First Post
Hello
Hello there. If you are reading this, then hopefully this is the start of something new and long term.
Niche Topics that I love
These are topic that I would love to talk to people about, if they were not so boring to talk about. Really vibe killer. But regardless, It is a lot of fun to talk about.
impacket toolkit
I have really started to get into what makes impacket tick. Like what the heck is the difference between something like psexec and smbexec and what makes the it tick. Psssst smbexec uses %COMSPEC% to act as an enviromental variable cmd.exe to run commands while psexec actually uploads a binary. They both use the Service manager (SC) to make,start, and delete a service that runs a binary. I will write a blog post about this at one point
NTLMSSP
I always found it fascinating that crackmapexec was able to get system info. Turns out, when sending the NTML Authentication challenge, that challenge contains information like NETBIOS name and domain, DNS name and domain, Major Version, Minor Version and other info. I will try to make a blog post on dissecting the bytes. Part of it is already written in my OSEP github repo (Private)
RPC Protocol and the IPC$ share
For the longest time, this was a complete mystery to me. Finally, I am able to have better comprehention on this topic, and one day hope to use it to exploit it. Long story short, there are services that live in the high port range that could be randomly assigned or accessed, but if you are not told what the are using RPC, you would not know where or how to talk to each one. Services like “SAM”, “LSA”, “PrintSpooler” that are managed by windows. Using SMB2 over 445, or RPC over 135, the client can authenticate, and discovery each service, there UUID and version (used for inital handshake) and then find where they live. Invoke-thehash on github has a pretty loose guideline on how they use this to run their commands.
Coding Languages
Golang
I am a huge fan of golang and use it as my primary lang of choice when building tools. My primary use is building binaries that I can drop on windows hosts as I need them (Jump Tool Kit on Github). Some of the small projects I have written with go includes:
- Notify - Sends me a telegram message when a command is finished. Example:
nmap 192.168.0.0/24 -p- -T4; Notify "Internal Scan Done" - GED - Great engagement database. A webapp made for tracking tracking,converting and replacing creds. Is able to parse command results like CME, Impacket and the works.
Nim
As of writing this (Aug 3, 2022), I have found myself falling in love with nim for the small winAPI calls. It is very easy to write small programs that I need in nim, including most of my shell code loaders for my current course, the OSEP by offsec. I have rewritten most of the OSEP C# tools they teach in nim because of this. Huge shout out to @huskyhacks for introducing me into the nim world.
Python
This one is a given really. Most hackers that write tools, at one point have written in the language. But since I have started using statically typed langs, I just lost my love for it. Its just a tad dirty now, with the whole try catch thing.
Credentials and History
OSCP
Sept 2020
Rough time on this. This exam is truly a huge pain in the ass. I feel it is mostly because of how in demand it was. The exams got harder, the labs became less relevant as they age, and the time limit on the exam is not realistic. Get lucky and try harder I suppose.
This blog posting is written using mostly markdown although hugo allows for extendability. But I will get into that noise later.