Offensive Security – Proving Grounds – Bratarina Write-up – No Metasploit

Offensive security has recently released a new platform for testing your technical skills called the Proving Grounds. This service comes shortly after Offensive Security acquired VulnHub. Within the proving grounds you have a choice to hack the “Play” machines for free, or pay the monthly subscription to get access to offensive security created machines. I …

OSCP Buffer Overflow write-up from TryHackMe

Try Hack Me recently released a free room created by Tib3rius on the tryhackme.com site for anyone wanting to learn more about exploiting buffer overflows. The room includes a machine that can be deployed with the vulnerable app and the primary needed tool; Immunity Debugger. All exploitation in this write-up is performed remotely using Kali …

Data Exfiltration with Base64

A well defended network and properly trained security professional has many opportunities of detecting and stopping malicious actors. Each layer of activity found in the Mitre ATT&CK Matrix is a chance for the malicious actor to trip an alarm. A malicious cyber attack only needs to be detected and stopped in one of the stages …

OSCP-Voucher-Giveaway-VM – LXC/LXD method – Write-up

Offensive Security Community Manager Tjnull offered up a voucher for the OSCP PWK. For a chance to win the OSCP voucher, participants must download a VM from VulnHub, get root permissions on the VM, and submit the flag to a user in Discord. VulnHubLink: https://www.vulnhub.com/entry/infosec-prep-oscp,508/ Lets dig in an see what we can find. Reconnaissance …

HTB Sauna – No Metasploit

This machine is rated easy and was released in February 2020. This machine is rating on the higher end of easy for both user and root. Reconnaissance Lets start by kicking off a NMAP scan running default scripts, version detection, saving outputs, maxing the verbosity, and scanning all TCP ports. One reason for maxing the …

HTB Resolute – No Metasploit

Hack the Box retired Resolute this week. This machine is rated medium and was released in December 2019. Root looks to be much more difficult than user on this one. Let’s see what we can find. Reconnaissance To start things off I start a NMAP scan running default scripts, version detection, saving outputs, maxing the …

How I Passed the PCNSA

What is the PCNSA? The PCNSA stands for Palo Alto Networks Certified Network Security Administrator. This is a mid-level exam provided by Palo Alto that covers the following topics: Security Platform and Architecture Initial Configuration Interface Configuration Security and NAT Policies App-ID™ Content-ID™ URL Filtering Decryption WildFire™ User-ID™ GlobalProtect™ Site-to-Site VPN Monitoring and Reporting Active/Passive …

Building a Splunk Dashboard for pfSense

After installing my pfSense firewall a couple of months ago, I have been wanting to get a nice dashboard built in Splunk. I will be building on the Snort configuration found in my last blog reviewing the Netgate-1100. (See Here) In this blog I show how to install and configure the pfSense Splunk application “TA-pfSense” …

CodeGate 2020 CTF

The weather is terrible and I have nothing planned, you know what that means…..CTF weekend!! Reviewed ctftime and seen a CTF I would be interested in called CODEGATE. CODEGATE has organized international hacking competitions since 2008 so this has to be good. Lets jump right in. Pre CTF Before any CTF I do the following: …

Netgate SG-1100 Review

Disclosure: Some links contained within this post are affiliate links, meaning, I will earn a commission if you click through and make a purchase. Identified with “#AL:” I recently purchased Netgate’s entry level pfSense solution, the Netgate SG-1100. The Netgate SG-1100 is a small, but powerful network/security hardware device with the open source pfSense software. …

Building a Splunk Dashboard for OpenVPN

Recently, I have started tinkering with Splunk dashboards and thought about systems or applications I would want to monitor from a “single pane of glass”. OpenVPN is my first thought due to the importance and wide use in the community. My OpenVPN build is on a CentOS 7 VM, so I will be using the …

Splunk Core Certified User Certification – Review

I work in information security and I enjoy everything SIEM related so learning Splunk was a no-brainer for me. Splunk has so many applications that almost any environment can benefit from a Splunk deployment. Whether you are using it as a log management system or creating dashboards for data analytics, Splunk provides a nice framework …

How I Passed the AWS Certified Security – Specialty

Anyone responsible for securing assets in Amazon Web Services may want to pursue the AWS Security Specialty certification. The exam has given me confidence to work at a professional level on any of the domains covered in the exam. What is it? The AWS Security Specialty certification was designed for professionals that currently work in …

LogRhythm Network Forensics at home

LogRhythm is a “NextGen SIEM” that allows much more than log management. They include all the current cyber security acronyms in their SIEM solution such as UEBA, NTBA, SAO, and TLM. I will be focusing on the network traffic and behavior analytics offering called LogRhythm NetMon. LogRhythm NetMon is used to collect inline or mirrored …

VulnWhisperer Ubuntu Server 18.04

Nessus professional is nice for small business vulnerability management, but the reporting is lacking until you upgrade to Security Center. VulnWhisperer uses the elastic stack to provide scan result summaries that are easy to review and report to management or operations teams for remediation. Impress your C-suite with vulnerability reports using VulnWhisperer. Prerequisites: Ubuntu 18 …

AWS Inspecting with Inspector

Inspector is a tool/service provided by AWS that allows for assessing the vulnerability and compliance posture of instances in your cloud and on-prem environment. One immediate benefit to using Inspector is that no ports need to be opened on the instance to allow for vulnerability and compliance scanning. This keeps the attack surface small while …

GHIDRA v9.0 Starter Guide

IDA has been the standard for reverse engineering for many years, but the price of licensing for the software has kept the product from the reach of many small to medium size IT departments. This changes with the introduction of GHIDRA. GHIDRA is a set of open source tools released by the NSA that will …

Logging and Alerting on EC2 instances with AWS

I will be showing the process of logging from the OS on an EC2 instance to CloudTrail, then sending an alert based on a specific action performed on the EC2 instance using multiple AWS services. The first step is to install the CloudWatch agent on the EC2 instance. I will showing how to install the …

DISA STIG RHEL with Ansible

Now before we dive in, lets explain what we are doing, and why we are using this method. DISA STIGS are DOD IA configuration standards used for systems that play a critical role in providing government services. Based the the capabilities of the system, these configuration changes will harden a system and reduce the attack …

DevSecOps Git-Secrets AWS

DevSecOps is the term being passed around recently. Instead of talking about what it is, I wanted to provide an action item that would be quick and easy to implement into your environment. This method will scan git repositories for AWS keys before making them public. What is git secrets? Git-Secrets has the ability to …

Hide Messages With Ulterior

While working on a CTF a couple of weeks ago I ran across a challenge that required inspecting a web app. The page had one line of visible text, however the source showed many repeating patterns of characters(‌​) Say “Hello” to zero-width characters. These characters are called non-printing characters so they are not visible while …

Building PenTest Framework in AWS

Building your Command & Control environment from the cloud not only allows easy management of instances, but also provides scaling as needed.  This guide will show how to build a ubuntu server in AWS, and then download and install the PenTest Framework. Create an AWS account. Under Instances -> Select Launch Instance Within the Quick …

Malware Analysis – FLARE-VM

Malware analysis, like many other areas of information security, has an overload of tools and custom scripts.  With so many options it is difficult to stay on top of the most current useful tools for doing static/dynamic malware analysis.  I stumbled across a great resource recently and wanted to share.  Check out FireEye’s flare-vm. This …

Scan Your Home Network For Vulnerabilities

If your like me, you have too many devices on your network, and there is no way to ensure that the software is up to date on everything.  This is when Nessus home version could be very useful to find those specific versions of software on your network that are out of date or let …

Installing Nessus (Linux)

Generally new patches are released to fix some vulnerability that exists in the software running on a machine. One easy way to check what vulnerabilities exist on a system is to do a vulnerability scan. Nessus is one of the popular tools currently in the industry. This tool is easy to use and quickly allows …

NMAP Essentials

NMAP is a very useful tool used for discovering more information about a target host/network. This will normally be used in the early stages of penetration testing to find interesting targets that may be vulnerable. NMAP is also very useful for network administration and troubleshooting. NMAP has many more useful purposes and having it in …