Skip to content

Instantly share code, notes, and snippets.

View adricnet's full-sized avatar

Adric Net adricnet

11 followers · 3 following
View GitHub Profile
@adricnet
adricnet / kali-config-monkeypatch.md
Created November 1, 2019 21:35
Minimally customize a Kali ISO for moar package goodness 
root@kali:~/Desktop/live-build-config# cat kali-config/variant-light-voltron/package-lists/kali.list.chroot 
# You always want those
#kali-linux-core
kali-desktop-live

# Kali applications
#<package>
# You can customize the set of Kali metapackages (groups of tools) to install
@adricnet
adricnet / some-conf-talks.md
Last active October 15, 2019 02:05
Conference talks I missed live, watching videos
@adricnet
adricnet / cuckoo-windows.md
Last active April 12, 2018 17:17
Cuckoo 2 python 2.7 32bit on Win x64

Some obstacles overcome to get a Cuckoo 2 sandbox going on the class laptop: Win10x64 Pro. This is just my notes and rambling and intent is to write up a working build in case someone else in 610 or the community wants it.

Book

Upstream installation instructions, might give harmless cert error: http://docs.cuckoosandbox.org/en/latest/installation/guest/agent/

Python

@adricnet
adricnet / poof-msf3-joker.md
Last active March 22, 2018 01:30
Proof of obtaining flag? Metasploitable 3's Joker card

The live demo attempt method (FileInsight):

  1. Use web developer tools or Burp to capture source of index page. (Ctrl-A, Ctrl-C)

  2. Paste that HTML into a new buffer in FileInsight.

  3. Trim away everything but the suspicious bitstream.

  4. Select the bitstream (Ctrl-A) and use the Decode tools in the left pane to convert Hex to ASCII (no key).

@adricnet
adricnet / 2018_kick_scribble.md
Last active January 22, 2018 22:12

Theme: Learn to Attack

Why?

  • Purple is a lovely colour
  • Lose less at CTFs
  • Get another security certification

Why (srsly)

@adricnet
adricnet / 2017-profdev.md
Last active December 18, 2017 14:54
2017-profdev

==Major

  1. GSE (done)
  2. SOC Summit workshops
  3. MGT517 SecOps Design and Operation
  4. Security Onion Con / B-Sides Augusta
  5. Investigation Theory (AND)
  6. FOR572 self-study (4A)
  7. DataCamp: Python Data Science ( 7 of 20 )
@adricnet
adricnet / spring_cloud_lab_pm.md
Last active June 22, 2017 13:48
Spring Cloud Lab Experiment Results

In which we derive some lessons from the now decommisioned lab resources recently experimented with

Resources

  • an Amazon Workspace with Windows and Office, rented for a month
  • a Droplet with Docker, running an infosec app of interest, for a couple months
  • Chromebook as client to all

Test tasks

@adricnet
adricnet / dexray_rocks.md
Last active March 2, 2021 10:12
dexray testing
@adricnet
adricnet / add_to_bashrc.md
Last active March 16, 2017 13:13
Fun stuff from #investigationtheory class. Get these to work and then share. Save time, reduce dangerous typos.

##Fun stuff from ITTAM class. Get these to work and then share. Save time, reduce dangerous typos.

alias safe="pbpaste| sed -e 's,http,hXXp,g' -e 's,\.,[.],g' | pbcopy; echo 'URLs broken!'" 
alias unsafe="pbpaste| sed -e 's,hXXp,http,g' -e 's,\[\.\],.,g' | pbcopy; echo 'URLs restored!'" 

alias unb64="pbpaste | base64 -D"

alias infected="7z -pinfected a infected.7z"
@adricnet
adricnet / portproxy-evidence.md
Last active February 9, 2017 00:39

Created a portproxy with netsh on archie, Win10 x64 to send traffic out to another host,port. Tested with netcat chat. Also made one in the seven VM, and the dumped memory variously.

netsh>add v4tov4 listenport=3333 connectaddress=192.168.0.8 connectport=8888 listenaddress=0.0.0.0

PS C:\malware> netsh interface portproxy show all

Listen on ipv4: Connect to ipv4: