Skip to content

Instantly share code, notes, and snippets.

Avatar

Brian Johnson braimee

View GitHub Profile
View keybase.md

Keybase proof

I hereby claim:

  • I am braimee on github.
  • I am braimee (https://keybase.io/braimee) on keybase.
  • I have a public key ASCeG7oR4oiDB9VO2kYrb6O-VhTh27LUSHFJ56EMM_jucwo

To claim this, I am signing this object:

View Patching_solutions_bake-off.md
Patching solution bake-off PDQ Deploy/Inventory Ninite ManageEngine ivanti
Agent or agentless Agentless (w/option coming in Q4 for an agent install) Agent Both Both
LAN/cloud centralized administration LAN only Cloud only Both LAN only
Can push Microsoft updates? Cumulative monthly updates No Yes Yes
Can work w/non-MS machines (Macs/Linux)? Can identify device type but not actively inventory/patch non-MS No Yes - Mac/Linux agent and ability to push patches (!) Yes - via Ivanti patch for Linux/Unix/Mac environments
Training/certification Hefty Youtube training library Unknown Training videos library easily available from inside the Web interface. Also it looks like they do a Webinar each Patch Tuesday about the latest MS patches. Yes check out this
Pricing model Per admin console (PDQ is ok with one
@braimee
braimee / 7mi.md
Last active Nov 13, 2018
7 minute interviews - by 7 Minute Security
View 7mi.md

7 minute interviews? What's that?

It's a new (and hopefully fun) interview format I want to engage in with members of the information security community on the 7 Minute Security podcast.

Wait wait wait. Who are you? What's this all about?

I'm Brian from 7 Minute Security, LLC and I've been having a blast doing some longer-form interviews with security folks, but I thought it would be fun to do a shorter-form outline where I ask 7 questions (ok, maybe a few more than 7...but I like lucky numbers). Some questions will be serious. Others will not.

Ok I'll bite. What kind of questions would you ask in this 7-minute interview?

Check these out:

@braimee
braimee / CryptoLockerd.md
Last active Nov 15, 2018
This is an infosec-themed song called CryptoLocker'd
View CryptoLockerd.md

You can listen to this song on episode #276 of the 7 Minute Security podcast

Verse 1

You said you wouldn't do it
You said you wouldn't click that link
But you totally did
It’s clear you didn’t stop and think
How the promise of a free burrito would be all that it took
To open up our networks to virtual crooks

@braimee
braimee / Fixing_unquoted_service_paths.md
Last active Jan 5, 2019
How to fix unquoted service paths
View Fixing_unquoted_service_paths.md

In episode #341 of the 7 Minute Security podcast I talked about how to identify - and remediate - the unquoted service path vulnerabilities you might see pop up on a vulnerability scan. Here's the breakdown of resources that will help you understand and fix this pesky vuln:

  • Here's a great article describing unquoted service paths and why they're a risk to your enterprise.

  • If you want to create a fake service with unquoted service paths so you can then test fixing it, check out this gist which has you run something like the following:

New-Service -Name 'TotesFakeService' -BinaryPathName 'C:\program files\system32\something.exe' -DisplayName 'Totes Fake Dude' -StartupType Manual
View ADSecurity101.md

Active Directory Security 101

This document complements the Active Directory security topics talked about on the 7 Minute Security podcast miniseries related to Active Directory - specifically #329. The purpose of this doc is to compile resources we can all use to make our Active Directory environments more physically and logically secure. Here we go....

Practice good physical security

I can't tell you how many companies I've run into that have flippin' Fort Knox around their DCs at their primary office (cameras, motion detectors, angry guard dogs, snipers, etc.) but then the branch office has a DC under the receptionist's desk with no security controls. Make sure all domain controllers are physically locked down. I think a good minimum config is to have the DC locked in a room with keycard access - where only a subset of employees have physical access.

Put users in a least priv

View Pentest_lab_GPOs.md

Pentest lab GPOs

Note: this set of GPOs accompany's a YouTube video all about building your own pentest lab

Personally, when I setup an internal/test/pentest Active Directory environment I like to leave some settings the way most client environments are setup - both for ease of management and easier attacks, so that includes spinning up the following GPOs:

Enable RDP on desktops Create a new GPO and link it whatever OU your workstations are in, and set Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections and set Allow users to connect remotely using Remote Desktop Services to Enable

Then, create a security group in AD, called RDP-peeps for example, that you want to allow to RDP into all workstations.

View Turn_Windows_logging_up_to_11.md

Turn Windows Logging Up to 11

This document is intended to help you create a GPO you can push to your Windows endpoints and start gathering much more rich, verbose logging data. As I recently discussed on the podcast, Windows is a bit lacking in how much information gets logged in its out-of-the-box config.

Note: much of these settings were discovered when using the great LOG-MD tool, which you can download for free.


Turn Windows Logging Up To 11 (GPO)

@braimee
braimee / NPK_quick_start.md
Last active Oct 17, 2019
Quick start guide to install NPK (https://github.com/Coalfire-Research/npk) on Ubuntu 18
View NPK_quick_start.md

This is an in-progress quick start install guide for NPK on Ubuntu 18.

From a new Ubuntu 18 box, install the essentials:

apt install unzip -y
apt install python3-pip -y
apt install jq -y
apt install npm -y
pip3 install awscli --upgrade —-user
View 7MS_Slack_channels.md

These are the Slack channels featured on the 7 Minute Security Slack channel:

7MSUG

A channel for the 7MS User's Group, which is slated to start monthly(ish) in January, 2019. Currently looking for interested sponsors, speakers and attendees!

BPATTY

Basically just a place to receive RSS notifications when the BPATTY project gets updated.

blueteam

Trying to stop those pesky pentesters and other adversaries? Share your favorite defensive tools, tips, scripts and strategies!