Posts tagged "Security"

9 posts with this tag

paWSP - WiFi Security Professional

📅 March 20, 2021 ✍️ blog

🏷️ security certificate

Completed the Wifi Security Bootcamp at Pentester Academy :-)

paWSP certificate

Bruteforcing my own Bitwarden vault

📅 July 29, 2020 ✍️ blog

🏷️ security bitwarden

Lately I lost the masterkey to my Bitwarden vault. As Bitwarden does not provide a way out of that rabbit hole, losing my masterkey would mean losing all of my data within the vault. Something around 300 entries.

Luckily I had access to the vault on one of my computers as the vault has not been …

Windows Powershell for purple teams

📅 July 07, 2020 (Updated: Jul 12, 2020) 📖 reference

🏷️ security windows

This is my Powershell Cheat Sheat for purple teams. Starting point for this blog is the excellenct Attacking and defending Active Directory course by Nikhil Mittal and my first machines over at HackTheBox. Feel free to get inspired. This list is also a moving target and will most likely grow with …

VHL Certified! \o/

📅 March 26, 2020 ✍️ blog

🏷️ security

Finally certified. Too bad I haven’t found the time to tackle the Advanced+ certification but there are enough machines left in the lab and I am pretty sure that I will revisit the lab for the Advanced+ certification, too.

I had a lot of fun in the lab and the guys were quick to respond …

Virtual Hacking Lab

📅 March 14, 2020 (Updated: Mar 17, 2020) ✍️ blog

🏷️ security

I will use this post to publish my progress while working on virtual hacking lab. It does not have the same reputation as OSCP but I do enjoy the lab and am very pleased with the lab material and dashboard. Also support is quick and nice if you need it (not for clues, of course!). The lab is also …

CVE-2019-19781 poor man's ktrace(1) driven analysis

📅 February 16, 2020 ✍️ blog

🏷️ security shitrix citrix cve-2019-19781

Recently I had the chance to get myself a copy of a malicious httpd executable used by an unknown party while exploiting CVE-2019-19781. Even though I do not have anything else but a layman’s understanding of forensics I still wanted to dig into it. This is my journal about a journey into …

unbound DNS rebind protection

📅 January 21, 2019 ✍️ blog

🏷️ unbound dns firewall security

While working on my DNS firewalling @home I was studying unbound.conf and found what I already had forgotten, unbound’s DNS rebinding protection.

DNS rebinding is a an attack where a malicious website is using your browser to resolve internal addresses (e.g. RFC1918) in order to get their …

Open Source Threat Intelligence And Makeshift RPZ with Unbound

📅 January 06, 2019 (Updated: Jan 07, 2019) 📚 tutorial

🏷️ openbsd unbound security osint dns firewall dns rpz

Update: Added some remarks about what DNS RPZ actually is, what my objective is and what the outcome will be.

A friend of mine and I tried to play w/ RPZ and knot yesterday and gravely failed. The fact that knot as well as RPZ had been new to us didn’t help. Discussing the failure later that …

Open Source Threat Intelligence and pf(4)

📅 January 08, 2018 📚 tutorial

🏷️ openbsd pf security osint

I came up with the idea to utilize Open Source Threat Feeds, or OSINT on my private setup and quickly cooked up the shell script below in a rough, first try. The funny thing is that I more or less instantantly got hits from the 5346 IP addresses in the table:

@0 block drop log quick from …