Windows System Wiping

If you’re looking for a quick way to clean out unused drive space, Windows 7 and on have a built-in tool called Cipher that can handle that easily. To wipe all free space on a drive (the C: drive in the below example) just use the following syntax:

cipher /w:c:

There are a lot of additional features to this tool (which you can review at the link above), but a scheduled task to wipe your free space on a regular basis can greatly reduce the probability of data recovery in the event your device is stolen. Consider it a standard part of your regular hygiene along with drive encryption.

Linux Login Notifier

Here’s a quick script I wrote some years ago to notify me when an interactive session is being launched from one of my servers. Feel free to modify/use however you see fit. Thanks!

#!/bin/bash
# Place this in /etc/profile.d/whatever-name-you-like.sh
NOTIFYADDRRESS="your_email_address"
FROMADDRESS="sending_email_address"
THESYSTEM=`hostname`
THATUSER=`awk -v USER=$UID -F : '$3 == USER {print $1}' /etc/passwd`
CURTIME=`date --rfc-3339=ns`
echo "Login from ${THATUSER} (${UID}) on ${CURTIME}" | mail -aFrom:${FROMADDRESS} -s "${THATUSER} just logged into ${THESYSTEM}" -r ${FROMADDRESS} ${NOTIFYADDRESS}

It just fires off an email whenvever an interactive session is started.

MSF Fundamentals 2017 (Part 2 of 3) – Exploitation and Post-Exploitation

This is quick-hit version of part two of a three part series on Metasploit Fundamentals that I wrote to update my previous work (from 2014) on Metasploit. If you’re looking for a more hands-on/in-depth version of this article you can access training on this topic here: MSF Fundamentals – Part 2 of 3 (Post-Exploitation with Meterpreter) (basic_0x03)

The purpose of this article is to cover exploitation and post-exploitation modules to the point where you are comfortable with the various ways of manipulating a system after you’ve opened a session to it. Part one covered starting up the MSF, finding an exploit, finding a matching payload, and configuring everything up to the point of launching the exploit. Part three covers pivoting, port forwarding, and automation. This training assumes you’re using a 2016 variant of Kali Linux and that it’s patched up to at least August 2016. If that’s true, then let’s go!

Continue reading “MSF Fundamentals 2017 (Part 2 of 3) – Exploitation and Post-Exploitation”

MSF Fundamentals 2017 (Part 1 of 3) – Console to Payload

This is quick-hit version of part one of a three part series on Metasploit Fundamentals that I wrote to update my previous work (from 2014) on Metasploit.  If you’re looking for a more hands-on/in-depth version of this article you can access training on this topic here: MSF Fundamentals – Part 1 of 3 (Startup Exploit Payload) (basic_0x02)

The purpose of this article is to get you familiar with starting up the Metasploit Framework (MSF), finding an exploit, finding a matching payload, and configuring everything up until it’s time to launch an exploit.  Part two will cover exploitation and post-exploitation modules, while part three will cover pivoting, lateral movement, and automation.  This training assumes you’re using a 2016 variant of Kali Linux and that it’s patched up to at least August 2016.  If that’s true, then let’s go!

Continue reading “MSF Fundamentals 2017 (Part 1 of 3) – Console to Payload”

Create a website or blog at WordPress.com

Up ↑