Month: April 2018

Can You Invest In Real Estate Without Being Filthy Rich?

Published by Will Chatham on 4/24/2018

The average Joe is shut out of many investing arenas not because he or she is not part of the elite, but because they simply don’t have the capital. But in the modern world, we all would like to invest our money somewhere smartly. Many people are hesitant, but the reward of your money making more money is far too great for others to miss out on. Sensibility plays a huge role in how we make decisions because behind our wallets are our minds. Some of us wouldn’t mind a high-risk high reward investment plan, but for others, the odds have got to start in their favor. This kind of polar opposite in personality is everywhere no matter how rich or poor you are. Real estate has been and always will be the top dog in investment with the global property market valued in the hundreds of trillions of dollars. So you would think that with so much money floating around, there would be just as many opportunities. Put simply there didn’t use to be, as in truth you had to be rich to invest in lucrative real estate propositions. Not now though as real-world currency plays a bit part instead of running the show.

Tokenized opportunities

In an effort to make the real estate industry more transparent and fluid in how it does business. Tokenization is fast becoming the trend to hedge your bets on. Individual and asset management companies are willing to put their properties in the digital realm where there are more opportunities. Tokenization is simple, but because the concept is new, people often freak out and veer away from it as they think it’s too complicated or just a fool’s hope. A property owner can register his or her property with a cloud platform token blockchain. After being accepted by the company whose platform it is, they need to register their wallet in order to get ready to receive and distribute tokens to financial institutions; one of these systems is the i-house IHT Token. The property is then split up into different segments. Smart contracts for each part of the property are issued and then given a token as to what their real-world value really is. On the platform, the owner can track how their property is doing via the asset income display. They may also want to check out who is buying and who is selling via the asset transfer platform. Put into layman’s terms, properties are split up into tokens, and each token has its own value. These tokens can then be bought and sold freely with everyone keeping notes as to what’s going on, so there is absolute transparency.

Where Joe comes in

So now that properties are being accurately valued for each of their segments, this means they get split up. After tokens are assigned to them and then given to financial institutions, they are then sold to individual buyers. Because the properties have been segmented there are differing values to them. This gives the average Joe a chance to invest in a property without having to bust the bank. Rather than being an investor, you’re a buyer owning a piece of the pie without any obligation to hold onto it. As the smart contract can be bought and sold as a token, there is no need to involve a mediary either. Every transaction is open and honest, done on the cloud platform. This makes a blockchain meaning all the data of who bought what from who and for how much is not hidden. As there are many witnesses to the blockchain, the selling and buying is more honest and transparent therefore it invigorates one’s trust to buy. The legal side of investment puts the average Joe off his morning coffee. It’s boring and complicated to many, but in the past, it’s been necessary. However, with blockchain platforms that use tokens as the currency of buying and selling real estate, two birds are hit with one stone. Firstly the token system is actually quite simple to use even if you can’t understand it right away. Then the platform is self-regulated or rather transactions made in the public arena so all those involved, i.e. peers, regulate it themselves. The other benefit is that fact that even people with small amounts of investment funds can get involved.

As the properties in cloud platforms are segmented, parts of a property can be bought rather than the entire asset. This also means that due to the sheer number of investors, token values can go up and thus your token is now turning over a profit. This is the new way of making money and investing in real estate that everyone is watching right now.

Windows Privilege Escalation (privesc) Resources

Published by Will Chatham on 4/13/2018

I have obtained a standard user account on Windows. Now what?

This is a common question I see people inquire about frequently on the Discord/Slack/Mattermost servers I hang out on. This includes people working on CTF exercises (Hack the Box), OSCP/PWK studies, and just pentesting in general. The answer, of course, is that you need to enumerate the system and find a way to become Admin.

The methodology for how you actually do this depends on a lot, all depending on your specific environment and circumstances.

Windows Privilege Escalation to the Rescue

Here are some useful resources on what to do next in your given situation, after you have succesfully exploited your way onto a Windows box, but before you have the system administrator role. I collected these links, snippets, and exploits during my OSCP studies, saving them in this massive OneNote notebook. Rather than letting them sit there where no one but me can access them, I thought I’d share.

Some of these get pretty detailed, and some of them have links to yet even more resources on this topic.

Have fun…this rabbit hole runs deep!

Privesc Resources

Updated 11.11.18: A new resource I came across that looks pretty awesome:

Windows-Privilege-Escalation-Guide
https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

Elevating privileges by exploiting weak folder permissions
http://www.greyhathacker.net/?p=738/

Encyclopedia of Windows Privesc (video)
https://www.youtube.com/watch?v=kMG8IsCohHA&feature=youtu.be

Windows Privesc Fundamentals
http://www.fuzzysecurity.com/tutorials/16.html

Windows Privesc Cheatsheet
https://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html

Windows Privesc Check
A script that automates the checking of common vulnerabilities that can be exploited to escalate your privileges:
http://pentestmonkey.net/tools/windows-privesc-check

Common Windows Privesc Vectors
https://www.toshellandback.com/2015/11/24/ms-priv-esc/

Windows Post-Exploitation Command List
http://www.handgrep.se/repository/cheatsheets/postexploitation/WindowsPost-Exploitation.pdf

WCE and Mimikatz in Memory over Meterpreter
https://justinelze.wordpress.com/2013/03/25/wce-and-mimikatz-in-memory-over-meterpreter/

Windows Privesc – includes tips and more resource links, on Github
https://github.com/togie6/Windows-Privesc

Do you have any Windows Privesc resources you think should go here? Comment below and I will add them.

Which Software Is Right For My Business?

Published by Will Chatham on 4/13/2018

Every business can benefit from using software to speed up processes and improve organization. But with so many programs out there on the market, how do you know which software is right for you? Certain software may be too simple for your needs, whilst other software may be overly complex. There are also factors such as cost to consider. Here are just some ways to help make the right choice when looking for software for your company.

Check online reviews

Online reviews are great at giving you unbiased information on software including the pros and cons. You may find professional reviews in tech publications are the most insightful as these people have tested lots of different software and so have more know-how when it comes to which programme is best (comparison guides are a great read). That said, user reviews can also be handy as they may offer information in layman terms and show how software can be applied in a real life setting. There are also video reviews out there on Youtube that may include walk-throughs of the software on screen so that you can see what it looks like.

Download free trials

Some software companies will offer the opportunity to download a free trial. This allows you to use the software for a few days and get to grips with its interface, helping you to determine whether its right for you. You can get your employees to test it out too if they’re also going to be using it and then you can vote whether you think it’s worth buying. Free trials may not always give you a full experience of what software is like to use – some features may be locked – but you can get a good idea just from the basic settings whether a programme is right for you.

Attend software demos

Some companies will host software demos in which a spokesperson will give a presentation and answer any questions regarding the software. Software demos can be very salesy and you’re likely to get very biased information as a result, however the chance to ask questions and possibly even negotiate pricing can make demos a worthwhile event. They’re also great chances to network with other business owners and get an idea of a software company’s target market.

Consider specialist software

There’s a lot of generic one-size-fits-all software when it comes to processes like accounting and project management. Some of this software is very popular and therefore has had a lot of money poured into improving it and making it reliable, however it may be too generic for some niche companies that need more specific features. Looking for specialist software such as veterinary software or architect software could be more beneficial in certain cases. It’s worth testing out a mix of specialist and generic software.

Go bespoke

There’s also the option to pay a software development company to build your own software. This could be designed entirely to your specs, giving you all the features you need. This can be more expensive, so make sure that you’re going to get regular use out of this software – it could be a way of combining the functions of multiple programmes into one software, saving you money in the long run.

The Damage of Disconnection: How To Proactively Prevent Network Issues

Published by Will Chatham on 4/12/2018

We demand a lot from our IT resources – and as possibilities expand, and the amount of data we process mounts, we can find that the performance of our infrastructure is left lacking. Network performance monitoring solutions can give oversight of the operations of enterprise networks, freeing up resource to present availability in response to peaks in demand, and keeping overall performance running well.

Such network monitoring tools can be proactive – running real-time analytics, minimizing network disruption and downtime and solving issues that crop up quickly. And of course, this will save you time and money in the long run. But if you’re in the process of managing a growing start-up enterprise, heavily reliant on strong IT infrastructure, then you may encounter problems as the network grows quickly.

You may identify issues with effective monitoring that slow you down in identifying where a problem has its origin. Fixing problems can take longer than anticipated – and all the while you could be losing business. Here are some ways in which you can effectively optimize your network for maximum performance, minimum downtime and disruption to service:

Understanding The Set Up

Any attempt to remedy performance issues depends on your understanding of what’s happening within your network at any given moment. While people tend to automatically assume the network itself if, at fault, it may actually be PCs or servers that are causing problems. A tool like Compuware’s Vantage can help you pick up on problematic clients, bad performance on a WAN link, or badly constructed SQL on a server. This type of analysis tends to reveal issues existing on the system that you haven’t even been aware of – structural issues with the initial set up for example. If you take the time to collect all the information then you can head off most problems before they even impact on users. Adding bandwidth without first performing this type of diagnostic can be an expensive mistake, and the solutions that work for you will depend on the environment your network operates in. Opt for auto-alerts to let you know when an unusual event is occurring- you can usually set them up as emails or even text messages to your phone. There may be external factors that get flagged in this way, such as a neighboring WLAN coming online that then impacts the performance of your own network.

Future-proof Your Network

It’s important to factor in future requirements as well as stabilizing current demand. Build in future proofing measures through planning at the outset for increased capacity requirements. Capacity planning functionality in diagnostics will give you the required level of details about where future potential losses in data and packets lie by identifying areas prone to traffic slow down. If you are using too little bandwidth, it can cause as many problems as overload by contributing to underwhelming performance. Take a preventative approach to managing resources and data, and your network will run much more efficiently over time, for a small investment at the outset.

Keep Network Oversight

You need full visibility to keep everything running smoothly. It helps you to check on the flow of authorized traffic –and see any unauthorized requests too. Flagging up even currently non-critical issues with server, routing, bandwidth and network allows you to prevent issues before they become damaging to operations. If you have ‘blind spots’ such as increased traffic data or unexpected application performance, it can also make you aware of these.

Make it Visual

Dashboards are the ideal took for optimizing the performance of your network. With access to instant, at-a-glance information about performance, up/down status, storage, and wireless capacity – whether that’s on the premises or in the cloud – you’ll be able to see your network’s internal characteristics using endpoint data informatics. This can also help when it comes to collaborative working – any suppliers, associates, and vendors can also be notified of current network issues and work together on analyzing multiple layers of data.

Understanding the Cost

Business is all a matter of tackling competing priorities and resource demand. So it’s important to understand – and be able to explain to others – why network integrity needs to be prioritized. Understanding the true cost of issues can be a matter of quantifying it regarding lost revenue, damage to productivity or your business reputation taking a hit, which can cost you, future clients. Attach some solid numbers to these outcomes of potential downtime and outages, and you have a very convincing argument for investing in robust architecture and diagnostic tools.

Crafting Emails that Actually Sell

Published by Will Chatham on 4/11/2018

Although internet marketing experts have been saying that social media will kill email marketing for years, it still hasn’t happened, and in fact, the statistics show that email marketing is up to 40 times more effective at bringing in new customers than Twitter and Facebook put together! So, if you’re looking to market your products and services, you do still need to be using email.

Of course, just sending out any old email and expecting the customers to come flooding in is unrealistic. You need to carefully craft your emails so that they suck people in and make them unable to resist. Here are some tips to help you with that:

Use a Template

First of all, if you want to save time and ensure that your emails not only look good but also reassure the customer, you should use a template that means all the emails you send have a distinct look. You may also want to use the email signature manager at https://www.templafy.com/templafy-email-signature-manager/ to ensure that an up-to-date branded signature is included in every email sent out by your company. These are simple ideas that can immediately put the recipient at ease.

Craft an Eye-Catching Subject Line

So many marketing emails never get opened – they are immediately deleted upon first sight. So, you really do have to work to create eye-catching subject lines that demand to be opened. Some techniques that can work include asking a question, including an interesting spelling mistake, addressing the recipient by name (there’s software to make this easy) and, of course, mentioning a promotion or sale, and you can find more advice on the subject at http://www.addthis.com/academy/email-subject-line-best-practices/ . However, you will need to experiment a little to see what appeals to your target audience the most.

Don’t Make it About You

In the opening lines of your email at least, and in as much of the main body as possible, you should not make your copy about you. Put the focus on the recipient by starting off with a phrase like “I see you like..” or “I enjoyed the piece you wrote on…” because they are much more likely to keep reading if you don’t start pushing your agenda early on and you show some sort of connection with them.

Ask Questions

In the main body of your email, you should aim to ask questions such as “Are you looking to improve your writing?” or “What is the one thing you would change about (your product?” to get them more engaged and thinking about what they want and what your products or services offer. Studies show that you can convert four times as many people by asking more questions in your sales email, the key is to find the right questions for your audience!

Include a Call to Action

In closing your email, you should always include a quick call to action which should be no more than a line or two long. It should make the reader feel like they need whatever it is you’re selling without being pushy. Something like “ Can you afford to miss out on this amazing deal? If not, get in touch to discuss it further.” will do, but the more creative you can get the better.

Use these tips to craft better emails, and you’ll soon be selling way more stuff!