Social Engineering 101 or The Art of How You Got Owned By The Random Stranger

So it’s been forever since I have posted. I have been busy between leaving the military, school, and having a REAL job now. Today I had the privilege of speaking at the Second Annual Cyber Security Conference for Collin College hosted by North Texas ISSA. Below is a copy of my presentation from that conference.


Also, I was able to speak last month at NAISG DFW on this same topic. The talk was set for a somewhat less professional environment, as it was a lot of friends, and that version of the talk is below.


Cryptocoin Faucets

So I’ve gone a bit cray cray since DOGE came out, thanks to connection (she LOVES that I have spent so much time screwing with coins btw >.<). Totally understood how much of a joke it was, but it gave me my first glimpse of what cryptocurrency was and I started researching. Everything I’ve found out with it, I’ve ensured to try and share back the knowledge with the community (mainly on /r/bitcoinforbeginners). A shout out to giveen is deserved as well since he helped me understand a lot of the trading aspects.

So what I have done is taken EVERY coin I could find that had a faucet and added it below. I’m aware that I probably missed a ton and if you know of any, please let me know below or through the contact form and I will get it/them added.

If you find any of this useful, please consider donating:
BTC:  1JSiEk9JGjCRaxbUjecHMKoxjCyofHbxzc
LTC:  LMTnjMtkG8osVDFN2Eh8u7hiD6gWsFdVFf
CRYPTSY TRADE KEY:  9ec7a1a482355b0f5d78502f09b820ed7cb4c2a6

ALPHA – ALF  –  24 hours  –  Google forms  –  requires email  –  Google forms – requires email – 1 time payout

Bitcoins – BTC  –  Collect from multiple faucets and has a faucet directly on main page that accumulates over time  –  2ubtc per submission  –  sent out in waves – 24 hour faucet – 3 hour faucet – 12 hour faucet – A list of multiple BTC faucets (most are listed on here) – 1000 satoshi every 24 hours – Sends to microwallet – Sends to microwallet – Sends to microwallet – hourly faucet – earn BTC for surfing ads (most are 10 seconds) – 30 minute faucet – sends to – 30 minute faucet – sends to – 30 minute faucet – sends to – view ads and earn mBTC – view websites and earn uBTC – payout is 100 uBTC – view websites and earn uBTC – earn uBTC for completing tasks – earn BTC for clicking ads – earn up to 30 satoshi – sent to microwallet– roll hourly to earn BTC – earn up to 1k satoshis hourly – payout at 100k satoshis – earn up to 500 satoshis – payout at 10k satoshis – hourly faucet – 54.3 uBTC payout – hourly faucet – payout at 5500 satoshis – 30 minute faucet – sends to – 30 minute faucet – sends to – 30 minute faucet – sends to – 30 minute faucet – sends to – complete offers for BTC – visit websites and earn uBTC – 30 minutes faucet – sends to – 24 hour faucet – “break a crate” and earn BTC – 30 minute faucet – sends to – 30 minute faucet – sends to – unlimited guesses – earn up to 2.4 BTC daily – 30 minute faucet – sends to – 30 minute faucet – sends to – 30 minute faucet – sends to – in spanish (shouldn’t matter) – 30 minute faucet – sends to – 30 minute faucet – sends to – 30 minute faucet – sends to – hourly faucet – offers code for – 2 hour faucet – sends to microwallet – hourly faucet – 100 satoshis every hour – payout is 50k satoshis – 24 hour faucet – 24 hour faucet – 24 hour faucet – payout at 0.00015930 BTC – 6 hour faucet – payout at 0.00005430 BTC – 30 minute faucet – send to – 30 minute faucet – sends to –  30 minute faucet – sends to – 30 minute faucet – sends to – 30 minute faucet – sends to microwallet – Takes you through roughly 60 faucets in one place

Bytecoin – BTE – (Malwarebytes shows as malicious)

CATcoin – CAT – Pays out at .001 CAT – No time restraints

COINYE – COYE – 12 hour faucet – 12 hour faucet

Cthulu – OFF – 24 hour faucet – unlimited submissions for .01 OFF

Devcoin – DVC – Pay per round – 24 hour faucet

Digitalcoin – DGC – 24 hour faucet – 24 hour faucet

DOGEcoin – DOGE – offers/faucets/giveaways – watch videos earn DOGE – Hourly – List of DOGE faucets – Pays out at 5 DOGE – Get paid for posting – sends up to 5 DOGE – “few hours” faucet – almost dead – 24 hour faucet – 1-100 doge based off your comment (funnier more doge) – 4 hour faucet – possibly broken (sends to send.php and blank screen) – unknown wait time

Earthcoin – EAC – no limit

EZCoin – EZC – 24 hour faucet

FASTcoin – FST – 24 hour faucet

Freicoin – FRC – paid per round – FRC raffle

FRANKO – FRK – 24 hour faucet

Gilcoin – GIL – Google forms – requires email – 1 time payout

Globalcoin – GLC – 24 hour faucet

Goldcoin – GLD – 48 hour faucet

Hypercoin – HYC – Google forms – 1 time submission

Infinitecoin  – IFC – 24 hour faucet

Kittehcoin – MEOW – 4 hour reset – Unlimited faucet with low payout – 4 hour reset

Litecoin – LTC – Adblock must not be installed – must reach .01 LTC before payout – hourly faucet – Hourly roll – win between 2u and 100u

Mastercoin – MSC – requires linking/verifying accounts

Memecoin – MEM – 24 hour faucet – Google forms – requires email – 1 time payout

Mincoin – MNC – 24 hour faucet

Mooncoin – MNC – hourly dispense – 1 to 2,100 moons

Namecoin – NMC
namecoin faucet – Asks how many coins you would like, not sure if it sends entire amount of coins requested

Nutcoin – NUT – Faucet dispenses 1 – 500 nutcoins

Nextcoin – NXT – account and email required

Onecoin – ONC

Particle – PRT – 3 hour faucet

QuickQuickcoin – QQC – 24 hour faucet

SEXcoin – SXC – 24 hour faucet

Unobtanium – Un

Weedcoin – WEC – Google forms – 1 time submission

Worldcoin – WDC – 24 hour faucet – 24 hour faucet

ZETAcoin – ZET – 24 hour faucet – 24 hour faucet

Updated Wordlist location

So, I have been extremely terrible about not blogging recently and for that I’m sorry. Life has been hectic. This is a quick post to say that my wordlist, which was originally on a torrent, has been on bindshell for quite awhile thanks to @jmgosney. Along with that, it was overhauled because when the original one was published, it was sorted and uniq’d, but not as well as I had thought. This updated one has been fixed which cut the size literally in half. I will start trying to blog more for those keeping an eye out.

Help With Writing Your Resume

So, this will start out as every other post does, thanking people who’ve helped with this idea! This list of people is @HackerHuntress, @spridel11, @diami03, the wife, justabill, and whiteb0rd. They helped me tremendously in getting my resume to where it is currently.

Now, with that being said let’s jump right in. Below is exactly how I have my resume. Here is a copy for yourself that you can adjust as needed.

First we have the header. 

First Last Name






As you can see, it’s nothing incredibly fancy. I used Microsoft Word (2007) to create my resume so copying it to here isn’t exact with the alignment and such. This portion is pretty self explanatory. Starting off, make sure that the phone number you use is one that can contact you. The email, if you do not have an email account that is professional ie: then you better get one! I can’t tell you how many times I’ve heard of people submitting a resume with some ridiculous personal email account, which in turn gets there resume sent to one place…the trash can. It’s easy, and sad, that I must say it but I wouldn’t if it weren’t true. Next is the Current Job Title. This is mainly for people who currently have a job but are searching for a new one. If you don’t have a job, I’d suggest putting whatever you WANT to do, ie security researcher or security analyst.

  • (Career field) professional currently pursuing a (degree) with a major in (major) from a (NSA CAE or similar). Seeks to compliment the skills of co-workers and advance the mission of the organization by providing technical expertise and business acumen in arriving at solid (career) solutions.

This summary should be the MAIN point of your resume. This is a quick summary of you that will explain why whatever company that is looking at your resume should hire you and essentially what they’ll be missing if they don’t. Starting off, you want to list yourself as a professional in whatever field you are in. In my case, Information Security professional, but this could be Human Resources or a hundred other possibilities. If you have or are currently pursuing a degree, then you want to highlight this in your first sentence. I have listed that my school is a NSA CAE, National Security Agency Center of Academic Excellence. If you currently go to a school that is such a thing, you want to make sure it is recognized. If not try to highlight what your school is known for. Next, you want to explain why they should hire you. As you can see, I’ve crafted a very good sentence that basically tells them in extremely “fancy” terms that you want to improve their company and your co-workers abilities with your knowledge. At the end of this sentence, ensure that you tell them you want to help them arrive at solid “career” solutions, meaning information security or human resources or penetration testing (whatever your career is).

US Army

January 2006 – Present

Senior Information Systems Specialist
  • Oversaw Network Security Violations for 20,000 personnel and managing a team of seven.
  • Lead helpdesk technician for 300 people.
  • Maintained network and system communications for 20,000 personnel stationed in Alaska.
  • Configured and managed over 40 Cisco devices.
  • Managed Active Directory for 20,000 personnel.
  • Taught upwards of 150 personnel on information security.
  • Maintained satellite communications.
  • Performed vulnerability assessments with (program).
  • Information assurance management officer.

Strategic Security

August 2012 – Present

  Senior Intern

  • Authored numerous lab manuals for Strategic Security facilitating training courses worldwide.
  • Configured and operated common industry vulnerability scanner to include Nessus.
  • Wrote open source intelligence and penetration test reports.
  • Develop post penetration reports providing business with valuable finding and recommendations.
  • Familiar with exploit development tools.

As you can see, yes this is directly from my resume (as I stated above). When listing things you’ve done for each job you NEVER want to say I because it’s your resume, obviously it’s about you! Think of it as a third person description of what you’ve done or if you were writing someone up for an award or promotion. It can be very difficult, but take time and ask for assistance if you need it. The way these are typed up could be the difference between getting a job based off your skills and not getting a job because the skills you list don’t mean anything to the job you’re applying for.

Education and Certifications







Lastly, you want to list your education and, if you have any, certifications. The way I recommend listing your education is from most recent to oldest, ending with your high school or GED. Ensure that whatever topics you studied, be it computer science, theater, etc, is listed since this will most likely relate to the job you are currently applying for. With saying that though, if you mainly took theater and are applying for a computer science position, I don’t suggest you list it.

If you have any questions, don’t hesitate to contact me on twitter, @drb0n3z, or comment below and I will respond when I have the chance. I don’t want to claim that I’m a professional at this, but I’ve been through a Department of Labor course specifically to help with writing resumes and finding a job in this terrible economy and have had help from HR recruiters (hackerhuntress). If you have suggestions as well, again don’t hesitate to contact me!

Passision – new wordlist creation tool

So awhile back Marcus Carey from ThreatAgent decided to ask for input on wordlist creation. The general idea was do you think geo data, City, State, zip codes, would be something good to include when trying to crack passwords. My instant response was yes as I’ve seen a decent amount of this type of thing. Remember the Linkedin hack, a ton of those passwords were some variation of the company’s name. So let’s start with how to get the tool.


Step 1: Go to and create a user account.



Step 2: Once you receive your email, click on Drone on the main page.



Step 3: Click on Deploy drone and figure out what company you want to create a wordlist from.



Step 4: Click next, then input the organization’s site.



Step 5: Click next, then click Run.



Step 6: Allow for the Drone program to complete the OSINT report.



Step 7: Once complete, click on Apps then Passision. Click Create wordlist.



Step 8: Allow the wordlist to be collected.  Once it’s completed, you’re able to download it.



A fun little tidbit Marcus threw into his program is it informs you if your wordlist contains profanity.


The big thing you must keep in mind is that you only get 5 searches with a basic/limited account, so unless you’re willing to pay for more searches, make sure you’re using them wisely!

My wordlist now shared

Alright everyone, the time has come for me to finally get off my lazy @$$ and share my wordlist. Now, the main thing with this wordlist is it is a mixture of a ton of wordlists. For example, it’s including @g0tmi1k‘s 18in1, @purehate_‘s old wordlist, @tekdefense‘s random honeypot dump he gave me, @defusesec‘s 15gb wordlist that was recently released, etc. Along with those wordlists it includes TONS of dumps from @cyber_war_news‘ two sites and dumps I’ve posted along with connection to his dump site leaks-db.

I can’t thank the community and people I interact with daily enough for all the support they’ve given and teaching. This is my way of giving back.

MY WORDLIST    —–   15.4gb tar-gz. Actual size is 69.3gb so you’re aware!   <—–(EDITED TO BE A TORRENT)

Now, along with that the fun part…since everything I give you seems to be broken in some manner, there is a lot of the wordlists that probably need to be cut out and fixed. There are (I’m sure) hashes in this that don’t need to be there and possibly duplicate words/phrases BUT I’ve done my best to take care of that.

Mid post writing update: While uploading the file last week, @bwallhatestwits wrote a little python script to remove invalid characters. This did wonders and has made it the size it currently is.

Anything else people come up with don’t hesitate to contact me on the twatters! Much love and awkward hugs to everyone in the community!!!

Editing Invalid Characters in text files

So last night I was working with @bwall last night on his tool distributed-hash-solving, I ran into an issue in my MD5 pot file. It was showing NUL and other characters when viewing it in Notepad++.

After a little google-fu, I figured out a fix for it and then realized it was more then just NUL characters, it was almost every ASCII character that could be input as a two/three letter character.

We start with opening N++ and getting a sample of the character we need to remove.


As you can see, it decided to input between the hash and the correct output of the has. A text sample of it would be:


Now the fix for this is hitting CTRL-F and choosing the Replace tab and choosing the corresponding ASCII hex character. In this case, it’s \x00 :


Now you want to select Replace ALL. It took less than a minute and replaced over 150 instances of the NUL character. The output came to this:


As you can see, properly fixed!

Now with that one character being fixed, I also ran into almost every other possible HEX character being thrown into that file. The quick list of these to check for is:


\x00 – \x08  (9 actually counting as a character in some passwords you don’t want to remove this)
\x0B – \x0F  (A would do the same thing as \n, or your enter key, so again you don’t want to remove this)
\x10 – \x19
\x1A – \x1F

To ensure you ARE finding the correct characters, I recommend you hit the find next button before replacing to ensure there IS an actual character that needs to be replaced AND that you aren’t going to goof up your .pot/.txt/* file like I did the first time I did this.

If you have any questions feel free to contact me on freenode #hacktalk #intern0t #isdpodcast or #offtopicsec and on twitter @drb0n3z.