Category: Security

Security, Tech

Being on the grid made easy.

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Hmmp, funny thought.
Photo by Pixabay, please support by following @pexel.com

You know, there is always something you could learn on the internet. If you’re interested in getting better at math, you can learn how to do equations better, if you’re interested in learning another language, you can find courses online (or people in real life) and learn. And if you’re interested in finding out if your supervisor has an O.F. page so you can later use it for blackmail, there’s sure a place for that as well.

Well, not so much the last point since all you would have to do is a quick search– however, we’re not here to tell you how to ruin others, you’re an adult (we hope), so do your research. To the point, there has been a term making its rounds in the cybersecurity realm which at first glance may seem like a good idea but upon closer examination, it may have you saying “Oh, dear”.

Wait, I can get better at math?
Photo by Andrea Piacquadio, please support by following @pexel.com

The Attack

So, what is this term that was been square dancing all over the internet and two-stepping into the organization’s heart of fear? Look no further than LOTL. At first glance, you wouldn’t be wrong for thinking it breaks down to Lot Lizard, however, you’re wrong. And if you don’t know what they are, again, you’re an adult (we hope), do your research. If you don’t feel like doing your research, we’ll give you a hint. They have been known to be a fun bunch and have nothing to do with lizards. Unless you’re talking about the lizard part of the brain, then they may have found a cleverly way to incorporate fun time with science. Meh, who knows?

Humans have lizard parts in their brains? Who knew?
Photo by Robert Nagy, please support by following @pexel.com

Who Can It Be Now

LOTL is “Living off the land”, this is a form of cyber-attack where the threat actor carries out malicious activities using legitimate IT admin tools. This goes along with using RAT (Remote Access Tools), the end goal is to get into the system or network and escalate their user privileges. Why would someone want to increase their user privileges, we can hear you ask. Well, the answer is simple, anything you can do, they can do as well, if not, better.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Yes, your browser history is most interesting.
Photo by Mikhail Nilov, please support by following @pexel.com

That Sinking Feeling

You might be wondering, how is something like this done. There are many ways this is executed but for the most part, it comes from an insider threat. Insider threat actors have knowledge about the organization they work for and already are trusted members, with these two factors make them the prime candidates for wreaking havoc.

Blamed for something I didn’t do. I can’t possibly see why I would be disgruntled.
Photo by Yan Krukau, please support by following @pexel.com

The Prevention

So, you’re a big company and you’re looking to protect yourself from insider threats. How can you protect yourself? The answer is simple, pay the people who work for you well, and you won’t have any problems. Obviously, we can hear you chuckling under your breath, yes, we know that’s not going to happen. Jokes aside, you can’t protect yourself 100% since you’re always going to have something that someone else or an organization wants. These threat actors could be hired by your competitors to sabotage or steal valuables from you. The best thing to do is to have training for employees in common cybersecurity issues and how to handle them and be vigilant when in the presence of odd behavior from others. This includes finding out that Bob from accounting has been living in the storage closet for about three weeks now, it’s understandable his wife kicked him out and he has nowhere to go, but this does classify as suspicious insider threat behavior and needs to be reported.

Yeah, I came up with these numbers while in the storage closet. I do my best work there.
Photo by Kampus Production, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on LOTL? Script a comment below.

AI, Programming, Security, Tech

How to View through Keynotes

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

It’s the first day on the job and there’s a new script! This is going to be the best day ever!
Photo by SHVETS production, please support by following @pexel.com

It’s your first day on the job. You walk in and sit down to mentally prepare yourself for the laundry list of tasks ahead. While seated at your keyboard, you notice there is a camera installed in the corner of the room pointing at you.

Feeling a little unsettled you look back at your computer keyboard and before you begin to type. You get this eerie feeling of something or someone watching you from all devices.

The camera, the webcam, and even the keyboard feels like they’re watching, and you are not too sure if what you are feeling is real. Let me script for you how this may be your reality.

Timmy: Z-Daddy says we’re being watched by the big boss.
Tom: We’re not interesting enough to spy on. He’s just trying to wig us out.
Photo by Fox, please support by following @pexel.com

Local Private Eyes

You understand how the camera and webcam could be the ones watching your every move. At some point or another, it’s been reported in the news, but to spout that your keyboard can be watching as well, now that might be a thing of nonsense.

You could say one is being unreasonably paranoid. Let me introduce you to a device called a “keylogger”. You may have heard it go by other names such as keystroke logger or keygrabber.

Keyloggers are tools used to capture all your interactions with the keyboard. This means everything you type is recorded and stored for later evaluation. This includes all the questionable websites you visited during the duration of your shift. We’re all looking at you nudemidgetcowgirlsfromouterspace.com.

Henry: See, I told you they were visiting Scriptingthewhy during working hours.
Shaw: well, it is a semi-informative site with some humor but you’re right they’re supposed to be working.
Photo by AlphaTradeZone, please support by following @pexel.com

For Good, Bad, and the Dark-net

The use of keyloggers has been used for both good intentions and malicious ones. For good intentions, this involves things like parents installing a keylogger to monitor their child’s screen time. Although I don’t know of any parents doing that nowadays since we’re just happy to not hear them crying about anything. A silent and preoccupied child makes a happy parent.

Another good intention, though questionable, is companies have been known to use keyloggers to monitor employee productivity, as you would have imagined, yes, the overlords may watch you to ensure that you are in fact working. And finally, IT (Information Technology) departments can use keyloggers for troubleshooting problems with a device.

So, with all of these “good intentions” (minus the company part depending on how you look at it), you may be wondering what the bad or malicious ones are. Unauthorized personnel will use keyloggers to, not only be like Sting from the Police watching every move you make but later sell your information on the dark web or hijack your life if they want.

Again, you’re a somebody and that means every person on the dark net doesn’t mind being you. Whether you choose to believe it or not your information has value.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Eric: You read the latest script? Nice, big boss wants to see you by the way. Don’t worry bro, your computer is safe with me.
Bob: I don’t think I should just leave it with you like that.
Eric: Nah bro, you can trust me.
Photo by Helena Lopes, please support by following @pexel.com

Connection via Co-worker

So how would something like this work? This is usually done by social engineering but you’re going to be highly disappointed to know that the installation of such a device is as simple as inserting a USB (Universal Serial Bus) thumb drive.

An example of this might be you’re in your office and Eric from accounting comes in to let you know that the big boss wants a word with you, so you head out to the big boss. If for some reason or other, you leave Eric in the office he can then go to your computer, hook up a device to the plugin slot for your keyboard, and connect your keyboard plugin to the keylogger device.

Photo of keygrabber device.
Photo by keelog,@https://www.keelog.com/usb-keylogger/

From there, all the information is ready to be recorded. There are other means outside of using this tactic. The use of web page scripts provides you with an infected link leading you to a malicious website where the software will download to your computer for the keylogger.

Phishing offers the same tactic, but it is delivered to your email instead, this could be where you see an email featuring the classic “click on the link if you want to marry your Russian princess” or prince. Just so you know, Z-Daddy doesn’t judge, love is love.

And finally, unidentified software is downloaded, this may also be known as “drive-by downloading”, again it’s not what you think, computer nerds aren’t driving around firing malicious code from the side of the car as they go by. This occurs when you visit a website like nudemidgetcowgirlsfromouterspace.com and a file is downloaded without your consent.

Sean: Watching out for people is tough.
Amber: Watching over people is tougher, it’s a good thing we have Z-Daddy.
Photo by KoolShooters, please support by following @pexel.com

Watching Overall

Now while keylogging has some good and bad use cases, let’s be honest, no one likes to be watched without their consent. There may be a niche few who don’t mind because they feel as though they have nothing to hide. However, having this knowledge is important in protecting or simply figuring out if “Big Brother” or another interested party is viewing what you do.

A few ways of confirming are; if your browser is operating sluggishly or slower than normal, if there is a lag in keystrokes or cursor movements, or if your cursor disappears randomly during movement.

Physically, you could inspect your plugins by unplugging them and checking if a questionable device is seated in any of the USB slots. For digital or online protection, avoid visiting or downloading software from unknown trusted sources, if you receive an email from Eric with an attachment saying, “Good times are to be had here, click and download for more,” keep a close eye for grammatical or spelling errors and crosscheck with Eric as that may not have been him.

Always keep an understanding that your personal information is extremely valuable to an attacker. If you have massive debt, it’s not a problem, they’ll get you more and if you have no debt, that’s also not a problem, they’ll find you some.

Julia: Ben, since we subscribed and stayed informed, look at how much we’ve avoided.
Photo by Mikhail Nilov, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed with keyloggers? Script a comment below.

Programming, Security, Tech

A Virus Built with Love

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Sean: I’m always here for you.
Samantha: That’s great but you only have $30 in your pocket, and I only have three more minutes left.
Photo by Ana Maria Moroz, please support by following @pexel.com

Here’s a strange question for you. Have you ever loved someone so much that you create something in their name? Not like a creepy shrine or anything like that, I mean create something and let it loose on the internet for it to wreak havoc on the world.

If you haven’t, then you’re a part of the unlucky club as most people haven’t experienced that kind of love. Well… I say love but it very well could be just wanting a good “fun hugging” time and things just didn’t work out because well, money.

It kind of makes the world go round. However, let me script to you someone who has and how the internet went ablaze with the “You got mail” era.

You pay, I slay.
Photo by Efigie lima Marcos, please support by following @pexel.com

50 Networks of Melissa

Back in the heyday of AOL (America Online), there once was a virus called “Melissa”. I know someone is probably offended and wondering why their name is a computer virus that may be oddly categorized wrong since worms replicate themselves throughout a network, which is what this “virus” did.

I’m not going to get into the politics of it. Just know this virus was created and released, and many people were upset. Melissa (sorry for anyone known by this name and reading this), is what is called a “macro virus” – meaning this virus was written in the same language Microsoft Word and Excel were developed in.

Melissa (again, sorry, I didn’t choose the name) would hide in spreadsheets and activate as soon as you open the file, once opened triggers malware made to wreak havoc on your machine and further spread the virus to the edges of your contacts list and theirs and so on and so on. Melissa was the kind of gal that kept on giving.

David: I told you already, her name is Melissa, and she loves me.
Dr. Paterson: David, we’ve been over this. A computer virus that you created can’t love you.
Photo by Timur Weber, please support by following @pexel.com

Breaking AOL and Beyond

You may be wondering, who was this madman or madwoman, it’s wrong to assume the gender nowadays, that created this virus in the name of love. Look at no other person than David Lee Smith.

David chose to make use of the confusion surrounding the internet and email at the time since the internet or web1 was in its early stages. I don’t see how there was that much confusion, it was either you have mail or you don’t have mail. It seems pretty straightforward if you ask me, but you didn’t so whatever. Rambling aside, David, in late March of 1999, hijacked an AOL account and used it to post a file on an Internet newsgroup name “alt. sex”.

The post was promising a really good time because it offered over a dozen free passwords to websites where you had to pay for adult content. Posting like that nowadays wouldn’t have much of an effect since most of what you want to watch is free however, I am aware there are a number of you out there who are broken and may need to find some “harder material”. Like cats being shuffled around in duffle bags, Z-Daddy isn’t judging.

Oh, and he chose to name this virus Melissa after a stripper that he was into. I’m guessing the story is, he fell in love, and she said you don’t have any more money, he got depressed and created a virus, giving it her name to make her famous.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Hello from the other side, I’ve must’ve called a thousand times.
Photo by Hebert Santos, please support by following @pexel.com

Setting Fire to the Network

So, what were the effects of Melissa’s presence? Well aside from overloading email servers at more than 300 corporations, government agencies included, no the government is not happy when you mess with them however they are giddy when they get to mess with you, it ended up shutting them down entirely along with costing $80 million in damages.

The virus functionality worked in the form of phishing, where you would open an email and click on an attachment, the infected file would then activate and read to the computer’s storage where it would create an Outlook Global Address. After this, the virus would then send copies of itself to the addresses read.

So in a nutshell, this would get into your machine, find your list of contacts, and begin its great journey spreading itself down everyone’s cornhole. Psychotic ex strippers…am I right?

I will siren your bank account and beyond.
Photo by Somewherewith Tom, please support by following @pexel.com

Protection Against Sirens

You don’t need to worry about this Melissa getting into your life and mucking it up anymore, well for the most part. The news spread fast enough to slow the spread allowing cybersecurity professionals to contain and restore their networks. However, this doesn’t mean that you’re free to run around clicking on links promising you a good time.

There is a wide array of viruses out on the internet that have the same attributes as Melissa. But ways you could prevent her from ever knocking on your door…well, one way is not forgetting to tip your bartender and close your tab.

Always follow good bar patron best practices. When checking your email, if you find you have to take a double look because something seems grammatical or misspelled, for example, “h0w ar e    you” versus “how are you”. If the email you received came from someone you know, it’s always a good thing to double-check with them to confirm that they sent it.

Always use an antivirus/antimalware/antispyware and make sure your operating system is up to date as patches for any vulnerabilities would include improving the safety of not only your computer but your wallet as well.

But to protect yourself entirely is just to use common sense and if it looks phishy, then don’t engage, and delete it immediately. On the internet Melissa has friends and they can do the same thing as her, if not better, just when you thought she was one of a kind.

Seth: The latest script was like OMG, and it made me ten times happier to be with you.
Tina: I know, Z-Daddy made me feel the same way.
Photo by cottonbro studio, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Think there was something I missed or may have gotten wrong about Melissa? Script a comment about it down below.