A quick warning to anyone who has a very simple passcode to their phone, you never know when you’re being recorded on camera or being watched across the room, if your passcode to get into your phone doesn’t involve your hand moving around to different keys too much its likely very simple for someone to guess your code. Someone entering the code 123456789 will be obvious to spot by the hand movement, as will someone using a passcode with only 1 digit repeated
As seen here with Lance Gooden unlocking his phone whilst being recorded. even though we can’t see the mobile phone screen it’s fairly obvious what the passcode is:
The same applies for unlock patterns which are a simple L or backwards L shape.
In Lances defence this could be a burner phone which only has a Whatsapp chat with the family, or he’s actually far smarter than he appears and has temporarily changed his code for the day if he knew he was going to be recorded. but it does highlight that if you are using a passcode/pattern as your only method of authentication to get into your phone you should try to use different characters as much as possible.
Here is a script courtesy of adithyaxx which helped me out recently.
I had a zip file containing hundreds of other zip files all contained within each other. The password for each file was it’s name. Manually typing in each password would have taken far too long, this little script helped automate the process.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
It opens up the zip file, reads the file name and truncates the .zip part, then uses the remaining that as a variable for the next password attempt and keeps going until it fails. The useful thing is that is prints out the attempts as it goes along in case there are any hidden patterns in the passwords names you need to pick up on:
It runs through about 2-3 unzips every second so a 500 file recursive zip file would take 5-10 minutes to get to the end of, compared with a few hours of working by hand.
Don’t be put off that it’s a french site, the link above takes you to the English translated version.
The site holds tools for decoding/encoding practically every type of encryption you will come across in all but the more advanced challenges. Instead of having to write your own tools for a variety of possible ciphers you think the puzzle uses you can stick your text in a bunch of possible decoders on this site and see what comes back with something sensible looking. It’s many times quicker than doing it manually or trying to search for a reliable tool.
All the encoding/decoding happens in the browser so you don’t need to wait for downloads. It’s quick and free. The list of tools it has is massive but some of the ones I’ve used to solve puzzles online are:
Even if you don’t know which Cipher you need for a challenge you can have a browse around this site and get some inspiration for possible cipher methods in a specific category.
As an example of how useful the site is here’s a basic rot cipher code where the letters have been shifted forward in the alphabet, the problem is you don’t know by how many places. Instead of running a rot decoder 26x the site has a brute force feature which will do it all at once for you:
Aopz dlizpal pz clyf bzlmbs
From that list we can clearly see that the code is shifted 7x and the decoded text is given to us.
I recently passed the AZ-300 and wanted to review some of the material I used to pass it in case anyone else is thinking of taking it and wants some advice on how to prepare.
This AZ-300 course from Scott Duffy is aimed at people wishing to take the Azure technologies exam from Microsoft, the exam itself covers a lot of high level concepts within the Azure system and aims to certify that you understand a wide variety of concepts within Azure at an architect level.
The syllabus is very broad and covers topics from networking, scaling up and out automatically, Security, Migration, Web apps and anything else you’d expect a consultant to be able to advise on if you were planning on moving to Azure.
The course consists of lots of videos split into neat sections covering the entire AZ-300 syllabus
The videos are high quality, clearly explaining what Scott is talking about
The audio quality is very high
Scott has clearly been using Azure for years and you get the impression he is talking about a lot of the topics from experience and not just documentation.
This course is nowhere near enough by itself to pass the AZ-300, the exam is very in depth and asks some awkward questions which this course does not prepare you for
The video course is only 10.5 hours, I suspect most people will be putting in 50+ hours of prep in order to pass the exam
There is a lack of practical lesson which would help put the course topics into practise.
Nobody is going to be passing the exam using just this study guide by itself. As you will need to buy other materials I can’t justify recommending this video series. Instead you should take a look and find a larger and more in depth course which provides lessons/labs to go alongside the theory. It is too easy to halfheartedly nod along to these video lessons without any of the knowledge sinking in.
The course content itself is well made, there just isn’t enough of it to make it worth while. The scenarios that would justify getting this course would be if you already have bought and used a larger 30-40 hour course and want to go over the topics again from a different perspective or if you are not interested in sitting the exam but just want to see what Azure has to offer as an alternative to AWS or on premise solutions.
Buy a larger course first, then some practise labs, then one or two sets of practise exam questions, and if you still need something extra to study after that then this course is the right thing to get.