Open Port ~/ security / news / blog

The Route Into GitHub Began Upstream

article

GitHub said it detected and contained a compromise of an employee device on May 18 involving a poisoned third-party Visual Studio Code extension. The activity involved exfiltration of GitHub-internal repositories only, and the attacker's claim of approximately 3,800 repositories was directionally consistent with the company's investigation.

The company also reported no evidence of impact to customer information stored outside its internal repositories. The entry point is what makes the incident unusual. GitHub's public account did not describe a direct compromise of its own platform or production systems. It centered on software running on a developer workstation: an editor extension installed through the same kind of channel developers use every day.

The trail runs backward from that employee device, through the compromised extension, and into an earlier supply-chain incident that set the route in motion.

>> continue reading

Nmap for Penetration Testing

article

Nmap is one of the first tools a penetration tester reaches for when trying to understand a network. It helps answer the early questions that shape the rest of an assessment: what is alive, what is exposed, what services are running, and what deserves a closer look.

Short for Network Mapper, Nmap can discover hosts, identify open ports, enumerate services, detect operating systems, and run scripts that support deeper enumeration and vulnerability research.

>> continue reading

Cracking Hashes with John the Ripper

article

Today I started learning about the basics of John the Ripper. John is an offline password-cracking tool used to test password hashes and identify weak passwords. Instead of trying to log in to a live service, John works against hashes that have already been collected or exported.

Before covering the basics of the tool, it helps to understand a few cryptography terms and how password cracking works.

Most modern systems do not store user passwords in plain text. Instead, they store a hashed version of the password.

>> continue reading

Hello World

article

Hello World.

It is usually a beginner's first step into programming. The program itself barely does anything. It prints a line of text and exits. But that is the point. It is the first time you make something run.

Cybersecurity feels similar. At the beginning, everything looks bigger than it is: networks, exploits, malware, logs, Linux commands, tools you have never touched before. Then you start small. You build a lab. You scan a machine. You break something. You fix it. You write down what happened.

>> continue reading