Cybersecurity Staff Training Session – Part 1
AGIX Discussion
Cyber-Security
Welcome to the first part of the AGIX Cybersecurity training course. This course is focused on staff related matters. Cybersecurity relates to people as much as organisations, and as such we’ll ensure home and work perspectives are covered. We discuss the methods and solutions, and we discuss what to look
May 25, 2022
|
Andrew Galdes
Read More
Cybersecurity Staff Training Session – Part 2
AGIX Discussion
Cyber-Security
Welcome to the second part of the AGIX Cybersecurity training course. This course is focused on staff related matters. Organisationsare under constant attack. Some attacks are “testing the water” while others are organized, local and effective. Organisations are constantly defending against cyber-threats. Targets All organisations are targets. Online businesses. Physical
May 25, 2022
|
Andrew Galdes
Read More
Hide Apache and PHP Version Details
All HowTo's
Cyber-Security
Linux
Redhat, Fedora and CentOS Linux
Web Servers
Sometimes we don’t want the public knowing the versions of Apache and PHP running on our servers. This article shows how to hide that information. We’re using CentOS 7 for this example but the only difference really is the location of the configuration file for the Vhosts. Hide the Apache
November 10, 2021
|
Andrew Galdes
Read More
My Most Used Metasploit Modules
Cyber-Security
Linux
Ubuntu, Mint & Debian Linux
The modules that we use are specific to our needs. But these are the most commonly used from my recent history. This list is super generic and mostly to supplement my poor memory. These methods/modules rely on a previously completed db_nmap scan. So our targets are readily available from the
October 04, 2021
|
Andrew Galdes
Read More
Creating your own Password list
All HowTo's
Cyber-Security
Linux
Redhat, Fedora and CentOS Linux
Ubuntu, Mint & Debian Linux
If you want to create a customised password list for a specific target (client, I hope), this article is for you. It’s basically just a re-write of “https://karimlalji.wordpress.com/2018/04/26/password-guessing-mangle-a-custom-wordlist-with-cewl-and-hashcat/” which I’ll probably forget later so I’m documenting here. We don’t just want a list of passwords, we want a list of
September 22, 2021
|
Andrew Galdes
Read More
Mount SysInternals over HTTP on Linux
All HowTo's
Cyber-Security
Linux
Redhat, Fedora and CentOS Linux
Ubuntu, Mint & Debian Linux
Windows
This article demonstrates how to mount “https://live.sysinternals.com/tools” on Linux so that it’s accessible at “/mnt/sysinternals”, for example. On CentOS: yum install davfs2 On Ubuntu: apt install davfs2 Mount it: mount -t davfs https://live.sysinternals.com/tools /mnt/sysinternals Now you can access it at: # ls /mnt/sysinternals/ accesschk64.exe diskext.exe pipelist.exe RegDelNull.exe accesschk.exe Diskmon.exe PORTMON.CNT
September 20, 2021
|
Andrew Galdes
Read More
Pen Testing Tools – Stuff we all need
All HowTo's
Cyber-Security
Linux
Redhat, Fedora and CentOS Linux
Ubuntu, Mint & Debian Linux
This article is mostly a cheat sheet for things pen-testers need. Obviously there’s a little picking and choosing depending on the need. Nmap: Ubuntu: apt install nmap CentOS: yum install nmap Nikto: Ubuntu: apt install nikto CentOS: yum install nikto Mimikatz: https://sourceforge.net/projects/mimikatz.mirror/files/latest/download Hydra: Ubuntu: apt install hydra Cewl: Ubuntu: apt
September 01, 2021
|
Andrew Galdes
Read More
Configure Metasploit with NMap and the Database – Advanced
All HowTo's
Cyber-Security
Linux
PostgreSQL
Redhat, Fedora and CentOS Linux
Ubuntu, Mint & Debian Linux
Web Servers
This article walks you through the process of installing, configuring and running scans using Metasploit and Nmap. Both CentOS 7 and Ubuntu 20.04 are discussed. Our objective is to be able to run nmap scans and have the results go into a database so we can filter the results later
August 24, 2021
|
Andrew Galdes
Read More
Get and Crack Windows Cached Credentials
All HowTo's
Cyber-Security
Windows
This article explains how to extract various Windows dumps of passwords from a target system. To follow along with this article, you’ll need to have administrative access to the target Windows machine, and any endpoint security will need to be tolerant of your activities. Any good AV will likely prevent
July 23, 2021
|
Andrew Galdes
Read More
WiFi Penetration Testing with Ubuntu on USB Storage
All HowTo's
Cyber-Security
Linux
Ubuntu, Mint & Debian Linux
This article demonstrates how to use Ubuntu booted from a USB disk to do WIFI penetration testing. Why would you want to do this? If you have Windows on your laptop and need to use Aircrack-NG, you’ll need to fight with wireless adapter driver issues. So you’ll try Kali Linux
June 22, 2021
|
Andrew Galdes
Read More