Skip to content

Instantly share code, notes, and snippets.

Avatar

Brian Johnson braimee

View GitHub Profile
@braimee
braimee / piholeblock.txt
Created Jun 10, 2020
PiHole test block list
View piholeblock.txt
steampowered.com
steamcommunity.com
steamgames.com
steamusercontent.com
steamcontent.com
steamstatic.com
akamaihd.net
@braimee
braimee / NPK_quick_start.md
Last active Oct 17, 2019
Quick start guide to install NPK (https://github.com/Coalfire-Research/npk) on Ubuntu 18
View NPK_quick_start.md

This is an in-progress quick start install guide for NPK on Ubuntu 18.

From a new Ubuntu 18 box, install the essentials:

apt install unzip -y
apt install python3-pip -y
apt install jq -y
apt install npm -y
pip3 install awscli --upgrade —-user
@braimee
braimee / WindowsCommandLineShortcutsAndTips.md
Created Apr 25, 2019
Windows command line shortcuts and tips
View WindowsCommandLineShortcutsAndTips.md

As heard on 7MS #357

Windows command line shortcuts and tips:

Creative ways to play with cmd

Basically, you can do Windows Key + R then type cmd and Enter for quick access to command line.

But lets do some more fun stuff. Wanna open a command window from the desktop and launch a command in one swoop? Try this:

View Pentest_lab_GPOs.md

Pentest lab GPOs

Note: this set of GPOs accompany's a YouTube video all about building your own pentest lab

Personally, when I setup an internal/test/pentest Active Directory environment I like to leave some settings the way most client environments are setup - both for ease of management and easier attacks, so that includes spinning up the following GPOs:

Enable RDP on desktops Create a new GPO and link it whatever OU your workstations are in, and set Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections and set Allow users to connect remotely using Remote Desktop Services to Enable

Then, create a security group in AD, called RDP-peeps for example, that you want to allow to RDP into all workstations.

View Turn_Windows_logging_up_to_11.md

Turn Windows Logging Up to 11

This document is intended to help you create a GPO you can push to your Windows endpoints and start gathering much more rich, verbose logging data. As I recently discussed on the podcast, Windows is a bit lacking in how much information gets logged in its out-of-the-box config.

Note: much of these settings were discovered when using the great LOG-MD tool, which you can download for free.


Turn Windows Logging Up To 11 (GPO)

@braimee
braimee / Tweenager_cell_phone_contract.md
Last active Apr 7, 2020
Tweenager Cell Phone Contract
View Tweenager_cell_phone_contract.md

Below is the cell phone agreement I have with my kids. It was largely inspired by this contract which had some excellent ideas.


Tweenager Cell Phone Responsibilities

  • I understand that my cell phone is a privilege, not a right. Mom and dad can look at anything on my phone and take it away for any length of time and for any reason.

Quiet times

I will silence and put away or turn off my phone:

  • At 7:30 p.m. each night, and I will put the phone on the charger upstairs
@braimee
braimee / 7MS_Webinar_Series.md
Last active Aug 27, 2020
7 Minute Security Webinar Series
View 7MS_Webinar_Series.md

7 Minute Security Webinar Series

Below is a list of Webinars hosted by 7 Minute Security:

Upcoming Webinars:

More coming soon!

Past Webinars:

Dealing with Rejection: A DMARC Discussion

Thursday, August 20, 2020 @ 10:00 a.m. CST

@braimee
braimee / Fixing_unquoted_service_paths.md
Last active Jan 5, 2019
How to fix unquoted service paths
View Fixing_unquoted_service_paths.md

In episode #341 of the 7 Minute Security podcast I talked about how to identify - and remediate - the unquoted service path vulnerabilities you might see pop up on a vulnerability scan. Here's the breakdown of resources that will help you understand and fix this pesky vuln:

  • Here's a great article describing unquoted service paths and why they're a risk to your enterprise.

  • If you want to create a fake service with unquoted service paths so you can then test fixing it, check out this gist which has you run something like the following:

New-Service -Name 'TotesFakeService' -BinaryPathName 'C:\program files\system32\something.exe' -DisplayName 'Totes Fake Dude' -StartupType Manual
@braimee
braimee / Tools_and_services_I_use_to_run_7_Minute_Security.md
Last active Sep 2, 2020
A list of tools and services I use to help run my business
View Tools_and_services_I_use_to_run_7_Minute_Security.md

Tools and services I use to run 7 Minute Security, LLC

This gist complements a series of podcast episodes I do called How to Succeed in Business Without Really Crying. In part 6 of this series I list a bunch of tools and services I use to help me conduct security assessments and also balance the taxes/books. Here is that full list in all its gist-y glory:

Google Domains

There are lots of registrars out there, and as far as I can tell, they offer about the same amount of features and same pricing for each domain. Since I have such a large footprint already in Google services with my account, moving domains under their roof was pretty easy and made sense. I've also had to use their technical support a few times and found the response times - and level of service - to be stellar.

Microsoft Office

You know it and probably love or hate it. Lots of people tell me "Just use Google Docs! Just us

@braimee
braimee / SIEMple_SIEM_questionnaire_and_tests.md
Last active Apr 23, 2020
Some simple security tests you can run to test the effectiveness of your SIEM
View SIEMple_SIEM_questionnaire_and_tests.md

Introduction

In episode 338 of the 7 Minute Security podcast, I talked about a recent engagement where I helped a customer do a bit of a SIEM solution bake-off. This gist is the companion to that episode, and is broken down into the following two sections:

  • Questionnaire - a series of questions you can ask SIEM vendors to gather as many data points about their products and services as possible

  • SIEM tests - a few tests you can conduct on your internal/external network to see if your SIEM solution indeed coughs up alerts on some things it should indeed whine about

Questionnaire

Introduction / Purpose

You can’t perform that action at this time.