Update 27 May 2020 @ 13:17 UTC - See bottom Update 27 May 2020 @ 19:48 UTC - Related post analyzing passwords in use: https://nullsec.us/livejournal-password-analysis/ [https://nullsec.us/livejournal-password-analysis/] There's a lot of talk about the LiveJournal breach going on right now. I wasn't too surprised to| ØSecurity
Nmap’s top 1,000 ports haven’t changed since 2008, but the internet has. New services have emerged, and attack surfaces have shifted. This post revisits port scanning’s evolution, highlights outdated assumptions, and stresses the need to know your target—because defaults don’t always cut it.| ØSecurity
I setup Shlink in a Digital Ocean droplet, and put it behind Cloudflare. There's nothing super unique here, but I wanted to document it both for my sake, and anyone else that has a similar setup. I'm using the smallest/cheapest Digital Ocean droplet I can. As usual, I don't| ØSecurity
GitHub - BeanBagKing/CSC-STD-002-85: DEPARTMENT OF DEFENSE PASSWORD MANAGEMENT GUIDELINE - 12 April 1985 - CSC-STD-002-8512 April 1985 - CSC-STD-002-85 - BeanBagKing/CSC-STD-002-85GitHubBeanBagKing For whatever reason, I decided to try to recreate the 1985 Department of Defense Password Management Guideline book. I've only ever seen the text, which is OCR'ed| ØSecurity
I'm going to stray from the topic of cybersecurity and infosec for a moment, and likely more and more over the next few years. What I'm seeing in the world around me, particularly in the country and state where I live, scares the absolute hell out of me. I wouldn't| ØSecurity
In my previous post, I went though the structure of the AppCompatCache and then parsed out the actual values found. I expect this to be the last part of this series and goes over some additional findings and thoughts. However, I'm working with Richard of 13Cubed on this, so there's| ØSecurity
I’m still digging into the values found in my previous post (AppCompatCache Deep Dive) and as part of that, wanted to see the actual values being flagged, not just Yes for 01 00 and No for everything else. This is a bit of a side quest into doing that,| ØSecurity
Let’s set some background first. Back in Windows XP and prior, the mere existence of AppCompatCache (aka Shimcache) could be used to prove execution. A program wasn’t shimmed unless it was actually executed. This changed in Windows 7, 8, and 8.1 (presumably Vista as well, but nobody| ØSecurity
I received a phishing message via SMS today directing me to hxxps://cutt[.]ly/WegUqPxy?Lgp=brg1CtzWGg. I haven't done a post in a while, and thought this might be interesting to examine. urlscan.io This is a great site for examine single page phishing or suspect sites. Putting that| ØSecurity
The following are some notes and a bit of a guide regarding collecting memory and disk from Proxmox Virtual Environment (hereafter PVE). There doesn't seem to be nearly as much information regarding best practices and potential pitfalls as there is for Hyper-V or ESXi. However, with the growing popularity of| ØSecurity
I'm trying to nail down the steps to build the Log2Timeline Plaso Windows executable. Part of this is to make it more accessible to the community (for example, Autopsy, which still uses a 2018 version). Part is to make my job faster and easier (rather than having to stand up| ØSecurity
I intended for this to at least be a two part series, part 1 is here [https://nullsec.us/carving-for/]. I'm not sure yet if this will be the end of it or not. I did successfully recover some information from a deleted snapshot, so success there. However, I still| ØSecurity
I'm actually having some problems getting the final results in a lab, so I'm going to go through the tool and lab setup first. Hopefully this will encourage someone to point out what I'm doing wrong or a lab setup that will work. I'm using WSL 2, Ubuntu 22.04,| ØSecurity
When people ask what their baseline configuration should be, in terms of logging, I feel like it often gets answered with general advice regarding knowing your environment, having different configurations for file servers vs domain controllers, etc. This is true advice, but not particularly helpful. You might not know your| ØSecurity
For average/home users Someone on twitter [https://twitter.com/Rooster_75/status/1470746847790706698] asked two questions that I thought might be valuable for this article, paraphrasing: > Can someone explain the Log4j vulnerability in non-IT terms, and is there any mitigation my level as average mere mortal? 1) A log| ØSecurity
If you haven't watched it already, there's some great YouTube videos by Richard Davis of 13cubed that I suggest you start with. If you're just looking for the commands to run, scroll towards the bottom. There are a LOT of advanced options that could be used, this is just my| ØSecurity
There is an often-referenced article here [https://www.deploymentresearch.com/psscriptpolicytest-script-gets-blocked-by-applocker-in-the-event-log-why-and-what-are-those-files/] that lays out what these files look like, what they do, and where they originate. From the perspective of trying to identify them however, it was a bit out of date, and nobody really goes over everything that these| ØSecurity
I have, for a long time, been watching my logs for unusually long command line artifacts. Something suspicious doesn't have to be long, but except for a few well-known and easily ignored applications, most long command lines are suspicious. For example, imagine you came across this [https://threatpost.com/powershell-payload-analysis-malware/| ØSecurity
I'm sure the first thing you're asking yourself is why. Stubbornness is your answer. I was playing with Zeek at home (if you want to get started, check out Zeekurity Zen [https://www.ericooi.com/zeekurity-zen-part-i-how-to-install-zeek-on-centos-8/] on Eric Ooi's page, quality stuff) and built everything on Ubuntu 20.04. I| ØSecurity
Plus CloudFlare and proper LetsEncrypt Certs I got bored and decided to play with a cloud-hosted Foundry VTT server. They have some great guides for getting started with some of these. I could get a little more bang for my buck though if I went with Amazon Lightsail. Lightsail is| ØSecurity
I've spent some time searching for an additional IR illuminator to supplement my security cameras. For those of you not familiar with what these are, the IR lights (or near-infrared, 850nm) on your camera are what allows it to see in the dark. Most cameras have decent lights, especially for| ØSecurity
Very quick post, mostly notes for myself. When using Volatility 3 you might noticed that some plugins cannot be loaded # ./vol.py -h [...] The following plugins could not be loaded (use -vv to see why): volatility.plugins.windows.cachedump, volatility.plugins.windows.callbacks, volatility.plugins.windows.hashdump, volatility.plugins.windows.| ØSecurity
It's been a while since I have posted anything, and today I ran across a Tweet and had a conversation that I thought would make a perfect subject. It begins with "A mini thread: I periodically see folks suggest that to prevent weak passwords you should dump AD and compare| ØSecurity
Updated: 29 May 2020 @ 13:25 UTC - Added additional Pipal analysis. This is the first of my "Password Analysis" posts that I've published, but the second one I've written. I started with 000webhost, but had not completed that when this breach hit. This one is more relevant at the| ØSecurity
