cutaway

'''
Name:    bigip_decode_cookie.py
Purpose: Convert BigIP cookies to internal IP address and port number
Date:    20150702
Author:  Don C. Weber (@cutaway) of InGuardians, Inc.

Resources:
    Initial python project I found for doing this: https://penturalabs.wordpress.com/2011/03/29/how-to-decode-big-ip-f5-persistence-cookie-values/
    F5 LTM Encrypted Cookie Insert Persistence: http://packetpushers.net/encrypted-cookie-persistence/
    Encrypting Big-IP Cookies (10.x - 11.x): https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14784.html

cutaway

Accessing EXT2/3 Image Files In Windows:

When doing forensics, the challenge usually is how can we access data when there are restrictions to the ways we can access the data. For instance, we have recently acquired a Linux disk formatted using EXT3. The acquired disk is a raw image file that is easily mountable in Linux for review (yes, I'm not talking forensic analysis tools).

mount -o ro,loop /media/USB/<image.dd> /mnt

This command will mount the image read-only and we can do our analysis of the contents. Remember when you are doing a "stat" or "ls" on the file you'll want to use the "-n" option so that it doesn't use the local systems UID mappings and just displays the number associated with that file.

But, what if you have to give that drive to someone so THEY can review the contents? And, what if that person is a Windows-only person? Windows does not have a build in method for mounting raw images let alone understanding EXT3 filesystems. Thus, you have to think "outside-the-box".

cutaway

#!/usr/bin/env python

import sys
from pyparsing import Word, alphas, Suppress, Combine, nums, string, Optional, Regex
#from time import strftime
import time
from datetime import datetime

# Script: ssh_accepted_xlog_parser.py
# Author: Don C. Weber (cutaway)

cutaway

Unix

Sorting

• Sorting by month and day:
  • sort -k1,1M -k2,2n
  • http://stackoverflow.com/questions/12162210/sort-by-just-month-name-and-day-bash
• Sorting IP Addresses
  • sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4
  • https://www.madboa.com/geek/sort-addr/
• Uniq only counts the instances that are close to each other, so sort first:
• cat | sort | uniq -c

cutaway

import os,sys
from ipwhois import IPWhois
import socket
import warnings

# Supress warnings
warnings.filterwarnings('ignore')

# Set field names
f = ['asn','asn_cidr','nets','query','asn_description']

cutaway

== Configuration Updates ==

• Towards a Quieter Firefox: https://www.blackhillsinfosec.com/towards-quieter-firefox/

== Plugins ==

• FoxyProxy Standard
• Flagfox
• Cookie Manager
• Hackbar

cutaway

#!/usr/bin/env python3
import os, sys

# Debug if you want to stop early in large files
DEBUG = False
COLUMNS = 4

def main():
    # Preload a dictionary with all characters
    table = {}

cutaway

###########################
# References:
# https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-built-in-port-scanner/
# https://mcpmag.com/articles/2018/12/10/test-sql-connection-with-powershell.aspx
# https://support.solarwinds.com/SuccessCenter/s/article/Use-PowerShell-to-test-that-a-port-is-open-on-a-server
###########################

function Test-SqlConnection {
    #param(
        #[Parameter(Mandatory)]

cutaway

# Vendor Documentation

* User manauals and administrative documents for all equiment

# Python Tools

* CPPPO - CIP module
* pyModbus - modbus module
* OPCUA - opc-ua module

cutaway

Last Update: 20201015

Useful Articles

Added AWS credentials to AWS config and credentials files using profiles:

• https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials_profiles.html
• https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html  

Installed AWS Client

• Actually determined that it is easier to run these tools from a Linux VM by downloading from Github and installing requirements following their installation Instructions.