Skip to content
PwnDefend
  • Base
  • Comms Room
    • Customer Feedback
    • Company Information
    • Security Management
  • Services
    • Consulting Services
      • Enterprise Security Posture Assessment
      • Cyber Security Assurance & Security Testing Services
      • IT Security Healthchecks
      • Active Directory Assessment Services
      • Managed Remediation Services
    • Emergency Cyber Incident Response Support
    • Our Success Stories
    • Partner Services
  • Blog
  • Privacy
Hacking

Priviledge Escalation Hunting – Scheduled Tasks and Scripts

TLDR: If you have been hunting for privescs before you will know it’s normally not a fast task, you will have a shed ton of data to look at. Sure WINPEAS is good but it’s not a silver bullet.

Here is a really small script which focuses on system administration files/scripts, scheduled tasks and scheduled task history to help you hunt for weaknesses:

Read more “Priviledge Escalation Hunting – Scheduled Tasks and Scripts” →
Education

PWNDEFND: Known Exploitable Vulnerabilities (KEV) – AKA: Offensive KEV

There’s thousand of vulnerabilities, but do you ever struggle work out what ones might actually be useful to you if you are defending or attacking?

Well don’t worry I’ve started to document some things that might help you both attack and defend in CYBERSPACE!

Read more “PWNDEFND: Known Exploitable Vulnerabilities (KEV) – AKA: Offensive KEV” →
Guides

SSH oh MY: no matching key exchange method found.…

Have you ever tried to SSH into a server and recieved the following error?

no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Well that’s probably becuase you are using a bit of kit with legacy software or firmware.

Then when you try to SSH and you add diffie-hellman-group1-sh1 you get the following back?

Read more “SSH oh MY: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1” →
Education

Creating a tracker and dashboard for Cyber Essentials

I was talking to a friend about a requirement to “measure” cyber essentials compliance. Now if you know a thing or two about standards and applying standards to complex technology environments you might come up with:

  • Can’t we just script a checker?
  • Don’t we have all the audit data in the *checks notes* 1000 inventory systems we have?

Well sure, you could write a massive set of rules which ignore any context and try and cater for a huge number of different scenarios. You could use the Q&A approach as well (which is how the standard workbook works anyway so that already exists). But let’s say you are an IT manager, and you want to KNOW how your environment stacks up!

The question is simple, it’s easy to ask, look:

  • “How compliant are we against Cyber Essentials?”
Read more “Creating a tracker and dashboard for Cyber Essentials” →
Education

Deploy a mini Pentester Lab with Docker

I build VM labs. Lots of them, but I tend to go full machines. I was checking out the new TCM web app course the other day (honestly i’ll write a review if I get time to finish it!) and it’s built around using docker for DVWA and OWASP JUICE SHOP so I figured I should write a quick blog about how to deploy these so people can get started learning in minutes.

Now here we have:

  • DVWA
  • JUICESHOP
  • METASPLOITABLE

but you don’t have to stop there, i’m sure there’s others you can use as well!

This isn’t an exhaustive guide, but it will get the docker instances up and running.

Docker Pull DVWA
Read more “Deploy a mini Pentester Lab with Docker” →
Guides

Testing Risky Egress Ports

Have you ever wanted to run a quick test of egress ports from userland from a windows machine?

Well worry not, I didn’t even have to write anything, the nice people at Black Hills security have done it for us. However I did decide that there’s a few other things we might want to do, so I made a quick modification, now we have colours, randomisation and some sleeps.

Read more “Testing Risky Egress Ports” →
Education

Learn to SOC: Cryptominer Analysis

I’m totally in the middle of doing some work but this alert just came in so I have quickly dumped the data:

This came in via a Confluence exploit (not sure which CVE yet). I’ve not got time to analyse but thought I’d share this as an educational excercise for people! It’s a good excercise to see the apache tomcat logs and then decode, obtain samples and analyse the activity/imapct (as well as yoink IOCs etc.)

Read more “Learn to SOC: Cryptominer Analysis” →
Education

Installing Nessus Pro on Kali Linux

You can deploy Nessus in a range of ways, from direct install through to using a cloud-based deployment or virtual appliance.

A common reason for deploying on Kali or other distro rather than using the virtual appliance is for mobility, ease of use but also you might want to VPN or proxy traffic.

The install process is simple, log into your account on tenable community portal and download the relevant installation package.

Read more “Installing Nessus Pro on Kali Linux” →
Log4Shell Guides

Searching Confluence Logs with PowerShell

Work in progress post

Ok so i posted a snipped of PowerShell on LinkedIn for hunting the confluence logs using a pattern match for ${ (after we have URL decoded (twice). This is just an example of how to parse log files using PS1 so it’s clearly very basic but i wanted to give people an idea of what we do when we “GREP” the logs:

Read more “Searching Confluence Logs with PowerShell” →
Education

Learn to be a SOC Analyst – Confluence and…

The guidance here is also useful with a post on parsing Confluence logs for an RCE using OGNL injection.

Warning – CERBER RANSOMWARE

The contents of this blog if executed could get you ransomwared so maybe be careful (I’ll de-fang some bits so if you are having issues following along fix the fangs, plus the payloads will get taken down)

To support a high levle view here is the rough stages that would occur in a successful deployment by a threat actor against a vulnerable target:

HIgh Level Kill Chain

Recon

Find servers with Confluence that aren’t patched.

Send Log4J Exploit with Stage0 payload

Text

Description automatically generated with medium confidence
Read more “Learn to be a SOC Analyst – Confluence and Log4Shell Ransomware Analysis” →

Posts navigation

1 2 3 4

Recent Posts

  • No one is responsible for your OWN Cyber Defences other than you! 
  • The Manual Version 2.0
  • Cyber Security for PC Gamers
  • Active Directory Attacks – “It’s cold out here”
  • Mobile Device Malware Analysis

Recent Comments

  1. The Week in Ransomware – May 26th 2023 – Cities Under Attack - Shackle Media on The Manual Version 2.0
  2. The Week in Ransomware – May 26th 2023 – Cities Under Attack – Source: www.bleepingcomputer.com - CISO2CISO.COM & CYBER SECURITY GROUP on The Manual Version 2.0
  3. The Week in Ransomware - Might twenty sixth 2023 - Computer Depot | Best & Reliable Computer Repair - O'Fallon on The Manual Version 2.0
  4. The Week in Ransomware - Could twenty sixth 2023 - Anedejo on The Manual Version 2.0
  5. The Week in Ransomware - May 26th 2023 - Tech World4uu on The Manual Version 2.0

Archives

  • August 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • March 2020
  • February 2020
  • January 2020
  • October 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018

Categories

  • Architecture
  • Breach
  • Company News
  • CTF
  • Defence
  • Defense
  • Education
  • Fiction
  • Getting into Cyber
  • Guides
  • Hacking
  • IOT
  • Leadership
  • News
  • OSINT
  • Reviews
  • Strategy
  • Threat Intel
  • Uncategorized
  • Vulnerabilities
Copyright (c) Xservus Limited