Author: jacobo

Learn Cybersecurity for FREE

How to setup a PHP file dropper without tools

After we have compromised a machine inside a network, we need to download tools for lateral movement, local exploits to escalate privileges, etc. Knowing how to setup a file dropper is crucial. When I was doing the OSCP 24-hour exam but also when doing the training in the labs, that was very useful as I…
Read more

Advanced buffer overflow exploit by Taeho Oh

Note: Transcription from the original article written by Taeho Oh. Internet cannot forget this legend! 1. Introduction Nowadays there are many buffer overflow exploit codes. The early buffer overflow exploit codes only spawn a shell ( execute /bin/sh ). However, nowadays some of the buffer overflow exploit codes have very nice features.For example, passing through…
Read more

How to scan ports with netcat

Sometimes when doing lateral movement in a penetration testing engagement, we don’t want to use nmap to keep a low footprint. There it comes netcat to the rescue which it is already installed in many Linux systems. With this command we can easily perform a port scanning for the most used ports: If you are…
Read more

How to set up CSIRT and SOC guide

ENISA published a very practical guide about establishing a computer security incident response team (CSIRT) or security operations centre (SOC). Source: https://www.enisa.europa.eu/publications/how-to-set-up-csirt-and-soc

Sysadmin tricks: Get an alert when users log in

For some critical machines when it is not usual that users login through SSH or execute SU to become superuser, we can use PAM module configuration to receive some kind of alert whenever a user logs into that machine or escalates privileges to root. Two options here: /etc/pam.d/su: To receive alerts everytime a user becomes…
Read more

Bypassing #encryption by memory dumping💣 in a Linux Kernel 2.4 in 2004 😰 !!!

I don’t know what you were doing or even if you were even born, but on September 22th 2004 at 4:44 PM I was having fun decrypting an ELF binary going through the awesome NGSEC1 CTF !! #quiz.ngsec.com There was a binary file encrypted with BurnEye Encryption Engine that had to be decrypted in order…
Read more

WordPress XML-RPC Cyberattack in REAL TIME

Quick video showing a successful attack doing a Denial of Service against a website using WordPress. To be protected against this cyberattack, do not forget to restrict access to /xmlrpc.php resource only from your IP address (1.2.3.4 in the example below). For Apache, edit /.htaccess file to add:

How to resolve an IP address in Windows with nslookup

It is very easy to resolve any domain in Microsoft Windows natively using the command nslookup: By default our system will query to our predefined DNS server. If we want to query an specific DNS server, we can specify it as a second argument. In this case we ask the IP address of the domain…
Read more

Calculators for CISOs

Offline CVSS Calculator https://github.com/BitSentinel/CVSS2-Calculator.git OWASP Risk Assessment Calculator https://security-net.biz/files/owaspriskcalc.html

Other useful tools

http://getgreenshot.org/ Greenshot: Screenshots for reports in Windows https://mobaxterm.mobatek.net/ MobaXterm: All-in-one terminal for Windows https://www.tracewrangler.com/ TraceWrangler: Easy sanitization and anonymization of PCAP and PCAPng files https://github.com/novnc/noVNC noVNC: VNC client using HTML5 (Web Sockets, Canvas) with encryption (wss://) support https://github.com/paradoxxxzero/butterfly butterfly: A web terminal based on websocket and tornado https://github.com/cure53/XSSChallengeWiki https://mosh.org/ Mosh: Mosh (mobile shell) https://ngrok.com/ Ngrok:…
Read more