Skip to main content

Educator, instructional technologist, tinkerer, musicmaker, hauler of bootstraps

networkeffects.ca

twitter.com/grantpotter

flickr.com/photos/grantpotter

onename.com/grantpotter

Grant Potter

Grant Potter

https://irlpodcast.org/episode3/ "we are hired by corporations to cyber-disrupt day to day business of their competition .. the purpose was to lock files to delay a corporation's production time to allow our clients to introduce a similar product into the market first."

Grant Potter

Grant Potter

http://interferencearchive.org/ "the mission of is to explore the relationship between cultural production and social movements."

Grant Potter

Grant Potter

@Rancher_Labs - easily manage all aspects of running containers in development and production environments, on any infrastructure http://rancher.com

Grant Potter

http://wiki.p2pfoundation.net/Peer_Production_License "The peer production license is an example of the type of license, in which only other commoners, cooperatives and nonprofits can share and re-use the material, but not commercial entities intent on making profit through the commons without explicit reciprocity."‬

Grant Potter

Tactics, Techniques, and Procedures

  • He identified peripheral web servers via Google and Linkedin searches
  • Used known WordPress flaws and custom bugs to compromise PHP sites
  • Linux authentication mechanisms were altered to capture credentials
  • Nmap was used to identify exposed network services internally
  • Corporate Wikis revealed administrative workflows and VPN details
  • Ticketing, bug tracking, and version control systems provided secrets (e.g. cryptographic keys, seeds, hashes, credentials, and source code)
  • Cookies from weak non-production instances (e.g. staging) were valid in production as cryptographic materials were the same — bypassing 2FA
  • Client certificates (exposed by email, ticketing, or lifted from filesystems) were combined with known credentials to access corporate VPNs
  • Engineering credentials were used to commit backdoors to version control which were self-approved and later deployed into production

Grant Potter

Grant Potter