Skip to content

Instantly share code, notes, and snippets.

Adric Net adricnet

Block or report user

Report or block adricnet

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@adricnet
adricnet / cuckoo-windows.md
Last active Apr 12, 2018
Cuckoo 2 python 2.7 32bit on Win x64
View cuckoo-windows.md

Some obstacles overcome to get a Cuckoo 2 sandbox going on the class laptop: Win10x64 Pro. This is just my notes and rambling and intent is to write up a working build in case someone else in 610 or the community wants it.

Book

Upstream installation instructions, might give harmless cert error: http://docs.cuckoosandbox.org/en/latest/installation/guest/agent/

Python

@adricnet
adricnet / poof-msf3-joker.md
Last active Mar 22, 2018
Proof of obtaining flag? Metasploitable 3's Joker card
View poof-msf3-joker.md

The live demo attempt method (FileInsight):

  1. Use web developer tools or Burp to capture source of index page. (Ctrl-A, Ctrl-C)

  2. Paste that HTML into a new buffer in FileInsight.

  3. Trim away everything but the suspicious bitstream.

  4. Select the bitstream (Ctrl-A) and use the Decode tools in the left pane to convert Hex to ASCII (no key).

View 2018_kick_scribble.md

Theme: Learn to Attack

Why?

  • Purple is a lovely colour
  • Lose less at CTFs
  • Get another security certification

Why (srsly)

View 2017-profdev.md

==Major

  1. GSE (done)
  2. SOC Summit workshops
  3. MGT517 SecOps Design and Operation
  4. Security Onion Con / B-Sides Augusta
  5. Investigation Theory (AND)
  6. FOR572 self-study (4A)
  7. DataCamp: Python Data Science ( 7 of 20 )
@adricnet
adricnet / spring_cloud_lab_pm.md
Last active Jun 22, 2017
Spring Cloud Lab Experiment Results
View spring_cloud_lab_pm.md

In which we derive some lessons from the now decommisioned lab resources recently experimented with

Resources

  • an Amazon Workspace with Windows and Office, rented for a month
  • a Droplet with Docker, running an infosec app of interest, for a couple months
  • Chromebook as client to all

Test tasks

@adricnet
adricnet / dexray_rocks.md
Last active Mar 13, 2018
dexray testing
View dexray_rocks.md
@adricnet
adricnet / add_to_bashrc.md
Last active Mar 16, 2017
Fun stuff from #investigationtheory class. Get these to work and then share. Save time, reduce dangerous typos.
View add_to_bashrc.md

##Fun stuff from ITTAM class. Get these to work and then share. Save time, reduce dangerous typos.

alias safe="pbpaste| sed -e 's,http,hXXp,g' -e 's,\.,[.],g' | pbcopy; echo 'URLs broken!'" 
alias unsafe="pbpaste| sed -e 's,hXXp,http,g' -e 's,\[\.\],.,g' | pbcopy; echo 'URLs restored!'" 

alias unb64="pbpaste | base64 -D"

alias infected="7z -pinfected a infected.7z"
View portproxy-evidence.md

Created a portproxy with netsh on archie, Win10 x64 to send traffic out to another host,port. Tested with netcat chat. Also made one in the seven VM, and the dumped memory variously.

netsh>add v4tov4 listenport=3333 connectaddress=192.168.0.8 connectport=8888 listenaddress=0.0.0.0

PS C:\malware> netsh interface portproxy show all

Listen on ipv4:             Connect to ipv4:
@adricnet
adricnet / 16_prof_dev.md
Last active Feb 3, 2017
Professional Development 2016
View 16_prof_dev.md

Some fairly detailed notes on the classes I taught, took, conferences I attended, fees, and other professional development and education expenses in 2016, for discussion

Conference Attendance: (~ $500 USD)

  1. Security Onion Conference, Augusta GA and B-Sides Augusta:
  • Tickets:
  • hotel room, milage, food:

Online Courses, exams, and lab access: (~ $10,000 USD)

@adricnet
adricnet / sgbb_topics.md
Last active Jan 12, 2017
Looking through some books, courses for SG ideas.
View sgbb_topics.md

Looking through some books, courses for SG ideas. Guiding ideas:

  • target delivery : four weeks, twice a week ... or break into chunks
    • Building data models and heuristics , good process , demo tools and techniques (in that order)
    • supplement individual education plans, not job training
    • need a book or major reference, don't write a course

Books:

  • HC's WFA3 : response and investigation of windows systems
You can’t perform that action at this time.