UFW VPN KillSwitch
This script will force all traffic through the tunneling adapter and deny traffic through Wi-Fi or ethernet.
https://gist.github.com/mrjamiebowman/b139da2092409054452c4b1249c0f787
Force TLS in .NET
Versions before ASP.NET 4.7 default to making outbound connections using TLS 1.0. This is a real problem for security for many reasons. It's now been deprecated with many CVEs. Some of these vulnerabilities make TLS 1.0 vulnerable to man-in-the-middle attacks. A lot of APIs will not accept incoming requests from TLS 1.0 because of this.
TLS 1.0...
Customize PowerShell in Windows Terminal
The all-new Windows Terminal is truly amazing and packed with many features. It is also fully customizable! I highly recommend configuring Windows Terminal to have a customized background and to install Oh My Posh.
Setting a Custom Background
If you go to the settings under Windows Terminal it will open a "settings.json" file that is editable.
Settings
Vim
I'm a...
Brute Forcing Forms with Hydra
Hydra is more capable than just brute-forcing services, this tool can also brute force web forms.
Dirb/DirBuster not returning anything? Change the user-agent.
Some applications can be programmatically set up to deflect penetration testing. In this example, I was using VulnHub: Node and wasn't getting any responses using Dirb.
Shell Terminal Tricks
Once acquiring a reverse shell you may...
How to Learn Penetration Testing
I personally believe people who want to get into penetration testing should have a very strong foundation in computer science and have either worked professionally as a programmer or an individual in infrastructure.
If you still feel like you are cut out for hacking then here's a guide to how you can approach learning. All of...
PowerShell for Hackers
As I'm learning more PowerShell and dabbling into hacking I will be composing a list of techniques and scripts that I find very beneficial for administration and pen-testing.
Basics
Linux Like Watch Command
System Running Processes
IP to Hostname
Is Server Virtual or Physical?
Lookup User Information
Change File Modified Date and Time
Find Apps Running on Port
Base64
Querying Databases
https://gist.github.com/cmatskas/08411b916ab01e3f1439#file-powershellsqlquery-ps1
Domain Controllers
Downloading Files with PowerShell
PowerShell Reverse Shells
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#powershell
Kubernetes
kubectl...
Docker: Parrot OS Security
In an effort to make Parrot OS Security more portable the creators have been experimenting with Docker. They have successfully ported an enormous amount of functionality into a Parrot OS Security Docker image. This will make running Parrot OS Security anywhere possible. Because this is running in a Linux container the graphical user tools will not...
Hardening ASP.NET Response Headers (Code)
A reliable way to harden your ASP.NET web application is to remove and skew the response headers via code. This will throw off automated scans that are performing banner grabbing in an attempt to identify vulnerabilities. There are ways to do this in IIS, however, performing this in code means it's applied everywhere that the...
Enumerating Samba/SMB Servers
Unintentionally leaving port 445 open or misconfiguring Samba can risk catastrophic damage to a corporation. Enumerating the Samba/SMB port can return critical information about file shares, users, printers and network groups. This can be a cornerstone for brute forcing accounts and accessing unprotected Samba shares.
enum4linux
Enum4Linux comes installed on Parrot OS 4.7 by default. You may have to...
Must Haves for the IT Professionals
Over the years I've used some really cool devices and services and I find these all to be very useful tools that I personally must own.
DeepCool
So, I was a hacker party once and my friend was like, "You have to try this.". This product sits beneath your laptop while circulating air and improving the...