Skip to content

Category: Security

I made some shirts

Over the years, I have kept a running list of t-shirt ideas in the back of my mind, thinking that someday “I should make a t-shirt out of that.”

I finally made the effort, and now I have a shop set up where you can buy some silly things I created. Not only are they available as shirts, but you can order them as hoodies, onesies, notebooks, stickers, coffee mugs, and more.

It’s a Festivus miracle!  

Check out the shop, or browse some of the available things below.

A few new resources for pentesting/OSCP/CTFs

Here are a few new resources I’ve run across in the last month or so. I’ve gone back to add these to some of my older posts, such as the Windows Privesc Resources, so hopefully you’ll find them, one way or another.

Windows-Privilege-Escalation-Guide
https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

JSgen.py – bind and reverse shell JS code generator for SSJI in Node.js with filter bypass encodings
https://pentesterslife.blog/2018/06/28/jsgen/

So you want to be a security engineer?
https://medium.com/@niruragu/so-you-want-to-be-a-security-engineer-d8775976afb7

Local and Remote File Inclusion Cheat Sheet
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal

External XML Entity (XXE) Injection Payloads
https://gist.github.com/staaldraad/01415b990939494879b4

Enjoy!

The Unofficial OSCP FAQ

It has been close to a year since I took the Penetration Testing with Kali (PWK) course and subsequently obtained the Offensive Security Certified Professional (OSCP) certification. Since then, I have been hanging out in a lot of Slack, Discord, and MatterMost chat rooms for security professionals and enthusiasts (not to mention various subreddits). When discussing the topic of obtaining the OSCP certfication, I have noticed *a lot* of prospective PWK/OSCP students asking the same questions, over and over.

The OffSec website itself covers some of the answers to some of these questions, but whether its because people don’t read it, or that it wasn’t made very clear, these questions keep coming back. Here, I will attempt to answer them as best I can.

Disclaimer: I am not an OffSec employee, nor do I make the claim that anything that follows is OffSec’s official opinion about the matter. These are my opinions; use them at your own risk.

  1. Do I have enough experience to attempt this?
  2. How much lab time should I buy?
  3. Can I use tool X on the exam?
  4. What note keeping app should I use?
  5. How do I format my reports?
  6. Is the HackTheBox.eu lab similar to the OSCP/PWK lab?
  7. Are VulnHub VM’s similar to the OSCP/PWK lab?
  8. What other resources can I use to help me prepare for the PWK course?

According to the official OffSec FAQ you do need some foundational skills before you attempt this course. You should certainly know your way around the Linux command line before diving in, and having a little bash or python scripting under your belt is recommended. That said, it’s more important that you can read code and understand what it is doing than being able to sit down and write something from scratch.

I see many people asking about work experience, which isn’t really covered by OffSec. For example, people wondering if 3 years of networking and/or 1 year being a SOC analyst is “enough.” These questions are impossible to quantify and just as impossible to answer. What you should focus on is your skills as they relate to what is needed for the course.

To do that, head over to the PWK Syllabus page and go through each section. Take notes about things that you are not sure about, or know that you lack skills and expertise in.

Once you have a list made, start your research and find ways to learn about what you need to get up to speed on. For example, when I was preparing for PWK, I knew very little about buffer overflows. I spent a while watching various YouTube videos, reading up on the methods by which you can use a buffer overflow exploit, and taking notes for future reference. Once I started the course, I was able to dive into the exercises and understand what was going on, at least a little bit beyond the very basics, which helped me save time.

In the same boat? Check out this excellent blog post about buffer overflows for something similar to what you will see in the PWK course. Also, while I haven’t tried it yet, I hear that this is a good buffer overflow challenge you can practice on.

Buy the 90 day course in order to get the most out of the experience and not feel crunched for time — especially if you work full time and/or have a family.

With 90 days, you can complete the exercises in the PWK courseware first, and still have plenty of time left for compromising lab machines.

I see this question a lot, perhaps more than any other. People want to know if it is safe to use a specific tool on the exam, such as Sn1per. The official exam guide from OffSec enumerates the types of tools that are restricted on the exam. It is pretty clear that you cannot use commercial tools or automated exploit tools. Keep this statement in mind when wondering if you can use a certain tool:

The primary objective of the OSCP exam is to evaluate your skills in identifying and exploiting vulnerabilities, not in automating the process.

If a tools helps you enumerate a system (nmap, nikto, dirbuster, e.g.), then it is OK to use.

If a tool automates the attacking and exploiting (sqlmap, Sn1per, *autopwn tools), then stay away from it.

Don’t forget the restrictions on Metasploit, too.

From what I have heard, even though OffSec states that they will not discuss anything about it further, people have successfully messaged the admins to ask about a certain tool and gotten replies. Try that if you are still unsure.

I wrote a lot about this already, so be sure to check out that write-up. In short, these are the main takeaways:

  • Do not use KeepNote (which is actually recommended in the PWK course), because it is no longer updated or maintained. People have lost their work because it has crashed on them.
  • CherryTree is an excellent replacement for KeepNote and is easily installed on the OffSec PWK Kali VM (it is bundled by default on the latest/greatest version of Kali).
  • OneNote covers all the bases you might need, is available via the web on your Kali box, and has clients for Mac and Windows.
  • Other options boil down to personal choice: Evernote, markdown, etc.

Check out the example reports that OffSec provides. From those, you can document your PWK exercises, your 10 lab machines (both of which contribute towards the 5 bonus points on the exam), and your exam notes.

I do not recommend skipping the exercise and 10 lab machine documentation, thus forfeiting your 5 extra exam points. I am a living example of someone who would not have passed the exam had I not provided that documentation. Yes, it is time consuming, but it prepares you for the exam documentation and helps you solidify what you have learned in the course.

There are definitely some worthy machine on Hack The Box (HTB) that can help you prepare for OSCP. The enumeration skills alone will help you work on the OSCP labs as you develop a methodology.

There are definitely some more “puzzle-ish” machines in HTB, similar to what you might find in a Capture The Flag event, but there are also plenty of OSCP-like boxes to be found. It is a good way to practice and prepare.

See the above answer about Hack The Box, as much of it applies to the VulnHub machines too. I used VulnHub to help me pre-study for OSCP, and it was a big help. The famous post by Abatchy about OSCP-like VulnHub VM’s is a great resource. My favorites were:

  • All the Kioptrix machines
  • SickOS
  • FrisitLeaks
  • Stapler

There are a lot of resources that can help you pre-study before you dive into the course. I will post some here.

Books

Online Guides

Captured The Flag

Along with my friend eth3real (and some pitching in from our new friend Brian), we teamed up as DefCon828 and won the Capture the Flag contest at BSides Asheville today. The loot was some cool WiFi Pineapple gear.

Last month, Jess and I won 1st and 2nd place respectively at BlueRidgeCon. I do feel bad about missing out on the lectures, talks, and socialization at these awesome conferences, but I can’t stay away from the CTFs. It’s bad.

Smart Safety and Savvy Cyber Security for Your Small Business

When you started up your business you understood from the very beginning how important security is. So many businesses fail because they are hacked into or exposed by geniuses behind screens. Security can be the one essential thing that is letting your small business down, so it’s time to get to grips with it. Whether you’re a technological wizard or a technophobe, there are several security measures you need to have in place when you own a small business. This will prevent anything untoward from happening to your company and will ensure that you private details are kept under wraps.

Perfect Privacy

The way in which your internet is connected will make for a safe or unsafe environment for your business. You absolutely need to invest in a VPN, (which stands for Virtual Private Network) if you value your online privacy at all. When a VPN is used all of your internet traffic is diverted through a private tunnel, so that meddling eyes can’t view your online activity.  This is especially important for business owners because you need to keep your personal and business information secure. Look online and compare vpn providers, so that you can feel fully at ease with your internet connection.

Password Protection

Your password might be something as simple as your dog’s name or the name of the street you live on. Hackers can put together a jigsaw of information from everybody who operates online. If you are using an obvious password like this, then there is a high risk you are going to get hacked. It can be a pain to remember long numerical passwords containing several cases and special characters, but it is so important to adhere to these guidelines. You will be putting your business and your clients at risk if you don’t have solid, strong passwords for every piece of software and online programme you use. Never share your passwords with anybody and don’t write them down in an obvious place. Try and use different passwords for varying programmes too so that if one gets compromised the others will be safe.

Financial Fall-backs

All of your financial information is going to be stored online in some way. If a hacker manages to get their hands on this you will be majorly in trouble. If you receive a text or an email from your bank asking for personal details and passwords, make sure you do not reply to it. Report it to your bank straight away and let them know you have been a victim of a phishing attack. The more people who come forward with these cases the better, as it will stop the hackers in their tracks.

You want your business to survive and thrive in the current economic climate and the only way to do this is by keeping your data safe. Not only is your private and confidential information important but your customer’s information could be under threat too. That is arguably the more important aspect of your business to protect; otherwise you will be compromising their personal privacy. Make sure your finances are secure and your data is all covered and you will be set for success in the business world.

Ghostery’s GDPR Privacy Fail

I guess, somewhere along the way, I had registered an account with Ghostery when I was using their privacy plugin.

Today, I got a GDPR update notification from them, along with a ton of other users. The thing is, they failed to use the BCC field when they sent the email, so everyone’s names and email addresses were exposed to everyone else.

I suppose they better practice their GDPR habits a bit harder.