Category Archives: Anti-Phishing

Barapass, Tsunami scanner, vulnerabilities in Windows DNS Server and SAP products, weird attack on Twitter

This episode is based on posts from my Telegram channel avleonovcom, published in the last 2 weeks. So, if you use Telegram, please subscribe. I update it frequently.

Barapass, Tsunami scanner, vulnerabilities in Windows DNS Server and SAP products, weird attack on Twitter

Barapass update

I recently released an update to my password manager barapass. BTW, it seems to be my only pet project at the MVP stage, which I use every day. 😅

What’s new:

  1. Now I am sure that it works on Windows 10 without WSL. And you can run it beautifully even with the icon. 😊 Read more about installation in Windows in this file.
  2. Not only “copy the next value to the clipboard” (or “revolver mode” ) is now possible in the search results section. You can also get the previous value or copy the same value one again if it was somehow erased in the clipboard. Previously, I had to retype the search request each time to do this, and it was quite annoying. By the way, I unexpectedly discovered that the user input history inside the application magically works in the Windows shell (using up and down arrows) without any additional coding. On Linux it does not.
  3. You can set a startup command, for example, to decrypt the container.
  4. The startup command and quick (favorite) commands are now in settings.json and not hard-coded.
  5. settings.json, container files and decrypted files are now in “files” directory. It became more convenient to update barapass, just change the scripts in the root directory and that’s it. I divided the scripts into several files, now it should be more clear how it works.

So, if you need a minimalistic console password manager in which you can easily use any encryption you like – welcome! You can read more about barapass in my previous post.

Continue reading

Anti-Phishing process with advanced phishing attacks simulation

This time I want to write about the service of my friends from Antiphish. They call it “security awareness and employee behaviour management platform”. Simply put, they teach company employees how to detect and avoid phishing attacks.

By the way, they are great guys, made a demo for me, prepared custom templates, like in real PoC for a corporate client. Thanks so much for the excellent work!

The main idea

When you sign in to the Antiphish interface, you see the dashboards with information about the people who studied security courses, were tested during the course and were checked using emulated phishing attacks (some of these attacks are amazing, and I’ll show them at the end). This is the main idea. How can you protect your organization from phishing attacks? Educate people and constantly provoke them. Not just to send an email and see the employees who visited your “malicious” website. No, there should be a process!

Continue reading