The modules that we use are specific to our needs. But these are the most commonly used from my recent history. This list is super generic and mostly to supplement my poor memory. These methods/modules rely on a previously completed db_nmap scan. So our targets are readily available from the
Read moreAuthor: Andrew Galdes
I'm a systems engineer and security guru. I'm surrounded by experts in their fields and excited to be able to work with such talent.
RHCE, Sec+, CySA+, CASP+
Creating your own Password list
If you want to create a customised password list for a specific target (client, I hope), this article is for you. It’s basically just a re-write of “https://karimlalji.wordpress.com/2018/04/26/password-guessing-mangle-a-custom-wordlist-with-cewl-and-hashcat/” which I’ll probably forget later so I’m documenting here. We don’t just want a list of passwords, we want a list of
Read more
Mount SysInternals over HTTP on Linux
This article demonstrates how to mount “https://live.sysinternals.com/tools” on Linux so that it’s accessible at “/mnt/sysinternals”, for example. On CentOS: yum install davfs2 On Ubuntu: apt install davfs2 Mount it: mount -t davfs https://live.sysinternals.com/tools /mnt/sysinternals Now you can access it at: # ls /mnt/sysinternals/ accesschk64.exe diskext.exe pipelist.exe RegDelNull.exe accesschk.exe Diskmon.exe PORTMON.CNT
Read moreConfluence – Recover from User Directory Trouble
If you’re in a situation where you can’t log into Confluence because you messed up your User Directories, try these two steps. First, attempt to log in locally. If that doesn’t work, diddle with the database and reset the state of your User Directories. In this article, we’re assuming the
Read more
IPSec Site-to-Site VPN between Unifi and pfSense
In this article, we’re assuming we have multiple sites (remote offices) using Unifi networking gear, and a central network (in Azure or AWS for example) running pfSense as the firewall. We want an IPSec site-to-site VPN between them in a spoke topology. The Unifi networks will connect to the pfSense
Read moreUpgrade MariaDB to 10.3 on CentOS 7
Everything you see here is found more formally at “https://mariadb.com/docs/operations/upgrades/upgrade-community-server-cs103-centos7/”. This page is basically just my notes in case I can’t find the other site when I need it in future. We’re using CentOS 7 and upgrading from “MariaDB 5.5” to “MariaDB 10.3”. Backup your DB and config files first.
Read morePen Testing Tools – Stuff we all need
This article is mostly a cheat sheet for things pen-testers need. Obviously there’s a little picking and choosing depending on the need. Nmap: Ubuntu: apt install nmap CentOS: yum install nmap Nikto: Ubuntu: apt install nikto CentOS: yum install nikto Mimikatz: https://sourceforge.net/projects/mimikatz.mirror/files/latest/download Hydra: Ubuntu: apt install hydra Cewl: Ubuntu: apt
Read moreCreate, List, Copy and Delete Windows Shadow Copy (VSS) on Windows 10
This article lists the PowerShell (and other) commands to create, list, copy from, and delete Windows Shadow Copies, also known as VSS. See Microsoft’s doco here “https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/vssadmin”. Enable: Enable-ComputerRestore -Drive “C:\” Create: wmic shadowcopy call create Volume=”C:\” List: vssadmin list shadows Copy from: Windows Explorer: Right Click a folder, Select
Read moreYou Don’t Need a Vulnerability Scanner, Use Nmap & Metasploit
This article walks you through the process of installing, configuring and running scans using Metasploit and Nmap. Both CentOS 7 and Ubuntu 20.04 are discussed. Our objective is to be able to run nmap scans and have the results go into a database so we can filter the results later
Read more
Create Your Own Public Half-Life 2 DM Server on CentOS 7/8
This article walks you through the process of building your own publicly accessible Half-Life 2 Death Match server on CentOS 7 and should work with 8 too but that’s untested. There’s plenty that can go wrong in this process. See the bottom of this article for common problems and solutions.
Read more