SquareLemon Blog



So you got hacked, what now?

If you have just found out that one of your accounts has been hacked, you probably have a lot of questions. One of which is how to you undo whatever has been done and regain control. This is a good first question and I will attempt to cover this and the accompanying “how did this happen?”. The why and the who part can be more nuanced and very contextual so I’m going to steer away from that for now. [Read More]


Use Signal, Use Tor

.... some caveats

At times when people are likely to be out protesting or performing acts of civil disobedience all the advice comes out about how to conduct good OPSEC. Some advice is good, some is bad, some is well intentioned, and some it just dangerous. We often hear "Use signal, use tor" mentioned. It has become a mantra uttered both ironically and unironically as the goto advice from a number of people. But this lacks context, nuance, and a key bit of information. [Read More]


SecTor 2016 Presentation

A week ago I gave my talk “[Ab]Using TLS for Defensive Wins” at SecTor 2016. Here is my little blurb: TLS, and it’s older forerunner SSL, are used to maintain the confidentiality and integrity of network communications. This is a double edged sword for Information Security departments as this allows private information to remain private, but can also be used to hide malicious activity. Current defensive measures for dealing with network traffic encrypted using TLS typically takes one of two forms; attempting to detect malicious activities via other means which are outside of the encrypted session, such as endpoint security tools and IP address blacklists. [Read More]


FingerPrinTLS Example Use Cases

I have unbroken my blog, so in preparation for BlackHat Arsenal I have written up a few use cases for FingerPrinTLS. The specific examples I have given are: Supplementing IDS Malware hunting and enhancing ThreatIntel(sorry!) Feeds Protecting API endpoints and Web Servers Canaries for Unicorns Enjoy! [Read More]


things are coming...

I realise that I have not posted for a while, so I just wanted to drop a quick mini-post’ette to say that I have been working hard on a number of things to do with my TLS Fingerprinting side project. If you keep track of my GitHub page you’ll probably see the fruits of my labour first. I’m planning on creating a number of posts on using the FingerPrinTLS tool once I have a few more key items in. [Read More]


tls fingerprinting resources

Today I gave my talk at DerbyCon, “Stealthier Attacks & Smarter Defending with TLS Fingerprinting”. The links to all the resources are: Paper / Post giving a technical overview of the fingerprinting technique discussed. Slides from the talk, which probably don’t make much sense without the talk. Tools discussed during the talk Don’t forget to join in the conversation on twitter too either to my account or the FingerprinTLS account. [Read More]


Yes, I've been quiet

I haven’t posted for a while, largely because I have been working on some research that I have been doing, and am presenting at both SecTor in a few weeks, and DerbyCon tomorrow. I will be releasing some materials relating to this talk so that people who are not in attendance can obtain the information without having to listen to me on a recording, so if you are interested in TLS Fingerprinting, keep an eye out tomorrow as I will be publishing a longer than normal post with some of the technical details and tools. [Read More]


mitm the mitmers

Last week I mentioned that James Arlen and I gave the closing keynote at SCCongress Toronto. We had planned to do a live demo as part of the talk, but after reaching the venue and connecting to the wifi we found that it would not work as planned, specifically because the venue wifi was “correcting” my tampering of the DNS on the demo victim, they were still visiting the real website. [Read More]


sc congress toronto

Yesterday James Arlen and I gave the closing Keynote at SC Congress Toronto. If you would like to see the slides, we have made the available on slideshare: And the pre-recorded demo is available here (the live demo was, unfortunately, not recorded): [Read More]


bsides toronto 2015 is coming...

Returning for it’s third year, BSides Toronto has just been announced for 7th November 2015 and the CFP opened, so if you want to speak get your submission in! (details on the BSidesTO website). Keep an eye out on Twitter too as announcements when registration opens, speakers are announced, etc. I won’t be speaking this year because I have the pleasure of taking one of the spots as an organiser for the conference, so I will definitely be there… lurking :) [Read More]


Older Posts →