Hacking

UFW VPN KillSwitch This script will force all traffic through the tunneling adapter and deny traffic through Wi-Fi or ethernet. https://gist.github.com/mrjamiebowman/b139da2092409054452c4b1249c0f787

Force TLS in .NET Versions before ASP.NET 4.7 default to making outbound connections using TLS 1.0. This is a real problem for security for many reasons. It's now been deprecated with many CVEs. Some of these vulnerabilities make TLS 1.0 vulnerable to man-in-the-middle attacks. A lot of APIs will not accept incoming requests from TLS 1.0 because of this. TLS 1.0...

Customize PowerShell in Windows Terminal The all-new Windows Terminal is truly amazing and packed with many features. It is also fully customizable! I highly recommend configuring Windows Terminal to have a customized background and to install Oh My Posh. Setting a Custom Background If you go to the settings under Windows Terminal it will open a "settings.json" file that is editable. Settings Vim I'm a...

Brute Forcing Forms with Hydra Hydra is more capable than just brute-forcing services, this tool can also brute force web forms. Dirb/DirBuster not returning anything? Change the user-agent. Some applications can be programmatically set up to deflect penetration testing. In this example, I was using VulnHub: Node and wasn't getting any responses using Dirb. Shell Terminal Tricks Once acquiring a reverse shell you may...

How to Learn Penetration Testing I personally believe people who want to get into penetration testing should have a very strong foundation in computer science and have either worked professionally as a programmer or an individual in infrastructure. If you still feel like you are cut out for hacking then here's a guide to how you can approach learning. All of...

PowerShell for Hackers As I'm learning more PowerShell and dabbling into hacking I will be composing a list of techniques and scripts that I find very beneficial for administration and pen-testing. Basics Linux Like Watch Command System Running Processes IP to Hostname Is Server Virtual or Physical? Lookup User Information Change File Modified Date and Time Find Apps Running on Port Base64 Querying Databases https://gist.github.com/cmatskas/08411b916ab01e3f1439#file-powershellsqlquery-ps1 Domain Controllers Downloading Files with PowerShell PowerShell Reverse Shells https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#powershell Kubernetes kubectl...

Docker: Parrot OS Security In an effort to make Parrot OS Security more portable the creators have been experimenting with Docker. They have successfully ported an enormous amount of functionality into a Parrot OS Security Docker image. This will make running Parrot OS Security anywhere possible. Because this is running in a Linux container the graphical user tools will not...

Hardening ASP.NET Response Headers (Code) A reliable way to harden your ASP.NET web application is to remove and skew the response headers via code. This will throw off automated scans that are performing banner grabbing in an attempt to identify vulnerabilities. There are ways to do this in IIS, however, performing this in code means it's applied everywhere that the...

Enumerating Samba/SMB Servers Unintentionally leaving port 445 open or misconfiguring Samba can risk catastrophic damage to a corporation. Enumerating the Samba/SMB port can return critical information about file shares, users, printers and network groups. This can be a cornerstone for brute forcing accounts and accessing unprotected Samba shares. enum4linux Enum4Linux comes installed on Parrot OS 4.7 by default. You may have to...

Must Haves for the IT Professionals Over the years I've used some really cool devices and services and I find these all to be very useful tools that I personally must own. DeepCool So, I was a hacker party once and my friend was like, "You have to try this.". This product sits beneath your laptop while circulating air and improving the...