Still alive – Braindump 05.07.2017

 

Hello everybody,

I’m still there, just a lot of things going on after my OSCP finished.

I will try to blog more but based on my current assignment it will be a lot more general 😉 NDA and such.

 

What am I up to :

-Building my Pentest gear

-Playing a bit with the Hack5 Bash Bunny

-Building a Pentest “Go Bag” Backpack for travel and incident response

-Setting up the work machine

-Building a report system to make writing my reports easier (you know I LOVE SCRIPTING and Latex)

-Learning more about BURP

-Learning to build stuff using R.

-Homebackup

 

So I will post about this topics .. mostly as a mixture to remind me about my ideas  and also to have a linkdump etc for later on. So my usual rambly braindumps with random lego  pics as usual.

 

 

Topic “Go Back”

 

Three years back I was first introduced to the Idea of a EDC Kit .. so using a pouch to have all your stuff in. I got myself a MAXPEDITION pouch and was quite happy till it got stolen, including my diary and fountain pens .. OUCH.

With the new job I need to travel a lot and also carry a lot of gear (pentesting feels lick a packing mule for electronics most the time) . While working in a clients site I couldn’t get glue or scissors .. because it was a paperless office with heaps of paper .. GREAT. My Goal is to have a backpack with all the MAIN office gear I would need (Part Office EDC), all the Stuff I need to get my Job done (Pentest EDC) and all my regular stuff (Personal EDC) in a organised and modular fashion. Right now I have a “regular” backpack and it is just annoying. So back to the military gear or more specialised backpacks it is.

 

Pouches, so far ….

For the pouches I thought about the VANQUEST ones .. but unfortunately they are “§$§”$$”§$ expensive in Europe .. 100$ products and 50$ shipping + custom fees .. this is not the eve online store boys … So maybe I will find them to a good price in Europe or I will have to find another EDC puch. The nice part of the Vanquest ones is that they have staggered loops for pens, so you get more stuff in them .. great idea.

 

Backpacks so far …

Vanquest has also some interesting ideas, especially their idea to make a mixture of camerabag divided and military backpack, so that each pouch could have a own divider .. nice .. but again postal cost and dutys etc

5.11 with the all hazards prime looks like the perfect solution. Internal mole webbing would mean that I can secure my modular pouches, a lot of room for other stuff (Laptops, NUCS, etc)

Then there is also the mention of the GR 1 .. but again price …

And as a last option just go with a big “dayhiking” and just accept that my stuff is not as neatly but safe 50% compared to the “mil tech” stuff.

 

Topic” Pentesting Gear”

Well not to0 much here .. just waiting for my new work machine and thinking about getting a NUUC as a mobile lab, or also as a thing for password bruteforcing or langer scanjobs

 

Topic “Bash bunny”

Not too much also .. the normal payloads are scary enough for most demos I needed .. but I want to build a payload to run around the most common dlp solutions just for fun .. but not a priority right now ….

 

Topic “Reporting”

Well I learned that Rstudio can process LaTex and can also build the pictures while running the code . .so NICE .. basically I just combined my public report template with some statistics to make the report a bit less technical and with more charts for management

 

Topic “R”

Ok R is a beast .. so much to learn … but it is cool .. basically I got it so far that I can now dump a xls from cvedetails.com and generate my own bar graphs for the cvss score. Seems stupid  I know .. but beats my exel based workflow with ease … Only major hiccup .. you need to remember to import the score as numeric .. otherwise you will wonder why the 10.0 is not on top of the ordered stack but close to the 2.0 .. urgh …

And I buld a map of pirates .. actually I wanted to build a geo ip thing .. but with not enough ram pirates are easier .. not so many and easy t spot if you have a error in your code (not on the oceans .. maybe a error)

 

“R” Linkdump:

https://stackoverflow.com/questions/12315374/grouping-data-into-ranges-in-r

 

split(mydata,cut(mydata$marks,seq(20,100,by=10)))

https://www.r-bloggers.com/bar-plots-and-modern-alternatives/

 

https://www.r-bloggers.com/working-with-the-xlsx-package-exercises-part-2/

 

https://www.r-bloggers.com/reporters-manager-friendly-word-or-powerpoint-documents-created-with-r/

 

https://www.r-bloggers.com/programmatically-create-interactive-powerpoint-slides-with-r/

http://flowingdata.com/

https://flowingdata.com/2016/08/23/make-a-moving-bubbles-chart-to-show-clustering-and-distributions/

http://kateto.net/network-visualization

http://www.sthda.com/english/rpkgs/ggpubr/index.html

http://www2.warwick.ac.uk/fac/sci/wdsi/vacationschool2016/for-participants/materials/knitr.pdf

http://www.sthda.com/english/wiki/lattice-graphs

 

Topic“ Getting fit“

And I also started to use zombie run 5k to get a bit moving again .. so much out of shape .. well pentester 😉

 

General Linkdump:

https://www.reddit.com/r/sysadmin/comments/6kzywq/as_a_new_young_it_guy_in_our_office_who_doesnt/?limit=500

https://www.amazon.de/Phoenix-Project-DevOps-Helping-Business/dp/0988262592

http://blog.ukotic.net/2014/09/01/part-4-the-nuc-for-weight-weenies/

http://www.tagesspiegel.de/wirtschaft/wegen-erpressersoftware-petya-milka-fabrik-steht-seit-einer-woche-still/20013388.html

http://www.bbc.com/future/story/20170704-the-day-a-mysterious-cyber-attack-crippled-ukraine?ocid=ww.social.link.twitter

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden /  Ändern )

Google Foto

Du kommentierst mit Deinem Google-Konto. Abmelden /  Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden /  Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden /  Ändern )

Verbinde mit %s