Here, you’ll find a mix of content beneficial to Sysadmins, my personal thoughts, and/or general Infotech topics.
Recent Posts
Hacking Resources for Beginners
Wondering how to get started in hacking? Harley’s list of recommended resources for beginners can be found below. While all of these resources are great on their own merit, it’s important that hackers reflect on what type of hacking is most interesting to them. For a complete beginner that doesn’t know what path to take,…
Open Source Intelligence (OSINT) Sites
Threrat Intelligence Platforms (T.I.P.) All threat of these platforms are free, but not all of the functions are available for the free versions. They are still great to be able to look up IOCs (indicators of compromise) on threat actors. All of these platforms you will have to register for, but are worth it. ThreatConnect…
Practical Network Penetration Tester (PNPT) Exam Review – TCM Security
In early July of 2021, I decided to take on TCM Security’s new PNPT certification and passed it on my first attempt! This post intends to serve as a review of my experience, as well as help answer some of the common questions that I’ve seen online regarding the exam. What is the PNPT? The…
Your Microsoft Teams chats aren’t as private as you think..
Encrypt and Anonymize Your Internet Connection for as Little as $3/mo with PIA VPN. Learn More Microsoft Teams is a proprietary business communication platform developed by Microsoft, as part of the Microsoft 365 family of products. Teams primarily competes with the similar service Slack, offering workspace chat and videoconferencing, file storage, and application integration, and is used…
Disabling LLMNR and NBT-NS in Your Network
I’ve made a handful of articles on attacking LLMNR within Active Directory environments, but I’ve never made anything that helps IT Admins mitigate this vulnerability. This post intends to serve as a guide for patching this vulnerability that is enabled by default in Windows. Keep in mind that we need to not only disable LLMR,…
How self-signed certificates invite man in the middle attacks.
IntroductionThe purpose of digital certificatesWhat is a self-signed certificate?What’s the impact?Where do we go from here?Conclusion Ever since communication was invented, the need for encryption has been apparent and the solution has been sought after by all. This led many mathematicians down a path to create scalable, efficient solutions that not only encrypt communications, but…
Installing Covenant C2 on Windows
Covenant C2 is described by its authors as “A . NET command and control framework that aims to highlight the attack surface of . NET, make the use of offensive . NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.” This post is meant to supplement a video that…
Importing Email Addresses & Domains to Blacklist in Office 365 Using PowerShell
Preparing the List I recently had to migrate away from our third-party spam filter. I was able to get them to send us a CSV file that contains a list of all our blocked domains/email addresses, but that list was not very clean. For example, it looked like this with a mix of domains and…
Symmetric Encryption vs Asymmetric Encryption
Symmetric Encryption A single, shared key is used to both encrypt and decrypt the data. You’ll want to handle this key with caution and only share it to those that need access to that data. Pros: Works great if we only need to secure data for a single machine or a single user.Very fast to…
Let’s Talk Basics About Cross Site Request Forgery (CSRF)
It became apparent to me that my understanding of CSRF was lacking, or uh, basically non-existent. This post aims to fix that! Come learn about it along with me. Note: This particular post is NOT a hacking tutorial on abusing CSRF, though I’m sure I will post one in the near future (make sure to…
Have a WebApp? Here Are Three HTTP Headers Leaking Your Server Information
This post intends to discuss the three most common HTTP headers that leak server information. While these headers don’t do anything to help protect against attacks, they can be used by attackers to enumerate the underlying technologies behind the application during the early enumeration phase of an attack. If you’d like to learn more about…
What are Web Application HTTP Security Headers? When do you use them?
This post intends to serve as a guide for some of the most common HTTP Headers web applications use to prevent exploitation of potential vulnerabilities. Within this article, you will discover the name of the various headers, along with their use case and various configuration options. If you’d like to learn more about which headers…
My Top 3 OSCP Resources (Ippsec, TheCyberMentor, & 0xdf)
I have seen many people ask the community for help regarding good resources and figured I should create this post to share my two cents on the topic. I started this journey about 6-8 months ago and have soaked in a ton of content during that time. TheCyberMentor Use this when first starting out! He…
Patching CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability
As I’m sure you’ve heard, there were a handful of critical vulnerabilities announced in this week’s Patch Tuesday. Included in the list of vulnerabilities is a flaw within CryptoAPI that would allow an attacker to digitally sign malicious software updates as the legitimate creator of the software. While Microsoft lists this vulnerability with a severity…
Top Ways Penetration Testers Get Domain Admin
Very brief post, but will be expanded on with additional details as time allows. Breached CredentialsCredential Stuffing & Password SprayingLLMNR & NBT PoisioningRelay AttacksNull Sessions on Domain Controller(s)Token Impersonation on Low Priv BoxesMiTM6 to Exploit IPv6KerberoastingMS17-010 and Poor Patch ManagementSYSVOL Credentials and GPPLack of Segmentation of Administrative Privileges Insecurely Stored Credentials (Office Documents, Outlook Notes,…
How To Activate Windows 7 Extended Security Updates (ESU)
This post intends to serve as a guide on activating a purchase ESU license key on a Windows 7 box. I’m making the assumption that you have already gone through the procedure to purchase the Windows 7 ESU key and have access to it. READ MORE…
Stay Involved
Get new content delivered directly to your inbox.
Infinite Logins 