Skip to content

Instantly share code, notes, and snippets.

Brian Johnson braimee

Block or report user

Report or block braimee

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@braimee
braimee / NPK_quick_start.md
Last active Jun 28, 2019
Quick start guide to install NPK (https://github.com/Coalfire-Research/npk) on Ubuntu 18
View NPK_quick_start.md

This is an in-progress quick start install guide for NPK on Ubuntu 18.

From a new Ubuntu 18 box, install the essentials:

apt install unzip -y
apt install python3-pip -y
apt install jq -y
apt install npm -y
pip3 install awscli --upgrade —-user
@braimee
braimee / WindowsCommandLineShortcutsAndTips.md
Created Apr 25, 2019
Windows command line shortcuts and tips
View WindowsCommandLineShortcutsAndTips.md

As heard on 7MS #357

Windows command line shortcuts and tips:

Creative ways to play with cmd

Basically, you can do Windows Key + R then type cmd and Enter for quick access to command line.

But lets do some more fun stuff. Wanna open a command window from the desktop and launch a command in one swoop? Try this:

View Pentest_lab_GPOs.md

Pentest lab GPOs

Note: this set of GPOs accompany's a YouTube video all about building your own pentest lab

Personally, when I setup an internal/test/pentest Active Directory environment I like to leave some settings the way most client environments are setup - both for ease of management and easier attacks, so that includes spinning up the following GPOs:

Enable RDP on desktops Create a new GPO and link it whatever OU your workstations are in, and set Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections and set Allow users to connect remotely using Remote Desktop Services to Enable

Then, create a security group in AD, called RDP-peeps for example, that you want to allow to RDP into all workstations.

View Turn_Windows_logging_up_to_11.md

Turn Windows Logging Up to 11

This document is intended to help you create a GPO you can push to your Windows endpoints and start gathering much more rich, verbose logging data. As I recently discussed on the podcast, Windows is a bit lacking in how much information gets logged in its out-of-the-box config.

Note: much of these settings were discovered when using the great LOG-MD tool, which you can download for free.


Turn Windows Logging Up To 11 (GPO)

@braimee
braimee / Tweenager_cell_phone_contract.md
Last active Feb 6, 2019
Tweenager Cell Phone Contract
View Tweenager_cell_phone_contract.md

Below is the cell phone agreement I have with my kids. It was largely inspired by this contract which had some excellent ideas.


Tweenager Cell Phone Responsibilities

  • I understand that my cell phone is a privilege, not a right. Mom and dad can look at anything on my phone and take it away for any length of time and for any reason.

Quiet times

I will silence and put away or turn off my phone:

  • At 7:30 p.m. each night, and I will put the phone on the charger upstairs
@braimee
braimee / 7MS_Webinar_Series.md
Last active Jul 16, 2019
7 Minute Security Webinar Series
View 7MS_Webinar_Series.md

7 Minute Security Webinar Series

Below is a list of upcoming Webinars 7 Minute Security is hosting in 2019.

Upcoming:

Network Pentesting 101!

Tuesday, July 16 at 12 p.m.

Come and learn some of the dirty tricks attackers use once they gain a foothold on your internal network, such as:

@braimee
braimee / Fixing_unquoted_service_paths.md
Last active Jan 5, 2019
How to fix unquoted service paths
View Fixing_unquoted_service_paths.md

In episode #341 of the 7 Minute Security podcast I talked about how to identify - and remediate - the unquoted service path vulnerabilities you might see pop up on a vulnerability scan. Here's the breakdown of resources that will help you understand and fix this pesky vuln:

  • Here's a great article describing unquoted service paths and why they're a risk to your enterprise.

  • If you want to create a fake service with unquoted service paths so you can then test fixing it, check out this gist which has you run something like the following:

New-Service -Name 'TotesFakeService' -BinaryPathName 'C:\program files\system32\something.exe' -DisplayName 'Totes Fake Dude' -StartupType Manual
@braimee
braimee / Tools_and_services_I_use_to_run_7_Minute_Security.md
Last active Jan 2, 2019
A list of tools and services I use to help run my business
View Tools_and_services_I_use_to_run_7_Minute_Security.md

Tools and services I use to run 7 Minute Security, LLC

This gist complements a series of podcast episodes I do called How to Succeed in Business Without Really Crying. In part 6 of this series I list a bunch of tools and services I use to help me conduct security assessments and also balance the taxes/books. Here is that full list in all its gist-y glory:

Docusign

Docusign is a great way to not exhaust yourself printing, scanning, re-uploading and emailing documentation back and forth with your customers. I pay ~$10/month and that gets you 5 scans/sends per month.

Google Domains

There are lots of registrars out there, and as far as I can tell, they offer about the same amount of features and same pricing for each domain. Since I have such a large footprint already in Google services with my account, moving domains under their roof was pretty easy and made sense. I've also had to use th

@braimee
braimee / SIEMple_SIEM_questionnaire_and_tests.md
Last active Jul 31, 2019
Some simple security tests you can run to test the effectiveness of your SIEM
View SIEMple_SIEM_questionnaire_and_tests.md

Introduction

In episode 338 of the 7 Minute Security podcast, I talked about a recent engagement where I helped a customer do a bit of a SIEM solution bake-off. This gist is the companion to that episode, and is broken down into the following two sections:

  • Questionnaire - a series of questions you can ask SIEM vendors to gather as many data points about their products and services as possible

  • SIEM tests - a few tests you can conduct on your internal/external network to see if your SIEM solution indeed coughs up alerts on some things it should indeed whine about

Questionnaire

Introduction / Purpose

View 7MS_Slack_channels.md

These are the Slack channels featured on the 7 Minute Security Slack channel:

7MSUG

A channel for the 7MS User's Group, which is slated to start monthly(ish) in January, 2019. Currently looking for interested sponsors, speakers and attendees!

BPATTY

Basically just a place to receive RSS notifications when the BPATTY project gets updated.

career

Talk about career challenges, training, certification, job leads, coworkers who drive you batty...

You can’t perform that action at this time.