It is so easy to stop SSH brute force attacks. I implemented fail2ban on my test box in literally 5 minutes. I configured it so that 6 bad password attempts to SSH will block a user for 600 seconds. That will really throw off most attackers and automated scanners. 1. Read more…
Apache mod_security can be configured to block OWASP top 10 attacks. Scan me and see. Single server (Debian 8): Install Packages. apt-get install libapache2-mod-security2 service apache2 restart cd /etc/modsecurity/ mv modsecurity.conf-recommended modsecurity.conf Edit modsecurity.conf and enable it “SecRuleEngine On” “SecRequestBodyAccess Off” Grab OWASP Top 10 Rules: git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /opt/OWASP Read more…
i3 is a tiled window manager that allows some really cool functionality and customization. Running on Debian 8. Installed the following: sudo apt-get install i3 suckless-tools scrot gmrun terminator nitrogen pip install i3menu set your wallpaper with nitrogen Grab this tray menu. git clone https://github.com/drakmail/snapfly.git $ cd snapfly/package $ ./make_packages.sh Read more…
Minecraft is great for learning Python. Here’s how to get the client going on Debian. I’m using spigotMC for the Minecraft server. https://www.spigotmc.org/wiki/spigot-installation/#linux First install java, git and tar # apt-get install git openjdk-7-jre-headless tar Download BuildTools.jar from https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar to /home/username/spigot/. Then run $ git config –global –unset core.autocrlf and Read more…
First, I have to say that I don’t condone running any of this and to use at your own risk. This is ONLY for research purposes and learning from attackers. So if you wanna act like Mr. Robot and disguise yourself as a janitor to go into some business to Read more…
Was trying out the Kali Linux Evil ISO but found that I needed to create certs for the VPN. This used to be a huge pain in the ass, but through this I’ve found Easy-RSA, and it truly is easy. 1. Like in the evil ISO howto, copy /usr/share/easy-rsa/ somewhere.#cp Read more…
Here’s an example of how bad some AV providers are. They’re just flagging on a string in the file, or an md5 hash of the .idata section. The method below wont defeat the decent AV, but all the crap ones like SCEP, ClamAV etc. About half of them in virus Read more…
Back to basics. Everything needed to learn ASM is available for free online. Art of ASM book:http://www.plantation-productions.com/Webster/www.artofasm.com/Windows/HTML/AoATOC.html It starts you off with High Level Assembly which is more like a traditional programming language. Towards the end, you’ll switch to actual assembly little endian full on ASM programming. All course files are available Read more…
Say you keep loads of domain indicators in file lists for Bro to consume. If some user hits a bad domain, bro alerts. But you want to auto block the domain. That’s where RPZ could come into play. The domains are all in INDICATOR_DOM flat files like: cat ALINAPOS_DOM adobeflasherup1.com Read more…
This config is working great with the INE R&S 5.0 training. I have a trunk over to 4 physical 3560s. LINK to GNS3 Configs Using c7200-adventerprisek9-mz.152-4.S1.image. The appliance marketplace has grown substantially. https://gns3.com/marketplace/appliances/ Here’s an example with Cisco ISE. asdfasdf