#hack100days : day 34 : Spent some time playing around with https://github.com/initstring/cloud_enum #infogathering #redteam #infosec #cososec
I feel another "I told you so" brewing. When Reagan destroyed "The Fairness Doctrine" he opened the door. Once the news media stopped doing actual news, and started being entertaining, because there was more money (and hence political power for some people) in it, we were screwed. All of us. https://www.theatlantic.com/magazine/archive/2023/03/tv-politics-entertainment-metaverse/672773/
#hack100days : day 33 : Looked at some open-source projects from fortynorthsecurity.com Came across them looking for CobaltStrike info. PersistAssist (https://github.com/FortyNorthSecurity/PersistAssist) looks interesting. It's written in C#, so I took some time to look through the code to see if it makes any kind of sense to me. Maybe tinkering with that would be a good way to start getting acquainted. I think I want to play around with Egress-Assess (https://github.com/FortyNorthSecurity/Egress-Assess) a bit, as well. #redteam #infosec #cososec
#hack100days : day 32 : Moved C2 server vm from old hacktop to new hacktop. Updated the vm. Went looking for resources for aggressor scripts and C2 profiles. Near and intermediate planned exercises will use https, but the use of DNS is still looking too much like a dark art. I've got the pieces I can put together to do it, but I'm still fuzzy on how to put them together. It isn't urgent, so I'll block a couple of days down the road to lab it up. #lab #redteam #infosec #cososec
#hack100days : day 31 : Forgot to post yesterday. Pretty busy day. Got caught up on @thegrugq newsletters--I was a couple of days behind. Also read a recent Bellingcat newsletter and article. Octosuite looks interesting: https://www.bellingcat.com/resources/2023/01/20/octosuite-a-new-tool-to-conduct-open-source-investigations-on-github/ Might be useful for internal appsec and dfir teams, as well. #infosec #cososec
#hack100days: day 30d : Pretty busy day, putting pressure on hacking for myself. Looked into "coding". Red Teamers have to code? I'm down with bash and fairly comfortable with python and PowerShell. After looking at CobaltStrike, I can kind of connect the dots. So, nim, .Net/C#, go, rust? I'm not diving into c/c++, looked at Kernighan and Ritchie ages ago and it didn't take. Thinking about .Net/C#, it is the "guts" of PowerShell and Windows. #redteam #coding #cososec
: Put a filter hashtag and/or a warning on your rageposts and/or hide them behind that Sensitive Content blocky thing. I mean, well, unless you're fine with folks blocking you, which I know or have at least been assured some people do not mind at all. Coming in like it's time for a showdown at the OK Corral will set you apart quick, fast, and in a hurry, except of course on Reddit or Truth Social... or Tweetar these days. That will not be fun for anyone.
#hack100days: day 29d : Bashed at new hacktop's wifi. Going in to work tomorrow, chance to isolate issue to laptop or my network and their interaction--other devices are behaving as expected. Watched a bit of @Alh4zR3d@twitter's N00bie Tuesday. Also found this site: https://www.zaproxy.org/docs/docker/webswing/ Which means I don't have to pollute the new hacktop w/Java! Another opp to get more touches w/#docker. #infosec #labitup #cososec
#hack100days : day 28d : Doing some Attack Chain threat modeling. After getting a #flipperZero and playing with BadUSB, I've gotten my hands on a #Hak5 Rubber Duckie. Looking at #mitreattack I notice the only BadUSB references are in footnotes! I think it fits as either Hardware Additions or as a Phishing technique. What say you #redteam and #blueteam, since it's not explicitly called out as a technique, do I infer this as "not likely"? #infosec
#hack100days : day 27d : Took another look at the #hackthebox new release. Making some progress. #ctf #infosec #cososec
#hack100days : day 26d : New release on #hackthebox, but it's not coming easily. Found a thing to help with enumeration, but I need to do some more reading on php to get to the next bit. #ctf #infosec #cososec
#hack100days : day 25d : New hacktop from work today. Setting it up, trying stuff out. WSL is still sub-optimal. Gonna work on getting more facile w/Docker and Ubuntu's Multipass. Oh, something interesting... ...an EICAR dropped into a WSL image doesn't get flagged by Defender. #labitup #infosec #cososec
#hack100days : day 24d: Today was research day. Attended a webinar on web hacking with some good links to resources. This one gave me a lot of good threads: https://github.com/dafthack/CloudPentestCheatsheets/tree/master Which is good, I've got some scope to nail down the next week or so, so this should help. #redteam #sharpenthesaw #infosec #cososec
@TheNewsOwl So, Tornado Thoroughfare, then? Tornado Blvd.?
#hack100days : day 23d : Confirmed pktmon was not going to be in-play for my objective tooling. Wireshark is in the software catalog, so explored ways to use sccm at the command line. Still have a ways to go. Was able to enumerate part of the software catalog, but a lot of it wasn't visible. Including wireshark--I think tshark is installed with it, so that's my goal. #redteam #executeonobjectiv #infosec #cososec
#hack100days : day 22d : Figured out my goof on 4800/4801. It's Lock/Unlock. Played around with schedtask to get a valid task on unlock. Took some experimentation, but got there. Got a good example exported as xml, so the next trick is writing a script to establish persistence after initial access. Concurrently I need to write the info gathering script(s). #redteam #windows #persistence #cososec
@Dogofalltrees Hang in there. This too, shall pass. Maybe get up and do something else for a little bit?
Dunno if folks have been following the Institute for the Study of War (ISW) on the Russo-Ukranian war: https://www.understandingwar.org/backgrounder/russian-offensive-campaign-assessment-january-22-2023 They have daily updated maps. Along the northern half of the front, there are some probes getting close to some critical junctions. Wagner Group is also getting a bit of a smack down. Slava Ukraini!
@barrett Probably dated yourself, with that one. 😂 (...and myself for catching it.)
Muddling through.