I just posted v2 of Under to Wire which contains an additional 5 levels to Century. V2 can be found at the link on the right-hand side of the screen or here. This release will be the last one containing Century and the next variation that the team and I
Year: 2015
Traffic Generators
These tools will generate traffic and transmit it, retransmit traffic from a capture file, perhaps with changes, or permit you to edit traffic in a capture file and retransmit it. • Bit-Twist includes bittwist, to retransmit traffic from a capture file, and bittwiste, to edit a capture file and write
Unzip a file that is zipped many times
This script is used for unzipping zipped files inside of a zipped file. The zipped files are password protected. I developed this because it seems like every capture the flag I do, there is a scenario where this could be used. This Bash script can be found in my script
PowerShell Web Server for Raw Text Transmission
This script will create a temporary web server on the local system and will listen on the host IP and specified port. You will then be able to post some raw data that will be accessible on the network. When running the script you will be asked what port to
PowerShell Web Server for File Transmission
This script will deploy a temporary web server on the local system and will listen on the port of your choice. Once it is listening, you will be able to transfer .txt and .html files from the directory in which the script is ran from (not located). The web server
PowerShell Network Connection Monitor Script
This script displays the current TCP/IP connections for a local or remote system to include the PID, process name, port, and its current running state (listening, established, etc..). If the port is not yet established, the port number is shown as an asterisk (*). It will also take the initial
PowerShell Remote Process Termination
Ever remotely executed a program on another system but the process failed to exit which lead it to being an active process on the users system? No matter the cause or what your purpose on the system is, that is never a good thing. We can quickly fix the issue
Disconnect… Making the Internet Safer and More Private One Connection at a Time
Have you ever been browsing the web for a good or service and notice that a totally unrelated site suggests the very same or similar items you were previously searching for? What about browsing the web and it taking forever to load a page? Did you know that some websites
Detecting Alternate Data Streams with PowerShell and DOS
Alternate Data Streams (ADS) are nothing new and there are a few ways to detect them within a NTFS filesystem. My tools of choice for detecting an ADS is LADS (List Alternate Data Streams) by Frank Heyne or SysInternals’ Streams… both of which work rather well. My issue though is
WMI on Linux
WMI is a great way to query Windows systems without being so intrusive. As of late, I have been dealing with it more and more. Typically, I use a Windows system to query another Windows system but the lack of speed inherit to the Windows OS always has me searching
Under the Wire… Windows Shell War Gaming
My boss and I had a conversation a few months ago regarding Over the Wire, a Linux war gaming server. The conversation revolved around how it was a great tool for those trying to build strength in Linux. From that conversation, we had a thought of why there wasn’t a
Pushpin… Taking Reconnaissance to Another Level
If you are on the offensive side, part of your strategy encompasses reconnaissance at some point. If you are on the defensive side, there is still reconnaissance to be done in order to see what is available about you. Well, a great tool to add to your tool bag is
Shipping Windows logs to Logstash via Nxlog
In order to correlate the logs of your system, you are either going to have to manually upload them to your correlation system or setup an automated way. Nxlog is one of a few agents that will enable automated shipping of logs. I particularly like it because it is light
ELK, the free alternative to Splunk
Installation of ELK is not too bad. There are a few guides online that walk through the processes but you will be hard pressed to find one to covers it all the way through. Some great links to help with this endeavor are: https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-4-on-ubuntu-14-04 https://www.ddreier.com/setting-up-elasticsearch-kibana-and-logstash/ Installing ELK (CentOS) This is
ELK stack, what is that?
In a previous post I did a comparison of ELK and Splunk. I will take a few minutes here to kind of explain what ELK is. ELK stack (Elasticsearch, Logstash, Kibana) is simply amazing. Each program making up ELK brings their own uniqueness and are vital parts to making the
Bare Monkey (Volatility)
I’ve been working on Bare Monkey for a few months now. Bare Monkey inputs a Windows memory capture and runs it against all Volatility plugins and outputs them to a text file. Afterwards, it deletes the generated files that are empty and then compresses the files left. It also creates
Splunk vs. ELK Stack
When conversing about log collection and correlation on an Enterprise level, Splunk usually always comes up in the conversation. While I am an avid Splunk fan, outside of the free version, it can be a little expensive. ELK (Elasticsearch, Logstash, and Kibana) is very comparable to Splunk, in my opinion.
Converting a DD image into a VM – pt. 2
This is part 2 of the tutorial to convert a DD image into a VM. The below instruction picks up from the position that one already got a DD image and has it unzipped and uncompressed. To finish the task, please read on. 1. Copy the target_image from your linux
Converting a DD image into a VM – pt. 1
A good buddy of mine introduced me to LiveView, which creates virtual machines from DD images. There were a number of other programs out there that can do the same thing but didn’t seem as smooth as LiveView is. One may be wondering why what is the need for
Skittle Grinder (Linux Log Collection)
Skittle Grinder is the de facto way of getting “kitchen sink” from a Linux system. It development stemmed from a gap we faced in the forensics realm but could be used for a base lining, auditing, or whatever you see fit. Skittle Grinder checks for rootkits, creates a tarball of
Collaboration with Elog
Elog is a great program used for collaboration in a LAN or WAN environment. Its very simple to use and easily customizable. This program is ideal for sharing notes or analyzing data and ensuring everyone else knows what is going on. There is an email function as well and the
Splitting up a Large VM for Easier Transmission
Here is the scenario: you have a VM that you want to transfer to another system over the Internet. The VM, in its entirety, is too big to transfer as is. So what do we do? Well, we could convert the .vmx into an .ova and then split it into
Renaming a Linux NIC interface
You may be wondering why this is even a topic of discussion. Well, certain Linux distros such as CentOS come with the main interface as eth0. For me, it’s not as big of a deal. The concern comes in when I am developing baselines and distributing them back into the
Memory Capture with FTK Imager
I previously wrote about using DumpIt for Windows memory captures. If all you need from a system is to capture memory, it fits the bill rather well. There have been some times where it’s given me some issue grabbing memory over 8GB. Nonetheless, what if you need to do more?