Breaking Bitlocker – Bypassing the Windows Disk Encryption
by zitstif on Feb.08, 2024, under Videos
End of the year thoughts on IT/InfoSec
by zitstif on Dec.21, 2023, under Posts
I haven’t posted in a bit and thought I would update my site and share some quasi-random thoughts and lessons learned in IT/InfoSec in the past year or so:
1.) Having enough staff and support that handles IT/InfoSec matters is not only an operational concern but also a security concern. There have been plenty of instances of businesses being compromised or having issues during holidays when they’re running on a skeleton crew. There are businesses who try to continuously run on skeleton crews and use automation to augment them. In my humble opinion this is more of a risk than what it’s worth. Which leads me to my next point.
2.) Revenue and control are top priorities for businesses. I would even argue revenue is more important. Having and running a business is a risk/reward venture. People who take the risk of starting and growing a business are willing to do what helps the bottom line. This means that they don’t necessarily care about if they’re using vulnerable software or infrastructure. They don’t care how much you can ‘pwn’ them; they want to know how much of a risk it is and will it affect their bottom line. Adding to this point, years ago I remember seeing posts (that I can’t find at the moment) that some western businesses knowingly/assumingly let China steal intellectual property but were too afraid to report it to the western authorities because they did not want to lose the Chinese market.
3.) The world runs on vulnerable software and will continue to. If I’m a business owner and I have a Windows XP machine that is hooked up to my network with appropriate safety guards in place and this XP machine interfaces with a machine that is helping my bottom line, I really don’t care if it’s necessarily within compliance/regulations. As a matter of fact, a lab I worked at had a blood platelet counting machine that is FDA approved, this machine still runs Windows XP.
4.) Regardless of what makes sense in the security realm, management can override controls. Try telling a CEO/founder that they need to have MFA on when they’re of an older generation and computers are just an annoyance and necessary evil for their business. Again, this person has likely taken big risks to get to where they are and make the business flourish. Additionally, auditors to this person are an annoyance and a barrier to how they want their business to operate.
5.) Rooky mistakes can lead to catastrophic failures. Recently, I was tasked with performing upgrades on a server farm and due to work, which was done on this server some years back, a loose screw was left in the chassis. The screw arced the motherboard and brought down huge sections of the network and security controls. Let us not forget what happened to MGM. Regardless of what level you’re at in IT/Infosec, having solid fundamentals is key.
6.) Documentation is almost as important if not at times more important than the work performed. We all know there’s google and ways of searching the web, however, the web can lead you down roads that are not accurate or only provide partial answers. In addition, documentation can be removed by the entities who desire this and this includes archive.org. A robust documentation system that is up to date is key to any successful IT operation. Projects and complex issues should have well documented and reviewed processes that can be easily searched. I’m personally not a fan of documentation being stored on samba shares and prefer a solution maybe more similar to: https://itflow.org/
(This is also a good read/worthwhile mention: https://xwiki.com/en/Blog/open-source-alternatives-to-Confluence/)
7.) Skip the salesperson, reach out to an engineer. This might not necessarily be a given but anyone who doesn’t have to support a product or solution and is just peddling it, will try to sell you the moon. Contact the support engineers and see how that goes. Pick their brains and play the role of someone who may need more advanced help with the product or solution.
8.) Advanced threats or state actors will always find a way in. There’s this idea of absolute and perfect security that people may strive toward. We all appreciate their efforts but as long as there are entities with deep pockets and nearly limitless resources, they will find a way to compromise their targets. Your ransomware protection scheme has its gaps and a state actor will find flaws. Accept this reality.
9.) Your anti-ransomware backup solution isn’t bullet proof. As long as you need to perform space management on your backup solution, some sort of flag or parameter could be potentially exploited to encrypt your backups. I personally think off-line backups are a great means of deterring ransomware but again, they’re not bullet proof.
#Update 3/9/2024
10.) The software you use that relies on libraries or code from multiple sources is a huge risk. Software supply chain attacks should be a huge concern and not overlooked. Controlling the source of where you get your software from and how its verified is crucial. Hashing and using mock environments to test and monitor software might be a great means of mitigating this risk.
11.) Geofencing is a great tool but attackers adapt and errors can cause denial of service conditions. Pertaining to errors, see this reddit post regarding maxmind that I personally experienced: https://maglit.me/unngenedismist
12.) Saying, “I don’t know” is ok. If you don’t know something.. say it and don’t start speculating if you truly don’t know.
AV evasion fun with ChatGPT
by zitstif on Jun.28, 2023, under Code, Posts
I’ve used chatgpt for work on some SQL queries that I had troubles with and granted it worked.
I have 0 idea if this will compile or work.. I’m sharing the idea that I’m sure is not original:
code:
#include <stdio.h> #include <stdlib.h> void execute_shellcode() { __asm__(“mov $0xff,%eax\n\t” “inc %eax\n\t” “xor %ebx,%ebx\n\t” “mov $0xff,%edx\n\t” “inc %edx\n\t” “xor %ecx,%ecx\n\t” “int $0x80”); } int main() { void (*function_ptr)() = &execute_shellcode; function_ptr(); return 0; }
Hacking the Arlo Q Security Camera: Firmware Extraction
by zitstif on Apr.18, 2023, under Posts, Videos
My TLDR version of Zero Trust Computing/Networking
by zitstif on Feb.02, 2023, under Posts
Zero Trust Computing/Networking to me means that you have to assume all end points are directly exposed to the internet and all of their services/ports/exchanges say, “Hey, we are open but refer to the control plane (layered control systems) to access our data plane but you need to verify x amount of information that is dependent on multiple semi-dislike but aligned factors that put together, are hard to reproduce”. All fellow nodes or hosting infrastructures are assumed to be compromised but regardless of how ‘secure’ the zero trust system is, if humans need to interact with it, there will be ways to exploit it. Strong and reasonable cryptography (considering computing power and what information is at stake) along with mitigating low level speculative processing exploits will be of utmost importance and telemetry/diagnostics will become harder to use unless given cascading but potentially tiered/layered permissions.
( “7 principles of zero trust security model“, is a good and short read as well.)
-
Welcome to #!/zitstif.no-ip.org/
-
Recent Posts
- Breaking Bitlocker – Bypassing the Windows Disk Encryption
- End of the year thoughts on IT/InfoSec
- AV evasion fun with ChatGPT
- Hacking the Arlo Q Security Camera: Firmware Extraction
- My TLDR version of Zero Trust Computing/Networking
- Elliptic Curve Cryptography Overview ( F5 DevCentral )
- SSH Client as a Quick and Dirty Port Scanner
- Domain Controller/Active directory over Meraki VPN fix
- Cisco Meraki security is kind of a joke…
- IPMI EVERYWHERE! w/The Pi-KVM – Level1Techs
Calender
March 2024 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Blogroll
- .:: Phrack Magazine ::.
- @GelosSnake
- 100-hacking-tools-and-resources [hackerone.com]
- 2600: The Hacker Quarterly
- 2600.network [idle]
- Academic Torrents
- AI Exploits
- America's Digital Shield
- Amneiza VPN. Your own self-hosted VPN
- Amnesty Tech | Amnesty International
- anderspitman / awesome-tunneling
- Ansible is Simple IT Automation
- Anti Fraud News Blog | AntiFraudNews.com
- AppleExaminer Home
- Arch Cloud Labs – Projects
- Armis
- ARPSyndicate / awesome-intelligence
- Atek – An open source peer-to-peer Home Cloud | Atek.Cloud
- Atlas of Surveillance
- Attack-Defense Online Lab
- Autonomous Red Teaming for Everyone | Prelude Operator
- Awesome SDN
- awesome-incident-response
- BackBox Linux | Flexible Penetration Testing Distribution
- BackTrack Linux
- Binary Revolution Forums
- BIOS Master Password Generator for Laptops
- BleepingComputer.com
- Blog – Black Hills Information Security
- Blog – NotSoSecure
- Blog | GoSecure
- BREAKDEV
- Brute Ratel C4 | Badger doesn't care. It takes what it wants!
- ByteXD – Practical Tutorials for Web Developers & Entrepreneurs
- carnal0wnage.attackresearch.com
- CCC | Startseite
- Censored Planet
- CIS Center for Internet Security
- Cisco Talos Intelligence Group
- Cloud Vulnerabilities and Security Issues Database
- Cloud-Free-Tier-Comparison
- Cloudflare
- CloudSecDocs
- Cockpit Project – Cockpit Project
- Command Line Kung Fu
- command-not-found.com
- CommandLineFu
- Computer Forensics World
- Core Security Technologies (Blog)
- Cribl: Take Control of Your Observability, Security, and Telemetry Data
- CrowdSec: the next-gen open source, crowd-powered, & dynamic firewall
- Cryptome
- CS6038/CS5138 Malware Analysis, UC
- CSI Linux
- CVE security vulnerability database
- Cyber Arch Blog
- Dark Operator
- Dark Reading
- Darknet – The Darkside | Ethical Hacking
- DeCloudUS – Privacy DNS Blocks Google, Ads, and More
- Default Password List for Routers
- Default passwords list
- Digital Experience Monitoring | ThousandEyes
- Digital Forensiscs, Computer Forensics, eDiscovery | ForensicFocus.com
- DigitalMunition – Ethical Hacking & Computer Security
- DiscMaster
- Distributed Denial of Secrets
- Distributed Denial of Secrets
- Diversion – the Router Ad-Blocker
- DNS-based Content Filtering and Security (cleanbrowsing.org)
- Docker.com
- DSLReports Home Broadband ISP reviews, news, tools and forums
- DZone Security
- Electronic Frontier Foundation
- Escape Big Tech
- Exotic Liability
- Exploit Education
- Exploit Observer | ARPSyndicate
- Exploits Database by Offensive Security
- Felix Krause
- FingerprintJS Blog | FingerprintJS
- Firezone: Open-Source WireGuard VPN Server – firezone.dev
- Fleet | Open-source device management (MDM)
- Flipper Zero – Portable Multi-tool Device for Geeks
- FOG Project
- Forbidden Stories
- Forensics Wiki
- Free RMM Tools for MSP and Small Businesses (action1.com)
- FreeIPA – Open Source Identity Management Solution
- FTPrivacy.cloud
- Ghetto Forensics
- Ghidra
- GNS3 | The software that empowers network professionals gns3.com
- GNUCITIZEN
- Golem Network
- GPSJam GPS/GNSS Interference Map
- Gramine – a Library OS for Unmodified Applications
- GRAVITL
- GTFOBins
- Guadicore: Cloud and Data Center Security Simplified
- Guardicore
- Guillaume Quéré Blog
- Hack A Day
- HackDojo
- HackerOne – Bug Bounty program
- HackerspaceWiki
- Hacking-Printers
- Hackster.io – The community dedicated to learning hardware. hackster.io
- HackTricks
- Hak5
- Handshake
- Hash Generator
- hdm.io
- Hextree
- HITB
- HolisticInfoSec
- Home – NetBlocks
- Home – OpenDaylight
- Home – Virtue Security
- Home | endoflife.date
- Home | OpenSCAP portal
- Homepage | CISA
- HoneyDB
- How-To Geek
- I2P Anonymous Network
- Infisical | Open Source SecretOps
- InfoSec Institute
- Infosec Island
- InfosecMatter
- Inj3ct0r – exploit database
- Innernet
- Insecure Magazine
- Inside Laura's Lab
- Instructables – Technology
- Invisible Things Lab
- IPDetective
- IPDS – Domain Name System for IPFS
- IronGeek
- iSecur1ty
- IT Security – stackexchange.com
- ITFlow
- James Brine – Australian Cyber Threat Intelligence
- Kali Linux
- Kali Linux / Kali-purple
- Katacoda – Interactive Learning Platform for Software Engineers
- Keycloak
- Keycloak
- KitPloit – PenTest Tools for your Security Arsenal
- Kon-boot
- Krebs On Security
- LaNMaSteR53.blog
- Learn Pentesting Online
- LibreNMS
- Lifehack – Tips for Life
- Lifehacker
- Linux Kodachi 6.2 The Secure OS
- Linux Security
- LinuxGizmos.com: embedded Linux news & devices
- Live Hacking
- LiveOverflow – YouTube
- LMG Security
- LOLBAS – Living Off The Land Binaries, Scripts and Libraries
- Mageni – Free and open-source vulnerability scanner
- Malicious Group
- MalwareTech
- Malwr – Malware Analysis by Cuckoo Sandbox
- Mandiant Blog
- Martin Vigo PERSONAL HACKING PROJECTS, WRITEUPS AND TOOLS
- MASS | Metal as a Service
- Meshtastic
- Metasploit Blog
- Metasploit Unleashed – Mastering the Framework
- MG
- Mininet: An Instance Virtual Network on your Laptop (or other PC)
- MITRE ATT&CK
- Mobile Verification Toolkit
- MorningStar Security News
- Moxie Marlinspike >> Thoughtcrime Labs
- MSPGeek a free MSP Community for all Service Providers
- Nagios – The Industry Standard in IT infrastructure monitoring
- NetBird – Connect and Secure Your IT Infrastructure in Minutes
- NetBox.dev
- Netmaker: Wireguard® VPN & Software Defined Networking
- NETSEC – Ramblings of a NetSec addict
- Network Engineering Stack Exchange
- Network World
- news.ycombinator.com
- nixCraft – (www.cyberciti.biz)
- nrd-list.com
- NTLM Decrypter
- Objective-See
- Offensive-Security
- offsec.tools
- OmniEdge | Unlimited Computers In Your Private Network
- OnionScan: Investigating the Dark Web
- Online – Reverse Shell Generator
- Online LM hash cracking engine
- Online Password Hash Crack
- Open Network Operating System (ONOS)
- Open Observatory of Network Interference
- Open-AudIT
- OpenBSD Router Guide
- openITCOCKPIT | Open Source Monitoring
- OpenNIC Project
- OpenProject – Open Source Project Management Software
- OpenSecrets
- OpenSecurity
- OpenSecurityTraining
- OpenWISP: Open Source Network Management System
- OpenZiti
- Opt out of global data surveillance programs like PRISM, XKeyscore and Tempora.
- OSINT Framework
- OSINT Tools for the Dark Web
- osquery | Easily ask questions about your Linux, Windows, and macOS Infrastructure
- osTicket | Support Ticketing system
- Ostorlab: Blog
- Outflank | Red Team Tools & Expert Services
- OWASP
- Packet Life
- PacketStorm Securtiy
- Parrot Security
- Passbolt | Open source password manager for teams
- PaulDotCom
- Penetration Testing and Vulnerability Analysis Polytechnic Insitute
- Penetration Testing Lab
- Pentester Academy TV – Youtube
- Pentester Academy: Learn Pentesting Online
- Pentester's Promiscuous Notebook
- PenTestIT
- PentHertz Blog
- Peteris Krumins' Blog
- phpIPAM IPAM IP address management software
- Pi-hole
- Pi-KVM – Open and cheap DIY IP-KVM on Raspberry Pi
- PiKVM – Open and inexpensive DIY IP-KVM on Raspberry Pi
- polyswarm.io Blog
- Pomerium
- Portcullis Labs
- Pritunl, Enterprise Distributed OpenVPN, IPsec and WireGuard Server
- Privacy is sexy – Enforce privacy
- PrivacyTools – Encryption Against Global Mass Surveillance
- Project Honey Pot
- Project Zero (Google)
- Pwnagotchi – Deep Reinforcement Learning
- qual – Internet Independent Wireless Mesh Communication App
- Qubes OS: A reasonably secure operating system
- RANCID – Really Awesome New Cisco confIg Differ
- rConfig – Network Configuration Management!
- reptile[.]haus[/]blog/
- RiskIQ Community Edition
- Risky Business
- Ronin
- ROOter by Modems and Men
- Routerpwn
- SaltStack: Home
- samy kamkar – home
- Sanesecurity signatures: improve ClamAV detection rate
- SANS Digital Forensics Blog
- SANS Penetration Testing Blog
- Schneier on Security
- SDF Public Access UNIX System – Free Shell Account and Shell Access Est. 1987
- SecLists
- SecLists
- secret club | Blog about reverse-engineering, hacking, and breaking your software in ever way
- Secure Data Recovery Services
- SecureDrop.org – Share and accept documents securely
- Securelist | Kaspersky's threat research and reports
- Security Awareness Training | KnowBe4
- Security Database Tools Watch
- Security Insights | AdaptiveMobile
- Security Onion Solutions
- Security Research | mr.d0x
- Security Watch
- SecurityFocus
- SecurityTube.net
- SecurityTube.net Hack of the Day
- SentinelLabs – Intelligence Redefined
- Server Fault
- ServeTheHome: Server, Storage, and Software Reviews
- Sevro Security | SS
- Shell is coming …
- Shell.Systems – WE POP SHELLS
- Shelter Project
- shieldwall – secure your most private servers – shieldwall.me
- SHODAN – Computer Search Engine
- Signal >> Home
- Silent Break Security Blog
- SkullSecurity
- Slashdot
- Snipe-It Free open source IT asset management
- Snort Blog
- SNOsoft Research Team
- Social Engineering – Security Through Education
- Social Networking / WireHub
- SpiderFoot
- SpiderFoot HX – SpiderFoot
- Spork: Peer-to-peer socket magic in the air | Spork.sh
- Spy Culture | Intelligence Agencies and Popular Culture
- Stack Exchange
- Stop Ransomware | CISA
- Sucuri Blog
- Sunny Valley Networks – Agile Service Edge Security
- Super User
- Synacktiv Publications
- T E X T F I L E S
- Tails OS
- Tailscale – private networks made easy
- Tales from a Security Professional
- Technitium | Push The Limits
- The Art of Mac Malware
- The Black Vault
- The C2 Matrix
- The Citizen Lab – University of Toronto
- THE DFIR REPORT – Real Intrusions by Real Attackers, The Truth Behind the Intrusion
- The Ethical Hacker Network
- The Exploit Database
- The Free Thought Project – Your online news and discussion platform
- The No More Ransom Project
- The Pragmatic Bookshelf
- The Shadowserver Foundation
- the world.according to koto
- the-infosec
- TheHive Project
- ThirdCloud
- THN: The Hacker News
- threatpost | The First Stop for Security News
- TinyPilot
- Tools to explore BGP
- Top 100 Network Security Tools
- Tor Project | Anonymity Online
- TorBox – TorBox is an easy to use, anonymizing router based on Raspberry Pi.
- Troy Hunt: Troy Hunt
- TrustedSec News and Events (Blog)
- tssci security
- Unimus by NetCore j.s.a
- Unmask Parasites. Blog.
- UrBackup – Client/Server Open Source Network Backup
- Veil – AV Evasion
- Ventoy – A New Bootable USB Solution
- VIPER VAST
- virtuallyGhetto
- VoidSec
- Volatile Systems Blog
- Vulners – Vulnerability Data Base
- Vuls – Agentless Vulnerability Scanner for Linux/FreeBSD
- w3af – Open Source Web Application Security Scanner w3af.org
- War Room
- Wazuh – The Open Source Security Platform
- Welcome | authentik
- Welcome to Enable Sysadmin | Enable Sysadmin
- What is this? Red Teaming Experiments
- What's My Pass?
- Whistleblower Aid
- WhoTracks.me – Bringing Transparency to Online Tracking
- WikiLeaks
- Will Hack For SUSHI
- Windows Command Line -CMD commands, command prompt, batch files, Powershell
- Wireskip.
- Wiz: Cloud infrastructure security reimagined
- Word List Downloads
- xorl
- ZeroTier – Global Area Networking