A security engineer's blog about his projects, research, philosophy, and career. https://chris.partridge.tech/ Sun, 01 Mar 2026 21:07:25 +0000 Sun, 01 Mar 2026 21:07:25 +0000 Jekyll v4.2.1 A quick dive into a hilariously unconvincing, malware-laden email that I received which is impersonating the IRS. I love the self-assessment model for taxes in the USA, the billion-dollar companies that profit off taxes being confusing and difficult, and hundreds of millions of dollars spent in lobbying to keep it that way. It's great for everyone and has only positive network effects. This is sarcasm. Sun, 01 Mar 2026 00:00:00 +0000 https://chris.partridge.tech/2026/tax-season-irs-impersonation-malware/ https://chris.partridge.tech/2026/tax-season-irs-impersonation-malware/ malware Threat actors seem to enjoy targeting InfoSec professionals (or each other? honestly idk), but aren't always good at it. More obvious lures and obvious malware - this time SmartLoader. Sun, 19 Jan 2025 00:00:00 +0000 https://chris.partridge.tech/2025/fake-fortigate-leaks-peddling-malware/ https://chris.partridge.tech/2025/fake-fortigate-leaks-peddling-malware/ malware Tired of seeing bullshit alerts about dependencies in your containers, which have some crazy new vulnerability, but aren't part of your application and don't really need to be there? Me too! Stop wasting time and start getting actionable security feedback by going distroless and eliminate all those unused dependencies. This example will show you how and why, using a sample Python application. Sun, 15 Dec 2024 00:00:00 +0000 https://chris.partridge.tech/2024/distroless-python-in-minutes/ https://chris.partridge.tech/2024/distroless-python-in-minutes/ docker distroless Are there Darwin awards for skids burning their C2 infrastructure? Sat, 30 Sep 2023 00:00:00 +0000 https://chris.partridge.tech/2023/malware-targeting-cybersecurity-subreddit/ https://chris.partridge.tech/2023/malware-targeting-cybersecurity-subreddit/ malware ViperSoftX is a multi-stage cryptocurrency stealer which is spread within torrents and filesharing sites, responsible for stealing hundreds of thousands of dollar-equivalent funds, mostly from individual users. Nearly three years after it was originally discovered, this malware campaign has more surprises in store, and I'm digging into its dropper/C2 ops. The first article of a series. Wed, 14 Dec 2022 00:00:00 +0000 https://chris.partridge.tech/2022/evolution-of-vipersoftx-dga/ https://chris.partridge.tech/2022/evolution-of-vipersoftx-dga/ malware c2 Mastodon is a great replacement for Twitter, but who knew it was also a replacement for LOIC too? I'm joking - but an observed traffic amplification factor of over 36,000:1 isn't very funny, especially not for 'intended behavior.' Fri, 09 Dec 2022 00:00:00 +0000 https://chris.partridge.tech/2022/request-amplification-in-mastodon/ https://chris.partridge.tech/2022/request-amplification-in-mastodon/ mastodon ddos HARICA - the only non-DigiCert certificate authority offering .onion certificates (for Tor hidden services) - has recently switched over to signing new certificates with their 2021 CAs. Here are some cliff notes on how to use HARICA's cross-certificates in your trust chain if that becomes a problem for you or your website viewers. Sun, 05 Jun 2022 00:00:00 +0000 https://chris.partridge.tech/2022/untrusted-harica-onion-certificates/ https://chris.partridge.tech/2022/untrusted-harica-onion-certificates/ field_notes pki certificates It's pretty sad that I'm paying money for a phone number to post online, specifically to get it pulled into the tools used by the multi-hundred-billion-dollar talent and marketing industries, just to have some peace and quiet during the day. In case you want to do the same, here's what I do and what (little) it took. Thu, 10 Mar 2022 00:00:00 +0000 https://chris.partridge.tech/2022/avoiding-unsolicited-calls/ https://chris.partridge.tech/2022/avoiding-unsolicited-calls/ twilio focus Once upon a time, I stumbled on to some dead links, and through preserved materials I easily recreated a now-defunct unitasking site about IPv6 ULAs. So why did the license on my personal blog change? Tue, 18 Jan 2022 00:00:00 +0000 https://chris.partridge.tech/2022/digital-resurrection/ https://chris.partridge.tech/2022/digital-resurrection/ creative_commons ipv6 It's now been over six months since I reported an incident to US-CERT, and was still a trivially exploitable SQLi on the Washington State Department of Transportation website. I made a partial public disclosure while this was still exposing sensitive contractor PII from 1986-2021 including last 4 of SSNs, as well as nearly 73k users from 1999-2021. Around one week after, this issue has been resolved, and I have updated this article to contain complete information. Thank you to everyone that helped get this fixed! Wed, 29 Dec 2021 00:00:00 +0000 https://chris.partridge.tech/2021/disclosing-wsdot-sqli/ https://chris.partridge.tech/2021/disclosing-wsdot-sqli/ disclosure Intel themselves don't publish any information on identifying Engineering Sample (ES) processors outside of checking the markings on the lid of the CPU. I had an ES CPU once upon a time, and here's what I saw when compared to another similar CPU - it's no definitive guide but it might be useful to some who are concerned about a secondhand CPU they've received. Fri, 03 Dec 2021 00:00:00 +0000 https://chris.partridge.tech/2021/identifying-intel-engineering-samples/ https://chris.partridge.tech/2021/identifying-intel-engineering-samples/ pc cpu About two days ago, hundreds of thousands of leeches were reported on Ubuntu's torrent tracker - downloading gigabits of data, but never reporting that they'd completed any chunks. My precious Linux ISOs (yes, really) were under attack. But whose botnet is this, why are they all downloading Ubuntu, and just how big is the botnet they're controlling? Let's dig in. Wed, 27 Oct 2021 00:00:00 +0000 https://chris.partridge.tech/2021/observing-a-botnet/ https://chris.partridge.tech/2021/observing-a-botnet/ infosec botnet ubuntu torrent What happens when you work for a household name? What happens when that household name has a reputation for only hiring and developing top tech talent? What happens when many recruiters and recruiting firms make a habit of poaching only "the best?" Turns out, your career growth goes exponential - and while that might be good for me now, it wasn't good for me before, and isn't good for the tech field overall. Tue, 05 Oct 2021 00:00:00 +0000 https://chris.partridge.tech/2021/prestige/ https://chris.partridge.tech/2021/prestige/ career