Top 4 Cybersecurity Threats That Small Companies Face I thought this tweet might make a good blog post. I'm sure everyone in infosec will have their own answers, and all will be, generically, correct. Most of what I've seen is disagreements
news [Cybersecurity News] 8 Jul - 15 Jul School Vandals Caught When Smartphones Connect to Wi-Fihttps://slate.com/technology/2019/07/glenelg-high-school-graffiti-wifi-login.htmlFour students who spray-painted hateful symbols on their school were caught, despite covering their faces, when their phones automatically
news [Cybersecurity News] 1 Jul - 8 Jul July Patches for Android Devices Have Been Releasedhttps://thehackernews.com/2019/07/android-security-update.htmlhttps://source.android.com/security/bulletin/2019-07-01Of the 33 vulnerabilities patched this month, 9 of these are considered critical and
news [Cybersecurity News] 24 Jun - 1 Jul I feel like I'm getting better at this, at least I got the day right this time...Third Florida Town in Three Weeks hit by Ransomwarehttps://arstechnica.com/information-technology/2019/06/is-there-something-in-the-water-third-florida-city-hit-by-ransomware/It
news [Cybersecurity News] 17 Jun - 24 Jun Not off to a great start. I forgot to post last week and I'm a day late this week. Still, here it is.Two Additional Universities Announce Email Compromisehttps://threatpost.com/university-breaches-email-threats/145759/
news [Cybersecurity News] 3 Jun - 10 Jun I started developing a Cybersecurity Newsletter for those around me (parents, colleges, etc.) and was told it would be a good weekly addition here. The notes below each headline are my own and
ESXi Update fails with "[Errno 28] No space left on device" This appears to be a somewhat recent problem, and when searching for an answer, a lot of posts reference solutions or VMWare KB's that don't help (enabling swap, checking inodes, etc.).This problem
Password Spraying SMB TL;DR - I wanted to audit for the presence of a particular username, with a particular password, across every endpoint in our environment. As usual, I had a theory. The theory was
Port Inversion/Diff Tool I've been in need of a tool that would take two different sets of port numbers, and subtract one set from the other. This would be similar to comm -13, but would be
Mystery Scan - Leveraging Nmap flags to find the box that wasn't listening I found a really cool thing several months ago. I was scanning my network from an external perspective (AWS specifically), and found a live host. The very odd thing about this finding is
EventFinder2 - Finding Events by Time TL,DR upfront - I created a small program to grab all event logs between a beginning and end time mark and write them to a CSV. Find it here: https://github.com/
9211-8i RAID Controller Heat Considerations I did quite a bit of reading before purchasing a RAID card (though it's never enough) and one fairly consistent thing I noticed is how hot people seemed to think they ran if
LSI Flashing LSI 9211-8i Firmware I built a home ESXi lab, which I will be documenting a bit more later. Before I do though I wanted to document some of what I've learned about RAID before I forget
Force HP Printer Firmware Install I'm re-posting something from redleg/Memory Sieve regarding HP firmware upgrades. In their case, it was a matter of not being able to install the latest firmware package. However, in my case I
Windows Event ID 1029 Hashes While reviewing Windows RDP event logs for the RDP project, I noticed one in particular. Windows Event ID 1029 can be found under Microsoft-Windows-TerminalServices-RDPClient/Operational.evtx. This event is created on the computer
Windows RDP-Related Event Logs: The Client Side of the Story This article is going to cover the other side of Windows RDP-Related Event Logs: Identification, Tracking, and Investigation and RDP Event Log Forensics. Both of these document the events that occur when viewing
Integrating BeEF and Metasploit This isn't exactly undocumented, but I definitely feel like it's underdocumented. I've seen the metasploit browser_autopwn feature in the modules in the past, but what I didn't realize until recently is that
Stitching together UniFi Video Footage I recently wanted a video of a large amount (lets say 24 hours worth) of footage from my Ubiquiti UniFi camera. If you're doing 24/7 recording, the NVR interface chunks videos into
dirb multiple hosts wrapper I've had the need in the past to run dirb (dirbuster like web directory brute force tool) against a range targets. However, dirb only takes a single host as an argument. It would
Office 365's Secret "Activities" API The TL;DR up front, because I hate buried leads. Microsoft created an undocumented API that gave incident handlers, forensic teams, and blue teams a tool that they have long wished for and
ghost Disqus on Ghost More adventures into self-hosting Ghost. I have Disqus up and running again, all the comments are still there. Since Disqus was based on URL, and the URL didn't change, everything just started working
ghost Adding security.txt to Ghost Ghost is pretty great. Simple markdown language for posts, lightweight, and self-hosting allows me to keep costs down and lets me customize some things. However, it also feels a bit goofy when you
I accidentally the whole / Instead of chmod -R ./ 664 * inside a script, I just ran chmod -R / 664 *. Worse, this was inside AWS, no directly console access. Woops... This isn't the worst thing to recover from if
Finding Event Logs Caused by an Action Windows 10 1803 x2 - vanilla install, all commands run from elevated prompt Ever want to find out what Windows Event Logs are created by a particular action? There doesn't seem to be
EternalBlue on Windows XP There's a few articles and exploits out there where EternalBlue has been found to work on Windows XP. However, the metasploit framework does not seem to have a reliable exploit for it. I
