Pentest-Service-Enumeration Purpose Suggests binaries to run against services found during the enumeration phase of a Pentest Background While studying for the Offensive Security Certified Profesional (OSCP) certification I found it hard to keep track of which commands to run during…
Backround On April 12, 2022 Microsoft Announced CVE-2022-24500, a Windows SMB Remote Code Execution Vulnerability. The CVE clearly states that this vulnerability requires interaction from the end user. Fake Exploit A fake exploit was posted on May 18, 2022 to…
Deepfence is setting a very high bar in the Cloud Native Workload Protection (CNWP) space. Their offering is purpose built for protecting your internet connected containerized workloads. This is a tool built for the Information Security teams that have to…
Benefits of AWS Systems Manager Session Manager AWS Systems Manager Session Manager (SSM) has many benefits to secure remote connections: Inbound ports do not need to be open SSH keys are not required Access can be defined in IAM policies…
Testing Endpoint Detection Response Products This is the first of many posts on how to test your Endpoint Detection Response product by using real world scenarios. Products that are being tested I am testing two products today: Palo Alto Prisma…
I wrote a script that will scan a list of IPs/Domains for CVE-2021-44228 (the recent Log4J exploit). Enjoy!
I’m proud to announce the second episode of Ephemeral Security is out! Interview with @cyber_sn CEO @DeidreDiamond
Terraform on my MacBook kept having DNS resolution issues with the AWS plugin while on VPN. Because Terraform uses GoLang it resolves DNS differently than the rest of the system. This is explained here: To resolve the issue install…
I find myself constantly referencing the account number and name of AWS accounts across the organization. I came up with this script to print out the account number and name of each account:
If you receive a text like this: I’ve modified the phone number in the screenshot and following post and also “defanged” the URL by placing brackets around it. Automated Analysis When analyzing a suspicious link you may think going to…
