Tool Sharpening

As honest Abe Lincoln said, “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.”

For the last six months, I have been playing the part of Hey Blinkin, getting the tools in my toolbox sharpened, honed, configured, and ready as I am inches away from starting the PWK/OSCP course. As soon as some paperwork clears, I’ll be signing up, hopefully to start in mid-July. You may have seen me posting things I’ve learned so far here on my blog. I intend to keep it up, as finding other OSCP adventurer blogs, tips, and tools along my journey has been invaluable. I hope to pay it forward here.

That said, here are a few very sharp tools I’ve come to love (as recently as this evening):

iTerm 2 – http://iterm2.com/ – a better Terminal app for Mac. Highly configurable, integrative, and versatile. Not exactly a pentesting tool, but something anyone doing command line work on a Mac should check out.

Sn1per – https://github.com/1N3/Sn1per – a super-thorough and invasive reconnaissance tool. It is very noisy and not recommended for actual pentesting, but it is great for working on CTF and Vulnhub VMs.

OSINT Framework – http://osintframework.com/ – a hefty, well-organized set of free tools for gathering all kinds of information. Originally geared towards security, it includes a lot of other fields as well. Follow it on GitHub here.

 

Microsoft Windows has Free Virtual Machines

Wish I had know about these earlier. Microsoft offers free Windows virtual machines for VirtualBox, VMWare, and others. You can choose from Windows 7, Windows 8, or Windows 10 (a few different flavors of each). They last 90 days before expiring, but you can snapshot them right after you install them to make it easy to reset that 90 days by rolling back to the snapshot.

Officially, these are for testing out the Edge browser, but you can also use them for whatever else 😉

Check them out here:

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

 

 

Metasploit Tidbits

I’ve been working through Metasploit Unleashed in preparation for the PWK course and the ensuing OSCP exam. Looks like I’ll be signing up for that in early July. While you can’t use Metasploit on the OSCP exam, they do teach it in the PWK course itself, and it’s a very powerful tool anyway, so learning it now seemed like a good idea.

I’ve been taking a lot of notes in OneNote as I progress on all things OSCP, but I thought I’d share some of the handier Metasploit tricks that I might find myself using from day to day. Additionally, writing all this out and thinking about it as I do so helps me commit it to memory, so this blog post isn’t an entirely selfless effort 😉

Find Hosts on Your Network

The arp_sweep auxiliary module comes in handy to find hosts on your network. In the below example, you select the arp_sweep tool, show its options, then set the RHOSTS variable accordingly for you your network range.

Running the above will return some output that looks something like this:

If you want to be sneaky when you do this (and why would you need to be sneaky on your home network? 😉 ) you can spoof the source host (you) and the source MAC address so that it doesn’t look like you have been scanning anything. Typically, you might set this to appear to be coming from your router.

Scan a Host

Metasploit lets you scan hosts that you discover.

You can set THREADS (10) and CONCURRENCY (20) too, to help speed things up without getting too crazy.

You can even use nmap from within Metasploit, and store the results in the database, or import normal nmap results (saved as xml) into the Metasploit database. The advantage of doing this is that you can save your work and results in workspaces in Metasploit. Workspaces let you create projects and keep things organized, which is useful when working on many targets, or with a team.

I will provide some examples of this soon. Stay tuned. For now, here’s what looks like a great reference for this.

 

Appmazing: What Does It Take To Design An Application That Wows?

You know that Apple advert, the one where one person asks another person for help with a certain task, and they respond with “there’s an app for that”? The concept of this advert is to show that there’s an app for almost everything. A few years on from the release of that advert and there really is an app for everything – well, almost. With apps being so in demand, it makes business sense to take advantage of this and design your own app. If you have the skills, knowledge, and ideas for app design, that is.

The vital thing when it comes to app design is understanding that there is a lot of competition and that it’s fierce. So if you are going to design an app, whether that’s to tie in with your business or as a new venture, it’s crucial that you understand how to create an app that stands out for all the right reasons. To be able to do this you need to be somewhat of a tech geek; you need to be an innovative thinker, someone who loves creating new products and is passionate about cutting edge technology.

To help you get started on app creation, below are some tips for designing an application that has the wow factor and is sure to be a success.

Develop your idea first

There’s no bigger mistake when it comes to app design than rushing the process. What you want to do is take the time to develop your idea before you begin turning it into an app. For your app to have the wow factor, it can’t be rushed. It is important not to rush the process because once you have started creating your app, it becomes more difficult to edit or change the concept, which is why it’s best to take your time developing your idea before you begin the process of turning it into an app.

Make user-focused design a priority

If you have ever built a website, you will know how important a user-friendly design is. The same rules that apply to web design apply to app design – it needs to be user-friendly to be successful. So when it comes to developing your app, it’s important to take the user experience into account. Think about how easy the layout will be to navigate, how quickly the app will load, and how clear the content is. If there are certain tasks you can’t deal with yourself, don’t be afraid to outsource them. Part of focusing on user-experience is ensuring that your app runs smoothly and is free from bugs. An app that has glitches can severely impact the user experience, which is why it’s worth using resources like https://www.globalapptesting.com/product/mobile-app-testing to ensure that your app runs smoothly. By testing your app before releasing it, you can find any bugs or glitches and fix them, ensuring that your app is as user-friendly as possible.

Focus on branding

Whether you are creating an app to link to your brand or as a new venture, it’s vital that you focus on branding. The fact is that it’s branding – a well-designed logo, a certain color scheme, a style of text, a content style, etc. that gives a company its uniqueness. So when it comes to designing an app, it’s vital that you focus on branding, to ensure that your app is not only unique, but also that it has that professional look and feel to it. To get some ideas about effective branding, resources like https://www.entrepreneur.com/article/276520 are useful.

Want to design an app that has the wow factor? Then take note of the tips above.

How Technology Is Changing the Face of Education

There is very often some concern expressed about the nature of technology and the impact it’s having on younger generations. Some people see it as a waste of time, with too many youngsters existing almost exclusively with their head in their devices. This, however, is not true. Technology is good for a lot of things, most notably when it comes to education. Though it didn’t get as much airtime as, say, smartphones, technology in the classroom continues to make learning better and more enjoyable than ever.

New Kinds of Learning

In the olden days, there was only really two ways of learning: you either read things in a textbook, or you got outside and learned with hands-on experience. Today, you can still do both those things, but there are also many other types of learning available, thanks to technology. For example, students are now able to learn through videos, audio books, online interactive systems, and much more. Now and in the future, students will be able to use VR headsets and other types of technology to take themselves to the far corners of the world, right in the classroom. Whichever way you look at it, that’s going to throw up some exciting new ways of learning.

Better Collaboration

Again, in the olden days, it used to be that you could collaborate with, well, whoever was sat next to you. Not so anymore. With the internet, cloud storage, and personal devices just about everywhere, students can work together on their schedule, even if they happen to be many miles away from each other. This also helps bridge the gap between students who might otherwise not interact with one another. Making the education system more democratic!

More Agile Response

Some older generations bemoan the amount of time those people below 25 spend on their devices, but there’s definitely an upside. For one, young people today are much faster learners than older people. They’re capable of holding differing opinions in their head at the same time and have become much better at multitasking than previous generations. When they’re presented with a problem, they can switch gears in their mind and find a solution. And this is because of technology use.

More Engaged

Technology has allowed students to become more engaged with their education. With tools like PeopleSoft and HighPoint Technology, they’re able to have greater control over their education. Rather than just turning up and waiting for the university to do the work, they’re able to direct their experience, communicate with staff, and arrange their own schedules. All this fosters a closer relationship between the student and their education.

Instant Access

A fact that is often overlooked by the general public, but not so by students, is that on any of their devices, they have access to more or less every piece of information that’s recorded in the world. They no longer have to spend hours in the library looking up a fact. It’s all right there, in the palm of their hand.