This Week's/Trending Posts

Hand-Picked/Curated Posts

Most Popular/Amcache

Hand-Picked/Weekly News

The Most/Recent Articles

sunday funday

Daily Blog #729: Solution Saturday 1/25/25


Hello Reader,

This week I get to welcome another new name to the list of Sunday Funday Winners! If you were thinking about 2025 goals for yourself or to put into your year end career goals, why not being a Sunday Funday Winner  yourself? This week we congratulate Garrett Jones who did some great research and write it up quite nicely. Welcome to the SF Winners Club Garrett!

The Challenge:


Determine how to extract chat history out of the Chat GPT desktop app and what other data you can extract that would useful in an investigation (user name, login times, etc..)


The winning answer:

You can read Garrett's entry here:

Garrett's Github Blog

 

Read More
test kitchen

Daily Blog #728: Test Kitchen with Cursor

 


 

Hello Reader,

I went live tonight with a test kitchen! In it I showed how to use cursor to write a lnk file parser and add features and even read other peoples code to improve itself. Unfortunately I forgot that streamyard requires that I 'add myself' to the stage to get audio. So here is a video recording of me using Cursor... without Audio. 

 

I'll do this again and learn from this mistake. 

 

https://www.youtube.com/watch?v=YzpZtAmLTAc

Read More
deepseek

Daily Blog #727: Experimenting with Deepseek v3

 


 

Hello Reader,

    Deepseek v3 is an open source AI model that is challenging OpenAI's dominance.  I decided to give it a spin and provide it a one off prompt in Cursor (which now has Deepseek v3 as one of it's available models) to create a python script with a GUI to download onion links. According to the publicly available testing Deepseek v3 is matching in chain of thought functionality with o1 and is considerable cheaper to run. 

I will say the code it wrote is good and its ability to correctly explain and define things works very well. I need to determine what the context window Cursor is making available for this so I can find out how much code I can provide.

Here is the code I got deepseek to write in just a few prompts:


import sys
import time
import requests
from PySide6.QtWidgets import (QApplication, QMainWindow, QWidget, QVBoxLayout,
                               QLabel, QLineEdit, QPushButton, QFileDialog, QProgressBar)
from PySide6.QtCore import QThread, Signal
from urllib3.util.retry import Retry
from requests.adapters import HTTPAdapter
from stem import Signal
from stem.control import Controller
import stem.process

# Tor proxy settings
TOR_PROXY = {
    'http': 'socks5h://127.0.0.1:9050',
    'https': 'socks5h://127.0.0.1:9050'
}

class DownloadThread(QThread):
    progress = Signal(int)
    speed = Signal(str)
    finished = Signal(bool)
    error = Signal(str)

    def __init__(self, url, save_path):
        super().__init__()
        self.url = url
        self.save_path = save_path

    def run(self):
        try:
            # Test SOCKS support
            try:
                import socks
                from socket import socket
                # Test Tor connection
                test_socket = socket()
                test_socket.settimeout(10)
                test_socket.connect(('127.0.0.1', 9050))
                test_socket.close()
                msg = "Tor connection verified"
                print(msg)
                self.error.emit(msg)
            except ImportError:
                msg = "SOCKS support not available. Please install PySocks."
                print(msg)
                self.error.emit(msg)
                self.finished.emit(False)
                return
            except Exception as e:
                msg = f"Failed to connect to Tor: {str(e)}"
                print(msg)
                self.error.emit(msg)
                self.finished.emit(False)
                return

            # Create a session with retry logic
            session = requests.Session()
            retries = Retry(total=5, backoff_factor=0.1, status_forcelist=[500, 502, 503, 504])
            session.mount('http://', HTTPAdapter(max_retries=retries))
            session.mount('https://', HTTPAdapter(max_retries=retries))

            msg = f"Attempting to connect to: {self.url}"
            print(msg)
            self.error.emit(msg)
           
            with session.get(self.url, stream=True, proxies=TOR_PROXY, timeout=30) as r:
                msg = f"Connection established. Status code: {r.status_code}"
                print(msg)
                self.error.emit(msg)
               
                r.raise_for_status()
               
                total_length = int(r.headers.get('content-length', 0))
                if total_length == 0:
                    msg = "Warning: Content length is 0 or not provided"
                    print(msg)
                    self.error.emit(msg)
               
                downloaded = 0
                start_time = time.time()
               
                with open(self.save_path, 'wb') as f:
                    for chunk in r.iter_content(chunk_size=8192):
                        if chunk:
                            f.write(chunk)
                            downloaded += len(chunk)
                           
                            progress = int((downloaded / total_length) * 100) if total_length > 0 else 0
                            elapsed_time = time.time() - start_time
                            speed = downloaded / (elapsed_time * 1024) if elapsed_time > 0 else 0  # KB/s
                           
                            self.progress.emit(progress)
                            self.speed.emit(f"{speed:.2f} KB/s")
                           
                msg = f"Download completed. Total bytes: {downloaded}"
                print(msg)
                self.error.emit(msg)
                self.finished.emit(True)
               
        except requests.exceptions.RequestException as e:
            msg = f"Network error: {str(e)}\nResponse: {e.response.text if e.response else 'No response'}"
            print(msg)
            self.error.emit(msg)
            self.finished.emit(False)
        except Exception as e:
            msg = f"Error: {str(e)}\nType: {type(e).__name__}"
            print(msg)
            self.error.emit(msg)
            self.finished.emit(False)

class MainWindow(QMainWindow):
    def __init__(self):
        super().__init__()
        self.setWindowTitle("Tor Downloader")
        self.setGeometry(100, 100, 400, 200)

        # Create main widget and layout
        main_widget = QWidget()
        self.setCentralWidget(main_widget)
        layout = QVBoxLayout()

        # URL input
        self.url_input = QLineEdit()
        self.url_input.setPlaceholderText("Enter .onion URL")
        layout.addWidget(QLabel("Onion URL:"))
        layout.addWidget(self.url_input)

        # Save location
        self.save_path_input = QLineEdit()
        self.save_path_input.setReadOnly(True)
        browse_button = QPushButton("Browse...")
        browse_button.clicked.connect(self.select_save_location)
        layout.addWidget(QLabel("Save Location:"))
        layout.addWidget(self.save_path_input)
        layout.addWidget(browse_button)

        # Progress bar
        self.progress_bar = QProgressBar()
        layout.addWidget(self.progress_bar)

        # Speed label
        self.speed_label = QLabel("Speed: 0.00 KB/s")
        layout.addWidget(self.speed_label)

        # Download button
        self.download_button = QPushButton("Download")
        self.download_button.clicked.connect(self.start_download)
        layout.addWidget(self.download_button)

        main_widget.setLayout(layout)

        self.tor_process = None

    def select_save_location(self):
        folder_path = QFileDialog.getExistingDirectory(self, "Select Save Folder")
        if folder_path:
            self.save_path_input.setText(folder_path)

    def start_tor(self):
        try:
            # Check if Tor is already running
            try:
                with Controller.from_port(port=9051) as controller:
                    controller.authenticate()
                    msg = "Connected to existing Tor process"
                    print(msg)
                    return True
            except:
                pass

            # Start Tor process
            self.tor_process = stem.process.launch_tor_with_config(
                config={
                    'SocksPort': '9050',
                    'ControlPort': '9051',
                },
                take_ownership=True,
                timeout=300
            )
            msg = "Started new Tor process"
            print(msg)
            return True
        except Exception as e:
            msg = f"Failed to start Tor: {str(e)}"
            print(msg)
            self.handle_error(msg)
            return False

    def stop_tor(self):
        if self.tor_process:
            self.tor_process.terminate()
            msg = "Stopped Tor process"
            print(msg)
            self.tor_process = None

    def start_download(self):
        if not self.start_tor():
            return

        url = self.url_input.text()
        folder_path = self.save_path_input.text()

        if not url or not folder_path:
            return

        # Generate filename from URL
        try:
            # Extract filename from URL
            filename = url.split('/')[-1]
            if not filename or '.' not in filename:
                filename = f"download_{int(time.time())}"
            save_path = f"{folder_path}/{filename}"
        except Exception as e:
            self.speed_label.setText(f"Error generating filename: {str(e)}")
            return

        # Disable UI during download
        self.download_button.setEnabled(False)
        self.progress_bar.setValue(0)
        self.speed_label.setText(f"Downloading to: {save_path}")

        # Create and start download thread
        self.download_thread = DownloadThread(url, save_path)
        self.download_thread.progress.connect(self.progress_bar.setValue)
        self.download_thread.speed.connect(self.speed_label.setText)
        self.download_thread.finished.connect(self.download_finished)
        self.download_thread.error.connect(self.handle_error)
        self.download_thread.start()

    def download_finished(self, success):
        self.download_button.setEnabled(True)
        if success:
            self.speed_label.setText("Download complete!")
        else:
            self.speed_label.setText("Download failed!")

    def handle_error(self, message):
        print(f"UI Error: {message}")  # Print to console
        self.speed_label.setText(message)
        self.download_button.setEnabled(True)

    def closeEvent(self, event):
        self.stop_tor()
        event.accept()

if __name__ == "__main__":
    app = QApplication(sys.argv)
    window = MainWindow()
    window.show()
    sys.exit(app.exec())


Read More
surviving the breach

Daily Blog #726: Surviving the Breach Episode 1


 

 

 Hello Reader!,

We haven't put it out on the podcast feeds yet, but I wanted to share with you the first episode of Surviving the Breach! We are going to record an Episode 0 soon and then work on next months!


Episode 1: Materiality and Disclosure—When does Cybersecurity Breach reach material impact
In the premiere episode of Surviving the Breach, hosts David Cowen and Erik Harssema dive into the complex world of materiality and disclosure obligations after cybersecurity incidents. When does a cybersecurity incident cross the threshold of materiality, requiring disclosure to investors in an 8-K filing? To help unravel these high-stakes decisions, the hosts are joined by Michelle Reed, co-chair of Data Privacy and Cybersecurity at Paul Hastings LLP. Michelle shares her expert insights on navigating regulatory expectations, managing business risks, and ensuring compliance in the aftermath of a breach. Tune in for practical guidance and legal expertise to help your business survive and thrive after a cyber incident.

 

You can listen to it here: Episode 1

Read More
project adaz

Daily Blog #725: Project adaz testing part 3

 


 

Hello Reader,

Well I found the terraform commands that were referencing /bin/bash for local_exec calls.  I tried to see if I could just do a quick switch to cmd.exe but there is a lot more that would need to be done to have the whole process be Windows ready. ChatGPT 01 agrees with this and suggested I either use WSL (Windows subsystem for Linux) or install cygwin.  I recently uninstalled WSL from my system but I think tomorrow I'll reinstall it and we will get this going again.


So morale of the story, you cannot (easily) just run the project adaz terraform/ansible scripts from a windows host but you should have no issue on WSL, linux or a mac.

Read More
project adaz

Daily Blog #724: Project Adaz testing part 2



Hello Reader, 

When we last left off I got project adaz to run on my Windows 11 system, but once I launched terraform I got an error. 

 Error running command '/bin/bash -c 'source venv/bin/activate && ANSIBLE_HOST_KEY_CHECKING=false ansible-playbook
│ elasticsearch-kibana.yml -v'': exit status 1. Output: The system cannot find the path specified.


Now this does not mean that terraform didn't create any systems, it absolutely did. 


 

  What it does mean is that Ansible was not able to configure them, which is 1/2 of the solution. I'm running this from the windows command line (yes I could do this in linux or on a mac but the point is many of you are running on windows) so I need to modify what Ansible is calling out to so this will work. 

I've been looking up solutions that are portable (make a PR back to adaz when I'm done) but so far the quick help from google and chat gpt 4o haven't seen my newly defined windows variables carry over. So I'm going to try again tomrrow with o1 and see if we can figure it out!



Read More
sunday funday

Daily Blog #723: Sunday Funday 1/19/25

 


Hello Reader,

It's Sunday! That means it's time for another challenge. Let's change our focus to desktop application artifacts left behind from Chat GPT! Everyone is using these AI tools and many people are going to leave evidence behind in their usage!


The Prize:

$100 Amazon Giftcard

The Rules:

  1. You must post your answer before Friday 1/24/25 7PM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful
  6. Anonymous entries are allowed, please email them to dlcowen@gmail.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
  8. AI assistance is welcomed but if a post is deemed to be entirely AI written it will not qualify for a prize. 


The Challenge:
Determine how to extract chat history out of the Chat GPT desktop app and what other data you can extract that would useful in an investigation (user name, login times, etc..)
Read More
Subscribe to: Posts ( Atom )