Migrate Box via API to SharePoint

Migrate Box via API to SharePoint

Issue: As part of a Box migration, tools like ShareGate, and Kernel Migrator can miscopy files at 0KB or have other problems. Admins may also need a lean way to migrate lists of Box files into SharePoint without using third-party tools.

Solution: Custom script to migrate from Box API to SharePoint. It uses a source/destination list of files from Box to the SharePoint site collection. Note that files with ‘[ ]’ have issues with this method due to API/script limitations.

Create folder structure:
a. Logs – to keep the logs created by the PowerShell script.
b. Scan – to keep all CSV files from where the PowerShell script will read the file path.
c. Temp – A folder to temporarily keep the downloaded files from Box API. Those files will be uploaded to SharePoint.

Access Token:
Copy the Access Token and use in PowerShell script. This token is valid for next 60 minutes. You should follow the steps again to generate a new token.

CSV Format:
SiteCollectinURL FilePath

<# Box to SharePoint Copy Script
create host header including 'Access Token'
Access Token generated through a manual process which will expire in 60 minutes.
Login, try the API https://developer.box.com/reference/get-files-id-content/

$headers = @{
'Authorization' = 'Bearer TOKEN'
'Content' = 'application/json'

#Path to read CSV file
$path = "C:\temp\Scans\List of Files.csv"
$csv = Import-Csv -path $path

$SharePointRootSiteURL = "https://SITEURL.sharepoint.com";

#Change site collection URL to upload files
$SiteCollectionURL = "/sites/TargetSite/"

#Path to save log files
$logFilePath = "E:\temp\logs\Private-Log-$(get-date -f yyyy-MM-dd-HHmmss).log"

#Login to the SharePoint site collection
Connect-PnPOnline -Url "https://SITEURL.sharepoint.com/sites/TargetSite" -UseWebLogin

#Create log entries
Write-Output "Reading CSV file: $($path)..." >> $logFilePath;

foreach($line in $csv)
#Count number of files scanned
$count = $count + 1

#Read columns from csv
$properties = $line | Get-Member -MemberType Properties

#Read file path from csv under 'FilePath' column
$columnvalue = $line | Select -ExpandProperty "FilePath"

#Split the path to extract file name with extension
$arr = $columnvalue.Split("/")
$fileName = $columnvalue.Split("/")[($arr.length)-1]

#Create log entries
Write-Output "File Name: $($fileName)" >> $logFilePath

#Extract target folder path from filepath to upload file in SharePoint
$targetURL = $line | Select -ExpandProperty "FilePath"
$folderPath = $targetURL.Substring(0, $targetURL.lastIndexOf("/"))
$folderPath = $folderPath.replace($SiteCollectionURL,'');

#Create log entries
Write-Output "Folder Path: $($folderPath)" >> $logFilePath

#Folder Path to upload file temporarily on local folder
$PathToSave = 'E:\temp\' + $fileName

#Ceate Box API URL
$RESTURL = 'https://api.box.com/2.0/search?content_types=name&fields=id,size&limit=1&query=' + $fileName + '&type=file'

#Call API
$response =Invoke-RestMethod -Uri $RESTURL -Headers $headers -Method Get

#Convert output to JSON
$output = $response | ConvertTo-Json

#Extract id from JSON output
$entries = $output |ConvertFrom-Json | Select-Object -ExpandProperty "entries"

#Create log entries
Write-Output "File Id from Box: $($entries.id) and Size: $($entries.size)" >> $logFilePath

#Download file from BOX based on ID
$url = 'https://api.box.com/2.0/files/' + $entries.id + '/content'

#Save file from JSON to local folder
Invoke-RestMethod -Uri $url -Headers $headers -Method Get -OutFile $PathToSave

#Create log entries
Write-Output "Local file Path: $($PathToSave)" >> $logFilePath

Write-Output "Uploading to SharePoint..." >> $logFilePath

#Upload file to SharePoint
Add-PnPFile -Folder $folderPath -Path $PathToSave -ErrorAction Stop

#Delete temp file from local folder after uploading to SharePoint
Remove-Item -Path $PathToSave -Force

#Create log entries for Exception
Write-Output "Error: $($Error)" >> $logFilePath


0KB Files in SharePoint Online – ShareGate Migration

0KB Files in SharePoint Online – ShareGate Migration

Issue: Opening a 0KB file in Excel produces the error “The workbook cannot be opened” via Web. On Desktop, it says, “Excel cannot open the file X because the file format or file extension is not valid,” Other files like Docx and PPTx appear blank when opened for the first time and don’t throw errors but will save the file and update the size.

The file Size in SharePoint is blank for these files:

Solution: In our scenario, the problem was caused by copying with ShareGate. Every piece of file migration software has some issues, some worse than others, but you should never fully trust this kind of software without testing the results. Unfortunately, this copy job in ‘Insane’ mode seems to have created 0KB empty files, and since the file now exists, and the timestamps align, other copy jobs aren’t looking at the hash or size of the files and skipping them. This is a nightmare, given there are many files and sub-folders to go through, so I’ve devised a solution to recursively identify these 0KB files within all Document Libraries in a Site Collection.


# Checks all Document Libraries within the Site Collection recursively

$allSites = @("https://yoursite.sharepoint.com/sites/reports", "SITEURL2")

# File is automatically created in this directory. Specify a path to write it
$tempFolder = "C:\Users\YourProfile\"

function Scan-site {
param (

write-host "connecting"
Connect-PnPOnline -Url $siteUrl -Interactive
$DocumentLibraries = Get-PnPList -Includes DefaultDisplayFormUrl | Where-Object { $_.BaseTemplate -eq 101 -and $_.DefaultDisplayFormUrl -notlike "*Style Library*" -and $_.DefaultDisplayFormUrl -notlike "*FormServerTemplates*" -and $_.DefaultDisplayFormUrl -notlike "*SiteAssets*" }

$context = Get-PnPContext

$DocumentLibraries | % {
$currentLibrary = $_
#work on the root folder
Scan-folder -Folder $currentLibrary.RootFolder -siteCollectionUrl $siteUrl
#work on the first-level folders
$currentLibrary.RootFolder.Folders | % {
Scan-folder -Folder $_ -siteCollectionUrl $siteUrl



function Scan-folder {
param (
write-host "working on folder " $Folder.ServerRelativeUrl
$files = $Folder.Files
$files | % {
$currentFile = $_
if ($currentFile.Length -eq 0) {
Add-Content -Path $filePath -Value ("{0};{1}" -f $siteCollectionUrl, $currentFile.ServerRelativeUrl)
Write-Host $currentFile.ServerRelativeUrl " size : " $currentFile.Length -BackgroundColor Red

write-host "working on subfolders of " $Folder.ServerRelativeUrl
$Folder.Folders | % {
Scan-folder $_ -siteCollectionUrl $siteCollectionUrl

$fileName = "{0}.csv" -f (Get-Date).Ticks
$filePath = "{0}{1}" -f $tempFolder, $fileName

Set-Content -Path $filePath -Value "SiteCollectinURL;FilePath"

$allSites | % {
Scan-site -siteUrl $_

You’ll end up with a randomly named CSV file with all of the 0KB files listed when the scan completes. Ignore what’s on the console unless you want to keep an eye on things, but capturing that data won’t be necessary as it scrolls in PowerShell.

If you get errors, make sure you have done Install-Module MSOnline, AzureAD, and Microsoft.Online.SharePoint.PowerShell, SharePointPnPPowerShellOnline, and all modules are on the latest versions if they already exist on the box.

How to Install the PnP PowerShell Module

If you’re seeing Throttling, I do have a version of this script that works as an AzureAD registered app, versus using credential authentication.

I tried testing other migration tools, all the ones you’d find on Google, and it’s pretty bad out there right now. If they can even hook into your tenant, the UIs are wonky, and you get none of the visibility or configurability in other tools. But, now, amongst many other bugs, you can see that in the case of ShareGate, that 5k gets you problems like this one, which admittedly, are a nightmare considering there are over 1/4 million files to search through looking for these 0KB stubs that have replaced valid data due to the bug.

SharePoint Online – Last Modified

SharePoint Online – Last Modified

Issue: SharePoint Online document libraries don’t, by default, float up the ‘Last Modified’ time when you make changes within a folder hierarchy. This will bring hate mail from your users, especially if they’ve moved from Box.com, where it works this way for any changes deep in the structure. Plenty of old online articles try to cover this, but the solution has been evasive until I spent the better half of a day trying to figure it out in PowerApp while on vacation in Hawaii.

Solution: Screenshots of the PowerApp are below. I’ll work to write out the steps soon and go into depth. The only limitation of this solution is that if you put an empty folder within a folder structure, it doesn’t trigger the update; only files within folders work. That applies to folder -> folder -> folder  -> folder -> folder -> file or as deep as you need to go, and it works very quickly, usually within a minute.

    1. Create a new automated app named ‘FolderModified.

When a file is created or modified (properties only)


2. ‘CFileName

    "inputs": "@{triggerOutputs()?['body/{FilenameWithExtension}']}[email protected]{equals(triggerOutputs()?['body/IsFolder'],false)}",
    "metadata": {
        "operationMetadataId": "c697bc2a-8bcd-44ad-80bf-87f29e9b4455"


3. ‘CFolderPath

    "inputs": "@triggerOutputs()?['body/{Path}']",
    "metadata": {
        "operationMetadataId": "ebace1b1-1fa1-4f76-8e97-4344ffe8c11b"
4. ‘VArrFolderPath
    "inputs": {
        "variables": [
                "name": "VArrFolderPath",
                "type": "array",
                "value": "@split(outputs('CFolderPath'),'/')"
    "metadata": {
        "operationMetadataId": "c4aa6183-5a4c-4451-b045-97a8c020a83f"
5. ‘VPath
    "inputs": {
        "variables": [
                "name": "VPath",
                "type": "string"
    "metadata": {
        "operationMetadataId": "9f50d26d-5624-4ef0-b02a-b98a41957d54"
6. ‘CUser
    "inputs": [
            "Key": "@{triggerOutputs()?['body/Editor/Claims']}"
    "metadata": {
        "operationMetadataId": "e80df3fb-feec-4ea5-a683-ad7a5d9b5c65"
7. ‘CModified
    "inputs": "@formatDateTime(triggerOutputs()?['body/Modified'],'g')",
    "metadata": {
        "operationMetadataId": "beb03772-baf0-4615-bc04-7fd5650f46f9"
8. ‘CProperties’
    "inputs": [
            "FieldName": "Editor",
            "FieldValue": "@{string(outputs('CUser'))}"
    "metadata": {
        "operationMetadataId": "178a3d12-1338-456d-ab40-c9d1f4214bea"


9. ‘VFilterFolderPath
    "inputs": {
        "from": "@variables('VArrFolderPath')",
        "where": "@equals(empty(item()), false)"
    "metadata": {
        "operationMetadataId": "4a001a83-8073-4ff1-9e81-5e3a7073b027"
10. ‘IFolders
10.1. ‘Append to VPath’
10.2. ‘IGFPath’
10.3. ‘CValid’
Now edit the ‘HTTP‘ request to SharePoint:
    "inputs": {
        "host": {
            "connectionName": "shared_sharepointonline_1",
            "operationId": "HttpRequest",
            "apiId": "/providers/Microsoft.PowerApps/apis/shared_sharepointonline"
        "parameters": {
            "dataset": "https://yoursite.sharepoint.com/sites/SITE",
            "parameters/method": "POST",
            "parameters/uri": "_api/web/lists/getbytitle('Documents')/items(@{outputs('IGFPath')?['body/ItemId']})/validateUpdateListItem",
            "parameters/body": "{\n\"formValues\": @{outputs('CProperties')},\n\"bNewDocumentUpdate\": false\n}"
        "authentication": "@parameters('$authentication')"
    "metadata": {
        "operationMetadataId": "5c59f1f4-cd00-4bd9-aa59-bde4deaa317d"
*** Note: getbytitle('Documents') refers to the name of the Document Library. '/Shared Documents/ (Default) = Documents', or your 'Custom Name' for it.***
  • Top Folder:
  • Objects within or within the sub-folders shown in the Last Modified above:
  • Short runtimes:
Note: You should DISABLE this before migrating large amounts of data. The jobs tend to trigger 422 throttling errors in bulk and jam up with performance issues on the queue that hangs up jobs for 0-1 hour and forces you to recreate the object or copy it to a new version and delete the old one. This seems to happen most often when I run copy jobs and forget to turn it off,

Create contact failed. Please enter unique email address for the Contact.

Create contact failed. Please enter unique email address for the Contact.

Issue: O365 may produce an error ‘Create Contact failed. Please enter a unique email address for the Contact.’ when you create a contact that does not exist in the ‘Contacts’ window.

Solution: You have this user listed as a ‘Guest’ in AzureAD. You CAN have a Guest and Contact match, but you have to create the Contact FIRST and then invite them to AzureAD afterward, in that exact order. Delete the Azure invite and rerun it by doing the Contact in O365 user management first.


Outlook Authn Error – Can’t connect to the server then recovers itself

Outlook Authn Error – Can’t connect to the server then recovers itself

No Comments

Problem: Outlook will hang when the client is first opened, saying “Connecting to server…” and then “Can’t connect to the server.”, finally recovering all on its own and working fine. In the Connection Status window with my situation, there was an Authn error ‘ERROR‘ that seems to be blocking the connection.

Solution: None of the traditional rip & replace steps worked to fix this problem. Current, Semi-Annual, Repairs, Clean Wipes, FixIT, and the kitchen sink. Turned off IPv6, and this problem went away instantly.

(Using DNSFilter on Lenovo E14 Laptop.)

Windows Login asking for Temporary Access Pass

Windows Login asking for Temporary Access Pass

No Comments

Problem: Windows Azure may prompt a user to provide an ‘Access Pass’ when it’s not been configured in O365 settings. This will trigger after MOBO replacements from on-site techs when the device comes back up.

Solution: Login as an O365 Admin using RMM tools or accessing the console. AzureAD should start to rejoin automatically, but if it doesn’t, go ahead and do that now. If you reboot, the user should be able to log in to the device with no other changes needed. PS: The correct C:\Users\ folder was used when getting back into the user profile, and it did not create a new one.

Teams Needs an Update Loop

Teams Needs an Update Loop

No Comments

Issue: Teams version installed using an exe file from the Teams Download site. No matter how many times you update, uninstall, or reinstall there seems to be no change in the behavior at launch.

  1. Tried to remove it using RevoUninstaller, and all artifacts
  2. Manually scavenged any temporary folders and blew them away

Solution:  The device originally came with ‘Teams System-Wide Installer,’ which was removed manually from add/remove as bloatware in past years. Reintroducing the ‘ Teams Machine-Wide Installer‘ fixed it instantly with no other changes to the machine.

Have you run into any other fixes for this issue? Let me know. I threw the kitchen sink at it and could only get this to work by reintroducing the baseline installer in the image.

OneDrive Right-Click Options Not Showing

OneDrive Right-Click Options Not Showing

No Comments

Issue: OneDrive right-clicks context menus may fail to appear in Windows File Explorer if UAC is disabled or WinRAR is installed.

At times these icons weren’t showing correctly in the Win32 Explorer.exe Shell:

Solution #1:  If installed, go into WinRAR and turn off ‘Integrate WinRAR into Shell‘ via the ‘Integration‘ options. Otherwise, try to identify other applications in the context menu that could be causing a similar issue.

Solution #2: UAC may be turned off on this machine. You will never see these options if you don’t enable them again, even under the local administrator account.

Instagram Account Recovery

Instagram Account Recovery

Is Instagram’s account recovery workflow disappearing on some accounts and devices? We’ve had reports from readers and friends who’ve had hacked Instagrams with no success in using Instagram’s published docs to recover the account once the attacker’s email and phone number have changed.

Here’s a copy of the official Instagram post: I think my Instagram has been hacked.

(Update 12/6 – After testing for weeks over 40 times we can see the option on an Android but at the same time not on his iPhone following the same process. Another user reports the option appeared on an iPhone. We put in the attacker’s email, then see ‘Need more help?‘ but it has to be from a phone that’s logged in before and not a new device.)





The email doesn’t say ‘Revert Change‘ anymore as indicated in the Doc above:

I can’t access this email’ or phone number is no longer in the UI no matter how long you wait or many times you resend the codes:

Clicking ‘Secure your account here‘ brings you to a login page or the Help Center. No workflow triggers an account recovery of any kind, whether from a mobile or web browser:

Password reset emails offer no option to declare you’ve lost access to the email or phone number on the account:

(It usually says ‘Need more help?‘ but that option is missing on some devices)

Instagram mentions its new selfie function to recover accounts, but how? There’s no UI in any apps to trigger the Account Recovery options that lead to this outcome.

How does one recover once a hacker has changed the phone number and email address on the account?.

Card Fraud – Express Store 2401

Card Fraud – Express Store 2401

*** Update 9/12/22 *** – Thousands of people are visiting this blog regularly due to card fraud of their own via Express Store 2401. I have not been able to gather any more information from the companies involved, but I continue to dig deeper into how they’re stealing these cards and other parts of the operation. It’s ridiculous that it’s been going on this long and that Wells Fargo isn’t concerned with somebody stealing a card that’s never been used.



Wells Fargo texted me the other night about its fraud system. The issue was an attempted charge from EXPRESS 2401 in Columbus, Ohio. After a bit of Google research, I found that the world is no stranger to fraud coming from this location.

I’ve never once used this card with any other merchant or website. It was activated in June of 2021 and then locked in a cabinet. It also seems that if something were purchased on Express.com, it would show up as CORP, not a particular store location.

Here is the response from Express:

As a part of the investigation, I’ve set out to answer a few questions about this particular scenario:

  1. How could the attackers steal a card that’s never been used before?
  2. Did attackers hijack the Express merchant account for this location?
  3. Why does fraud persist at store #2401 despite reporting to the banks and Express for over 8 months?

The story will be updated as more information is obtained about this issue at Express Stores.


Ben Damman aka TypeSend

Aliens From the Future, Inc.

Ben Damman aka TypeSend

In our opinion, Ben Damman (CEO of Aliens From The Future, Inc.) is not a reliable person. He took $8,041.67 from us to work on a project in September 2020, where he never made any progress. By that, I mean he failed to show up for most meetings, made endless excuses, did near-zero code commits, took on new business, and did the same thing to other people on UpWork in the interim – all while continuing to post code to his own open-source projects.

Ben Damman


Ben manually logged ~66 hours, including a twelve-hour day, and reportedly worked a whole weekend where he never committed any code aside from a bare-bones Elixir framework. He would send reassurances like “I’m going to commit a release soon,” “There’s going to be a big unveiling…” and “I don’t have any problem paying you back. The check is on the way“. Despite his reassurances when he was communicating, he’s never delivered on anything he’s promised, at any time, in any way.

Ben Damman

Ben publicly brags about working at the White House

Ben publicly brags about working at Apple

Ben publicly brags about being an expert developer.

He just wouldn’t do anything he said he would do, even though he was capable of it…

The cancellations and last-minute changes with meetings became the only time we’d ever have a chance to communicate:

Ben’s “beast mode” approach didn’t work out for me because he never sent those screenshots, links, or instructions.

Here’s an example where Ben used the January invasion with a simultaneous stomach bug to deflect an email asking how he was doing, given he hadn’t created anything or been communicating at that point ninety-one days after the project began:

(After replying within an hour, providing various times we could have a call, there was no further communication…)

Ben told me he wanted a bonus because he was “low on money” (unemployed) during this time. I generously gave him $1k out of my pocket as a bonus for the proposal win he had come up with to help with this personal project. At that point, all he’d done was create a 1.5-page document that might’ve taken an hour for him to prepare; and he did that only after canceling the meeting to unveil it…

Here’s a review from another company he took money from only eight days after I canceled his contract from Oct 14, 2020 – Jan 19, 2021:

Ben Damman Aliens From The Future TypeSend
Ben Damman Aliens From The Future Typesend

Ben’s original excuse was a death in the family back in December timeframe. If that caused him to be unable to work on our project, why would he take on another one a week after being fired from this one? He also displayed the same behaviors, taking the money and never getting any work done. This is where, in my opinion, you start to see the pathology of Ben surviving by selling dreams to anybody who’ll give him money.

That happened to be 13k between our two organizations.

Imagine looking at a freelancer’s Instagram while they travel, eat out at excellent restaurants, and move to a beautiful new place, all while not communicating with you and living off of your hard-earned money for doing absolutely nothing in return and then watching them do to another business right after you buy into a waterfall of pitiful excuses!

Ben is in Missoula now and has hired two new employees. One of them describes the outfit as follows “Aliens from the Future is a venture studio based in Missoula, Montana. Our mission is to partner with and nurture the development of emerging ventures“. Would you trust somebody who did this to my venture concept with yours?

Ben legitimately hurt our future endeavors by initiating this con, holding the project back for months, and wasting valuable time getting to the market. Ben was initially hired to troubleshoot an existing environment, which he could not do, and instead convinced us to build an entirely new one using his preferred frameworks.

If it weren’t for this picture of President Obama and references to the White House, Apple, Google, and other trustworthy organizations in his social media, I would not have hired him to help me build out this concept. It’s sad, but I bought into this precarious ‘My jobs are my identity’ delusion, somehow thinking it would guarantee reliability, but it produced nothing at all.

Ben Damman Aliens From the Future Developer Missoula Montana

Ben should pay back the money he owes because he did not perform meaningful work when the project was engaged. Ben’s approach was to do harm first (Nocere primo) by separating us from our limited capital, wasting our time, and moving out of town to never be seen or heard from again.

Meanwhile, he’s no stranger to issues of the financial kind, so I’m not hopeful I’ll ever get my funds back. Much like these creditors below, who had to use courts to force Ben to pay his bills, we’ll probably have to go this route at some point in the near future:

(Per WhitePages.com)

$4,306 to Express Personal Services
$9,802 to Asset Acceptance, LLC
$3,600 GB, LLC
$1,640 Capital One Bank
~20k in legal judgments.

You decide if you want to do business with this individual. Thanks for your time, and good luck in your endeavors.

Google Spamdexing Attack

Google Spamdexing Attack

No Comments

Found an interesting Google Results injection against sites running Solr search. Attackers created links in an unknown place with search parameters being passed to the websites. Google crawled these source pages, following the links and accepting them as content. It’s not all that sophisticated, but remember, it’s results that matter in this game.

Many more are on my Twitter from notifying the organizations of this clever little hack against Google’s results.

911: Google Webmaster Removal Tool





In an example URL from Berkeley.edu, notice how they’re passing a parameter to ?s= that the site appends into the code of the search results page. Somehow they’ve added this to Attacker Page 1, which was then crawled by Google, and it’s creating an XSS (cross-site) on the destination page, picking the search up as content.

The result is that Google is picking up keywords from those pages in its results effectively promoting them:




Definitely don’t try this at home! ‘Snorting Viagra‘ hosted on Umassmed.edu.


Check out all of the other organizations that have the search hack:

https://www.google.com/search?q=%22Search+Results+for+%22+Viagra%22 (Pages 1-7)

https://www.google.com/search?q=%22Order+without+prescription%22 (“Order without Prescription“)

You can take any of the domains found in the broad results and cross-check with a more specific search, for example, site:berkeley.edu “viagra”

Here’s a gallery of different University sites showing thousands of results with the pill advertisements. Hit escape if the gallery runs off the top of your screen:

Pages that show whatever you put into?s= Solr search. If the search parameter is replayed into the page, it creates the appearance of content. The attackers must’ve linked these from other locations to get them on Google:

In a similar scam where the attackers actually inject a real page into the site, these organizations were impacted. Some were the University of Massachusetts Medical Center, Hastings Library, and The City of Dry Rock, where the pages have been injected since at least December of 2020:


Destinations of these links being advertised are some of the following sites like ‘WebMD(dot)shop,’ which is brazen:

All of these domains above are landing pages that eventually lead to anonymrxonline[.]com

Phone: 888-524-7141 [ANI: VIGAR]

This phone # has over 5k Google results and shows signs of being in use for pill dealing for over 6+ years. It was formerly advertised by

[email protected]
Skype Gina24Rx [BDay: 9/16]
Location: Costa Rica.

Uses another phrase ‘MyPharmaCash’ from this affiliate program: https://www.facebook.com/MyPharmaCash and Twitter https://twitter.com/24rxshop activity ceased in early to mid-may of 2015.

Skype resets are af*****@mypharmacash.com and gi*****@gmail.com or phone number (***) ***-**61

The registrant of mypharmacash.com before it went private in 2016 was Mariano Bolanos in San Jose, Costa Rica. This is the same location as ‘Gina24Rx‘ this time using an email [email protected].

The owner Marianos Bolanos has numerous domains for pill-related items. His activity has died down since 2016. Many of the domains are active, though I have not investigated all of them.

Domain Cnaacr.com belongs to the National Chamber of Agriculture and Agroindustry in Costa Rica. In the footer, it’s signed ‘Web development by Bernetz’

Domain Bernetz.com belongs to the company Bernetz IT Services that’s also registered to Marcos Bolanos:



Still putting some pieces together on this one…

Organizations I’ve notified about being listed on Google under these kinds of reflective (XSS) and direct injection attacks today:

American Association of State Highway
Alabama Theatre
Arizona Department of Health Services
Berkeley Materials Science & Engineering
BainBridge Island Museum of Art
Califonia Digital Library
Children’s Community Day School
City of Dry Ridge, Kentucky
City of Tullahoma, Tennessee
Columbus Tech
Columbia University
Dickerson Park Zoo
Eastern New Mexico University
Ewing Marion Kauffman Foundation
FPrime Capital
Generation Citizen
Gulf of Mexico Fishery Management Council
Hudson River Museum
Monroe County History Center
Museum of Durham History
Miami Music Project
Multiple YMCAs
Methodist University
Palm Harbor Fire Rescue
Pathways 2 Life
Philly Expo Center
QuickLogic Software
SAE Institute
Schoharie County NY
Iowa State University
Irish American Heritage Center
Illinois State University
The City University of New York
The Port of Philadelphia
Toledo Zoo
University of Southern California
University of California San Diego
University of Minnesota
University of Mary Washington
Unmanned Systems Labs @ Texas A&M
Virginia Commonwealth University
Washington Internation Trade Association
Wisconsin Small Business Development Center
We Fest – Country Music Festival
WinterThur Museum
Wheaton Arts
Working Men’s Institute (Indiana)

Impacted Orgs: Google Webmaster Removal Tool 

Phish Gallery & Blog Update

Phish Gallery & Blog Update


Why has the blog been so dry? Well, it’s complicated. There are always people who don’t want to see you expressing yourself in a public way. These invisible haters will try to make connections between your personal activities, i.e., Blogging and work-related things, in any way they desperately can. I win those battles; it’s just tiring to explain to the suits how free speech works. Support the ACLU and EFF. 

Visit my Twitter Feed to see screenshots of various threats that come my way from readers, and my own mailboxes being flooded with threats. Many of them turn into future news articles in the days or weeks to come, so you get a head start. Otherwise, I tend to post the news I’ve been personally reading throughout the day. Maybe you’ll find something interesting. Thanks for reading. I’ll be back as soon as I finish realigning my career goals and getting myself in a good place to write again.

Phishing Gallery

It’s been a CRAZY year for breaches, ransomware, and other cyber terrorism. Truly a daily occurrence all over the world. A collection of phishing screenshots I’ve collected this year from various honeypots and other sources. We’ve worked with many organizations over the years to take down infrastructure related to these attacks. The trend I’ve seen across security products is that they block effectively, but it takes days. Secondly, the sites and email sources tend to go largely unreported.  If you want to make a difference: Protect future victims by sending the abuse emails. It may take hours, but it’ll take days or even weeks as everyone shields themselves without bringing the sites down. Many providers I reach out to will respond quickly to eliminate the artifacts.

Useful Links:






(Click the right > key to move through the screenshots. I need to fix the jumping around with different sizes)

Emails + Attachments:

AlphaRacks Offline

AlphaRacks Offline

No Comments

We reported a massive phishing operation taking place back in July of 2018 at Alpharacks. The spam, child porn, malware, and phishing never stopped for a moment since writing about Alpharacks back in 2018. The [email protected] team never responded to any direct emails between Quadranet and myself. The blog is under development but at this time Alpharacks is still offline as of 5/26/19. Here is the most recent Statement from Alpharacks

See our article: Phishing – A Master Anglers Toolbox

Recent updates:



No Comments

DeepSentinel is a new home surveillance system that leverages cameras, AI, around-the-clock monitoring to prevent break-ins, auto theft, and other domestic crimes.

DeepSentinel cameras are equipped with speakers allowing two-way communication. Speakers at 104dB which is reportedly the loudest on the market. Each kit comes with 3 cameras, 1 hub, and mounting equipment. Cameras are battery operated and reportedly last up to 2 months without recharging.

If a crime is detected, the Surveillance Center will engage local law enforcement. DeepSentinel aims to identify a threat in under 10 seconds and contact the police within 20 seconds



System Review

*** Update 11/2020 – Things have been smooth with DeepSentinel. A few brief outages were about an hour of time due to the larger Google Cloud Disruptions. The performance of the system has increased over time with much less false positive activity. Alerting is still nearly real-time allowing me to catch people out front very quickly. App has improved visually and in terms of features greatly since I bought the system. Support is great they’ve sent me a new hub, batteries, and cameras anytime I have issues with barely any hassle. Although I spent a bit of time below poking holes at the system most of them have long since been resolved. It’s truly a wonder to stop constantly thinking about people in my yard especially when I leave the house.

The vendor has recently released a new power-over-ethernet system that uses an Nvidia card and dome cameras. Stay tuned for updates on that system as I get my hands on one. our DeepSentinel purchase.  Click here to get 20% off your purchase/subscription.

—-Original Blog—-

Testing is in progress as are discussions with the vendor. This is a rough write-up of the final testing that I am doing with this system at home. Please note despite any critical reviews of certain features I am certain of two things: 1. I am here to hang on because fully managed is what I need. 2. Apps, Features, Bugs, and Products can change with enough feedback. This is by no means a recommendation not to buy the system. I love it! My job (as always) is to show you how marketing meets the delivery. Also, highlight anything that needs development or may annoy a potential customer. I have been using it for approximately 1-month gathering this information.


1. Wake up time is fast. Agents consistently verify events in a short amount of time. Tests were successful in bringing an agent to the live camera. Many other cameras I have tested seem to catch the movement 1-5 seconds after it starts. This unit always records the movement that is taking place reliably. Another feature I like is that the clips can be 1.5-2min long if necessary. Other devices have predefined lengths that cut off the activity prematurely.

2. Battery life is good/acceptable for cameras with 1-2 bars and heavy traffic in front of them. My cameras have been up for 1 month. Batteries are 61% (Front), 57% (Back Door), (Driveway) 27%. The extra battery is a nice touch. It took me a few to realize you can rip the top off of the hub to charge it.

3. The app is evolving with new features. Alerts have become more specific, and the privacy mode is much more flexible. Having an initial max of 3 hours was a mistake. 24hr is great, a schedule would be even better. One downside to privacy mode is it stops recording locally altogether. It would be nice to choose whether to keep storing footage locally on the box. The idea (in my mind) was to stop escalating it to the SOC.



1. Picture Quality – Overall picture quality of snippets and recordings is low. The vendor stated this is to expedite uploading to the Operations Center. I find the quality locally on my end remains poor. It would be hard to identify a license plate or letters on a van for example. I don’t doubt that the camera is capable of more but I can see that it’s throttled down for the reason specified and perhaps others like preserving battery life, storage space, or other resources. My thought is that this might record full quality and then commit a lesser quality image to the Operations Center. There is a balance of evidentiary interest with these minor details in addition to the live response.

2. Opened a ticket with the Support Team to investigate an unexpected outage of my system in the first 14 days. I didn’t make any changes other than rebooting the system a few times. On my first escalation, the rep explained it away as one of those situations where a device crashes. I recommended avoiding that kind of rationalization in this instance. It’s much wiser to use support as a point to collect those technical details. I want to know if my box is going to crash every 14 days. Reboots don’t address root causes. The vendor has been responsive and contacted me about this multiple times. No crashes since that time.

3. The camera appears to inspect 100% of all movement. Dogs, a spider, people walking by 100 times in 5 minutes. I have not personally witnessed any kind of AI. Every time there is movement it’s verified by an agent. I’m trying to make the connection between AI Assisted and a fully managed service that manually checks 100% of all notifications. This is not evident in my usage of the product. I am waiting for the vendor to explain where the technology comes in to play. I need somebody to draw me that line… We all know of the  100s of vendors who sell AI but the execution seems to be largely reliant on humans. Maybe it’s in the roadmap? Learning mode?

^^ Turkey Burglar or Burger? I can’t decide. My Actual Intelligence determined this is a bird, not a threat.  We focus on what matters most  “Coupled with Artificial-Intelligence, we distinguish between a potential intruder and a car, dog (^turkey?) or other non-threats.“. I’m sure it’s in a hyper-excited type of ‘learning’ mode but I’m just saying… I don’t know or understand a lot about “How” it’s going to learn, and when to expect that to kick in. I don’t doubt it’s coming but I seek more information on what’s next for my system. For now, I don’t mind if they keep an eye on my turkeys.

4. Delayed alerts, false alarms with cameras going online/offline. Apps seem to be evolving with its notification styles on Android. I have seen alerts that there was activity at my Front Door but then the clip is for the Back Door. Other times it alerts but the clip is from a past time. Not clear if this is known but the app seems to be producing lots of alerts that apply to events which already happened. Or there’s no video waiting when I open the application to see that alert’s contents. It might be something that’s going on with my phone. It’s not annoying enough to cause any issues. I do have ComCrap internet service…

5. Adjusting the area of coverage in some cases took away from areas within that border. I am still experimenting but it seemed like the ideal way to keep it was expanding the coverage completely. I tried to reduce it in some areas to avoid a road with cars passing by in the distance. It has recently stopped firing on those cars so the AI may have learned this pattern. Previously I had dozens of recordings showing cars far in the distance moving laterally to my yard. (Vendor responded and made adjustments on 5/24)

6. Many situations where I select a camera and after 0-60 seconds it’s still loading. At this moment I have rebooted my phone + the hub several times and still can not load my cameras in a live view. It displays a message that it’s having trouble reaching cameras. I can’t do it at all no matter how many times I try with app version 345. The camera also hangs when it has a live alert and I click into it when an event is taking place. (Vendor replaced a defective camera on 5/28)

7. Wireless between the cameras and hub is just OK. It’s not terrible but it’s also not spectacular. There are no antennas on the hub and it’s a 2.4GHZ connection. I spoke with the company about this and they quickly sent me a few repeaters. Mind you my Wireless box has 4 antennas and 75% strength in the positions of the cameras. It’s not up to me though I have to use the Wireless built-in to the system unable to leverage my own. (Vendor provided WiFi extender on 5/29)

Visit DeepSentinel