Adding a Proxy Certificate in Windows Subsystem for Linux
This week I was having an annoying issue trying to use the requests library from Python – my corporate proxy is doing SSL inspection and HTTPS traffic was failing due to SSL errors. After some googling, troubleshooting, and head-smashing – I found a solution. That should be it! From here on you can test with…
Spies, Lies, and Algorithms: The History and Future of American Intelligence by Amy B Zegart
This was a really great book that helped me understand quite a bit more about the problems faced by the US government intelligence community. The book does a deep dive into the history of the IC and discusses some of the successes and failures that the IC has had throughout history. Backed by nearly 30…
The Lazarus Heist by Geoff White
I just finished The Lazarus Heist by Geoff White I loved the book. It was a great supplement to the podcast by the same author and of the same title. The audiobook is read by the author which really adds that additional element in an audiobook. The content is additive to the podcast but not a…
This Is How They Tell Me the World Ends (The Cyberweapons Arms Race) – Nicole Perlroth
The book begins by discussing the origins of Zero Day markets and follows the author’s journey into discovering exactly who is buying and who is selling these bugs and exploits. This is a narrative-driven piece that focuses both on the individuals that Perlroth interviews and intertwines their stories with the historical events of the so-called…
Home Lab – SIEM
I chose to use an ELK stack for ease of use (lol). In actuality ELK is free and has a lot of configurations available. I don’t love it and would rather use Splunk or something else – but it is good practice and it works fine. I might build something like Security Onion on top…
Home Lab – Networking
All of the readers of this blog – and by that I mean myself only – know that I recently moved to a new home. After lugging my server rack across the country, I had to take the time to assemble everything and to do it a little better this time. First comes the wiring.…
HackTheBox – Love
Enumeration: NMAP: Enum4Linux: Nikto: Dirb: Outputted a long text file but the only thing interesting is that there http://love.htb/admin/ was available – this is useful later Getting Foothold: The enumeration stage revealed 2 interesting tidbits: staging.love.htb is a valid subdomain love.htb/admin/ is apparently an admin login port 5000 was open So naturally the first step…
Remediating OWASP Vulnerabilities
For my Software Security class we were given the task of remediating vulnerabilities in the OWASP Wacko Picko web server. This is an intentionally vulnerable and broken web server with quite a few intentionally bad bits of code. The code for this box can be found here:https://github.com/adamdoupe/WackoPicko Problems Session ID Vulnerability Definitions [https://cwe.mitre.org/data/definitions/384.html] This vulnerability…
TryHackMe – Attactive Directory
This is a write-up I did after working through this CTF: https://tryhackme.com/room/attacktivedirectory Tools: Impacket:Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as…
Simple Powershell Scripts pt.2
This is a simple script I wrote today to send an email when a specific service is no longer running. I’ve been having issues with Veeam randomly stopping the SQL service and I built this to send, on a scheduled task, a message via Google’s open SMTP and an app password on my MFA protected…
Loading…
Something went wrong. Please refresh the page and/or try again.
Follow My Blog
Get new content delivered directly to your inbox.
Josh's Cybersecurity Blog 