techvomit.net

My name is Jayson, and I work in the offensive security space. I have worked as a Purple Team Lead, Red Team Lead, Penetration Tester, Tool Developer, Devops engineer, and system administrator. I successfully completed my BS-CS at UNM in the Summer of 2016, and am very happy to be done with school. I am passionate about automating offensive security work through tool development and employing devops concepts. I am also interested in APTs (Advanced Persistent Threats) and understanding the motivations behind the creation of nation-state-funded Malware....

Keeper Install CLI client Get the latest version and install the appropriate package: AUTHOR='Keeper-Security' REPO_NAME='Commander' curl -s "https://api.github.com/repos/${AUTHOR}/${REPO_NAME}/releases/latest" \ | jq -r '.assets[].browser_download_url' Login to Keeper Run this command: keeper login When prompted, enter your email, then your TOTP, and finally your master password. Resource: https://docs.keeper.io/secrets-manager/commander-cli/using-commander/logging-in Get a password using its name This particular example will return the password for the entry called gmail.com in the vault: My Vault> find-password gmail....

Table of Contents You can use this site to generate the code for you. For example: ## Table of Contents - [Prerequisites](#prerequisites) - [Create](#create) --- ## Prerequisites * Stuff * Things --- ## Create * More stuff * More things Resource: https://stackoverflow.com/questions/11948245/markdown-to-create-pages-and-table-of-contents Add line break Simply add two spaces after the line that you want to break on. Resource: https://stackoverflow.com/questions/26626256/how-to-insert-a-line-break-br-in-markdown

Loop over JSON array This example will print all of the values associated with the name key: sample='[{"name":"foo"},{"name":"bar"}]' for row in $(echo "${sample}" | jq -r '.[] | @base64'); do echo ${row} | base64 --decode | jq -r '.name' done Resource: https://www.starkandwayne.com/blog/bash-for-loop-over-json-array-using-jq/ Get object based on value of JSON variable $ jq '.[] | select(.location=="Stockholm")' json { "location": "Stockholm", "name": "Walt" } { "location": "Stockholm", "name": "Donald" } Resource: https://stackoverflow.com/questions/18592173/select-objects-based-on-value-of-variable-in-object-using-jq

Elasticsearch Get version of ES curl http://localhost:9200/ Get all indices in a cluster curl http://localhost:9200/_aliases Get all indices in a cluster (pretty) curl http://localhost:9200/_aliases?pretty=true Show index creation time curl http://localhost:9200/_cat/indices?h=health,status,index,id,pri,rep,docs.count,docs.deleted,store.size,creation.date.string&v= Resource: https://stackoverflow.com/questions/17426521/list-all-indexes-on-elasticsearch-server Get number of docs in a cluster curl http://localhost:9200/_cat/count?v Get number of docs in an index curl http://localhost:9200/index/_count Get Roles This is where you can get answers to questions like “what do I have access to?” curl http://localhost:9200/_security/role Resource: https://www....

Getting Started Install latest version of Azure CLI on Mac brew update && brew install azure-cli Resource: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-macos Install latest version of Azure CLI on Linux # YOLO curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash Resources: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-5.5.0 Install PowerShell brew install --cask powershell-preview Run a powershell terminal with: pwsh-preview Update Powershell brew update brew upgrade powershell-preview --cask Uninstall Powershell brew uninstall --cask powershell sudo rm -rf /usr/local/bin/pwsh-preview /usr/local/microsoft/powershell Resource: https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-macos?view=powershell-7.1...

Installation on Ubuntu 20.04 sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install -y terraform # Verify it works terraform -v Resource: https://learn.hashicorp.com/tutorials/terraform/install-cli Commands This is used to download and configure providers in your terraform code: terraform init Resource: https://learn.hashicorp.com/tutorials/terraform/eks Reconfigure state If you need to reconfigure your state, run the following:...

Find a string Alt+b Once you’ve done this, be sure to encase the string you want to find in “”. For example: "string to find" Open breakpoints window Ctrl + Alt + b Preset breakpoints Click Debugger Debugger options… Set specific options Check the box next to preset BPTs Click OK Debug Android Activity Find an activity in a package that you want to look at Click Debugger -> Debugger options -> Set specific options Set the ADB executable (you can find this with which adb) Click Fill from AndroidManifest....

Wireshark Filter where the source ip is not 192.168.1.1 ip.src != 192.168.1.1 Filter where the destination ip is not 192.168.1.1 ip.dst != 192.168.1.1 Find packets with a string in them frame contains <thing to search> For example: frame contains google Resource: https://www.cellstream.com/reference-reading/tipsandtricks/431-finding-text-strings-in-wireshark-captures Show hostnames Go to View -> Name Resolution -> Check the box next to Resolve Network Addresses Resource: https://unix.stackexchange.com/questions/390852/how-to-filter-by-host-name-in-wireshark Filter TLS traffic ssl.record.version If you want to only show TLS v1....

Sites with valid SSL certs ssl:"orgname" 200 Negative search This is used to specify things you don’t want to be appended to your search -"content" An example could be: ssl:"orgname" 200 -"nosniff" Look for patterns in html html:"Dashboard Jenkins" Search for a specific technology This example will find all sites that use Bootstrap http.component:bootstrap Jenkins: http.component:"jenkins" Resources: https://twitter.com/shodanhq/status/985964783089233920?lang=en https://medium.com/bugbountywriteup/using-shodan-better-way-b40f330e45f6 Assets belonging to an organization org:"Name of Organization" That also return a 200 response code org:"Name of Organization" 200 Find CVE-2020-3452 org:"Name of Organization" 200 "Set-Cookie: webvpn;" Resource: https://twitter....