Leadership
Ever want to be MORE cyber? Need to impress the board? Want to look 1337 AF? Worry not we have your back! Here is a collection of CYBER MAPS to project on your wall mounted displays!
Read more “Pew Pew Maps – Cool graphics bro”
Guides
How long should you test brute force password attempts for?
Well, a recent Microsoft report showed the average RDP brute force attack over the internet lasted about 3 days. Now let’s take a look at what a single attacker machine (IP) can send to a single target server over a well-connected network (1GBE low latency):
Read more “I AM BRUTE”
CTF
Pwning a legacy server on Hack the Box is good for a training exercise however what about if we want to think about how to use resrouces for red and blue. Looking at both sides of the coin when thinking about offense really should help people undesrand how to defend better. In the end of the day outside of a tiny tiny fraction of deployment types, you are going to need to be able to explain how to defend regardless of engagement type (vulnerability assessment, penetration test, purple team, red team etc.)
I’m not going to talk through every step but here’s the commands you would need to run:
Read more “Using CTFs for offensive and defensive training – Purple Teaming”
Guides
Checking an environment configuration is one of those things where it’s easy to say and harder to do. If we take the cyber essentials standard and look at the requirements, they are quite different from say the CIS baselines. This alone makes for some fun, let’s investigate this further:
CIS baselines are based on a specific component e.g., Windows Server or Windows client and is contextually aware of roles: e.g., Domain Controller vs Member Server.
Is this registry key set?
Read more “Measuring Cyber Essentials: Windows Security Configuration”
Threat Intel
When running honeypots you never have to wait too long for something to drop!
This moring we had a new hit in the pot, so I decided to invesigate but also to blog and show how we could go about investigating the logs and paylods etc.
Read more “Learn to SOC: Java Webshell via confluence”
Hacking
TLDR: If you have been hunting for privescs before you will know it’s normally not a fast task, you will have a shed ton of data to look at. Sure WINPEAS is good but it’s not a silver bullet.
Here is a really small script which focuses on system administration files/scripts, scheduled tasks and scheduled task history to help you hunt for weaknesses:
Read more “Priviledge Escalation Hunting – Scheduled Tasks and Scripts”
Education
I was talking to a friend about a requirement to “measure” cyber essentials compliance. Now if you know a thing or two about standards and applying standards to complex technology environments you might come up with:
Well sure, you could write a massive set of rules which ignore any context and try and cater for a huge number of different scenarios. You could use the Q&A approach as well (which is how the standard workbook works anyway so that already exists). But let’s say you are an IT manager, and you want to KNOW how your environment stacks up!
The question is simple, it’s easy to ask, look:
Guides
Have you ever wanted to run a quick test of egress ports from userland from a windows machine?
Well worry not, I didn’t even have to write anything, the nice people at Black Hills security have done it for us. However I did decide that there’s a few other things we might want to do, so I made a quick modification, now we have colours, randomisation and some sleeps.
Read more “Testing Risky Egress Ports”
Education
You can deploy Nessus in a range of ways, from direct install through to using a cloud-based deployment or virtual appliance.
A common reason for deploying on Kali or other distro rather than using the virtual appliance is for mobility, ease of use but also you might want to VPN or proxy traffic.
The install process is simple, log into your account on tenable community portal and download the relevant installation package.
Read more “Installing Nessus Pro on Kali Linux”
Guides
According to NIST, a denial of service (DoS) is:
“The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided).”
denial of service (DoS) – Glossary | CSRC (nist.gov)
a distributed denial of service (DDoS) is:
“A denial of service technique that uses numerous hosts to perform the attack.”
distributed denial of service (DDoS) – Glossary | CSRC (nist.gov)
Read more “Defending against Denial of Service (DoS) Attacks”