Posts

I will be providing new content here in the near future. I have a number of new projects I have been working on in my lab.

05/25/2023: Phishing, Domain Abuse/Typo-Squatting, Chat-Bots, and C2 Deployment… This proof of concept is for educational purposes only. All resources are my own, and no individuals or sock puppets were harmed during the testing process. From my initial review of Impostoor Technology Services https://impostoor.com the company offers various global data storage services for its customers. I pursued an approach of active and passive reconnaissance techniques to gather valuable information about the target network and its users. In addition, I delivered test emails to its corporate addresses to understand the look and feel of company formatting and header information. ...

Network Segmentation Testing with nmap Segmentation testing is the exercise of proving — from a defined source network — that traffic into a protected network is restricted as intended. Most commonly this is driven by PCI DSS Requirement 11.4.5 (annual segmentation testing for merchants, semi-annual for service providers) and analogous controls in HIPAA, NIST 800-53, and internal zoning standards. The goal is not to find vulnerabilities. It is to confirm that the firewall/ACL/SDN rules between source and target zones match the documented design — no more, no less. Findings are usually “port X is reachable that shouldn’t be” or “this source IP can reach this CDE host.” ...

10/30/2022: I love participating in Capture The Flag (CTF) events. When I first became focused on pursuing a career in cybersecurity, I was encouraged by many in the community to compete in the numerous CTFs that are available for all skill levels. What I enjoy most about them, as opposed to standard IT/Security courses, is that the CTF revolves around critical thinking and researching solutions to each challenge. There is no curriculum to reference; it’s all on you! ...

09/01/2022: This is an analysis of a malware sample studied during TCM Security’s PMAT Course Practical Malware Analysis & Triage (PMAT) Malware Analysis Report unknown.exe Malware Aug 2022 | Meistsec | v1.0 Executive Summary SHA256 Hash: 3ACA2A08CF296F1845D6171958EF0FFD1C8BDFC3E48BDD34A605CB1F7468213E TCM Security offers HuskyHacks Practical Malware Analysis & Triage Course. The PMAT course has been one of my most enjoyable experiences in learning cybersecurity thus far. The course teaches the fundamentals of malware analysis, reverse engineering, report writing, and establishing rules to prevent malware infections in a network. A sandboxed environment utilizing FlareVM and REMnux Linux on a compartmentalized network was utilized to perform the detailed analysis. ...

After years on Ubuntu, I switched my daily-driver workstation to Fedora (originally Fedora 36, around the time this post first went up). The piece I want to focus on here is firewall management — specifically, moving off of UFW and learning to drive firewalld properly on a host that runs a lot of virtual machines for security research. firewalld provides a dynamically managed firewall with support for network/firewall zones that define the trust level of network connections or interfaces. It supports IPv4, IPv6, Ethernet bridges, and ipsets, and it cleanly separates runtime and permanent configuration. — firewalld.org ...

3/30/2022 So, I initially tackled this target like most—reconnaissance, enumeration, and eventually getting stuck and seeking an external solution. In gaining an understanding of staging buffer overflow attacks, I learned that there is an operating procedure to direct the process—multiple scripts, leveraging Immunity Debugger for the proof of concept, and eventually securing a shell. Similar methods are demonstrated in numerous walk-throughs on the Internet. However, these examples lack flexibility on replicating the process for like targets and vulnerabilities. So, I decided to dig a little deeper. ...

Hello World!!