Education
have you ever wanted to port forward from a Windows Host to a WSl2 KALI VM when you are using a NAT’d virtual switch configuraiton with WSL2?
Read more “Port Forwarding with WSL2”
Hacking
My friend Lars and I were just talking about some of the research areas we are working on and randomly the conversation turned into “what shall we call it?” and then LDAPNomNom came up! So I whilst laughing (coz the name is lulz) with my buddy I downloaded and ran LDAPNomNom against a lab vm quickly! (Lars also fixed an error with readme.md that I pointed out coz my debug skillz ROCK! š )
So here we have me doing username enumeration via LDAP Ping using LDAPNOMNOM!
Read more “Stealthy Active Directory Username Enumeration with LDAPNomNom”
Fiction
It was a dark and stormy night, and a lone figure sat hunched over their computer screen, typing away at lightning speed. This was no ordinary person – this was a hacker, one of the most skilled and dangerous in the world.
Read more “Caught: A Hacker Adventure”
Education
Whilst the common person will largely link the words “hacker/hackers” to criminal the reality is hackers are scientists/artists/creators/ComputerOperators and the choice of being a criminal or not is down to actions and consequences. So the debate about if you identify as “hacker” does that make you a criminal, well it’s nonsense isn’t it. I could call myself a pony but it won’t make me one, much like I could call myself a criminal and I could be entirely law abiding.
Read more “Am I a criminal or am I a cybersecurity crime fighter?”
Vulnerabilities
There appears to be a new RCE out for Fortinet devices as per this post (it’s against FortiNAC as far I am aware so this is probably a much smaller exposure footprint than all fortinet devices):
https://www.fortiguard.com/psirt/FG-IR-22-300
There’s also this in FortiWeb (and well they released 40 odd fixes to various bits)
https://www.fortiguard.com/psirt/FG-IR-21-186
When we consider security edge devices and the risks these may pose to organizations and society as a whole it’s important to understand that these are no trivial matter. These are “security” appliances that are there to protect your organizations, to provide remote access as well as protect network egress etc.
Fortinet are not the only vendor to suffer from these types of vulnerability (Remote Code Execution – RCE) however there do appear to have been quite a few of these when looking historically.
Read more “CVE-2022-39952 Fortinet Global Exposure”
Guides
I was doing some WordPress foo on the site (I know right, shockingly I don’t want to hand craft a website and I’d rather be helping customers or really anything else really) and I came into this error when I was installing the wpforms plugins:
file_put_contents(/var/www/wordpress/wp-content/uploads/wpforms/cache/addons.json): failed to open stream: Permission denied in /var/www/wordpress/wp-content/plugins/wpforms-lite/src/Helpers/CacheBase.php on line 215
Education
I was pottering about (not like a wizard, more like a cold infected zombie!) and an email hit my mailbox with the āHead of Cyber Architectureā at BA. I have no intention of applying but I thought.. I wonder if this is a good exercise to show people how I would go about the exercise? Well to even begin this I need to write down some notes. So I guess here we goā¦ how far I get into this āfantast footballā style scenario who knows, but hopefully it will show some people how I might do things! First up letās look at the raw requirement:
Read more “How would I apply to the role of āHead of Cyber Architectureā”
Threat Intel
Adversary: Unknown, likely Criminal Actor/s
Initial Access Vector: Unknown/Unproven
Impact: ~3K+ Hosts have had Remote Code Execute and their ESXi logon pages changed (plus had encryption routines run to encrypt virtual machines, with varying success). A Second encryption routine has been deployed to some hosts; the threat actor is expanding/changing capabilities.
Risk: Further impact, Additional Threat Actors Exploit the vulnerability
Read more “ESXiargs Summary 09-02-2023 10:03”
Education
There are major questions that must be answered here!
Getting into Cyber
Quick, I’ll tell you a little secret… to get into CYBER you must first follow this guide:
Now if you are going to GET INTO CYBER you need to have a range of things:
Right ok, so let’s get some Hacking Skills!
Head over to KALI LINUX and download KALI
Read more “How to get into Cyber? It’s EASY!”