1
00:00:07,350 --> 00:00:13,450
Everybody, our last speaker of the day is here, so please get your seats and we'll get started.

2
00:00:15,950 --> 00:00:20,550
Side pocket, you'll have to pick up one of the microphones to get megaphone so everybody hears you.

3
00:00:20,870 --> 00:00:21,730
Okay.

4
00:00:22,390 --> 00:00:31,170
Welcome everybody to the last session of today and last one for the last presentation for DEF CON 30 VR event.

5
00:00:31,170 --> 00:00:35,890
We will be open tomorrow for people to hang out and socialize and also this evening.

6
00:00:35,890 --> 00:00:41,170
So hang around and try cow tipping and throwing the cow off the roof in the outside area.

7
00:00:41,170 --> 00:00:45,570
And also you can play catch with Trevor the cockroach.

8
00:00:45,570 --> 00:00:53,350
As well as there are now Easter egg teleport pads somewhere up on the beams that allows you to get up on the beams and roof.

9
00:00:53,510 --> 00:00:57,330
So without any further ado, I would like to introduce Side Pocket.

10
00:01:00,690 --> 00:01:06,550
He's going to present when Firefox gets angry, a web browser for red teamers.

11
00:01:07,090 --> 00:01:14,510
Side Pocket is co-founder of DEF CON group 201, an open group for hacker workshop projects in northeast New Jersey.

12
00:01:14,510 --> 00:01:20,270
Side Pocket is constantly wanting to help people to get better at whatever they want to do and learn.

13
00:01:20,270 --> 00:01:23,690
He also has a history with New York City 2600.

14
00:01:23,690 --> 00:01:25,190
Yay 2600!

15
00:01:25,210 --> 00:01:29,190
Radio Stadler at Hackers on Planet Earth.

16
00:01:29,190 --> 00:01:34,130
Tool, the lock picking group and Phone Losers of America.

17
00:01:34,130 --> 00:01:38,210
Museum of Urban Reclaimed Spaces and Yes Men.

18
00:01:38,210 --> 00:01:43,130
Find out more about DCG 201 at the link provided.

19
00:01:43,150 --> 00:01:47,390
So without any further ado, take it away Side Pocket.

20
00:01:48,010 --> 00:01:51,310
Okay, let's see if I can pick up the mic here.

21
00:01:52,790 --> 00:01:55,410
This is probably going to be my grandpa moment.

22
00:01:56,370 --> 00:01:58,050
Is the mic on?

23
00:01:59,350 --> 00:02:02,850
Hey, it's always a talk of mine when there's like weird technical difficulties.

24
00:02:04,570 --> 00:02:05,710
Let's see.

25
00:02:05,710 --> 00:02:08,570
Can anyone hear me or have I not picked up the mic yet?

26
00:02:08,830 --> 00:02:09,790
Oh, you're good to go.

27
00:02:11,830 --> 00:02:12,710
Awesome.

28
00:02:12,750 --> 00:02:14,990
Okay, so I am.

29
00:02:14,990 --> 00:02:19,090
Hello, sorry for anyone who was expecting to watch this yesterday.

30
00:02:19,090 --> 00:02:26,690
I had multiple monkey wrenches thrown in, including how I thought the presentation was going to go in a different way.

31
00:02:26,690 --> 00:02:36,350
That was my fault, not realizing how particularities of all space VR, as well as I was not expecting real life hitting me so hard over the weekend.

32
00:02:37,410 --> 00:02:39,230
So, but I'm here now.

33
00:02:39,310 --> 00:02:42,990
And basically, and I don't know how to do slides.

34
00:02:42,990 --> 00:02:43,910
Do I just say next slide?

35
00:02:44,970 --> 00:02:46,110
Yes, that's all you have to do.

36
00:02:46,110 --> 00:02:46,610
Awesome.

37
00:02:46,610 --> 00:02:47,830
So you can go to the next slide.

38
00:02:47,830 --> 00:02:52,790
I'm going to provide a little bit more of an in-depth intro about myself and kind of what they've talked about.

39
00:02:54,970 --> 00:03:01,890
Two co-founders, DCG201, the other co-founder is GI Jack, who is currently hanging around in California.

40
00:03:01,890 --> 00:03:03,230
I don't know if he's at DEF CON.

41
00:03:03,230 --> 00:03:04,810
I don't think he's at DEF CON this year.

42
00:03:04,810 --> 00:03:08,310
So he's probably like me and attending it virtually, but awesome dude.

43
00:03:08,310 --> 00:03:12,490
He will forever be the other co-founder of our group.

44
00:03:12,490 --> 00:03:14,870
Very fortunate to be part of DEF CON groups.

45
00:03:14,870 --> 00:03:17,950
I believe we are the fourth time New Jersey group has started.

46
00:03:17,950 --> 00:03:23,330
I also know for a fact that we're, this is like my humble brag, we are the longest running one.

47
00:03:23,330 --> 00:03:26,970
It's been five years and I'm hoping by March next year, it will be six years.

48
00:03:27,370 --> 00:03:28,610
We do a bunch of stuff.

49
00:03:28,610 --> 00:03:30,250
We were doing okay during the pandemic.

50
00:03:30,250 --> 00:03:39,410
And then a lot of real life stuff hit, funny enough, after we all got vaccinated, because biosecurity is just as important as computer security.

51
00:03:39,410 --> 00:03:45,370
And yeah, so we were on a bit of a kind of a in-person meeting hiatus, obviously.

52
00:03:45,370 --> 00:03:48,110
And we are going to kind of build ourselves back a bit.

53
00:03:48,190 --> 00:03:50,710
I'm also part of a lot of different other groups over the years.

54
00:03:50,710 --> 00:03:55,730
Basically, I am not one of the oldest hackers, but I have definitely been around and done some stuff.

55
00:03:55,870 --> 00:04:01,830
And every time games and liquor stores ask me for my age, it keeps longer and longer to scroll.

56
00:04:02,050 --> 00:04:05,070
If you want to find more about us, we are still retuning our website.

57
00:04:05,070 --> 00:04:14,250
So I would like to direct you over to either our Medium blog, which also has a huge list of guides for all the goings on for Hacker Summer Camp.

58
00:04:14,250 --> 00:04:17,710
They're updated in real time, as well as a general guide to how to survive Vegas.

59
00:04:17,710 --> 00:04:24,970
So if you have friends who want to know what's going on or how not to die in Vegas, you can go check out our guides and Medium blog.

60
00:04:24,970 --> 00:04:38,410
And there's also a linktree at linktr.ee slash Defcon 201, which provides all of our social links and other blogs, access to tour, etc.

61
00:04:38,410 --> 00:04:39,590
Next slide, please.

62
00:04:41,730 --> 00:04:44,450
This is going to be kind of a basically a short presentation.

63
00:04:44,450 --> 00:04:53,870
Originally, I thought I was going to be able to somehow stream, like, basically, like, re-mirror the browser and I would walk through that.

64
00:04:53,870 --> 00:04:59,430
This is going to be I'm going to instead do a more verbal walkthrough with one or two minor pictures.

65
00:04:59,550 --> 00:05:05,490
And this is going to be kind of like my like sneak peek overview of what this whole browser is.

66
00:05:05,490 --> 00:05:14,330
And then next week during our the day after our meeting, because now we we do video live streams a day after our physical meetups.

67
00:05:14,490 --> 00:05:17,310
I will actually do a video walkthrough of all this.

68
00:05:17,310 --> 00:05:20,990
That's also when the browser is going to drop.

69
00:05:20,990 --> 00:05:25,810
But before I get into I want to kind of talk to why I kind of created this whole thing.

70
00:05:25,810 --> 00:05:28,130
And this is nothing like super leader fancy.

71
00:05:28,130 --> 00:05:41,090
This is just one of those things that we often have in the hacker world where, you know, you would think there'd be something kind of like this of a web browser that's designed for more in-depth web or taking an existing web browser, modifying it.

72
00:05:41,090 --> 00:05:43,250
But I've just never seen this done before.

73
00:05:43,250 --> 00:05:49,310
And I came across it because I started myself as a total noob in the CTF.

74
00:05:49,310 --> 00:05:54,530
I've been slowly like learning a lot of new, more relevant hacker skills than when I was younger.

75
00:05:54,530 --> 00:05:59,390
I'm very recently through Jeopardy style and even one or two attack and CTF defenses.

76
00:05:59,390 --> 00:06:04,290
Not one anything, just practicing my skills, trying to see how far I can go, do hack in the box and stuff.

77
00:06:04,510 --> 00:06:10,070
And but one of my things is that I am really into web browsers.

78
00:06:10,610 --> 00:06:21,550
I grew up in that era, which I don't know if any of you folks have in the audience of that time period where in order to do anything on the web, you had to have the three horsemen of the apocalypse.

79
00:06:21,850 --> 00:06:25,890
At the time, I think it was Netscape, I think it was Netscape, Opera and Google.

80
00:06:25,890 --> 00:06:30,570
And then you would have Internet Explorer to just be like you're what they call in the movie hackers.

81
00:06:30,570 --> 00:06:35,210
Like it does like all the bitch work, you know, crack files stuff, a.k.a.

82
00:06:35,210 --> 00:06:38,530
just downloading the one or two things that Microsoft said particularly with.

83
00:06:38,530 --> 00:06:47,930
And ever since those times, I've always been keeping up to date with what different browsers are doing, new odd variants, changes, privacy violations, etc.

84
00:06:47,930 --> 00:06:57,090
And I also routinely test browsers, including browsers that people have put into their Linux distributions who want to know that their features work.

85
00:06:57,090 --> 00:07:06,430
And what I found during the CTF sort of stuff is that people would use the browser, especially for Jeopardy CTF to who?

86
00:07:06,430 --> 00:07:07,770
Yeah, I really like those.

87
00:07:08,150 --> 00:07:14,690
They would use the browser to obviously interface with the Jeopardy style CTF, which works exactly like the Jeopardy panel.

88
00:07:14,690 --> 00:07:21,930
We click on something that's worth X amount of points and it gives you files or a website to go to and you have to find the flag.

89
00:07:21,930 --> 00:07:29,470
And they might use, especially if there's a browser exploitation category, the browser to actually go to the destination.

90
00:07:29,470 --> 00:07:45,690
But then they would be endlessly loading and looking up so many different tools and resources that are external in their operating system, whether they've customized their own version of Linux or running on a subsystem in Windows or running Kali, etc.

91
00:07:45,690 --> 00:07:52,730
And if you want to get an example of this, on Thursday, I believe, there was the Global Cyber Games for Charity.

92
00:07:52,730 --> 00:08:04,650
If you're in Vegas, there's a giant esports arena and that's where they held these Global Cyber Games, which basically imagine doing CTF.

93
00:08:04,650 --> 00:08:14,550
Imagine if Evo, which is the huge fighting game tournament that actually came a week before in Vegas at the Melinda Bay where Black Hat normally is.

94
00:08:14,550 --> 00:08:19,790
So imagine doing CTF, but on like an esport gamer scale, there's a huge crowd and everything.

95
00:08:19,790 --> 00:08:21,310
And I was watching them.

96
00:08:21,310 --> 00:08:28,530
And while some of them had one or two extensions that I've made because I've been working on this type of modification for two years.

97
00:08:28,550 --> 00:08:38,710
I saw them still fumbling through trying to get through terminal, doing all of this external stuff to do man in the middle attacks, like basically like doing it the hard way.

98
00:08:38,710 --> 00:08:44,870
It's like using WeGet and manually installing a dot dev instead of just clicking on the dot dev and loading it.

99
00:08:44,870 --> 00:08:47,730
And they were like eating so much time.

100
00:08:47,730 --> 00:09:06,470
And so I was just watching this and it came to my philosophy with this, which I was like, one, I wanted to see if I could create a browser instance that would do a lot of the stuff that you would use for external tools in terminal and visually inside the browser.

101
00:09:06,470 --> 00:09:15,590
But the goal of is that you would do the least amount of stuff, especially for web penetration, testing categories and CTFs.

102
00:09:15,590 --> 00:09:24,210
You would do the, what do you call it, the minute, like every, there should be so much done in browser that it should be an exception that you load an external tool.

103
00:09:24,210 --> 00:09:30,610
I wanted to basically push to see how far you could go with just doing a ton of hacker stuff in browser.

104
00:09:30,870 --> 00:09:32,470
Next slide, please.

105
00:09:34,090 --> 00:09:38,690
So just a bit of methodology of me creating this, just a bit of background.

106
00:09:38,690 --> 00:09:40,930
I went to Firefox.

107
00:09:40,930 --> 00:09:49,650
I use Firefox because not only is it the sort of, normally I would say it's that sort of hacker and open source like big browser of choice.

108
00:09:49,650 --> 00:09:54,650
But honestly, sadly, practically one of the few only choices since Google is in everything.

109
00:09:54,650 --> 00:10:05,830
And while there are really cool extensions and tools that you can use in Google Chrome, and I will go into those as a separate thing in a later date, I'm trying to minimize.

110
00:10:05,830 --> 00:10:14,530
It's not much so much Google tracking stuff, although that's an issue, but the bloat and combined with how customizable Firefox is.

111
00:10:14,650 --> 00:10:19,610
This is, I took, I basically created a new profile on Firefox and I created this whole thing.

112
00:10:19,610 --> 00:10:21,590
Note about this browser.

113
00:10:21,590 --> 00:10:23,850
This browser, again, it's red teaming.

114
00:10:23,850 --> 00:10:25,130
It's designed for attack.

115
00:10:25,130 --> 00:10:26,950
It's a giant glass cannon.

116
00:10:27,470 --> 00:10:38,070
When you eventually, because as I'm going to mention a week from now, I'm going to make a blog post that will go in depth with most of the stuff that I've said here, maybe one or two other tweaks.

117
00:10:38,070 --> 00:10:46,490
And you'll be able to actually get the profile instance in a zip or a tar and bring it over, drag and drop into a Firefox profile.

118
00:10:46,490 --> 00:10:55,270
You go to the about colon profiles, drag and drop it in and everything should load the bookmarks, everything.

119
00:10:56,910 --> 00:11:02,670
But I'm worried that when people see this for the first time, that they're going to be like, hey, wait a minute.

120
00:11:02,670 --> 00:11:06,070
Like, why is there, for example, no uBlock origin?

121
00:11:06,070 --> 00:11:08,470
Why is there no privacy badger?

122
00:11:08,470 --> 00:11:12,830
Why is HTTPS not a default on there?

123
00:11:12,830 --> 00:11:16,510
And that's because, again, this is designed for red teaming on purpose.

124
00:11:16,590 --> 00:11:23,670
There are many, many different browsers I can point to from trying to, for some reason, brain's failing me right now.

125
00:11:23,670 --> 00:11:25,770
But there's many different ways you can configure Firefox.

126
00:11:25,770 --> 00:11:31,390
Go to privacyguides.org to configure it to be more private and secure on the defense side.

127
00:11:31,810 --> 00:11:37,230
There are so many like Librewolf is one of them that's on Google Chrome.

128
00:11:37,230 --> 00:11:38,910
There's so many done for privacy.

129
00:11:39,070 --> 00:11:42,030
I see that as more blue teaming thing and blue teaming is really important.

130
00:11:42,030 --> 00:11:44,990
But the focus here is this is designed for attack.

131
00:11:45,190 --> 00:11:55,290
And it lets certain vulnerabilities on default of that default Firefox loads on purpose to actually execute certain red teaming things.

132
00:11:55,290 --> 00:11:59,490
And you'll see what I mean in a moment when we get to the to the next section.

133
00:11:59,490 --> 00:12:01,810
And you'll see what the browser looks like.

134
00:12:01,810 --> 00:12:06,630
Fun thing, if you haven't noticed, the slide deck is actually what the browser looks like.

135
00:12:06,630 --> 00:12:09,390
So I had screenshot it at that top bar.

136
00:12:09,650 --> 00:12:11,190
That's what you see when it loads in.

137
00:12:11,190 --> 00:12:15,010
And of course, for a little fun, I put a little anomalous hacker thing in the corner just as a visual thing.

138
00:12:15,090 --> 00:12:18,810
And to note on that, you don't need you can change anything you want.

139
00:12:18,810 --> 00:12:28,410
And in fact, if you want to open your own Firefox profile and just download one or two or five of the extensions that are going to be in there, because there's going to be a lot of extensions.

140
00:12:28,410 --> 00:12:32,170
I did minimum profile changes and just use those.

141
00:12:32,170 --> 00:12:33,190
That's fine.

142
00:12:33,190 --> 00:12:38,890
When you eventually download the profile, if you want to go edit, add more extensions, take others out, that's fine.

143
00:12:38,890 --> 00:12:41,170
You don't have to use all of this.

144
00:12:41,170 --> 00:12:56,250
This is just me slaving away for roughly two years now and testing this on CTFs I've entered in and just literally eating up especially web exploitation sections of CTFs.

145
00:13:00,990 --> 00:13:03,950
This is a browser that's essentially error 15.

146
00:13:03,950 --> 00:13:05,450
It does not come with a shield.

147
00:13:05,450 --> 00:13:07,130
It's a sword, not a shield.

148
00:13:07,130 --> 00:13:16,190
Certain what you would consider privacy flaws were left in by design due to how some of the extensions and modifications works.

149
00:13:16,190 --> 00:13:21,490
So you can actually do reconnaissance, OSINT, and red teaming better.

150
00:13:21,490 --> 00:13:28,630
And that also, whether you download this profile, or you're just taking notes from what I'm saying here, you don't have to use all of these.

151
00:13:28,630 --> 00:13:33,450
I'm just putting this information in the downloads and what these extensions are modifications out there.

152
00:13:33,450 --> 00:13:37,910
So you can tweak and do this as ever you want, just like any sort of other open source tool.

153
00:13:37,910 --> 00:13:38,970
Okay, next slide.

154
00:13:40,250 --> 00:13:45,530
So this is a slide we're going to hang on for the most amount of part just because I ran out of time and crazy real life stuff.

155
00:13:45,530 --> 00:13:51,610
I don't know if the... my voice should still carry over by looking at this.

156
00:13:51,610 --> 00:13:56,270
Actually, I just remembered, the way I'm going to walk through this is I actually have the browser open on my end.

157
00:13:56,270 --> 00:13:57,650
So I'm going to read through a bunch of things.

158
00:13:57,650 --> 00:14:03,250
So this picture here is the most of the actions going to be in the upper right hand corner.

159
00:14:04,450 --> 00:14:10,410
I took a screenshot of it and made it bigger because I know with the slide deck, especially in all space VR, it might be hard to see.

160
00:14:10,430 --> 00:14:12,010
So you can see everything there.

161
00:14:12,010 --> 00:14:16,430
And I want to talk a bit about why I designed the extensions the way it is.

162
00:14:16,430 --> 00:14:22,990
Because unfortunately, the way Firefox works, when you load the profile, it's going to mass dump all of those icons.

163
00:14:22,990 --> 00:14:26,010
So it's going to be up to you to organize it the way you want.

164
00:14:26,010 --> 00:14:30,110
But I just wanted to show what I call the default configuration that I made.

165
00:14:30,130 --> 00:14:39,030
So one of the philosophies I had here was I want everything to be, or most things to be easy to see and read and recognizable just by looking at it.

166
00:14:39,030 --> 00:14:46,270
Even when you're in code looking at the backbone of different websites and stuff, everything should be readable.

167
00:14:46,270 --> 00:14:48,730
Most of the stuff's in the upper right hand corner.

168
00:14:48,730 --> 00:14:52,950
Some things are going to open their own tabs.

169
00:14:52,950 --> 00:15:04,830
And some things are in other sections of Firefox, whether it's the bookmark mode, or the F12 peeking behind the scenes, looking at the source file mode.

170
00:15:04,870 --> 00:15:07,870
But most of the stuff's in the upper right hand corner.

171
00:15:07,870 --> 00:15:10,330
So I wanted everything to be easy to access.

172
00:15:10,330 --> 00:15:14,330
I wanted things to be grouped into categories, which I will walk through.

173
00:15:14,330 --> 00:15:23,850
Also tiers, all the stuff on the top are like the most used and or ancillary extensions.

174
00:15:23,890 --> 00:15:35,330
The second row is really important because the second row or that middle row, the philosophy I also had is what I call the dashboard of a car.

175
00:15:35,330 --> 00:15:48,870
This is something I picked up from from a video game called Doom Eternal, where they talked about designing their UI, because I think UI design is horrifically underrated in all aspects of software development, especially nowadays.

176
00:15:48,910 --> 00:15:55,630
And they were talking about how because of the way they design their game, it's super fast paced, and you're juggling multiple things at the same time.

177
00:15:55,630 --> 00:16:06,090
So they didn't want their users to be hung up, their players to be hung up on the AI and figure out, oh, crap, I run out of ammo, where is it display how much ammo I have?

178
00:16:06,090 --> 00:16:07,130
What type is it?

179
00:16:07,130 --> 00:16:08,330
What am I holding right now?

180
00:16:08,330 --> 00:16:09,730
Do I have any health left?

181
00:16:09,730 --> 00:16:30,890
And so what they designed was not only they made everything clear in terms of like everything sharp, there's no contrasting, that there's actual contrast, there's things not blurred out, but that they did things where when you ran out of ammo, the ammo section would light up a certain color and each ammo type had its own sub color and stuff.

182
00:16:30,890 --> 00:16:41,070
So their idea was a dashboard at your car, the focus of the car is looking ahead driving on the road, you don't want to use the driver to be distracted by the stuff going on the dashboard.

183
00:16:41,070 --> 00:16:47,410
So when your oil runs out, the oil like blinks, you know that it's blinking off the corner of your eye in a certain section.

184
00:16:47,410 --> 00:16:51,170
So you know the oils off, your eyes are still focused on the road.

185
00:16:51,170 --> 00:17:06,990
And not only did I try to use that design a lot here, but that's specifically what all those extensions on the second row are for the most part, is that these extensions will light up and change depending on what sort of web page that you're currently on.

186
00:17:06,990 --> 00:17:11,450
So basically, they mostly remain inactive or will not tell you information.

187
00:17:11,450 --> 00:17:20,210
And then once you go on to a page or a certain page, they will light up to let you know, hey, I'm usable or hey, I found data and that's displayed there.

188
00:17:20,210 --> 00:17:30,110
And the bottom row is all like hard coded, like this is the type of functions, this is what you're going to be normally using in terms of like engaging in the actual website.

189
00:17:30,110 --> 00:17:32,750
And there's a little particular particulars here and there.

190
00:17:32,750 --> 00:17:37,690
But I'm going to continue on because again, there's a lot of extensions.

191
00:17:37,770 --> 00:17:42,090
But before we get into those, I and again, we're going to be hanging on this slide for most of the talk.

192
00:17:42,090 --> 00:17:49,990
So I apologize in advance, I just want to go on to the settings and then explain why configurations behind the scenes don't quite matter here.

193
00:17:49,990 --> 00:17:52,230
And also why they're configured the way they are.

194
00:17:52,230 --> 00:18:01,370
So if you've noticed on here, just due to laziness, I just have one URL, where you type the URL section.

195
00:18:01,750 --> 00:18:11,430
Ideally, dead serious, you probably want to do with both the URL bar and the search tab, just so that you're always on search anytime you need it.

196
00:18:11,430 --> 00:18:13,690
I just forgot to turn it on when I made the screenshot.

197
00:18:13,690 --> 00:18:15,570
So I'm just pointing that out.

198
00:18:15,570 --> 00:18:27,910
Um, in terms of the actual search engine itself, when you download it, and normally Firefox loads with Google, yes, Google's really important, you know, it has a lot of power behind it and has a lot of options.

199
00:18:28,110 --> 00:18:35,390
But even though this is mostly attack, I did want to balance the most usability with Google that wasn't Google.

200
00:18:35,390 --> 00:18:46,250
So the default search engine, which you can't see on here is the brave search engine, just because of how essentially it mines from Google and a bunch of other websites, and sort of puts them in a corner.

201
00:18:46,250 --> 00:18:51,890
And I just found them to be the right balance of not being ducked up, go, but not being Google either.

202
00:18:51,890 --> 00:19:02,870
Now, to be fair, I also still have as options ducked up, go, the best versions, the best version of search X, or S-E-A-R-X.

203
00:19:02,870 --> 00:19:06,830
There's many instances of that search engine, but I put that in there.

204
00:19:07,110 --> 00:19:14,370
Those are both in there as options, but I by default have brave browser selected on here.

205
00:19:14,890 --> 00:19:23,270
With privacy and security stuff, again, I set everything to standard, it's not on strict or custom, and I'll explain why in a bit.

206
00:19:23,730 --> 00:19:30,350
All of the WebRTC is still enabled on, because I know red flags are going off, like, why would you leave this on?

207
00:19:30,350 --> 00:19:32,270
But trust me, I'll explain why in a second.

208
00:19:32,270 --> 00:19:42,710
So WebRTC is on, so all of the audio video interfaces you'd be doing, such as live streaming or streaming videos in, that still completely works here.

209
00:19:44,030 --> 00:19:47,170
Most of the defaults are left on, I just want to double check.

210
00:19:47,690 --> 00:19:51,710
Yep, you can still, it does location, camera, those are all on.

211
00:19:51,890 --> 00:20:05,010
And I do have the security, the block dangerous content, all of that, leaving certificates on, and it is enabled to HTTPS only mode, which is why there's very few extensions to do sort of privacy stuff.

212
00:20:05,010 --> 00:20:07,850
Now, the question is, why would I leave most of that on?

213
00:20:07,850 --> 00:20:08,950
Well, for two reasons.

214
00:20:08,950 --> 00:20:11,910
One, there is an icon.

215
00:20:11,910 --> 00:20:17,550
Let me see if I can find it on my end, because my brain's dying right now, because of crazy enough today.

216
00:20:18,070 --> 00:20:20,230
Also, I hope the audience has not fallen.

217
00:20:20,270 --> 00:20:22,790
Trust me, we're gonna get some very interesting stuff in a second.

218
00:20:22,790 --> 00:20:26,510
This is just sort of a pretext, but there is a button.

219
00:20:26,510 --> 00:20:35,210
So if you see that little red icon on the second row to the immediate right of it, and this is the only one that has bad contrast, because it's gray by default.

220
00:20:35,210 --> 00:20:43,950
This is an extension that is the, and actually, I should have probably moved down the upper bar, but it's there right now.

221
00:20:43,950 --> 00:20:47,230
But there's literally an extension that's called privacy settings.

222
00:20:47,230 --> 00:20:52,730
It's available on Firefox and Google Chrome, if you use Google Chrome.

223
00:20:52,730 --> 00:21:04,150
And instead of typing in about privacy, about settings, or going into settings and running through and clicking them, you just click on that extension.

224
00:21:04,330 --> 00:21:19,470
And not only can you go through the everything you would need to turn on off in there, but it also has the presets in there, you can restore to default, you can go for full privacy, which sets even certain attributes to full privacy mode that Firefox normally does by default,

225
00:21:19,470 --> 00:21:22,630
or enhance, which is kind of like the middle ground area.

226
00:21:22,730 --> 00:21:36,090
So one of the reasons why I left everything on default is because you're going to be able to directly control privacy of your browser, you know, seeing if cookies are coming in or whatever, directly through that extension.

227
00:21:36,090 --> 00:21:40,930
So there's no need to actually fumble through menus, it's all right there.

228
00:21:40,930 --> 00:21:55,330
The second thing is that I found that when I do CTFs, that when you do web, web security, web exploitation sections, that when they send you to a website, you're looking for vulnerabilities in the website.

229
00:21:55,330 --> 00:22:15,490
So for example, Snowflake, which is a extension by TORS in there, it creates it's that little purple icon in the second row all the way to the right is a passive extension, it creates an external node, so other people on TORS can use it.

230
00:22:15,490 --> 00:22:18,430
Nice thing, why is it in a red teaming browser?

231
00:22:19,010 --> 00:22:27,910
If WebRTC for some reason doesn't work on your end, that extension won't work, it will go dim, it will not be purple anymore.

232
00:22:27,910 --> 00:22:37,630
So you will know if WebRTC is still enabled or not, if there's something going wrong with your computer, or someone's doing, let's say, an attack and defense situation.

233
00:22:37,630 --> 00:22:41,150
And let's say they want to abuse or turn off WebRTC.

234
00:22:41,150 --> 00:22:48,430
As soon as that goes down on your end, you're going to know because that extension is going to turn off again, it's like the dashboard of a car.

235
00:22:48,570 --> 00:22:51,170
So that's another reason I left things on.

236
00:22:51,170 --> 00:22:56,170
And finally, the other extensions I'm about to go through, and it's going to be a lot, so bear with me.

237
00:22:58,890 --> 00:23:03,010
defaults on because again, you want to give these access.

238
00:23:03,270 --> 00:23:08,710
So let's now break things down by row by row.

239
00:23:08,790 --> 00:23:13,850
And I actually have a slide for this first extension, which I'm shocked no one has ever used.

240
00:23:13,990 --> 00:23:17,150
So we're going to go to the next slide and then go back to the previous slide.

241
00:23:17,150 --> 00:23:18,430
So next slide, please.

242
00:23:21,370 --> 00:23:22,130
Awesome.

243
00:23:22,130 --> 00:23:26,050
So this is something very recent that I've added.

244
00:23:26,770 --> 00:23:30,810
And while it has been useful for me, this is a proof of concept.

245
00:23:30,810 --> 00:23:33,870
Essentially, the extension is called xLinux.

246
00:23:33,870 --> 00:23:39,690
You can go search for it, download, it's going to come default when I release the profile next week.

247
00:23:39,690 --> 00:23:50,090
And essentially what it is, is that you can spin up your own Linux terminal in browser that is hosted on a free cloud service.

248
00:23:50,890 --> 00:23:55,470
So, as I said here, when you open it, that's the window you're going to see.

249
00:23:56,710 --> 00:24:01,510
It's basically your own Linux, small Linux virtual machine without having to do anything.

250
00:24:01,510 --> 00:24:04,730
Linux client, it's all text by default, no installation.

251
00:24:05,430 --> 00:24:09,470
It's defaulted to the common network configuration to access the informant.

252
00:24:09,470 --> 00:24:11,310
It supports framebuffer.

253
00:24:11,310 --> 00:24:16,530
It's a GNU C compiled file system involved.

254
00:24:16,530 --> 00:24:18,310
And here's another thing, by the way.

255
00:24:18,310 --> 00:24:27,790
When you load this browser, another extension that's going to auto turn on is the NoScript extension, which blocks JavaScript.

256
00:24:29,610 --> 00:24:50,970
When you load up certain some of these extensions to do the actual red teaming, if it doesn't work, go into NoScript and click on the icon that says temporarily give trust to this page and that extension will then work and you don't have to load it every time.

257
00:24:50,970 --> 00:24:56,330
So if you load any of these and it opens like another window and it's like, hey, why can't I see the terminal?

258
00:24:56,330 --> 00:25:03,070
I'm trying to load the Linux terminal in browser, just turn that off because some of this stuff uses Java as a visual interface.

259
00:25:03,070 --> 00:25:04,330
So I'm just putting that out there.

260
00:25:04,330 --> 00:25:12,910
But hardware expectation, it's a 32-bit emulator, 32-bit RAM, so it's very low spec.

261
00:25:12,910 --> 00:25:33,690
And I will say that while unfortunately, which is a headache, it doesn't have ETP, it doesn't have DPGK, it does have a bunch of actually surprisingly useful stuff, has nmap automatically loaded, it has open SSL, it has Ruby and Python scripting and other programming languages by default,

262
00:25:33,690 --> 00:25:35,630
you can edit stuff in nano.

263
00:25:35,630 --> 00:25:47,850
And I just find it useful because obviously, when I'm in a CTF, I always have my terminal open on a tab anyhow, or if I'm sandboxed on Windows, I load up the Linux, Kali Linux subsystem I have.

264
00:25:47,850 --> 00:26:04,630
But it's just nice to know that, you know, when it's like, oh, I have to add something in nano or hey, I want to log in or SSH something in the terminal, but I don't know if they've like honeypot it or trapped it in this, you know, exercise of the flag I'm trying to get that I can spin up a terminal,

265
00:26:04,630 --> 00:26:05,610
like try to access the terminal.

266
00:26:05,630 --> 00:26:10,010
Through nano, try to SSH tunnel through with it, try the coding in that.

267
00:26:10,010 --> 00:26:16,330
And not only do I have it there, and I can use my terminal for something else, like doing other like type of, you know, different scans in the background.

268
00:26:16,330 --> 00:26:20,110
Well, this terminal just does this cloud terminal does base work.

269
00:26:20,110 --> 00:26:36,470
But let's say I there's multiple SSH tunnels in this in this exercise on the CTF, and I try one, and let's say there's like, four of them are false gates, they're honey potted, and you fall into that, instead of having to deal with your terminal, and possibly having to even reset your OS,

270
00:26:36,470 --> 00:26:38,850
you just simply close that browser tab.

271
00:26:38,850 --> 00:26:40,070
And that instance closes.

272
00:26:40,070 --> 00:26:42,590
And when you hit it again, a completely new one loads up.

273
00:26:42,590 --> 00:26:48,430
So it's just a nice disposable, instant terminal right in the browser, right away.

274
00:26:48,430 --> 00:26:50,230
Please go back to the previous slide.

275
00:26:51,990 --> 00:26:54,450
That's to me like one of the big feature extensions.

276
00:26:54,450 --> 00:26:56,570
Now we're going to breeze through a lot of these.

277
00:26:56,570 --> 00:27:02,310
The one immediately right to it is called simple text, simple text.

278
00:27:02,370 --> 00:27:03,910
I hope I pronounced that right.

279
00:27:03,910 --> 00:27:05,390
Just give me a second here.

280
00:27:05,610 --> 00:27:07,590
Sorry, sublime text.

281
00:27:07,850 --> 00:27:13,430
You know, obviously, everyone has their own personal coding applications.

282
00:27:13,550 --> 00:27:19,230
I usually go between VS Codium for really big stuff and simple text for really basic stuff.

283
00:27:19,230 --> 00:27:20,410
I basically try to load stuff.

284
00:27:20,410 --> 00:27:29,790
So I'm sorry, simple text, I try to load stuff in sublime text initially, and then if I realize any more complex stuff, I'll copy pasta or move the files over to VS Codium and work from there.

285
00:27:29,790 --> 00:27:48,050
And particularly during that global cyber CTF, when they were running certain Python programs and scripting stuff, I saw a lot of like, I'm waiting to download and having to go back and forth or taking code and trying to copy pasta and the formatting was bad to go in and reformat it because the copy pasting system didn't work quite well.

286
00:27:48,050 --> 00:27:50,750
What this extension simply does, it just hangs out there.

287
00:27:50,750 --> 00:27:56,450
And what you can do is if you see code right there, you can highlight it or right click the extension.

288
00:27:56,690 --> 00:28:03,250
And then it says edit with sublime text, you click on that and it will automatically load sublime text.

289
00:28:03,250 --> 00:28:11,870
So you have to have sublime text installed, loads it and puts all that code there in the exact formatting that had displayed on the website.

290
00:28:11,950 --> 00:28:17,030
And that has really sped up my productivity when I've done for coding challenges.

291
00:28:17,550 --> 00:28:24,190
Even though I find it useful to the right of that that green icon, a possible thing that I just like is Fiddler.

292
00:28:24,450 --> 00:28:31,490
Fiddler is a program that I've used to just kind of see the crosstalk communication between websites behind the scenes.

293
00:28:31,490 --> 00:28:32,910
It's an external application.

294
00:28:32,910 --> 00:28:36,250
This does the same thing that the sublime text extension does.

295
00:28:36,950 --> 00:28:47,810
Basically, you can highlight a URL or go on a web page and you click that extension and it will load Fiddler and immediately say, hey, that web page you're currently on, look at that.

296
00:28:47,810 --> 00:28:53,930
So instead of going into Fiddler and fiddling with it and configuring it, it just automatically does that and loads that program immediately.

297
00:28:53,930 --> 00:29:01,630
So you can load that, run Fiddler in the background, it starts looking at all the crosstalk, go back in the browser, back to your other tool and do a bunch of things there.

298
00:29:01,630 --> 00:29:03,370
Another optional thing right to it.

299
00:29:03,670 --> 00:29:13,130
There's no really good VPN extensions if you kind of want to change your network, how you're going to communicate over the network and different proxies and stuff.

300
00:29:13,230 --> 00:29:16,230
Boxy proxy is obviously good to change between proxy systems.

301
00:29:16,230 --> 00:29:21,530
I just didn't load that on here because you can easily go again to the privacy settings and load that sort of stuff.

302
00:29:21,530 --> 00:29:23,950
But if you want to add that on there, that's up to you.

303
00:29:23,950 --> 00:29:29,950
So by default, you're normally supposed to subscribe it to get this extension by put the extension in there.

304
00:29:30,370 --> 00:29:32,350
It's a paid thing.

305
00:29:32,350 --> 00:29:33,530
So you would have to pay for it.

306
00:29:33,530 --> 00:29:34,790
But I think it's just a couple of bucks.

307
00:29:34,790 --> 00:29:45,110
And to be honest, if you're constantly having to switch in networks kind of, you know, hey, this page loads weird, you know, on my ISP, you know, will it load different in Sweden?

308
00:29:45,110 --> 00:29:48,490
Or can I bypass this restriction by doing that?

309
00:29:48,490 --> 00:29:50,090
To me, it's just worth it.

310
00:29:50,090 --> 00:29:52,910
To the right of that is an onion browser button.

311
00:29:52,910 --> 00:29:56,650
It does exactly what it says, when you click that, it will immediately start running Tor.

312
00:29:56,650 --> 00:30:00,710
If you have a Tor connection or Tor node open, it will immediately start connecting that.

313
00:30:00,710 --> 00:30:06,290
So you can immediately just start using .onions and other things directly in the Firefox browser.

314
00:30:06,290 --> 00:30:08,970
And anytime you don't want to, you can turn that off.

315
00:30:08,970 --> 00:30:11,590
That's another also important thing of the Snowflake extension.

316
00:30:11,590 --> 00:30:16,310
If that thing also is kind of wonky, that means maybe there's also something wrong with Tor.

317
00:30:16,310 --> 00:30:19,530
Also, if you press that button and Tor is not working, but you've already loaded it.

318
00:30:20,330 --> 00:30:22,410
Again, troubleshooting, it saves you time.

319
00:30:22,410 --> 00:30:26,210
That way, you know, instead of trying to do the action and everything fails.

320
00:30:26,230 --> 00:30:28,890
To the right of that is just one last foo-foo thing.

321
00:30:28,890 --> 00:30:30,830
It's an optional light mode, dark mode.

322
00:30:30,830 --> 00:30:32,690
I'm a fan of dark mode just for my eyes.

323
00:30:32,690 --> 00:30:39,350
When you're looking at the screen all the time with CTF stuff, and all the backgrounds are bright white or whatever, it starts to drive you crazy.

324
00:30:39,350 --> 00:30:40,970
So I just have that as an option.

325
00:30:40,970 --> 00:30:45,810
And then the last one on the upper section is a simple pastebin.

326
00:30:45,810 --> 00:30:47,890
Again, that's exactly what it sounds.

327
00:30:47,890 --> 00:30:49,850
It's just a way to take local notes.

328
00:30:49,930 --> 00:30:57,890
So that way you see something instead of trying to go to a URL for a pastebin or stumble stuff, you just click the icon, type some stuff, click out the icon, close it.

329
00:30:57,890 --> 00:31:01,910
And then when you're like, wait a minute, what was that ISP that I wrote?

330
00:31:01,910 --> 00:31:02,530
Click on that.

331
00:31:02,530 --> 00:31:03,530
Oh, it's there.

332
00:31:03,710 --> 00:31:04,850
Copy-paste it.

333
00:31:04,850 --> 00:31:05,450
Done.

334
00:31:05,690 --> 00:31:08,870
And so that way, again, it's in browser and you're not opening other things.

335
00:31:08,870 --> 00:31:13,770
So let's go to now the starting with the more real fun stuff, that second row.

336
00:31:13,770 --> 00:31:19,510
So that red icon in the corner, this is actually exclusive to this browser.

337
00:31:19,510 --> 00:31:22,310
It's an older version of this extension.

338
00:31:22,410 --> 00:31:26,950
Due to odd, I don't know if it was legal trouble or something.

339
00:31:26,950 --> 00:31:29,950
This extension, you can't download it anymore.

340
00:31:29,950 --> 00:31:32,890
I currently have it on here because it's still very useful.

341
00:31:32,890 --> 00:31:38,850
And I'm actually looking into redoing it so that you can download this for Firefox.

342
00:31:38,870 --> 00:31:40,410
Again, because it's open source.

343
00:31:40,410 --> 00:31:41,330
I'll fork it.

344
00:31:41,330 --> 00:31:42,810
I have the credit original person.

345
00:31:42,810 --> 00:31:44,410
I already asked the original person extension.

346
00:31:44,410 --> 00:31:48,870
And simply what it is, it's a built in WP scan or WordPress scan.

347
00:31:48,870 --> 00:31:54,250
I also have the URL as a bookmark as a backup here for one that's like a browser page.

348
00:31:54,250 --> 00:31:56,510
But this to me is super useful as extension.

349
00:31:56,510 --> 00:31:57,970
Basically, you click it.

350
00:31:58,090 --> 00:32:00,870
And if it's red, that means there's no WordPress.

351
00:32:00,870 --> 00:32:08,030
But if you went to a WordPress website, such as New York City 2600 page, wink, wink, it will light up green.

352
00:32:08,030 --> 00:32:14,790
So one, you'll know that that page is running WordPress, you don't have to scan it with Nmap or something to find that out.

353
00:32:14,790 --> 00:32:25,510
When you click on it, you get multiple interesting information again, without having to use a WP scan or Nmap scan in terminal.

354
00:32:25,830 --> 00:32:27,630
Give me one second here.

355
00:32:29,390 --> 00:32:32,250
I really hope everyone's not falling asleep here.

356
00:32:32,250 --> 00:32:38,570
So like things that you'll know information can pull is what themes and plugins that they're using.

357
00:32:38,570 --> 00:32:50,490
You can see any of the usernames of the people who've registered and monitor this website, you can check out if available the user registration, all that data, you can also see the path disclosure.

358
00:32:50,490 --> 00:32:57,610
And probably the most useful thing is the scan vulnerability function where we'll start scanning for whatever version of that WordPress is running.

359
00:32:57,630 --> 00:33:00,790
And you can see how many vulnerabilities patched and open you have in there.

360
00:33:00,790 --> 00:33:11,530
So for example, again, instead of usually most people in CTF are familiar with a WP scan as the terminal application, and I've used that multiple times.

361
00:33:11,530 --> 00:33:24,950
But since I've ever got this extension, as soon as I find there's a vulnerability and a flag for WordPress, I just click on the icon, click the test vulnerabilities, it spits them all out, I copy pasta that vulnerability, and now I can look up what the vulnerability is,

362
00:33:24,950 --> 00:33:27,610
and start cracking at it, or copy pasting into Nmap.

363
00:33:27,610 --> 00:33:32,090
Or any other red teaming program and have it working on it right away.

364
00:33:32,090 --> 00:33:44,890
So literally, instead of having to just, you know, look at the crosstalk with Fiddler, and then doing an Nmap scan and going through that data, and then writing it down and moving it over, it's, oh, it's green WordPress, click, hey, what vulnerabilities,

365
00:33:44,890 --> 00:33:56,170
click, oh, it's that CVE, copy pasta that CVE in, okay, that's the ISP for copy pasta, put that in that red teaming program, and now it's eating away at it, and I can hop on to something else.

366
00:33:56,170 --> 00:34:00,130
Again, this is sort of the philosophy of what I was trying to do here with a lot of these extensions.

367
00:34:00,130 --> 00:34:03,330
Next to that is the privacy settings, I've already gone through that.

368
00:34:03,450 --> 00:34:06,110
Next one is kind of, these next two are interesting.

369
00:34:06,110 --> 00:34:08,690
This is the sort of browser control stuff.

370
00:34:08,690 --> 00:34:13,490
This gives you data on a bunch of different things about the website you're currently on.

371
00:34:13,490 --> 00:34:14,990
So the first one is Umatrix.

372
00:34:14,990 --> 00:34:32,590
Now Umatrix, you might be familiar, the dirty version of this is essentially Umatrix is sort of an advanced version, I'm really budging the terms here, but it's sort of an advanced version, if you're familiar with uBlock Origin, Umatrix is a more comprehensive version of it.

373
00:34:32,590 --> 00:34:36,850
So when you click on it, it gives you this giant grid, you can manually turn it on and off.

374
00:34:36,850 --> 00:34:49,530
And it shows you cookie data, first party and otherwise, CSS data, image, media script, XRH frames, and anything it can't categorize.

375
00:34:49,530 --> 00:34:51,450
And you might wonder why I have that on there.

376
00:34:51,450 --> 00:34:54,790
Because as you probably have heard, Umatrix is being depreciated recently.

377
00:34:54,790 --> 00:34:59,070
And yes, it's being depreciated as something preventing privacy.

378
00:34:59,250 --> 00:35:00,290
It's too complicated.

379
00:35:00,290 --> 00:35:13,690
Most people don't use it, the person who stopped updating it a couple of months ago, I still find it really interesting that one I can see in the corner, it'll count how many Oh, this is how much stuff it's found of like what analytics are tracking and what scripting it's using.

380
00:35:13,690 --> 00:35:15,950
And when I click on it shows me a nice grid.

381
00:35:15,950 --> 00:35:21,070
So as a blue team, this is what I mean about this being a red teaming thing.

382
00:35:21,070 --> 00:35:26,630
As blue teaming, this is kind of useless, just install uBlock Origin, if you want to block ads and stuff.

383
00:35:26,630 --> 00:35:31,430
But as a red teaming thing for reconnaissance, I still find Umatrix really useful.

384
00:35:31,430 --> 00:35:39,850
Similarly, right next to it, you have no script, which will immediately let you turn on and off the JavaScript for either individual pages or for everything.

385
00:35:39,850 --> 00:35:49,370
And you will instantly know not only if it's running JavaScript, but it'll tell you what it's running and break down what type of scripts it's running and etc.

386
00:35:49,490 --> 00:35:52,990
So you can start playing with websites that you're hold on a second.

387
00:35:54,470 --> 00:36:03,690
You can start playing with when you go to like a page and you're trying to find, okay, is it running JavaScript?

388
00:36:03,690 --> 00:36:04,330
Yes.

389
00:36:05,390 --> 00:36:07,250
What type of JavaScript it's running?

390
00:36:07,790 --> 00:36:10,990
Um, if I block it, how will the page load?

391
00:36:11,210 --> 00:36:12,750
Maybe the page loads odd.

392
00:36:12,770 --> 00:36:13,890
Oh, that's weird.

393
00:36:13,890 --> 00:36:14,810
Why is it like that?

394
00:36:14,810 --> 00:36:20,050
Oh, there's actually a weird thing you can do with JavaScript in order to just pop the password in here.

395
00:36:20,170 --> 00:36:21,810
So you don't even have to do the login.

396
00:36:21,810 --> 00:36:22,430
Cool.

397
00:36:22,710 --> 00:36:22,970
That's what this is all about.

398
00:36:22,990 --> 00:36:28,150
This is useful for an alternative if you don't want to use no script, by the way, is LibreJS.

399
00:36:28,270 --> 00:36:32,830
The reason why so LibreJS will give you a more comprehensible list.

400
00:36:32,830 --> 00:36:38,110
But ironically, it hard blocks JavaScript automatically harder than no script.

401
00:36:38,110 --> 00:36:41,470
So I just find no script like much more easy to use.

402
00:36:41,470 --> 00:36:44,370
So I'm not having to fuss around and thinking about it.

403
00:36:44,370 --> 00:36:51,530
The next one to the right of it is a copy URL to clipboard.

404
00:36:51,690 --> 00:37:01,430
That's just kind of just sitting there, probably going to eventually perma remove that icon, because there's a bunch of tools you can use when you just normally copy pasting and also when you right click on things.

405
00:37:01,430 --> 00:37:11,490
And what that will simply do is when you hover a URL and you right click it, you can go to the copy URL, and it will copy it under multiple different things.

406
00:37:11,490 --> 00:37:25,170
So instead of just directly copying on that link, it will give you the option to copy to clipboard in its formatting, HTML, markdown, bulletin board code, ASCII docs, all sorts of that.

407
00:37:25,170 --> 00:37:35,930
So it gives you a lot more control of what you're copy pasting, which is really important, especially if you're in challenges where it's directly listing certain web data or even programming data.

408
00:37:35,930 --> 00:37:39,450
To the right of that is a cookie editor.

409
00:37:39,570 --> 00:37:43,590
So not only, and this is why I left cookies on, it's like, what, that's a security thing.

410
00:37:43,590 --> 00:37:51,870
I want the website to try to send me cookies, because not only will this intercept these cookies, it will break down what cookies are there.

411
00:37:51,990 --> 00:37:58,870
You can turn them on, disable them, and you can click on the cookie and start editing the individual cookies directly.

412
00:37:58,870 --> 00:38:03,570
So this is a very powerful tool that the web page you're trying to do is trying to send you cookies.

413
00:38:03,570 --> 00:38:15,950
Let's say even an attack and defense where you like, let's say you're trying to go on to the defense's computer, and they put like various landing web pages, and they're trying to send you malicious cookies, this will intercept those cookies, and you'll see they're malicious,

414
00:38:15,950 --> 00:38:16,850
and you can stop them.

415
00:38:16,850 --> 00:38:25,190
Or you can take a malicious cookie or just cookie sitting there, find the vulnerability of it, and then weaponize that cookie back at them, things like that.

416
00:38:25,750 --> 00:38:30,310
The thing that looks like the Windows icon to the right of it is a containerized system.

417
00:38:31,810 --> 00:38:40,350
Firefox's probably big thing is the fact that now you can use containers, which basically sandbox websites, and you can put them in different categories.

418
00:38:40,350 --> 00:38:50,730
Probably the most famous of this, which is not installed here on by default, is the Facebook container, which is that Facebook and anything relating to Facebook stick in its own container will not cross talk with the other browsers.

419
00:38:50,730 --> 00:38:59,790
So let's say you log into Facebook and the Facebook container that you've made, we go on different website, it's not going to pull Facebook's data and cross it over.

420
00:38:59,790 --> 00:39:01,930
And that's which is how Facebook tracks you and stuff.

421
00:39:01,930 --> 00:39:03,170
We don't need that.

422
00:39:03,170 --> 00:39:06,170
What we need is something where we can containerize stuff with more control.

423
00:39:06,170 --> 00:39:10,250
And yes, you can right click and modern Firefox and set containers.

424
00:39:10,250 --> 00:39:12,430
But I also put this simple one in here.

425
00:39:12,430 --> 00:39:20,710
So you can go in, you can create your own container folder, and put any sort of organization you want and containerize whatever web content.

426
00:39:20,730 --> 00:39:21,670
That you need.

427
00:39:22,350 --> 00:39:26,670
To the right of that is, oh, this is really fascinating.

428
00:39:26,670 --> 00:39:32,870
So this is, this is sort of one of those leftover icons, but it's really important, I'm actually going to loop around back to that near the end.

429
00:39:32,870 --> 00:39:41,390
To the right of that, that little, that little purple flask is a test and feedback application.

430
00:39:41,390 --> 00:39:50,350
So what it is, now warning, based on Microsoft Teams, but you don't have to install or run Microsoft Teams just goes through that and it's up to you if you want it.

431
00:39:50,350 --> 00:39:57,590
I put it there simply just because, let's say your teammates, you're together, you've randomly formed a CTF team, what the heck do you communicate on?

432
00:39:57,590 --> 00:39:59,950
And then it's like, okay, let's do Zoom.

433
00:39:59,950 --> 00:40:02,490
Oh, crap, three of my teammates don't have Zoom.

434
00:40:02,490 --> 00:40:04,090
Okay, they're going to install Zoom.

435
00:40:04,090 --> 00:40:04,470
Great.

436
00:40:04,470 --> 00:40:09,310
Now Zoom is not working on one of their computers because Apple just decided to push somewhere, whatever.

437
00:40:09,310 --> 00:40:19,490
And also, you'd have to go over to that chat application in order to chat, which also might take up that entire screen, whichever one you use, which means you're not doing actual CTF work.

438
00:40:19,490 --> 00:40:21,510
This puts everything in there.

439
00:40:21,510 --> 00:40:26,630
You get to make a connection in browser, it stays in there, you can create a room, it will pull other things.

440
00:40:26,630 --> 00:40:28,250
Remember, this is all in the browser.

441
00:40:28,710 --> 00:40:41,230
And anytime you want to take notes and share notes and teammates, you can like, for example, I found a, I found a variability on the landing page or, hey, my terminal managed to crack this, screenshot that, you click that extension, it opens up the chat thing,

442
00:40:41,230 --> 00:40:42,270
you put that right in there.

443
00:40:42,270 --> 00:40:43,330
And this is great.

444
00:40:43,330 --> 00:40:48,830
If you're on a team with CTFs, this is just a great in-browser way to just instantly communicate with everyone.

445
00:40:48,830 --> 00:40:53,370
Similarly, with communication to the right of that is an RSS feed reader.

446
00:40:53,370 --> 00:40:54,830
It's currently blank.

447
00:40:54,830 --> 00:41:01,550
It might, when this releases next week, have some built-in RSS feeds from, you know, certain things like dark writing and stuff.

448
00:41:01,550 --> 00:41:14,610
But basically, if you're also getting real-time updates, let's say from the CTF itself, they have an RSS that's sending updates of which teams are in the lead, or what timescales or what or what challenges have been announced, you can simply add the RSS feed in there.

449
00:41:14,610 --> 00:41:25,910
And when they update, you'll see a little number icon, it'll be like, bing, you found an update, click on it, and you're like, okay, our rival just dropped down a couple of points, we're now ahead of them now, good, we can keep focusing on this, or, oh,

450
00:41:25,910 --> 00:41:32,970
these challenges dropped, hey, Larry, go get on those challenges, you load up the team app next week, go get them right away, that sort of stuff.

451
00:41:33,390 --> 00:41:43,670
To the right of that, I personally find this useful, just in general, because some of the CTF challenges nowadays, now we're leveraging social media.

452
00:41:44,390 --> 00:41:54,210
And so I've literally, there was one CTF a year ago, where the challenge was, is that they on purpose created a bunch of fake Twitter bots.

453
00:41:54,210 --> 00:42:04,190
And basically, you had to figure out, you had to basically go to a legit Twitter feed, and find where they accidentally on purpose retweeted one of their bot posts.

454
00:42:04,190 --> 00:42:08,330
And basically, it's like, you know, the game at DEF CON spot the bed, this is spot the bot.

455
00:42:08,330 --> 00:42:09,930
And this app is really important.

456
00:42:09,930 --> 00:42:15,010
I think it's even useful if you don't even are not even doing red team, and it's called Bot Sentinel.

457
00:42:15,070 --> 00:42:17,510
It's from the folks at BotSentinel.com.

458
00:42:17,510 --> 00:42:31,530
And what it is, is that when you go to social media, especially for Twitter, and it's specifically designed for Twitter, it will let you know, based on a bunch of metric information, who is a real person typing, and who's a bot.

459
00:42:31,530 --> 00:42:36,430
And if they're a bot, what have they done as a bot that flags them as a bot.

460
00:42:36,430 --> 00:42:41,610
So if you are social media bot hunting for a challenge, this is an amazing tool.

461
00:42:41,610 --> 00:42:43,610
That's actually how I captured the flag.

462
00:42:43,610 --> 00:42:50,790
Everyone's trying to like, read the different posts, trying to find typos, or like something that sounds too stiff, or repeating stuff.

463
00:42:50,790 --> 00:43:01,510
And I just simply went on there, and Bot Sentinel was like, hey, that's the bot, clicked on the bot, scroll down there, like there's a weird post, the fifth, what was the 36th post was weird, scroll down, and it's like, oh, that's the bot.

464
00:43:01,530 --> 00:43:01,830
Scroll down.

465
00:43:02,130 --> 00:43:03,390
That was the flag.

466
00:43:03,390 --> 00:43:04,570
And I got the flag that way.

467
00:43:04,570 --> 00:43:05,610
So that's still there.

468
00:43:06,090 --> 00:43:12,370
Um, next one, next, the one to the right of that, that little warning icon is the content farm terminal.

469
00:43:12,610 --> 00:43:15,530
Um, this should happen.

470
00:43:16,110 --> 00:43:18,850
I'm particularly thinking of attack and defense.

471
00:43:19,030 --> 00:43:34,310
Um, you might be redirected, or even when you're like, let's say you're trying to search up something like a certain command, you might accidentally end up on a content farm, which often chunks your CPU memory, floods your system with ads.

472
00:43:34,310 --> 00:43:47,410
So even if you have an ad blocker, I've actually literally accidentally one time went to a content farm terminator, I'm trying to look up an evil maid attack example, where basically that website, they had the evil maid attack, it was correct information,

473
00:43:47,410 --> 00:43:53,990
but their website was so full of ads, it actually killed my pop up blocker, which also killed my browser.

474
00:43:53,990 --> 00:43:59,790
This will let you know if you accidentally stumble on a content farm, it will load the page.

475
00:43:59,790 --> 00:44:04,790
And then we'll say, Hey, this is a content farm, we blocked them from content farming, then very useful.

476
00:44:05,150 --> 00:44:08,550
Um, these next ones I find really interesting.

477
00:44:08,550 --> 00:44:14,570
So the one next to it is called permission to hack that's right now it's blanked out, because it's not on something that's permission to hack.

478
00:44:14,690 --> 00:44:32,390
What is permission to hack, you can actually make text files embedded in a website that will let them know that if you're doing bug bounty or vulnerability hunting, if you find vulnerabilities, who to report that to, and it's called a permission to hack text file.

479
00:44:32,430 --> 00:44:40,730
And simply if you go, for example, if you use this browser, and you go to Google, it will make a little green H instead of that red, no icon.

480
00:44:40,730 --> 00:44:48,670
And that lets you know, oh, it actually want me to search for vulnerabilities and bugs and security flaws on their website.

481
00:44:48,670 --> 00:44:53,950
And then when you click on it, it will load up the text that says, Hey, where I can actually do it right now.

482
00:44:53,970 --> 00:44:56,830
So let's go to github, github.com.

483
00:44:57,090 --> 00:44:59,230
And on my end, it just turned to the green H.

484
00:44:59,230 --> 00:45:14,290
And when I clicked on it, it loaded up in a new page, where to contact for github, which is hackerone.com slash github, the acknowledgements, preferred languages, their policy for doing it, even actually put in github, where they hire.

485
00:45:14,350 --> 00:45:20,690
So it's like if you're good at bug bounties, now you know where to go to apply for that sort of testing position.

486
00:45:20,690 --> 00:45:30,610
And it's just very useful because I've had people when they do bug bounty stuff, or they don't know if they're like, you know, okay, this is a major company, but do they want people to find vulnerabilities?

487
00:45:30,610 --> 00:45:32,750
Because I don't want to find one and be like, hi, find one.

488
00:45:32,750 --> 00:45:36,470
And then all of a sudden, you hear FBI open up and your door kicks in.

489
00:45:36,550 --> 00:45:46,350
This is a just a simple way to find out, hey, not only are they looking for just random people to find vulnerabilities, but it will also let you know thanks to their text file in order to report them.

490
00:45:46,350 --> 00:45:54,330
Similarly, next to that one, a lot of websites, especially big name websites, have what's called a robot.txt viewer.

491
00:45:54,410 --> 00:46:11,290
And this simply tells bots that are looking at their website, how to behave and what they can't and can't do, which is honestly really good to recon for especially if you're doing website reconnaissance, let's say an attack and defense, as well as just vulnerabilities,

492
00:46:11,290 --> 00:46:21,110
because sometimes, knowing how the way bots are behaving, you can then start to figure out what part of their asses they didn't cover and get through that.

493
00:46:21,110 --> 00:46:22,370
We're about halfway done here.

494
00:46:22,370 --> 00:46:24,550
I just want to make sure if the audience is awake or not.

495
00:46:24,550 --> 00:46:26,490
I can't always tell with all the space.

496
00:46:26,490 --> 00:46:29,230
Everyone right now looks amazing and has awesome clothing.

497
00:46:29,230 --> 00:46:30,710
I see a little heart thing in the back.

498
00:46:30,710 --> 00:46:31,650
Thank you there.

499
00:46:32,830 --> 00:46:34,390
Thank you for all of that.

500
00:46:34,430 --> 00:46:35,870
Hopefully I'm not boring you to death.

501
00:46:35,870 --> 00:46:37,570
We're almost actually done here.

502
00:46:37,570 --> 00:46:40,650
And the more we go down, the more meatier the stuff gets.

503
00:46:40,650 --> 00:46:49,530
So here's going to be the last of what I like to call the dashboard icons, the ones that are either useful for communicating, organizing web stuff, or light up or light off.

504
00:46:49,530 --> 00:47:09,350
And actually, funny thing on my end, so I went to the NYC 2600 website for the WP scan, and Umatrix only picked up one odd frame flaw, went to GitHub, it picked up 33 different flawed arrangements, from trackers trying to track me to bad frame loads to CSS breaks and everything.

505
00:47:09,350 --> 00:47:11,230
So I just find that interesting.

506
00:47:11,910 --> 00:47:14,390
To the right of that is traffic light.

507
00:47:14,610 --> 00:47:18,330
Traffic light is to me the most it's done by bit.

508
00:47:18,330 --> 00:47:22,250
Sorry, yeah, it's done by Bitdefender, folks at Bitdefender.

509
00:47:22,250 --> 00:47:27,410
And simply what it is, is it will let you know how skeevy a website is or not.

510
00:47:27,410 --> 00:47:37,490
And if it's like an actual like scam website, or they detected like malicious code being embedded in the website, it will automatically block you from visiting that website.

511
00:47:37,490 --> 00:47:52,650
And again, especially in attack and defense, or maybe even the CTF itself, they're being dicks, they like to throw you like, like basically like honeypot you web wise into just spam hell or DDoS hell, or like literally running malware off your browser,

512
00:47:52,650 --> 00:47:54,890
this will prevent most of that.

513
00:47:54,890 --> 00:48:07,950
And if the website's fine, like GitHub right now, it's a checkbox, and it does a traffic light system yellow, it's unsure, or it's like you should be okay, just there's odd stuff about so it'll tell you don't click this.

514
00:48:07,970 --> 00:48:12,810
This is a tracker that's probably tracking you if it's red, it will not let you access it whatsoever.

515
00:48:12,810 --> 00:48:19,130
And it will tell you why, which again, let's say someone did direct you to a malicious page during attack and defense.

516
00:48:19,730 --> 00:48:28,250
And they stop it, it will tell you again, why, which might also give you good recon to how they set up that page.

517
00:48:28,250 --> 00:48:35,290
And I literally had someone who used that tool, where they were maliciously redirected to a page and tried to load malware.

518
00:48:35,290 --> 00:48:42,030
But now not only could they they knew I had malware, so they could actually pull the malware off the page and edit the malware.

519
00:48:42,030 --> 00:48:54,470
But they actually realized that they put up a page of coping malware at you and doing the computer that prevented that website itself that hosted the malware to run had a security flaw.

520
00:48:54,470 --> 00:48:59,030
So they were able to use the other tools and scan it, then basically attack.

521
00:48:59,030 --> 00:49:03,730
It's like sending a bullet, like shooting a bullet up someone else's gun.

522
00:49:03,730 --> 00:49:04,970
It was absolutely amazing.

523
00:49:04,970 --> 00:49:07,090
And that's actually how I heard about traffic light.

524
00:49:07,090 --> 00:49:12,830
And I installed and I've been using it for myself, both as a casual thing, as well as in this browser doing exercises.

525
00:49:13,030 --> 00:49:14,970
And it's pretty useful, in my opinion.

526
00:49:14,970 --> 00:49:23,630
And then again, Snowflake, no good thing, general to have, but Snowflake lets you know automatically without having to fuss through menus and stuff.

527
00:49:23,630 --> 00:49:27,150
Like you don't have to load up uMatrix to see if WebRTC is not working.

528
00:49:27,150 --> 00:49:31,810
If Snowflake goes down, the icon goes down, you know, WebRTC is not working.

529
00:49:31,810 --> 00:49:38,990
And there's either something configured a badly on your end, or something rotten in Denmark is happening on your network.

530
00:49:38,990 --> 00:49:39,830
So that's a good thing to know.

531
00:49:39,830 --> 00:49:47,850
And the last one, this is the thing I've used, I'll be honest, I've only used this twice, did help me in these instances, but I've only used it twice.

532
00:49:47,890 --> 00:49:50,050
And it's called HackerOneScope.

533
00:49:50,050 --> 00:49:51,470
And it's really simple.

534
00:49:51,810 --> 00:50:04,330
People out there probably know HackerOne, they're a huge, there's a bunch of bug bounty platform services, but they're probably the biggest one, they host their own conventions, they I know they have a huge presence at DEF CON, I believe they're also at Black Hat,

535
00:50:04,330 --> 00:50:07,510
they did their own mini con during HackerSummerCamp and stuff.

536
00:50:08,050 --> 00:50:16,730
So let's say again, let's say you're using this red teaming browser, bug, bug bounty, and your main page is HackerOne, because it is the biggest and most popular.

537
00:50:16,730 --> 00:50:18,310
So I imagine most people are going to be using it.

538
00:50:18,350 --> 00:50:24,750
And you want to know the scope URLs, which is, which is essentially like little lines of code.

539
00:50:24,810 --> 00:50:27,950
And they like they look like code, but it's they look like basically ISPs.

540
00:50:27,950 --> 00:50:35,530
And it lets you know with each bug, basically each line is basically a basically like a barcode, different bug bounty tasks.

541
00:50:35,530 --> 00:50:47,690
So instead of having to scroll through all the pages, and clicking on it, and then finding that unique identifier, when you're on that HackerOne page, you just click on that icon, and it brings up in the browser, every single one of the IDs for each of the bug bounties.

542
00:50:47,690 --> 00:50:49,730
And you can copy pasta them.

543
00:50:49,730 --> 00:50:55,290
And that works not only with you trying to figure out, oh, what bug bounties are they looking for?

544
00:50:55,410 --> 00:51:07,670
But it will also show you the ones where people have found bugs that they haven't corrected yet, that are basically like, we found this bug, the exploit still works, but we're impending trying to fix it.

545
00:51:07,670 --> 00:51:20,270
So if you're doing recon, especially for like a big website or something, again, doing bug bounties, and you want to I'm not saying you should, but let's say you want to exploit one of those you Oh, type in the website and HackerOne.

546
00:51:20,270 --> 00:51:22,110
Oh, they have it do the scope.

547
00:51:22,130 --> 00:51:26,890
And then you'll see the scope for Oh, they have this CV and they haven't patched it yet.

548
00:51:26,890 --> 00:51:28,850
And then you can go to pound on that.

549
00:51:28,850 --> 00:51:30,230
So that's that row.

550
00:51:30,230 --> 00:51:31,570
We're on the last row.

551
00:51:31,570 --> 00:51:33,830
And these are going to go by really quick.

552
00:51:34,190 --> 00:51:43,410
But honest, this is where this row is where you're going to be directly interfacing with the website and doing actual, like, mostly red teaming stuff.

553
00:51:43,410 --> 00:51:46,250
Red teaming and reconnaissance is the focus of this browser.

554
00:51:46,250 --> 00:51:46,790
Okay.

555
00:51:46,950 --> 00:51:52,070
So that blue one to the left that says LAN is exactly what you think it is.

556
00:51:52,070 --> 00:51:54,990
And there's actually one more slide, but don't move from this slide.

557
00:51:54,990 --> 00:51:56,270
Just stay on the slide.

558
00:51:56,310 --> 00:51:57,510
We'll get to that in a second.

559
00:51:57,510 --> 00:52:02,130
It was the only screenshot I could do of because I would normally have screenshots of all these but again, real life.

560
00:52:02,130 --> 00:52:03,350
I apologize.

561
00:52:03,350 --> 00:52:07,470
But that LAN button, it's simply called and it's exactly what it sounds.

562
00:52:07,510 --> 00:52:11,250
It is the LAN port scan for bitter.

563
00:52:11,250 --> 00:52:15,030
This is a godsend, particularly with attack and defense CTS.

564
00:52:15,070 --> 00:52:27,810
I've had people thought that I've like configured these like amazing dynamic firewalls with a with like machine learning to know like when to turn on and off certain ports.

565
00:52:28,050 --> 00:52:29,470
No, here's the in secret.

566
00:52:29,470 --> 00:52:30,810
I load up this browser.

567
00:52:30,950 --> 00:52:36,310
And if someone tries to crawl up my browser on a LAN port, I just simply click on it once.

568
00:52:36,550 --> 00:52:42,210
And it does the the it disables the LAN port for scan for that tab.

569
00:52:42,210 --> 00:52:45,470
And if I click it again, it's going to disable it for the entire browser.

570
00:52:45,470 --> 00:52:47,550
And then when I click it once again, all the ports open again.

571
00:52:47,550 --> 00:52:55,090
So I'll literally have one of those icons light up or I'll have an application that tells me, hey, there's weird scans going on in your browser.

572
00:52:55,090 --> 00:52:58,650
And then I just real time click that and continue on my work and they're they're fucked.

573
00:52:58,650 --> 00:52:59,470
They got blocked.

574
00:53:00,050 --> 00:53:05,630
So like people think I've done like this amazing scripting and stuff or that like I'm doing some insane multitasking.

575
00:53:05,630 --> 00:53:06,830
No, it's Oh, cool.

576
00:53:06,830 --> 00:53:10,050
You're trying to scan me browsing the website blocked.

577
00:53:10,570 --> 00:53:11,290
That's it.

578
00:53:11,290 --> 00:53:12,670
That's what the tool does.

579
00:53:12,670 --> 00:53:13,670
That's a secret .

580
00:53:13,950 --> 00:53:17,030
So to the right of that is an amazing app.

581
00:53:17,030 --> 00:53:23,270
I will put this way if you had to download a deep net that does something a PwnFox.

582
00:53:23,270 --> 00:53:24,330
This is really cool.

583
00:53:24,330 --> 00:53:26,630
It's spelled P-W-N-F-O-X.

584
00:53:26,810 --> 00:53:36,830
And not only can you not only can you containerize stuff, which by the way, if you've already set up containers with the previous extension, we'll find those.

585
00:53:36,830 --> 00:53:39,650
So list those containers dependently.

586
00:53:39,810 --> 00:53:50,150
But when you go to a certain container, it will do burp proxy and burp scans in browser or whatever URL you have containerized.

587
00:53:50,150 --> 00:54:00,550
So let's say you're amassing a list, you're going through different challenges, or maybe there's multiple web pages you want burp scan, and you can put them all in one container and then open up PwnFox and then do the burp proxy scan on it.

588
00:54:00,550 --> 00:54:02,930
And now you have all the information for that.

589
00:54:02,930 --> 00:54:04,550
So again, right there in browser.

590
00:54:04,550 --> 00:54:10,210
The next four things are all information stuff.

591
00:54:10,210 --> 00:54:19,830
So this is not directly interfacing, but these are really good resources without having you to fumble through manuals virtually or in person.

592
00:54:19,830 --> 00:54:41,110
And just to know how good these tools are, two of the tools were done by the winning team of the global cyber games, this hacker summer camp that happened on Thursday, which made me confident that two professional teams with one of them that won, their person who was their web browser exploit expert won,

593
00:54:41,110 --> 00:54:42,970
because they had two of these.

594
00:54:42,970 --> 00:54:45,690
So that's how important these all are.

595
00:54:45,890 --> 00:54:50,690
So the first one is simply called hack tools.

596
00:54:50,890 --> 00:54:57,730
And this thing does multiple, multiple stuff that you can look up, it gives basically it's a giant cheat sheet.

597
00:54:57,730 --> 00:55:18,690
If you can't remember bash commands, or zhs, netcat, pht, PowerShell, Python, Ruby, you can as much TTY spawn shells, it gives you basically a cheat sheet list for all sorts of different types of commands that you can enter in, in order to do different types of exploits without having you to fumble out through the notes.

598
00:55:18,690 --> 00:55:20,430
And they're all easily categorized.

599
00:55:20,430 --> 00:55:22,570
The next one is called recon.

600
00:55:23,090 --> 00:55:28,370
And this basically gives you all the tools you need.

601
00:55:28,370 --> 00:55:31,250
You can also right click URLs to use it opens up a new tab.

602
00:55:31,470 --> 00:55:47,290
And it allows you to do multiple different things you could do a who is which you will not use because of an extension that we already have later, you can do dsn lookups first DNS, host records, zone lookup, zone transfers, reverse IP lookup for that address geo IP,

603
00:55:47,290 --> 00:55:59,810
you can m map scan directly in the browser without even having to load up the terminal trace route, you can do all sorts of stuff with all the sort of recon things that you would normally need multiple terminal applications for right in that one browser tab.

604
00:55:59,810 --> 00:56:03,610
And you can leave that tab open and just constantly click back and go back to it.

605
00:56:03,610 --> 00:56:08,530
One click opens up the tab, do all the recon you want with that with that ISP, and you're good.

606
00:56:08,530 --> 00:56:09,990
I just need a quick drink break here.

607
00:56:09,990 --> 00:56:11,090
So hang on.

608
00:56:15,830 --> 00:56:24,490
That's been one of my most useful things to cut down time because in CTFs, you know, some things obviously have to percolate like if you're compiling, but time is essential.

609
00:56:24,730 --> 00:56:31,970
Next one after that, that thing that looks like a guy with a trench coat and a top hat is the penetration testing kit.

610
00:56:31,970 --> 00:56:33,450
No, it's not a dildo.

611
00:56:33,510 --> 00:56:37,870
This thing does everything else the other two don't do.

612
00:56:38,470 --> 00:56:40,870
Let's see here because I'm opening up mine.

613
00:56:40,870 --> 00:56:47,850
It's showing OWASP, if there's OWASP secure headers, the cookie storage in it, spawns up different sessions.

614
00:56:47,850 --> 00:56:58,150
I'm on GitHub right now, it's telling me the value, I can look up the path or directory on this, the age of the website here, gives me SCA information.

615
00:56:58,150 --> 00:57:00,610
It's now actually, it's auto searching.

616
00:57:00,610 --> 00:57:06,070
So, you know how I said with WP scan, it searched WordPress one for vulnerabilities.

617
00:57:06,310 --> 00:57:10,770
This thing will search vulnerabilities for everything else that's not WordPress.

618
00:57:10,770 --> 00:57:16,070
So GitHub usually answers their game so there was no vulnerable CVEs that were found.

619
00:57:16,070 --> 00:57:21,970
But if you did have a website that was not as secure, SCA scan will bring up all the current CVEs.

620
00:57:22,270 --> 00:57:25,810
It shows you all the different types of proxy stuff that website's done.

621
00:57:25,810 --> 00:57:29,850
You can do it, you can edit and do our builder information.

622
00:57:29,890 --> 00:57:37,530
You can also do scan our attack, sorry, our attack information, so red teaming attack information you put in here.

623
00:57:37,530 --> 00:57:40,130
You can also do decoder stuff.

624
00:57:40,390 --> 00:57:46,890
And you can also, it also does its own inbuilt editor.

625
00:57:46,890 --> 00:57:53,170
So this is probably going to be your main red teaming thing, to be honest, besides one other thing in here that I'm going to get to in two icons.

626
00:57:53,250 --> 00:57:57,990
The last one of these of like resource stuff is what's called Evil Villain.

627
00:57:58,070 --> 00:57:59,890
You can turn it on and off.

628
00:57:59,890 --> 00:58:07,270
And what this simply does, I'm going to switch it on for this, is it gives you, again, all the other information this doesn't.

629
00:58:07,270 --> 00:58:14,850
So pretty much the first two, the hack tools and the recon, perfect research information.

630
00:58:14,850 --> 00:58:24,050
The penetration testing kit and Evil Villain will be most of your actual red teaming tools in browsers for particularly web exploits and stuff.

631
00:58:24,050 --> 00:58:27,770
And again, anything you would need simple in terminal, you just launch terminal in browser.

632
00:58:27,770 --> 00:58:30,850
If you need to do more complex stuff, that's when you go to your actual terminal.

633
00:58:30,850 --> 00:58:32,130
Again, saves time.

634
00:58:32,130 --> 00:58:33,430
Everything's in one location.

635
00:58:33,430 --> 00:58:42,150
It's also easier to take browser screenshots that way, especially in Firefox, rather than to do it just through your desktop and you're fumbling around through files.

636
00:58:43,450 --> 00:58:55,390
So it's all sorts of things you can do, can show blacklist information, different, you can turn on different functions, inner HTML, outer HTML, create contextual fragments, all the documents, and things like that.

637
00:58:55,390 --> 00:59:00,130
It just basically picks up all the stuff that the penetration testing kit doesn't.

638
00:59:00,130 --> 00:59:03,470
So the one next to him, by the way, jump two slides forward if you can.

639
00:59:03,470 --> 00:59:05,870
This is the only other slide I unfortunately have.

640
00:59:08,230 --> 00:59:09,210
I'm sorry.

641
00:59:09,210 --> 00:59:10,550
I'm sorry if I'm swearing.

642
00:59:10,550 --> 00:59:11,750
I apologize for that.

643
00:59:11,750 --> 00:59:12,410
My bad.

644
00:59:12,410 --> 00:59:13,130
Okay.

645
00:59:13,190 --> 00:59:17,050
So yeah, so this is unfortunately the only screenshot of one of the things I could do.

646
00:59:17,050 --> 00:59:23,690
So this is the so big question is always like, can you do man in the middle attack in browser?

647
00:59:23,690 --> 00:59:25,510
And yes, you can.

648
00:59:25,770 --> 00:59:34,990
While the penetration testing kit has a simple R attack scripting thing, this is a more in-depth man-in-the-middle scripting for the web.

649
00:59:34,990 --> 00:59:45,490
So doing any sort of web or networking information, you can open this tab and you can insert your own scripts that you've made, blocking rules, header rules, response, and content scripts.

650
00:59:45,490 --> 00:59:58,310
And this just manages so you can take all your scripts and put them in whichever rule section you want, and it will auto-deploy them and see if you can, if those scripts execute, congratulations, you've done a minimal attack for that network or that particular website.

651
00:59:58,470 --> 01:00:12,690
So the next two things are more of stuff that like you would normally use if you were a website builder, but they're still very useful in terms of particularly doing CTF stuff for web CTF category.

652
01:00:12,690 --> 01:00:15,550
So the first I'm actually going to let's see.

653
01:00:15,930 --> 01:00:18,210
So the first one is called web tester.

654
01:00:18,350 --> 01:00:33,910
And once again, this gives you different commands that you can put into the URL or in the scripting of a website itself in order to figure out how things work.

655
01:00:33,910 --> 01:00:49,730
So if you bring up the penetration testing kit, or you're working on scripts for man in the middle, and you want to see if which XSS scripts exploits work or XXE or SQLi, this has the master list of all of them.

656
01:00:49,730 --> 01:00:58,250
And you can literally, typing them individually or trying to remember them, you can copy past them in order like, let's see, it's when I did the scan, it says an XSS vulnerability.

657
01:00:58,310 --> 01:01:02,770
So it's like, let's do quote autofocus on focus alert.

658
01:01:02,890 --> 01:01:04,610
Do that one that didn't work.

659
01:01:04,610 --> 01:01:07,010
Let's try script alert one thing.

660
01:01:07,010 --> 01:01:08,430
Oh, that's the one that did it.

661
01:01:08,430 --> 01:01:09,870
That's the SSX exploit.

662
01:01:09,870 --> 01:01:11,790
So that's what that's useful for.

663
01:01:11,790 --> 01:01:13,330
It's one last reference thing.

664
01:01:13,330 --> 01:01:16,390
The one to the right of that, this is kind of bizarre.

665
01:01:16,490 --> 01:01:19,070
I've used I've actually used this more than you think.

666
01:01:19,070 --> 01:01:23,470
This is an AWS agent key ID signer.

667
01:01:23,470 --> 01:01:30,830
So I literally had one challenge where you had to back wall on AWS and basically had to take over the AWS account.

668
01:01:30,870 --> 01:01:37,530
And what I did was I did the scan with the penetration testing box tool.

669
01:01:37,530 --> 01:01:52,070
And then with that information, I found it's CVE, I found a specific CVE for that website that that server was using, that actually gives you partial information, or the AWS key ID.

670
01:01:52,290 --> 01:02:03,190
And normally, that's kind of useful because it's just like, hey, you can show kind of part of the key ID, but you can't really enter in because you need to have special things or know how in order to sign it.

671
01:02:03,190 --> 01:02:18,770
With this extension, you can so I copied that key ID, I put that in there, I did other stuff to guess the secret, and then did that, that sign that pass that code off to that website, their network broke because that website and then I got access to the actual agent.

672
01:02:18,770 --> 01:02:20,590
And I got that point.

673
01:02:20,670 --> 01:02:31,650
So it may seem kind of useless if you don't are not dealing with AWS keys, whether it's for bug bounty or on your CTF, you can remove that or temporary turn off if you want.

674
01:02:31,650 --> 01:02:34,830
But this actually helped me get a flag on something.

675
01:02:34,830 --> 01:02:36,370
So that's why it's still up there.

676
01:02:36,370 --> 01:02:39,570
Okay, so do more quick recon things.

677
01:02:39,570 --> 01:02:41,610
This one I actually have to put in.

678
01:02:41,690 --> 01:02:45,650
This one has like a not CAPTCHA, but it has its own like, are you a human?

679
01:02:45,650 --> 01:02:46,270
Yes.

680
01:02:46,770 --> 01:02:55,530
So the BW is called built with and simply what this does is any website you're on, you click that, it tells you everything you need to know about the website of how they made it.

681
01:02:55,530 --> 01:02:57,050
So let's go right now.

682
01:02:57,050 --> 01:02:59,410
Actually, let's go to the NYC 2600.

683
01:02:59,430 --> 01:03:01,350
And I'll bring it up right here.

684
01:03:01,350 --> 01:03:09,450
Let's see, it's yeah, it says WordPress, Google front APIs, contains form seven, its framework is 2015.

685
01:03:09,510 --> 01:03:13,310
This is all public information, by the way, so I'm not like doxing them or anything.

686
01:03:13,530 --> 01:03:20,150
It has an Apple mobile web clips icon, viewport meta, it's basically very iOS compatible here.

687
01:03:20,150 --> 01:03:23,950
Its email hosting provider is SFS usage.

688
01:03:24,350 --> 01:03:29,370
That's SSL by default, and this again, just amazing recon.

689
01:03:29,370 --> 01:03:34,830
So I can like break down and know exactly what this website is built out of.

690
01:03:34,830 --> 01:03:36,510
And then I start finding websites with that.

691
01:03:36,510 --> 01:03:53,510
I've also encountered, there's actually plenty of CTS where sometimes in order to do proper recon for something on tech and defense, or let's say with the website, you there are actual flags sometimes where in order to do the exploits on the website, you actually have to look up an older version.

692
01:03:53,510 --> 01:03:57,870
And yes, you could type in archive.org or Wayback Machine and funnel through that.

693
01:03:57,870 --> 01:04:01,590
Or you can click on that trash bin icon and the Wayback Machine is right there.

694
01:04:01,590 --> 01:04:03,510
So you click on that, you type in the URL.

695
01:04:03,510 --> 01:04:05,170
Oh , by the way, are we still on that?

696
01:04:05,170 --> 01:04:06,330
Kurt, man, the middle slide.

697
01:04:06,330 --> 01:04:11,690
Can we go back two more slides so we can see the whole bar again?

698
01:04:11,690 --> 01:04:13,330
I realized I forgot to go back.

699
01:04:15,030 --> 01:04:15,790
There we go.

700
01:04:15,790 --> 01:04:16,430
Perfect.

701
01:04:17,090 --> 01:04:19,050
So sorry about that.

702
01:04:19,210 --> 01:04:22,650
And literally, I think in like two more minutes, we'll be done with this.

703
01:04:22,650 --> 01:04:24,710
But this gives you Wayback Machine right there.

704
01:04:24,710 --> 01:04:37,350
So instead of having to even type in the URL for Wayback Machine, you just click on that, type in whatever URL copy past that URL, and it will bring up all the stuff right there, you click on the older version, it will load a separate tab for it right there.

705
01:04:37,350 --> 01:04:40,190
So you don't have to fumble through Wayback Machine's actual website.

706
01:04:40,830 --> 01:04:45,030
The other gray, the gray icon to the right of that, because we're going left to right here.

707
01:04:45,350 --> 01:04:48,450
This is simply edits the website.

708
01:04:48,630 --> 01:04:52,090
In code wise, this will not affect the website directly.

709
01:04:52,090 --> 01:04:58,450
Let's say you're doing reconnaissance on a website or attack on defense, or you're trying to find a web exploit.

710
01:04:58,590 --> 01:05:00,290
And you have to jump for something else.

711
01:05:00,290 --> 01:05:05,690
But you want to write, hey, this is where we're gonna get into this moment, a hidden input is, you can click on that.

712
01:05:05,690 --> 01:05:14,970
And above the hidden input, you can type like, you know, quote, and make it red text, hidden input, unquote, and it will display that on the website visually.

713
01:05:15,130 --> 01:05:16,510
And then you go back and edit it.

714
01:05:16,510 --> 01:05:18,990
And then when you go back to the page, like where did I put the hidden input?

715
01:05:18,990 --> 01:05:20,070
Oh, I wrote it right here.

716
01:05:20,070 --> 01:05:23,570
So this basically allows you to doodle on the website and change whatever you want.

717
01:05:23,570 --> 01:05:25,570
It does not affect the end website.

718
01:05:25,670 --> 01:05:29,390
It also loads the website in that browser, you're not editing any of the actual code.

719
01:05:29,430 --> 01:05:31,150
It's just visually for you.

720
01:05:31,150 --> 01:05:34,610
So you can take notes on what you're doing with that website.

721
01:05:34,910 --> 01:05:37,250
Um, we get out of that mode in a second.

722
01:05:37,250 --> 01:05:38,750
So you click it to turn it off.

723
01:05:38,950 --> 01:05:40,550
It's going to be a bunch of web stuff next.

724
01:05:40,550 --> 01:05:42,390
So we're going to jump to over.

725
01:05:42,390 --> 01:05:43,510
So we're skipping that bug.

726
01:05:43,510 --> 01:05:46,830
There's a reason why I'm skipping all the little bug icons, by the way.

727
01:05:47,030 --> 01:05:55,210
So the next one that's that HTML5 logo that's left to the gear, this is simply a blocker.

728
01:05:55,210 --> 01:05:59,670
So it has four categories, JavaScript, CSS, image, object and media.

729
01:05:59,670 --> 01:06:02,890
And you can go to website and you can click on the CSS tab.

730
01:06:02,890 --> 01:06:09,450
And when you refresh the page, all the CSS will turn off and it will load but not load any of the CSS.

731
01:06:09,450 --> 01:06:17,370
Same thing, you can turn off all the images, you can turn off all the JavaScript, even though you could do that also with no script, all the objects, all the media.

732
01:06:17,370 --> 01:06:25,050
And again, not only you can tell by futzing with it, how a website's built without even looking at the code.

733
01:06:25,610 --> 01:06:31,930
If you want more comprehensive editing for a website, you have that gear icon, which is web developer.

734
01:06:31,930 --> 01:06:33,910
This lets you access and see.

735
01:06:34,350 --> 01:06:37,110
It allows you to disable, turn on, off, way more things.

736
01:06:37,110 --> 01:06:45,890
So for example, they have a CSS tab and this allows you to disable all styles, you can disable all the embed styles, all the print styles, edit the CSS or view it directly.

737
01:06:45,910 --> 01:06:48,970
And it's just a more comprehensive of the previous extension.

738
01:06:48,970 --> 01:06:50,930
These next two are quite simple.

739
01:06:51,190 --> 01:07:01,050
So that little Superman icon with the HTML5 logo opens up a new pad, you can edit HTML5 directly in there, not the website you were on.

740
01:07:01,050 --> 01:07:11,670
But if you have to generate any sort of HTML, like copy it, does it right there, gives you four windows, an HTML editor, a CSS editor, a JavaScript editor, and the preview of all three of them will look like when you load it.

741
01:07:11,670 --> 01:07:17,010
And you can do website stuff there without loading VS Codium or TXT or whatever.

742
01:07:17,010 --> 01:07:21,030
Similar to its one next with that little M pointed down icon to its right.

743
01:07:21,030 --> 01:07:24,070
Markdown editor opens up a new window for markdown.

744
01:07:25,430 --> 01:07:31,730
And it works exactly like any other editor on the left is the markdown code on the right is all the formatting that you can see.

745
01:07:31,730 --> 01:07:33,890
So you can edit markdowns right there.

746
01:07:33,890 --> 01:07:45,770
Also to note, I've configured this browser a so that not only when you click on a dot MD or a markdown file, it will actually show the markdown code in the website.

747
01:07:45,770 --> 01:07:52,870
So it won't load down the it won't download the file, it won't show you the finished thing with the formatting, it will show you the markdown code right there.

748
01:07:52,870 --> 01:07:56,290
So you can copy pasta that into the markdown editor all in browser.

749
01:07:56,330 --> 01:07:58,530
But it also does that with JSON files.

750
01:07:58,530 --> 01:08:02,370
So instead of downloading the JSON, if you want to download it, you can right click save it.

751
01:08:02,370 --> 01:08:07,470
But if you click on the link, it will load all the dot JSON information right there in the browser.

752
01:08:07,470 --> 01:08:08,970
So just putting that out there.

753
01:08:09,750 --> 01:08:11,070
Okay, we're almost done here.

754
01:08:11,070 --> 01:08:19,450
So the next one, which is very useful, let's say you're going to a website, you're doing recon, or you're trying to find exploit, but it has a billion pieces of information.

755
01:08:20,150 --> 01:08:29,530
There's like, let's say you're on the New York Times, or you're trying to find bugs, bugs from New York Times, but it's just you know, you know, the New York Times are just bullet shot, just stuff everywhere, images and everything.

756
01:08:29,750 --> 01:08:37,070
What this does, it's called the headings map, you click on it, it opens up kind of like a browser bookmark tab to the left of the website.

757
01:08:37,110 --> 01:08:39,710
It's the current website you're looking at there opens it up.

758
01:08:39,730 --> 01:08:43,650
And it gives you in text a breakdown in a tree.

759
01:08:43,790 --> 01:08:54,510
So, you know, for New York Times, it will say top news story, and then underneath that list, all the news story listings, and then underneath that will be like opinion piece header, all of that.

760
01:08:54,510 --> 01:09:00,590
So just visually, in text breaks down all the stuff that you're seeing, so you're not overwhelmed with noise.

761
01:09:00,590 --> 01:09:06,390
And you can go and click on a section and it will bring visually the website you're looking at right to that section.

762
01:09:06,390 --> 01:09:08,270
Again, we're trying to speed up the process.

763
01:09:08,270 --> 01:09:11,990
So instead of you trying to be like, what am I looking at, what I'm looking for, you click on headings map.

764
01:09:11,990 --> 01:09:17,950
Okay, that's what I was looking for content creation, click and it'll bring you right there all inside the browser tab.

765
01:09:18,130 --> 01:09:23,010
These next two, I love these two, I love these extensions.

766
01:09:23,010 --> 01:09:26,330
So that little fox icon has nothing to do with Firefox.

767
01:09:26,670 --> 01:09:28,870
It's called hack the form.

768
01:09:29,090 --> 01:09:32,170
And simply what it does, and if I had video, I would show it to you.

769
01:09:32,170 --> 01:09:33,710
So I'll show that next week.

770
01:09:33,790 --> 01:09:36,450
There's a thing in HTML called hidden input.

771
01:09:36,450 --> 01:09:48,110
So anytime you see a little input window, a lot of times when you're typing stuff, there's other info that's being dynamically it's encoded into the page, but it doesn't render and you visually can't see it.

772
01:09:48,110 --> 01:09:54,850
So let's say, you know, you're typing in, oh, I don't know, like, maybe like, it's a directory listing for different restaurants.

773
01:09:54,850 --> 01:10:02,790
But when you type in the restaurant name, it's breaking down, like, what font you're using, what's capital and what's lowercase, things like that.

774
01:10:02,790 --> 01:10:11,230
And with JavaScript stuff, in particular, if you have a password screen, there's a lot of stuff that's not rendered on the page that's showing behind the scenes.

775
01:10:11,230 --> 01:10:15,770
Because if you saw those things, be able to reverse engineer the password.

776
01:10:15,770 --> 01:10:27,990
If you ever are on an input thing, you click the hack the forum button, and it will show what the inputs are in real time as if it was rendered in the browser without that privacy shield turned off.

777
01:10:27,990 --> 01:10:34,030
So I've literally had challenges where they make a base website, and it's like, tee hee, haha, people don't usually do this anymore.

778
01:10:34,030 --> 01:10:38,930
There's a JavaScript login password instead of trying to do like, brute force attack and scripting.

779
01:10:38,930 --> 01:10:51,170
I just click hack this forum, literally shows the password in the hidden forum part of it and the copy paste of that password into the password and yo dog, I heard you like passwords I got in, things like that.

780
01:10:51,170 --> 01:10:57,210
The one to the right of it, which I actually need to place it differently on my browser, it's called I am not a human.

781
01:10:57,210 --> 01:10:58,210
It's simple.

782
01:10:58,250 --> 01:11:01,850
A lot of websites respond differently if they think you're a bot.

783
01:11:02,390 --> 01:11:22,030
So besides chameleon, which I'll get to near the end, if you show up, for example, Amazon.com, you click on that button, Amazon will show you a ton of developer information that users don't normally see, just because it thinks you're a bot that's looking at developer information.

784
01:11:22,030 --> 01:11:37,010
So sometimes by advertising yourself as a bot through the browser, you will get browser information for whatever you're doing reconnaissance on or bug bounding or you didn't even know what that was there or that could be rendered on the page and you can toggle it on and off.

785
01:11:38,130 --> 01:11:40,290
To the right of that is .git.

786
01:11:40,290 --> 01:11:44,930
If that website has any git repos, it will search for them, bring them all up.

787
01:11:44,930 --> 01:11:51,370
You can download each individual one because there's some web challenges where you have to find the hidden git repo and in that git repo is a flag.

788
01:11:51,370 --> 01:11:53,490
This will find it almost instantaneously.

789
01:11:54,070 --> 01:11:56,790
To the right of that is a code injector.

790
01:11:56,790 --> 01:12:03,530
So this is another place where you can put in scripts similar to the man in the middle, but instead you're doing code injection directly on the website.

791
01:12:03,530 --> 01:12:05,590
I also have another code injector.

792
01:12:05,590 --> 01:12:14,470
If you do the control shift B, sorry, not control shift B, the control B for bookmarks, you can change the tab.

793
01:12:14,470 --> 01:12:20,490
There's another injection for right there just in case you're in the bookmark area, but it's always good to have a script injector.

794
01:12:21,390 --> 01:12:26,870
And actually both of these, the blue one and that black one next to each other, there's a code injector and script injector.

795
01:12:26,870 --> 01:12:28,510
They each have different tool uses.

796
01:12:28,510 --> 01:12:30,070
So I put both of them on there.

797
01:12:31,010 --> 01:12:33,090
I also have a JavaScript injector.

798
01:12:33,090 --> 01:12:36,070
So all three of those are injector apps.

799
01:12:36,150 --> 01:12:42,810
Probably you only really need one of them, but I put it so that when you download the profile, whichever ones you don't want to use, you can delete.

800
01:12:42,950 --> 01:12:46,370
So that little playback looking icon is called tweak.

801
01:12:46,890 --> 01:12:47,830
It's grayed out.

802
01:12:47,830 --> 01:12:50,330
It's left to that little circle with the IP.

803
01:12:50,550 --> 01:13:00,110
And what it simply does, and it's really powerful, is it allows you to mock and modify HTTP and HTTPS requests, which is really useful if you're doing CTF stuff.

804
01:13:00,190 --> 01:13:10,390
Finally, the last of the recon stuff, the IP and the circle, it uses DNS Linux to search for the IP of the website that you're on.

805
01:13:10,390 --> 01:13:15,630
And it does the reverse DNS, the IP range, all of that shows you visual maps of where all that stuff is located.

806
01:13:15,630 --> 01:13:27,130
And then to the right of that, the one that says IMP will show you what your current IP address is, which is really useful if you're using Tor or VPN, so that you know if it's like working or not.

807
01:13:27,130 --> 01:13:31,850
So it's like in my VPN, you guys, oh, that's my ISP.

808
01:13:32,190 --> 01:13:39,230
Or maybe someone's like doing weird things, like let's say attacking defense, and they're affecting your ISP on your side, you'll be able to click on it.

809
01:13:39,230 --> 01:13:43,150
Just really good to know what your current ISP is at any time that you want.

810
01:13:43,430 --> 01:13:46,610
The right of that is a really useful tool called Lightbeam.

811
01:13:46,650 --> 01:13:49,590
This is a depreciated extension by Firefox.

812
01:13:49,590 --> 01:14:01,750
And essentially, as you browse websites, you ever see any fans of... it's always sunny in Philadelphia, so you probably remember the whole Pepe Silvia skit that turned into a meme where he goes completely paranoid at his job.

813
01:14:01,750 --> 01:14:06,570
So he has the whole newspaper clippings, and he has the string yarn connecting all this stuff.

814
01:14:06,690 --> 01:14:12,270
That's what Firefox Lightbeam does, but it does that with you visiting websites.

815
01:14:12,270 --> 01:14:26,050
So as you visit websites all the time, it will show you a visual graph of all the websites that you've visited, how those websites relate to each other, and to the other websites like other Google Analytics and other data mining stuff of what's connected to it,

816
01:14:26,050 --> 01:14:27,930
and where, and what those are connected to.

817
01:14:27,930 --> 01:14:33,350
So it gives you a topology map of where you've been surfing, and where those websites have been.

818
01:14:33,350 --> 01:14:43,270
Final couple of extensions here on this bar, and then we have two more to look at, and we're done, is NetSpeedTest, which just basically at any time lets you test your internet speed.

819
01:14:43,270 --> 01:14:46,650
You click on it, it's right now estimating my base speed right now.

820
01:14:46,650 --> 01:14:52,670
It takes a little bit, a couple of seconds, if it... probably by the time I'm done talking it will load, but I'm not going to read you this stuff.

821
01:14:52,670 --> 01:14:55,010
But it lets you know your uptime, downtime speed.

822
01:14:55,010 --> 01:15:01,270
Again, a lot of times when you're, especially in attack and defense, if your speeds are off, that means something wrong is going on.

823
01:15:01,270 --> 01:15:05,910
It's kind of like how they say if you hear your fan kick on, you're being hit by malware or a miner.

824
01:15:06,090 --> 01:15:16,530
A lot of times, F3 goes on with... people are screwing around with your network speed when they modify something on your network.

825
01:15:16,530 --> 01:15:19,530
So that's just a great way to know what's your speed going on.

826
01:15:19,530 --> 01:15:24,550
To the right of that is Network Monitor, just shows all the different types of requests, information.

827
01:15:24,550 --> 01:15:31,510
The right of that is Chameleon, which allows you to change your user agent to all different types of browser and operating system types.

828
01:15:31,510 --> 01:15:32,890
Always very useful.

829
01:15:32,970 --> 01:15:35,530
And then finally is SimpleLogin.

830
01:15:35,530 --> 01:15:40,210
So anytime you have to deal with a CTF or a recon, it's also just good for private stuff in general.

831
01:15:40,550 --> 01:15:43,790
You create an account here, you can also sign with an API key.

832
01:15:43,850 --> 01:15:47,390
And what SimpleLogin will do is it'll generate endless forwarding emails.

833
01:15:47,390 --> 01:15:52,150
So you can hit generate a new email, it generates it, you put it in that to sign up for the account.

834
01:15:52,150 --> 01:16:02,490
And let's say they start spamming you about Cuisinart food vacuum cleaners and stuff, you can kill that account and it doesn't know what your email is because that was simply a forwarding address.

835
01:16:02,490 --> 01:16:05,250
Spins up endless email forwarding address.

836
01:16:05,470 --> 01:16:07,270
All the way to the left.

837
01:16:07,270 --> 01:16:12,390
So if you look at what I have with the presentation, you can see the full browser.

838
01:16:12,410 --> 01:16:17,170
All the way to the left, there is a little eraser icon.

839
01:16:17,430 --> 01:16:20,570
There's a reason why quarantine that all the way to the left.

840
01:16:20,570 --> 01:16:22,590
This is the forget button.

841
01:16:22,670 --> 01:16:40,690
What this does is if your browser is really screwed up or compromised, especially in red team blue teaming, they've screwed your browser up, you've downloaded some or there's some malicious cookie that you just can't modify or get rid of, and you're about to be screwed,

842
01:16:40,690 --> 01:16:48,730
or they're pulling information off your browser, you hit that button, it closes Firefox, it opens it again, and everything about this is gone.

843
01:16:48,790 --> 01:16:51,250
You will still have the extensions there.

844
01:16:51,250 --> 01:16:54,570
But your bookmarks will be gone, your cookies will be cleared.

845
01:16:54,730 --> 01:16:56,750
Everything that you were doing with that is gone.

846
01:16:56,750 --> 01:16:58,350
It's essentially a giant reboot button.

847
01:16:58,350 --> 01:17:00,230
And that's why it's quarantine all the way to the left.

848
01:17:00,230 --> 01:17:08,410
I didn't want to put it with the rest of these icons and you're like trying to figure out your network speed and up, I click the nuke button and it killed everything.

849
01:17:08,410 --> 01:17:10,350
So I put that button all the way there.

850
01:17:11,150 --> 01:17:15,010
Finally, last two things about this and I swear to God we're done.

851
01:17:15,570 --> 01:17:23,670
A lot of people probably know the whole F12 that when you're on Chrome and Firefox, when you hit F12, you can inspect the current code on there.

852
01:17:23,670 --> 01:17:26,770
Like right now I'm in Firefox as a console debugger.

853
01:17:26,950 --> 01:17:29,870
Stuff by default, it's really good for like when you're making websites.

854
01:17:30,310 --> 01:17:35,410
A couple of the extensions, which is why I skipped some over them, use this and interface with this.

855
01:17:35,510 --> 01:17:38,910
So the first one that I've added here is FirePHP.

856
01:17:39,090 --> 01:17:42,750
And simply what that thing does is that those are those little bug icons.

857
01:17:42,750 --> 01:17:48,530
So when the little bug icon lights up, let's you know there's PHP you can exploit and edit.

858
01:17:48,670 --> 01:17:56,110
You can also go into the URL tab and hit the little button to enable and turn it on.

859
01:17:56,110 --> 01:17:59,250
So it can look at it up like yes, you can read it.

860
01:17:59,250 --> 01:18:14,590
And what it will do is you can start looking at and potentially if it's super insecure, start editing the PHP right there without having to use a red teaming application to go to URL and pull their PHP out manually and then look at it on your code.

861
01:18:14,590 --> 01:18:17,670
And you can do it right here on the F12 tab.

862
01:18:18,630 --> 01:18:30,810
Same thing with the HTML validator, which will allow you to go through the HTML code and see if there's any exploits line by line through the code of the website that you're currently looking on.

863
01:18:30,810 --> 01:18:36,070
So it's really good to use in conjunction with the WP scan and the pen testing box and everything else.

864
01:18:36,070 --> 01:18:40,290
And then I put both hack bars in here offhand.

865
01:18:40,290 --> 01:18:48,090
So I know I already have the script injectors, but let's say you're in the F12 thing and you for some reason don't want to move your mouse all the way up to do the script injection.

866
01:18:48,090 --> 01:18:50,170
You can do both of them right here.

867
01:18:50,330 --> 01:18:56,790
SQL, XSS, LFI, the other one has LDAP, WAIF, things like that.

868
01:18:56,790 --> 01:19:00,230
And then lastly, also in F12 is its own cookie editor.

869
01:19:00,230 --> 01:19:07,410
So again, if you don't want to go into web mode, you're right now in the debugging mode, you can do the cookie editing right there.

870
01:19:07,410 --> 01:19:09,090
And that's all the F12 stuff.

871
01:19:09,090 --> 01:19:11,530
So yeah, a couple of modifications in the background.

872
01:19:11,530 --> 01:19:16,370
Again, it loads JSON and markdown files directly in browser.

873
01:19:16,370 --> 01:19:19,150
One or two privacy things and search stuff are enabled.

874
01:19:19,150 --> 01:19:20,730
Most of its extensions.

875
01:19:20,830 --> 01:19:23,070
Again, you probably need all of these extensions.

876
01:19:23,070 --> 01:19:24,970
It depends on what your threat model is.

877
01:19:24,970 --> 01:19:29,930
I just put this together because it covers every single thing you would need to do for red teaming.

878
01:19:29,930 --> 01:19:41,570
So whether you are going to load your own Firefox profile instance, and download individual extensions, because you only need five, or if you take the profile and you take some of them off or put them back on, it's all up to you.

879
01:19:41,570 --> 01:19:44,550
I just put everything there so you can edit it all if you want.

880
01:19:44,550 --> 01:19:56,170
And to use a modified quote from Fear and Loathing Las Vegas, when you start an extensive red teaming browser extension list, you tend to try to push as far as it can go.

881
01:19:56,170 --> 01:20:04,550
Before I end the talk, the last thing that I want to tell you about this is, you'll notice in that bar underneath, there's a bunch of bookmark files.

882
01:20:04,590 --> 01:20:05,850
And these have different things.

883
01:20:05,850 --> 01:20:12,690
And first of all, because I made it and it's under GCG 201, there's a link to our Medium blog.

884
01:20:12,690 --> 01:20:16,450
So that's my accredited to our group.

885
01:20:16,510 --> 01:20:21,250
And you click on it, brings up our page, tells you when the meetings are, things like that.

886
01:20:21,250 --> 01:20:22,830
That's all that bookmark is.

887
01:20:22,830 --> 01:20:24,850
But then there are four folders.

888
01:20:24,850 --> 01:20:27,170
Other bookmarks are just random bookmarks for things.

889
01:20:27,170 --> 01:20:32,910
It also has bookmarks for some extensions you might want to look at that I just simply didn't include because I didn't think they were that important.

890
01:20:32,910 --> 01:20:44,130
But the three main ones here is you have an Hacker OS bookmark tab, which will, if you've never had to do pre-made OS for penetration testing, it has all of them here.

891
01:20:44,130 --> 01:20:51,990
It has different versions of Kali Linux, Power Security, Black Arch, guides to how to modify your MacBook.

892
01:20:51,990 --> 01:21:02,050
Let's say you're loading this browser on a MacBook to make it CTF ready, has listings for Windows options, things like that.

893
01:21:02,050 --> 01:21:19,770
The Privacy tab not only gives you guides of how to do better web privacy stuff, but also gives cool listing tools for if you were more privacy conscious as the link right here for SecureDrop, a link to an XFS cleaner, CryptPad for sharing notes, cryptography advice,

894
01:21:19,770 --> 01:21:20,430
things like that.

895
01:21:20,550 --> 01:21:38,810
But the two big ones here are the Pentest links, which to me is a curated list of online tools that you can use that are not extensions that you'd be able to use for this, such as the Crocodile Hunter from Electron Chair Foundation, which allows you to track certain extensions in real time,

896
01:21:38,810 --> 01:21:51,210
has an NFT scanner, if your challenge has to do with NFTs, because I've seen a couple of those challenges pop up, Browser Leaks, which allows you to test the actual Firefox browser that you're currently in, stuff like that.

897
01:21:51,210 --> 01:21:54,050
And then probably the most important tab is a Learn page.

898
01:21:54,050 --> 01:21:56,630
This has tutorials for all sorts of things.

899
01:21:56,630 --> 01:22:01,470
It has documentations for different versions of Linux like Debian.

900
01:22:01,470 --> 01:22:04,870
It has a free and open source programming book directories.

901
01:22:04,870 --> 01:22:07,930
It has networking books, cryptography books.

902
01:22:08,010 --> 01:22:19,610
By the way, one extension I forgot, you can not only right click images and it can stenography, look at the graphics of that image, but you can also right click highlighted text.

903
01:22:19,610 --> 01:22:26,370
Like let's say you find an encrypted key, like the actual encrypted key, all that crazy stuff.

904
01:22:26,490 --> 01:22:33,550
You can highlight that, right click it, and you can use different cryptological methods to attempt to decrypt it.

905
01:22:33,550 --> 01:22:47,350
So I forgot to mention that, but there's cryptography books in this browser listing, and it also has links to CTF resources, such as Hack the Box, and Hacker 101, Pico CTF, which is a great beginner CTF.

906
01:22:47,350 --> 01:23:14,390
And then all the way at the bottom, it has a bunch of really useful tutorials on how to do a lot of intermediate to complex CTFs and security stuff, such as securing a shell account on a shared server, or how to set up VM instances so you can learn how to do password cracking all on your own time,

907
01:23:14,390 --> 01:23:18,290
how to use Metasploit, things like that, all in there.

908
01:23:18,290 --> 01:23:31,430
So if you're ever lost, or you downloaded this, and you're like me when I started this beginning CTF, and you're like, I don't know really how to program in Python, and how do you do this subscripting stuff, that Learn tab has all the stuff in there.

909
01:23:31,430 --> 01:23:49,030
And yeah, quick recap, basically my talk has extensions, has a lot of reconnaissance, bug bounty, and even direct red teaming attack stuff, such as man-in-the-middle, IP scanning, script injections, things like that.

910
01:23:49,130 --> 01:23:58,050
And it has a ton of resources for learning on how to do red teaming and privacy and security stuff all built in.

911
01:23:58,370 --> 01:24:04,170
Next week, the day after, so the DCG 201 meeting is going to be on August 19th.

912
01:24:04,170 --> 01:24:09,790
That one's going to be in person at Helen's Pizza in Jersey City, New Jersey.

913
01:24:09,790 --> 01:24:12,710
All the information will be on our blog on Monday.

914
01:24:13,090 --> 01:24:22,370
The day after will be the live stream version of that meeting, and I will visually go over the same thing all over again, except I'll be clicking and doing this stuff in real time.

915
01:24:22,390 --> 01:24:29,510
And that day, you will see a blog post that will go over, it'll have the individual extensions and the links to them.

916
01:24:29,510 --> 01:24:32,050
So if you just want to download them individually, you can.

917
01:24:32,050 --> 01:24:41,890
And then it will have both a zip and a tar that you can bring in, go to about colon profiles, drag and drop that into a new profile, and it'll load up all this stuff as is.

918
01:24:41,890 --> 01:24:46,730
And you can just start literally hacking away at websites and doing bug bounties.

919
01:24:46,790 --> 01:24:50,050
So I wasn't planning for any questions or anything.

920
01:24:50,050 --> 01:24:54,590
I didn't know if anyone had any, but if you did, I guess you could say that now unless we're out of time.

921
01:24:54,590 --> 01:24:58,850
Otherwise, thank you for listening to me ramble about extensions for a while.

922
01:24:58,850 --> 01:25:01,310
I cannot wait till the tool drop next week.

923
01:25:01,310 --> 01:25:03,910
And when you do it, definitely send me feedback.

924
01:25:03,990 --> 01:25:05,450
Tell me if things aren't working.

925
01:25:05,450 --> 01:25:07,610
Tell me if certain extensions have stopped working.

926
01:25:07,610 --> 01:25:13,090
If you have a better idea of how to do something or a better extension or a better modification, tell me that.

927
01:25:13,090 --> 01:25:20,610
Not only will I add that in there, but I will credit you on the blog and stuff for any further modification that I've made if you've made any suggestions.

928
01:25:20,610 --> 01:25:25,970
So thank you for listening, and I hope everyone has a fantastic DEF CON, whether you're in person or virtually.

929
01:25:26,410 --> 01:25:33,170
And as Locklab used to say, stay safe and stay legal.

930
01:25:33,170 --> 01:25:37,070
And if Vegas floods again, do not try to surf the waves.

931
01:25:37,310 --> 01:25:38,530
I'm from New Jersey.

932
01:25:38,530 --> 01:25:39,930
I know the Hudson River.

933
01:25:39,930 --> 01:25:42,790
Just like the Hudson River, you don't know where that water's been.

934
01:25:42,790 --> 01:25:43,350
Thank you.

935
01:25:43,350 --> 01:25:46,010
I don't know if there's time for questions, but that's the end of my talk.

936
01:25:46,750 --> 01:25:50,290
Well, thank you for such an interesting presentation.

937
01:25:50,470 --> 01:25:53,910
And this is the last presentation of our event.

938
01:25:54,030 --> 01:26:02,350
Our space will be open through noon tomorrow, so you can come back and play around and throw the cow off the roof and hang out and talk and that sort of thing.

939
01:26:02,350 --> 01:26:03,170
I'll be there.

940
01:26:04,510 --> 01:26:07,750
And you can ask some questions tomorrow too.

941
01:26:07,750 --> 01:26:12,590
And also, we have fireworks for the grand finale, so go at it.

942
01:26:12,630 --> 01:26:13,910
Thank you all for coming.

943
01:26:15,630 --> 01:26:17,070
Woo!

944
01:26:17,070 --> 01:26:18,010
Thank you.