Converting .sid (MrSID) files Just notes because every forum post I came across for this was 10 years old, and all the references and links were out of date. Once you find the files, there's nothing difficult here. From the Wiki "MrSID (pronounced Mister Sid) is an acronym
Battery Powered PIR IR Illuminator I've spent some time searching for an additional IR illuminator to supplement my security cameras. For those of you not familiar with what these are, the IR lights (or near-infrared, 850nm) on your camera are what allows it to see in the dark. Most
Volatility 3 Framework (v 2.0.0-beta.1) Requirements Very quick post, mostly notes for myself. When using Volatility 3 you might noticed that some plugins cannot be loaded # ./vol.py -h [...] The following plugins could not be loaded (use -vv to see why): volatility.plugins.windows.cachedump, volatility.plugins.windows.callbacks, volatility.
Discussion on Domain Credential Extraction It's been a while since I have posted anything, and today I ran across a Tweet and had a conversation that I thought would make a perfect subject. It begins with "A mini thread: I periodically see folks suggest that to prevent weak passwords
Password Analysis - LiveJournal Updated: 29 May 2020 @ 13:25 UTC - Added additional Pipal analysis.This is the first of my "Password Analysis" posts that I've published, but the second one I've written. I started with 000webhost, but had not completed that when this breach hit. This
"Deleted" LiveJournal Accounts Update 27 May 2020 @ 13:17 UTC - See bottomUpdate 27 May 2020 @ 19:48 UTC - Related post analyzing passwords in use: https://nullsec.us/livejournal-password-analysis/ There's a lot of talk about the LiveJournal breach going on right now. I wasn't too surprised
Generating Offline Passphrases I'm a huge fan of https://makemeapassword.ligos.net/generate/readablepassphrase, and regularly advise people to use it when generating passwords that need to be memorized or typed frequently. However, there's been numerous times people have expressed concerns that they're effectively generating passwords on
Passphrase Length I wanted to address a tweet posted today by the UK's National Cyber Security Centre advising people to use three random words as a passphrase. When choosing your password, use #threerandomwords: memorable but not easy to guess, a good compromise between protection and usability
CVE-2020-0796 There's a lot of useless posts going around about this right now. I hope mine is a little more useful since most of these don't mention if this is being exploited in the wild. TL;DR - no, it isn't, no need to panic
Proxying Non-browser Traffic Through Burp Or "Microsoft SQL Express and the Truly Terrible, Just Awful, No Good Downloader"TL;DR up front. On a secondary machine/VM, setup a Burp proxy to use the non-localhost interface (192.168.1.230 in my case) as a proxy. Turn off interceptOn
Windows Event Log - Audit-CVE Update: This event appears for both binaries and websites in build 1809 and 1909, but only for binaries in 1903 (not web). So if you're looking for this event and not finding it, that may be why. I have not confirmed this myself, so
Splunk REST API Python Example There's really nothing special here except a mildly updated example of the code found here: https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTTUT/RESTsearches#Python_example Basically, updated to python3 due to the impending end-of-life (print() adjustment, and urlencode had changed in
Wireshark From Source / RHEL 7 Wireshark on Red Hat Enterprise Linux is, for some reason, about a decade out of date. The current version available via yum install is 1.10.14. This version was released in June 2013, and reached end of life in June 2015. Now, RHEL
Auditing Default Credentials with a Custom Python Script From time to time I need to audit a large number of devices for default credentials. I typically use Metasploits http_login module for this. You can pass it a file of rhosts with something like set rhosts file://root/hosts.txt and have
Top 4 Cybersecurity Threats That Small Companies Face I thought this tweet might make a good blog post. I'm sure everyone in infosec will have their own answers, and all will be, generically, correct. Most of what I've seen is disagreements over one or two of the points, or how to remedy
news [Cybersecurity News] 8 Jul - 15 Jul School Vandals Caught When Smartphones Connect to Wi-Fi https://slate.com/technology/2019/07/glenelg-high-school-graffiti-wifi-login.html Four students who spray-painted hateful symbols on their school were caught, despite covering their faces, when their phones automatically connected to the schools wireless. School administrators simply checked
news [Cybersecurity News] 1 Jul - 8 Jul July Patches for Android Devices Have Been Released https://thehackernews.com/2019/07/android-security-update.html https://source.android.com/security/bulletin/2019-07-01 Of the 33 vulnerabilities patched this month, 9 of these are considered critical and 3 could be used for remote code execution
news [Cybersecurity News] 24 Jun - 1 Jul I feel like I'm getting better at this, at least I got the day right this time... Third Florida Town in Three Weeks hit by Ransomware https://arstechnica.com/information-technology/2019/06/is-there-something-in-the-water-third-florida-city-hit-by-ransomware/ It appears all three incidents started with a city employee clicking
news [Cybersecurity News] 17 Jun - 24 Jun Not off to a great start. I forgot to post last week and I'm a day late this week. Still, here it is. Two Additional Universities Announce Email Compromise https://threatpost.com/university-breaches-email-threats/145759/ On the heels of OSU (last week), Graceland University in
news [Cybersecurity News] 3 Jun - 10 Jun I started developing a Cybersecurity Newsletter for those around me (parents, colleges, etc.) and was told it would be a good weekly addition here. The notes below each headline are my own and how they are relevant, a brief summary, or quotes from the
ESXi Update fails with "[Errno 28] No space left on device" This appears to be a somewhat recent problem, and when searching for an answer, a lot of posts reference solutions or VMWare KB's that don't help (enabling swap, checking inodes, etc.). This problem appeared somewhere between ESXi-6.7.0-20190104001-standard (Build 11675023) and ESXi-6.7.
Password Spraying SMB TL;DR - I wanted to audit for the presence of a particular username, with a particular password, across every endpoint in our environment. As usual, I had a theory. The theory was that, when we applied LAPS several years ago, there were things
Port Inversion/Diff Tool I've been in need of a tool that would take two different sets of port numbers, and subtract one set from the other. This would be similar to comm -13, but would be able to act upon ranges in a list (e.g. 8,
Mystery Scan - Leveraging Nmap flags to find the box that wasn't listening I found a really cool thing several months ago. I was scanning my network from an external perspective (AWS specifically), and found a live host. The very odd thing about this finding is that there were no open ports, no listening services, and ICMP
EventFinder2 - Finding Events by Time TL,DR upfront - I created a small program to grab all event logs between a beginning and end time mark and write them to a CSV. Find it here:
