I recently took the plunge and joined a startup called R5 Industries. I wanted to say thanks for all the well wishes that I received on social media. It has certainly calmed my nerves about the choice ;-). I’ve had a number of people ask what R5 Industries does. Our primary selling point is AntigenC2, which is a really Command and Control detection product (no agents). But we also do Red Team assessments and some other fun toys if you are interested, contact@r5industries.
One of the best resources for persistence mechanisms is Hexacorn’s blog. http://www.hexacorn.com/blog/category/autostart-persistence/ If you haven’t checked out his “Beyond good ol’ Run key” (linked above) 32 post series, you really should. But today I wanted to talk about one that I didn’t see up there: DNVM (https://github.com/aspnet/dnvm) is the DotNet Version Manager and it’s a part of ASP.NET 5, which I believe has been inside of Visual Studio since the 2013 version.
If you found this post via a search, you are probably like me, “not great” at keeping your desktop clear “stuff” (you probably have a ‘stuff’ folder you once put stuff in and forgot about). If you are, and you go into a presentation, you probably don’t want to have all of your icons visible (and possibly recorded). Hiding your desktop icons on Windows (since 7 I believe) is pretty simple.
Today I was asked by @Krystropolis for a “Hello” and maybe some hacking advice, see tweet: @mubix I have my class in 4 hours. Would you be willing to post a 'hello' and maybe some hacking advice for my class demo? #PSUBehrend #CTF — Krystal Elliott (@krystropolis) September 24, 2015 I thought about it on my entire 1 hour drive home from just turning in my badge and laptop from a big corporation to go work at a start up.
AKA - ROB WRITES POWERSHELL!! Yesterday I posted a way to dump hashes using a Domain Controller account. But how do you know which account to use? And when was it’s password last set? net user unfortunately won’t do computer accounts. So I decided to write a PowerShell script to find out. Unfortunately Windows 7 doesn’t come with the ActiveDirectory PowerShell module (I’m sure there is another way to do this but here is how I did it.
Since I follow both Carlos Perez and Benjamin Delpy on Twitter, something caught my eye on August 2nd, soon after Benjamin Delpy drops DCSync: @Carlos_Perez haha, if yes, it will be a 0d ;) No, like always it needs some rights ;) DA is cool, maybe DC$ is enough — 🥝 Benjamin Delpy (@gentilkiwi) August 2, 2015 And then later on August 28th, again about the DC$ account (Domain Controller computer account):
It’s often tough from both hiring and job hunters to find one another at conferences. I think this is mostly because of a couple things. No one wants to stand at a booth on either side and talk job stuff in front of a bunch of people and people at booths rarely get the chance to get away. It’s hard to know “who” to talk to. So I created a very simple Google doc to help put twitter handles and links together for people who are job hunting and people who are hiring to kinda get to know who to talk to.
The teflon crew at Pied Piper suffered quite a bit during Season 2 of SILICON VALLEY. But there was no greater indignity than being brought to their knees by a tequila bottle. Since episode eight “White Hat/Black Hat” aired, many skeptical viewers have asked: how could something like this happen? Could a mindless error of pressing a delete key really cause a venerable company like Intersite to lose over nine thousand hours of content (including an irreplaceable archive of vintage yiffing videos)?
I’ve had my fare share of “trying new things” after SquareSpace. I tried Ghost, Octopress, Wordpress, and about 30 others in between. All the blogging platforms I tried had some major issues that I didn’t like. I’m sure at some point I’ll write about them but this post is mostly just to announce I finally have given up the fight for finding the perfect blogging platform and I’m just going to blog on Blogger from now on.
A while back I needed to set up a pfSense box for CTF/example stuff that didn’t and wouldn’t ever have Internet connectivity. Doesn’t seem like much of a task right? Just pop it in and go. Problem is that you loose the use of the packages that help make pfSense so awesome. Once I figured it out at that time, I made a Forum post so that anyone running into the same issue wouldn’t have to struggle as much: