Skip to main content

Educator, instructional technologist, tinkerer, musicmaker, hauler of bootstraps

networkeffects.ca

twitter.com/grantpotter

flickr.com/photos/grantpotter

onename.com/grantpotter

Grant Potter

Grant Potter

@Rancher_Labs - easily manage all aspects of running containers in development and production environments, on any infrastructure http://rancher.com

Grant Potter

http://wiki.p2pfoundation.net/Peer_Production_License "The peer production license is an example of the type of license, in which only other commoners, cooperatives and nonprofits can share and re-use the material, but not commercial entities intent on making profit through the commons without explicit reciprocity."‬

Grant Potter

Tactics, Techniques, and Procedures

  • He identified peripheral web servers via Google and Linkedin searches
  • Used known WordPress flaws and custom bugs to compromise PHP sites
  • Linux authentication mechanisms were altered to capture credentials
  • Nmap was used to identify exposed network services internally
  • Corporate Wikis revealed administrative workflows and VPN details
  • Ticketing, bug tracking, and version control systems provided secrets (e.g. cryptographic keys, seeds, hashes, credentials, and source code)
  • Cookies from weak non-production instances (e.g. staging) were valid in production as cryptographic materials were the same — bypassing 2FA
  • Client certificates (exposed by email, ticketing, or lifted from filesystems) were combined with known credentials to access corporate VPNs
  • Engineering credentials were used to commit backdoors to version control which were self-approved and later deployed into production

Grant Potter

Grant Potter

Grant Potter

The Ultimate Browser-Based Music Production Guide via @EBnet http://www.electronicbeats.net/the-ultimate-browser-based-music-production-guide/

Grant Potter

http://firstmonday.org/ojs/index.php/fm/article/view/6944 Open cultural production and the online gift economy: The case of Blender

Grant Potter

Pizza in full production at our bayside oven

Grant Potter

"the tampering is done during the fabrication phase of the chip's production, long after the chip's design is finalized" http://ieee-security.org/TC/SP2016/papers/0824a018.pdf