Upgrade dummy terminal to tty
If you have ever gotten a webshell and wanted an interactive terminal this post is for you!. With Python python -c ‘import pty;pty.spawn(“/bin/bash”)’ Without Python script -qc /bin/bash /dev/null (inside the nc session) CTRL+Z;stty raw -echo; fg; ls; export TERM=xterm-256color…
Creating a Windows Bind Shell Using C
Creating a Windows Bind Shell Using C I’m studying for the OSCP and needed to replace the exe file of a Windows service with a new .exe file. On reboot my goal is to have a shell as NT Authority/System…
How to Ingest Okta SIEM logs in to Graylog (Without Enterprise)
Learn step by step how to export and import Okta SIEM logs in to your open source Graylog! After many failed attempts to import Okta SIEM logs in to Graylog (using Okta Documentation and some PowerShell scripts I found online)…
Disable Screen Lock on Kali Linux 2020
Problem Kali Linux keeps locking the screen when not used for a short period of time Solution You need to configure “Light Locker” to stop automatically locking the session. Steps Click the icon at the top left of the screen…
How to scan top 100 ports with masscan
If you have ever wanted to scan the top 100 ports with masscan here are the instructions: masscan -p7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157 10.11.1.0/24 –rate=1000 -e tun0 –router-ip 10.11.0.1 You will need to replace the following: tun0 with your interface router-ip with the router…
Parse fully qualified domain names from file
I ran in to a situation where i needed to parse all fully qualified domain names (FQDN) from bunch of files in the same directory. Here is how to do that: grep -R -h -Eo ‘(http|https)://[^/”]+’ . | awk -F’/’…
CrowdStrike SIEM Connector Grok Rules
I couldn’t find a good set of Grok rules for the CrowdStrike SIEM connector so I wrote my own. You need two rule sets. Set1: %{IPV4:source_collector_ip} CEF: 0\|CrowdStrike\|FalconHost\|1.0\|%{WORD:event_type}\|%{GREEDYDATA:event_subtype}\|%{INT:event_tactic}\|externalId=%{HOSTNAME:externalID} cn2Label=%{WORD:cn2Label} cn2=%{WORD:cn2} cn1Label=%{WORD:cn1Label} cn1=%{WORD:cn1} dhost=%{HOSTNAME:dhost} duser=%{DATA:duser} msg=%{GREEDYDATA:msg} fname=%{DATA:fname} filePath=%{GREEDYDATA:filepath} cs5Label=%{DATA:cs5Label} cs5=%{GREEDYDATA:cs5} fileHash=%{DATA:fileHash}…
Automating Setting up Tenable.io AWS Connector Role
I recently had to set up quite a few AWS Connectors in Tenable.io for various AWS accounts. This can become quite a cumbersome task so I decided to automate it. Prerequisites ~/.aws/config with multiple profiles trustpolicy.json (shown below) trustpolicy.json This…
Bulk Lookup Owner of IP Address
To perform a bulk whois lookup of a list of IP addresses use the following script: Bulk whois lookup while read ip; do if [ ! -z “$ip” ]; then echo -n “$ip – ” && whois $ip 2>/dev/null grep…