Cool Ansible 3 - Advanced Templating

Jinja is a powerful template engine for Python. It’s commonly used to place variables and other content in files. You can see it in action by using Ansible’s template task. There is much more functionality that can be used to take Ansible playbooks to the next level.

Read More

Cool Ansible 2 - Get User Input During Execution

The pause module can stop execution for an amount of time or wait for the user to hit Return. One of its return parameters is user_input which makes it great for getting variables or confirming actions during task execution. In this example, we ask the user to confirm that they want to delete an important file. The deletion task will be only be run when the user explicitly types yes or true.

Read More

Cool Ansible 1 - delegate_to

I’ve been working with Ansible a lot recently and consequently also been reading about it. There are some things I’ve found that are incredibly useful or just interesting. In this series I’ll quickly go over something I learned and give examples of where it may be help.

Read More

Jerry - My First Hack The Box Ownage

I “received” my Hack The Box invite code over the summer but I never had time to get into it. Recently I decided to see what this whole pen-testing thing was about and put in some work to try and hack a box. I went for Jerry because it had a difficulty of 2.9/10 and had over 10,000 system and user owns (solves).

Read More

Opening My Smart TV to the World

This year I moved into a new apartment and had to get a TV for the living room. I ultimately got this TCL Roku TV which my journey of getting is a whole nother story. I powered it on, selected my language and country, then it was time to configure the network connection. Shoot.

Read More

Centralize Cowrie Honeypot Logs with Graylog in AWS

This summer I want to do more botnet analysis. I’ve done some before with my rootonyour.webcam SSH log analysis sensor and server projects. This really only included geolocation and linked to Shodan information on running services. Cowrie is a medium interaction honeypot that can log login credentials and command execution and also capture downloaded files. I don’t prioritize availability with my self-hosted servers, so I’d rather put everything in the cloud.

Read More

Configuring a Reverse Proxy in AWS for my Homelab

This summer my servers are behind a firewall that I don’t control. I can request to have ports opened but it’d take a while and I like to have things under my control. I’ve tried setting up a reverse proxy before but the concept confused me and I never had a real use case for one.

Read More

View Your IP (Or Anything Else) At Login

When I started setting up a new network with ESXi, I wanted to make everything as uniform as possible. When I started up a new VM, I wanted to be able to SSH in as soon as it was ready. This plan was foiled by needing to log in through the console and get the IP or look at my current DHCP leases. Place these lines in /etc/rc.local to show the IP address at the login prompt.

Read More

Proxy Python Requests Through Burp Suite

I write a lot of Python scripts that interact with websites using the requests module. To figure out the requests I need to make for say, logging in, I do the process manually while Burp Suite is running and then model it. It wasn’t until a few days ago while debugging that I wondered if I could proxy my Python programs to make sure it was sending the correct data.

Read More

The Full Guide to Creating an Alexa Skill with Flask-Ask

I’ve written several skills using the Flask-Ask framework but found Amazon’s basic tutorial to only work for short-term projects that would not be officially published. Recently, I wrote a post here about the environment I created to be a fast and reliable host for my published skills, specifically Explain Like I’m Five. That post explains the components and my reasons for using them. This is the technical guide to setting up that environment.

Read More

My Alexa Skills Environment

I first became interested in the Alexa Skills Kit when I got a strip of LED lights for Christmas. Python is my go to language so I used the Flask-Ask framework on a Raspberry Pi to make them change colors, flash, etc. with my voice. The code was very basic, and the networking with ngrok was messy. The endpoint domain had to be changed in the skill’s configuration every time ngrok was stopped or my Raspberry Pi restarted.

Read More

Install and Configure OpenVPN Access Server

A while ago I wrote an introduction to virtual private networks. I have an odd love for this technology and the wide array of uses that come with implementing it. What used to be a tool for enterprise use is now almost a commonly known term. Just this evening, NPR ran a story about normal people using VPNs to deter spying by internet providers and the government. They recommend the safest way to use a VPN is to host it yourself. Today it is easier than ever to configure a quality VPN server.

Read More

Log File To Google Map with Python

Opening up a computer to the world exposes it to a plethora of bots scanning for default credentials, unpatched vulnerabilities, among other things. It’s important to take this into consideration when configuring a publicly facing service. Key exchange or a strong password, access control, and keeping on top of updates are a must. When I first got to campus which has a mostly public facing network, I was amazed at the number of bots constantly scanning everything and anything.

Read More

Breaking into Windows with Sticky Keys

The good ol’ sticky keys exploit. As a security centric IT intern, I was elected to break into the old machine an employee had forgotten the password to. The machine ran XP - easy. This exploit works on at least XP and Windows 7. The only thing required is a bootable Linux live USB and a handful of Linux and Windows commands. If all goes smoothly, you can expect to be back in the machine in roughly 5 minutes. #What The sticky keys prompt is titled ‘sethc.exe’. This application is called by name when shift is pressed 5 times. By changing the contents of this executable, we can run whatever code we want at system level. Since this hotkey is listening even before login, it’s very useful for resetting a lost password. By changing the command prompt’s name to sethc.exe, we gain a system level shell which can manage users.

Read More

Save Time On The Command Line With These Two Tools

Command-line interfaces (CLI) give users the ability to quickly execute commands and change virtually anything about a machine. However, sometimes remembering  or researching the write command or syntax can take more time than clicking through a GUI. These two tools will help save you time by simplifying commands and making your everyday work more efficient.

Read More

Introduction to OpenVPN and Other Virtual Private Networks

Virtual Private Networks were first deployed in business settings for remote workers. They have the ability to provide secure access to a local network from a remote computer. Today, VPNs are useful even for common individuals. Masking an IP address, evading geolocation, and using a secure connection are just a few reasons any person may want to use a VPN.

Read More

Gone Phishing with Go Phish

A basic phishing attack is one of the easiest and least technical social engineering attacks to perform. Crafting a fraudulent email and replicating a website is something anyone with basic knowledge of computers can do. The Social Engineering Toolkit (SET) makes this process even easier by guiding the attacker through the process. SET contains many tools for targeted attacks against a singular person or organization. Phishing is just one attack vector in the toolkit.

Read More