101010.pl

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 53 : Thin on the hacking today. Listened to risky.biz and got caught up on <a href="https://infosec.exchange/@thegrugq" class="u-url mention" rel="nofollow noopener" target="_blank">@thegrugq</a> newsletters.

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a>: day 52 : Spent more time on CRTO, got through several sections. Looked at some of the tooling called out. If something tried to talk to lsass, there's a Windows Event 4656 generated. These events don't make it into Windows Defender Advanced Threat Hunting. Some KQL that *might* help a little bit: 'DeviceProcessEvents | where (FileName != "lsass.exe" and ProcessCommandLine has "lsass")' This could find where someone's trying to tinker with it from the command line. (Since lsass does get started in the normal day-to-day of things, filter out it itself being the running process, look for things trying to operate on it.) <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/GetSmart" class="mention hashtag" rel="nofollow noopener" target="_blank">#GetSmart</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a>: day 51 : Spent some time going through CRTO. First two sections down. Spun up a new kali box to play around with some of the tooling covered in recon section. Reckon I'll do a once through the material before getting lab time and going after the lab exercises. <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedTeam</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a>: day 50 : Grrr. Yesterday was actually day 49. Anyways. Signed up for zeropointsecurity.co.uk Certified Red Team Operator course. LFG! <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedTeam</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/PrimumNonNocere" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrimumNonNocere</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 48 : even more <a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#rust</a>. Read some on chapter 5. Watched a couple of videos by <a href="https://mastodon.social/@0atman" class="u-url mention" rel="nofollow noopener" target="_blank">@0atman</a> on his No Boilerplate YouTube channel. Poked around on crates.io a bit and looked at some code.

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 47 : Read a bit more about rust. Started in on Chapter 4 of The Rust Programming Language. Still not grokking why there is a mutable/immutable setting for variables. Seems there's no difference between an immutable variable and a constant.

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 45 : Read about <a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#rust</a> in _Rust Programming Language, 2nd Ed._

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : days 43 & 44 : Forgot to post yesterday. Modified a BadUSB/Rubber Ducky script to run PowerShell and feed a file. Helping out a <a href="https://infosec.exchange/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlueTeam</a> analyst w/that one. Helped myself for a future <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedTeam</a> exercise. Also spend some time w/'hello, world', Rust, and Windows OS. Baby steps, time will tell w/that one. Tried out a different format for attack trees, but haven't tried it out on anyone yet. <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/LabItUp" class="mention hashtag" rel="nofollow noopener" target="_blank">#LabItUp</a> <a href="https://infosec.exchange/tags/CamelCaseTags4OnScreenReaders" class="mention hashtag" rel="nofollow noopener" target="_blank">#CamelCaseTags4OnScreenReaders</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 42 : Listened in on N00bie Tuesday by Alh4zr3d@twitter. Someone mentioned Zero Point Security has a "Rust for n00bs" [[<a href="https://training.zeropointsecurity.co.uk/courses/rust-for-n00bs" rel="nofollow noopener" target="_blank">https://training.zeropointsecurity.co.uk/courses/rust-for-n00bs</a>]] class. I'm a n00b, so ran full-tilt into that rabbit hole. An inexpensive introduction. Rust has some interesting quirks. Tried it out on MacOS. Next up, Windows. <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/LearnToCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#LearnToCode</a> <a href="https://infosec.exchange/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rust</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 41 : Tinkered around with Docker some more. Experimenting with building an image w/enumeration tools. Getting rust onto the system for feroxbuster has me a bit stymied. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/enumeration" class="mention hashtag" rel="nofollow noopener" target="_blank">#enumeration</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 40 : Took a crack at today <a href="https://infosec.exchange/tags/HtB" class="mention hashtag" rel="nofollow noopener" target="_blank">#HtB</a> new release, interface. Web app, natch. Started my process and used the usual tools. Didn't get very far at all. Based on tech found, did some research and found an article about one of the components. Calling it a day though and will take a look tomorrow. <a href="https://infosec.exchange/tags/ctf" class="mention hashtag" rel="nofollow noopener" target="_blank">#ctf</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 39 : *Now* I have a working virtual gateway in my virtual lab. Ubuntu w/iptables rules, ftw. Next, write a "shields up/shields down" script governing rules for the inside LANs. Time to grind on payloads! Ah, and it's beer o'clock. <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/labitup" class="mention hashtag" rel="nofollow noopener" target="_blank">#labitup</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 38 : Not much direct hacking today. Read a couple of articles on Azure/M365 hacking. A family friend is making a career transition to software development. Their code made it into GitHub, so I looked through it to practice code-review skills-ish. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 37 (delayed report) : More work on the lab. Migrated target vm from old hacktop to new. Poked at virtual firewall some more to get the lab network sorted. <a href="https://infosec.exchange/tags/labitup" class="mention hashtag" rel="nofollow noopener" target="_blank">#labitup</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 36 : More work on lab infra. Followed this cookbook on dockerizing CobaltStrike: <a href="https://ezrabuckingham.com/blog/containerizing-red-team-infra/" rel="nofollow noopener" target="_blank">https://ezrabuckingham.com/blog/containerizing-red-team-infra/</a> Worked! Docker networking is still a little weird for me, so I need to figure out how the beacons are going to get there. The client piece worked, so halfway there. Still need to test the fw--it seems to be grabbing my laptop's IP, which creates network weirdness. May bail and use something I'm more familiar with. <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/labitup" class="mention hashtag" rel="nofollow noopener" target="_blank">#labitup</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 35 : Worked on the hacktop lab. Created a "Private" network for the targets to reside in. Build an OPNSense virtual firewall to govern access between the "External" network--where the attacking hosts are going to reside--and the target network. ...maybe I should rename them. Skimmed the DNS section of the OPNSense manual. Maybe DNSmask let's me try out DNS C2? Next step is to move my target vm from the old hacktop to the new and test fw config. <a href="https://infosec.exchange/tags/labitup" class="mention hashtag" rel="nofollow noopener" target="_blank">#labitup</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 34 : Spent some time playing around with <a href="https://github.com/initstring/cloud_enum" rel="nofollow noopener" target="_blank">https://github.com/initstring/cloud_enum</a> <a href="https://infosec.exchange/tags/infogathering" class="mention hashtag" rel="nofollow noopener" target="_blank">#infogathering</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

ath0<a href="https://infosec.exchange/tags/hack100days" class="mention hashtag" rel="nofollow noopener" target="_blank">#hack100days</a> : day 33 : Took it easy today. Looked at some open-source projects from fortynorthsecurity.com Came across them looking for CobaltStrike info. PersistAssist (<a href="https://github.com/FortyNorthSecurity/PersistAssist" rel="nofollow noopener" target="_blank">https://github.com/FortyNorthSecurity/PersistAssist</a>) looks interesting. It's written in C#, so I took some time to look through the code to see if it makes any kind of sense to me. Maybe tinkering with that would be a good way to start getting acquainted. I think I want to play around with Egress-Assess (<a href="https://github.com/FortyNorthSecurity/Egress-Assess" rel="nofollow noopener" target="_blank">https://github.com/FortyNorthSecurity/Egress-Assess</a>) a bit, as well. <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Recent searches

Search options

Administered by:

Server stats:

#hack100days