Upgrading Firmware on a Ubiquiti Edgerouter Lite with SSH
The Ubiquiti Edgerouter Lite provides the ability to create a virtual LAN (vLAN) for $129 dollars. This is a quality VPN solution that was highly recommend from someone who owns a data center. Seriously... well worth the money.
Upgrading my router from...
Brute Forcing Forms with Hydra
Hydra is more capable than just brute-forcing services, this tool can also brute force web forms.
hydra -v -L mypusers -P /usr/share/wordlists/rockyou.txt -s 8000 127.0.0.1 http-post-form "/login:username=^USER^&password=^PASS^":"F=Failed"
Dirb/DirBuster not returning anything? Change the user-agent.
Some applications...
Who to follow in InfoSec
As I'm learning InfoSec to further expand my software development career and delve into DevOps I've found some very knowledgeable people to follow in the industry. These people range from penetration testers to OSINT, malware analysis, and ethical hackers.
Penetration Testers...
Docker: Parrot OS Security
In an effort to make Parrot OS Security more portable the creators have been experimenting with Docker. They have successfully ported an enormous amount of functionality into a Parrot OS Security Docker image. This will make running Parrot OS Security anywhere possible. Because this is running in a Linux container...
Gutenberg Plugin: Terminal Display
Currently building a Gutenberg plugin to display Parrot OS terminal output.
Github: https://github.com/mrjamiebowman/Gutenberg-Terminal-Display
Parrot Security OS
Parrot Security OS
┌───└──╼ $ nmap -sV 127.0.0.1(Gutenberg Terminal Display)
Force TLS in .NET
Versions before ASP.NET 4.7 default to making outbound connections using TLS 1.0. This is a real problem for security for many reasons. It's now been deprecated with many CVEs. Some of these vulnerabilities make TLS 1.0 vulnerable to man-in-the-middle attacks. A lot of APIs will not accept incoming requests from...
Attempted Hack
I was recently looking through some docker logs for a web server container and I saw some suspicious commands being passed to the web server. It was very obvious with a quick glance that it was a hacker trying to compromise the web server. Out of curiosity, I decided to reverse engineer...
CTF: PwnLab Init Walkthrough
https://www.vulnhub.com/entry/pwnlab-init,158/
In this walkthrough, I'll be using Parrot OS. I'll break each vulnerability down and explain it. The video won't demonstrate all of the techniques that could have been applied. I will also list the techniques I've learned from others.
Exploits / Techniques
Samy Kamar a security researcher has developed an IoT device that runs a python script called PoisonTap. This is a great article worth reading. It's affordable and can siphon cookies, expose internal routers and install backdoors.
Command Line MySQL for Hackers
Learning to connect to a MySQL server via command line is extremely useful in many situations especially for penetration testing. It's quick, easy to learn and the fastest way to get in.
General MySQL CLI
Connect to the Database
