he is talking about: It made so much sense. However, I have stopped doing that now or rather i have started to caveat it a lot before i ask people to go through it.

There are some points about that talk which I kept missing:

Continue reading “Cybersecurity: Passion or Profession”

Do you like what you read, What to share it

Semgrep: scanning unusual extensions

Last few months I have been spending time with semgrep tool. As much as it has features its still a growing tool and does needs a bit of handholding. Here I will quickly explain how to hack the base code of semgrep to make it work against your specific language even though input file extension might not be the standard names.

Do you like what you read, What to share it

My experiments with Game Capture Card

I have been playing on my Nintendo switch for a long time now and have thought about recording my gameplay for reference. Past few days I have been reading about how to do game streaming and / or recording.

I found a lot of interesting things and a simplified way to achieve my goal. This blog post documents the entire journey along with the solution I am using right now its limitations.

Do you like what you read, What to share it

Re-launching Codevigilant

So i talked about relaunching a project using Hugo in my last blog post. today I’m happy to announce that we have relaunched CodeVigilant. This project took a lot of my time and efforts, but I was not alone in the efforts, Aarushi Koolwal helped me with the entire process.

Do you like what you read, What to share it

Posting regularly on blog: WordPress or hugo does the tooling matters?

I have been running this blog since 2007 19 July 2007 to be precise, during this long timeframe the blog has seen its own life-cycle. Started on shared hosting to moving on my server to moving from one type of WordPress instance to another. During this entire time, it has been a massively rewarding experience to learn. But guess what I have not even posted 100 blog posts in total. Averaging around 7 blog posts a year. Not even making it to post once a month. However, when I look around at my contemporaries, people have made massive blog empires and what not. Sometimes I used to sit back and wonder what exactly is the reason for such difference in dynamics.

Do you like what you read, What to share it

VM Size reduction tips for OVA distribution

In my many years of exploring Linux systems and building Android Tamer, OVA export has always been a fun challenge. Everyone distribute VM’s in OVA format as it is easy to import in both VMWare and Virtual box systems. Over the period I have relied on various smallish tweaks that eventually lead to a largish difference in final OVA Size. I think it’s time I document the entire set here:

Do you like what you read, What to share it

Public release: Android Security Repository

I wanted to celebrate this new year by giving something back to the community and so i am making my old Android Security Course content public.

I used to run android security training which started with basics of android and evolved to pin pointed android pentesters specific pain point solving course. for the last 3 years of it 2015-2017 I maintained a github repository which I am opensourcing today. This repository contains collection of resources I gathered for my students.

I am opensourcing the content in the hopes that it will benefit someone starting in Android Security.

Feel free to suggest changes, submit pull requests with updated content and improvements.

Repository is available at https://github.com/anantshri/Android_Security

Do you like what you read, What to share it

Introducing Hacking Archives of India

It’s been slightly more than 10 years that I have spent in the information security domain. Information Security is mostly assumed to be a very small and tightly connected community. However in these 10 years I have learned there are many persona’s active in the current industry, some very vocal, some very active yet not socially present at all. I have also always wondered how the information security industry started and proliferated in India.

Do you like what you read, What to share it