Imagine you wrote an OSINT data mining framework but can't figure out the answer to "what did I do yesterday and where did I lock my bicycle??"
Pinned Tweet
Follow
sn0int@chaos.social
@sn0int
Semi-automatic OSINT framework for data mining and attack surface enumeration in redteam engagements. Tweets about Rust, Linux, Supply Chain Security at
github.com/kpcyrd/sn0intJoined July 2019
sn0int@chaos.social’s Tweets
I'm trying to use a k8s replica set to specify "on how many computers should this run on" to exercise my pool of ip addresses, and apparently to tell kubernetes to always prefer a cluster node that has none of my pods yet, I need to write an anti-affinity policy.
1
2
twitter started displaying the sn0int handle the way it was intended hehe
3
How to landmine an org that uses the gitlab package registry:
The gitlab options {maven,npm,pypi}_package_requests_forwarding all default to on. If you register the org's pkgs on the public registry, their gitlab is going to serve your code if they ever delete their private pkg.
1
1
Quote Tweet
The hardest part of writing a malicious container registry is how fragmented the ecosystem is. Each of these are valid responses when pulling a specific container image by tag.
1
77
1,809
5,032
Show this thread
If you want to explore the attack surface of your target?
You can utilize the sn0int framework, which has different functional modules.
github.com/kpcyrd/sn0int
#OSINT #bugbounty #passivescan #reconnaissance #ThreatIntel #investigation #infosec #cybersecurity
8
18
Since `git archive` is deterministic/reproducible, could I authenticate a tar ball with a signed git tag? #supplychain
3
2
arch Linux, the OS you use while stealing wifi from the McDonald’s parking lot
41
68
891
Automated
1
3
9
makes great efforts for to happen and seeks #sponsorship to become an independent #OpenSource developer
I hope more people subscribe to sponsor this developer so the hard work may bring reward and not just consume spare time.
#fundraising
stackmuncher.com/kpcyrd
1
7
5
unredacter : Never ever ever use pixelation as a redaction technique : github.com/BishopFox/unre credits
GIF
14
697
1,892
I made a reproducible metasploit package for Arch Linux but I'm slightly hesitant rolling it out to all users immediately because I'm not that familiar with ruby. If you use metasploit and this package works/breaks for you, please let me know! pkgbuild.com/~kpcyrd/repro-
3
6
gonzalo@ modified security/sn0int: Update for Sn0nit to 0.24.1 OK bcallah@
2
1
Using a pseudonym for your open-source work is mostly about boundaries, if people who aren't paying you want to know your legal name for leverage that's a massive red flag for exploitative behavior 🚩🚩🚩
Quote Tweet
Example format of a "Software Bill Of Materials":
==LiteWMP Workpress Toolkit SBOM==
– Linux 5.9
– Apache Httpd 2.3
– 30,000 ideologically-motivated unpaid developers we know only by their usernames like like D3adassPawg69, who can inject code into our solution at any time
1
4
11
💡 Use this simple #OSINT trick to find people related to a #github org or user 💫
Get_Early_Stargazers.graphql gist.github.com/nil0x42/656ccf - by
#bugbountytips #threatintelligence #infosec
5
14
Dear doordash engineers, it could be worse: at least you're not asked to be an opensource worker
Quote Tweet
Since people are tweeting about delivery workers right now: this is how much I made last month delivering food 2 days a week on minimum wage vs how much I made working on opensource 7 days a week (and I'm already blessed it's that high 
)
)
I was casually APTing with a friend and revisited the advanced scoping features we've briefly worked on a while ago. They are now more mature in v0.24.0 with the new `rescope` command:
1
2
Reminder that all my supply-chain content is now tweeted from this account (even tho there's overlap with offensive security in this one)
Quote Tweet
Would you be interested in a weaponized tool that demonstrates risks of signing-key-abuse for real life update systems, if you happened to have access to the right private keys? #supplychainsecurity
Show this poll
1
1
pew pew!
Quote Tweet
This is pretty big for me, after 7 years one of my repos has reached 1k github stars for the first time
Show this thread
5
sn0int 0.23.0 released, featuring perception-based image hashing for collected images and an option to set a proxy and different default user-agent in `sn0int run`
1
2
rebuilderd 0.15.0 very recently released, this is a short intro into what it is, how it works and how to build our own integrations! 🧵
1
7
6
Show this thread
There are very similar efforts in the open source world too! Did you know rebuilderd has a channel on the CNCF slack you can join to follow development? Feel free to drop by, ask questions or just say hi! cloud-native.slack.com/messages/rebui
Quote Tweet
Solarwinds stood up today with something to prove, obviously. Yes they implemented in-toto along with Tekton, and how do you validate that your entire build chain wasn't compromised? Run it twice. Using another isolated instance just for deterministic validation. 
Show this thread
1
4
7
Imagine you're trying to infiltrate a private event, got a foolproof(tm) plan for both id checks but security pulls you out for "not being well dressed enough" 👀
1
1
Featuring support for rebuilderd and in-toto: I've just published my blogpost of what I've been up to in September 🙌 vulns.xyz/2021/09/monthl
1
4
5
Introducing code review sundays - one bug at the time!
We are trained in finding bugs in CTF challenges, but what about real software?! That's why we started doing code reviews on a regular basis.
1
4
5
Show this thread
I've decided to use on twitter, the same name you might also have seen on github before. Welcome to my first tweet!
1
4
20
#redteam tip: want to discretely extract credentials from a CI/CD pipeline? open a *draft* pull request.
draft pull requests won't alert repository contributors, but will still trigger pipelines.
#cloudsecurity
1
8
25
Rebuilderd 0.14.2 released with minor bug fixes and is now available in the alpine [testing] repository.
SN0INT could very well be the Swiss Army Knife of #OSINT collection tools. It can:
✅ Extract #WhatsApp user info
✅ Scrape account info from adult sites
✅ Scan online images for obscene content
..plus lots more.
os2int.com/toolbox/huntin
#socialmedia #cyber #python #ruby
1
6
12
...and done! NYU's Arch Linux rebuilder now generates in-toto attestations. Here's an example: r-b.engineering.nyu.edu/api/v0/builds/
Quote Tweet
VERY excited about this! I'll be updating NYU's rebuilders to generate these attestations.
Also, shout out to @qjoyliu for her excellent work on adding in-toto support to rebuilderd as part of @gsoc 2021! twitter.com/sn0int/status/…
4
10
Really cool stuff 👀 Probably really useful to check if keys of former employees have been properly off-boarded, in case you don't have other means to do so.
Quote Tweet
Another forbidden tool:
"ssh-key-confirmer" - Wanted to know if a ssh public key would theoretically be allowed on a SSH target if you had the private key?
No worries. Thanks to how SSH works you can test this:
github.com/benjojo/ssh-ke
GIF
2
6
rebuilderd 0.14.0 released today 🚀 now with support to generate and distribute in-toto attestations, and experimental support to rebuild tails images:
1
6
13