category: Security

Passmenu and i3

8 Jan, 2018 - 1 minutes
I always forget how to install a dmenu script. They’re simple bash scripts that are only limited by imagination. To ‘install’ them, dump it into your global path. Not sure why I can never remember, but because its such a simple system I can never find much documentation, plenty of scripts, but no docs. Locate the passmenu script, then symlink it to somewhere in $PATH, in my case I use /usr/bin.

Notes from Belfast BSides 2017

7 Sep, 2017 - 2 minutes
Ain’t Nobody Got Time For That: Dynamic Malware Analysis for the Overworked Analyst Presenter: Edmund Brumaghin Software for lab Setting up a malware lab? Here are some tools. IPFire REMnux INETSim (Simulate services) FakeDNS - Might not be the one he was referring to. But you get the idea. RegShot (Registry Snapshot, and Directory contents) Able to identify some IOCs ProcessHacker (Real-time PID monitoring with colours)

Preventing Wi-Fi Access Point Spoofing

6 Jan, 2016 - 1 minutes
To prevent an adversary from spoofing your wifi’s access point. i.e Setup another router with the same name ‘_The Cloud’ for example. Debian based systems which use NetwrokManger allow for whitelisting BSSIDs, the MAC address of the access point (ap)/router. Once you provide NetworkManager with a BSSID it will force the connection to use only that BSSID value. This can cause issues with roaming though. You can do this in two ways, nm-applet or nmcli.

iptables pcap log

23 Mar, 2014 - 1 minutes
ULOG is the netfilter/iptables logging daemon. It connects to the netlink device of the Linux kernel and reads messages from the netfilter that get queued with the iptables ULOG target. It can output to plain text, MySQL, Postgres and PCAP. Install with: apt-get install ulogd-pcap Configure ulogd to output in PCAP format vim /etc/ulogd.conf Un-comment plugin="/usr/lib/ulogd/", restart ulog. Then add a log rule to iptables before the final drop rule.

Click and cookie jacking

28 Feb, 2013 - 1 minutes
Using nikto I was able to find the follow two issues: The anti-clickjacking X-Frame-Options header is not present. Cookie PHPSESSID created without the httponly flag This will allow me to exploit the fact that I can generate my own cookie, using another users session. i.e. Logging in as another user. And to create a click jacking site which will pretend to be the original site. To get the PHPSESSID open up the web console (Ctrl+Shift+k) and enter: