Show more

: day 51 : Spent some time going through CRTO. First two sections down. Spun up a new kali box to play around with some of the tooling covered in recon section. Reckon I'll do a once through the material before getting lab time and going after the lab exercises.

Is still a thing? Got another walk in. Distance, 1.2 miles; Pace of 15 min/mi. I'm happy with that, since my last couple of walks were in the 20s. Colder out there than I anticipated, which incentivized my pace.

: day 50 : Grrr. Yesterday was actually day 49. Anyways. Signed up for zeropointsecurity.co.uk Certified Red Team Operator course. LFG!

: day 48 : even more . Read some on chapter 5. Watched a couple of videos by @[email protected] on his No Boilerplate YouTube channel. Poked around on crates.io a bit and looked at some code.

: day 48 : re-read chapter 4 of Rust Programming Language. Ownership, borrowing, and slices, oh my. Moar examples will be needed.

: day 47 : Read a bit more about rust. Started in on Chapter 4 of The Rust Programming Language. Still not grokking why there is a mutable/immutable setting for variables. Seems there's no difference between an immutable variable and a constant.

: day 46 : Read more rust. (Today was a travel day, so not so much hands on keyboard today)

: days 43 & 44 : Forgot to post yesterday. Modified a BadUSB/Rubber Ducky script to run PowerShell and feed a file. Helping out a analyst w/that one. Helped myself for a future exercise. Also spend some time w/'hello, world', Rust, and Windows OS. Baby steps, time will tell w/that one. Tried out a different format for attack trees, but haven't tried it out on anyone yet.

: day 42 : Listened in on N00bie Tuesday by Alh4zr3d@twitter. Someone mentioned Zero Point Security has a "Rust for n00bs" [[training.zeropointsecurity.co.]] class. I'm a n00b, so ran full-tilt into that rabbit hole. An inexpensive introduction. Rust has some interesting quirks. Tried it out on MacOS. Next up, Windows.

: day 41 : Tinkered around with Docker some more. Experimenting with building an image w/enumeration tools. Getting rust onto the system for feroxbuster has me a bit stymied.

: day 40 : Took a crack at today new release, interface. Web app, natch. Started my process and used the usual tools. Didn't get very far at all. Based on tech found, did some research and found an article about one of the components. Calling it a day though and will take a look tomorrow.

: day 39 : *Now* I have a working virtual gateway in my virtual lab. Ubuntu w/iptables rules, ftw. Next, write a "shields up/shields down" script governing rules for the inside LANs. Time to grind on payloads! Ah, and it's beer o'clock.

: day 38 : Not much direct hacking today. Read a couple of articles on Azure/M365 hacking. A family friend is making a career transition to software development. Their code made it into GitHub, so I looked through it to practice code-review skills-ish.

: day 37 (delayed report) : More work on the lab. Migrated target vm from old hacktop to new. Poked at virtual firewall some more to get the lab network sorted.

: day 36 : More work on lab infra. Followed this cookbook on dockerizing CobaltStrike: ezrabuckingham.com/blog/contai Worked! Docker networking is still a little weird for me, so I need to figure out how the beacons are going to get there. The client piece worked, so halfway there. Still need to test the fw--it seems to be grabbing my laptop's IP, which creates network weirdness. May bail and use something I'm more familiar with.

: day 35 : Worked on the hacktop lab. Created a "Private" net for the targets to reside in. Build an OPNSense virtual firewall to govern access between the "External" net--where the attacking hosts are going to reside--and the target network. ...maybe I should rename them. Skimmed the DNS section of the OPNSense manual. Maybe DNSmask let's me try out DNS C2? Next step is to move my target vm from the old hacktop to the new and test fw config.

ath0 boosted

I feel another "I told you so" brewing. When Reagan destroyed "The Fairness Doctrine" he opened the door. Once the news media stopped doing actual news, and started being entertaining, because there was more money (and hence political power for some people) in it, we were screwed. All of us. theatlantic.com/magazine/archi

: day 33 : Looked at some open-source projects from fortynorthsecurity.com Came across them looking for CobaltStrike info. PersistAssist (github.com/FortyNorthSecurity/) looks interesting. It's written in C#, so I took some time to look through the code to see if it makes any kind of sense to me. Maybe tinkering with that would be a good way to start getting acquainted. I think I want to play around with Egress-Assess (github.com/FortyNorthSecurity/) a bit, as well.

Show more

ath0

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.