techvomit.net

My name is Jayson, and I am a security researcher. I have worked as a penetration tester, tool developer, devops engineer, and system administrator. I successfully completed my BS-CS at UNM in the Summer of 2016, and am very happy to be done with school (for now). I am passionate about penetration testing, security tool development and automating offensive security work. I am also interested in APTs (Advanced Persistent Threats) and understanding the motivations behind nation-state-funded Malware....

Loop over JSON array This example will print all of the values associated with the name key: sample='[{"name":"foo"},{"name":"bar"}]' for row in $(echo "${sample}" | jq -r '.[] | @base64'); do echo ${row} | base64 --decode | jq -r '.name' done Resource: https://www.starkandwayne.com/blog/bash-for-loop-over-json-array-using-jq/

Elasticsearch Get version of ES curl http://localhost:9200/ Get all indices in a cluster curl http://localhost:9200/_aliases Get all indices in a cluster (pretty) curl http://localhost:9200/_aliases?pretty=true Show index creation time curl http://localhost:9200/_cat/indices?h=health,status,index,id,pri,rep,docs.count,docs.deleted,store.size,creation.date.string&v= Resource: https://stackoverflow.com/questions/17426521/list-all-indexes-on-elasticsearch-server Get number of docs in a cluster curl http://localhost:9200/_cat/count?v Get number of docs in an index curl http://localhost:9200/index/_count Get Roles This is where you can get answers to questions like “what do I have access to?” curl http://localhost:9200/_security/role Resource: https://www....

Getting Started Install latest version of Azure CLI on Mac brew update && brew install azure-cli Resource: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-macos Install latest version of Azure CLI on Linux # YOLO curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash Resources: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-5.5.0 Install PowerShell brew install --cask powershell-preview Run a powershell terminal with: pwsh-preview Update Powershell brew update brew upgrade powershell-preview --cask Uninstall Powershell brew uninstall --cask powershell sudo rm -rf /usr/local/bin/pwsh-preview /usr/local/microsoft/powershell Resource: https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-macos?view=powershell-7.1...

Thanks, I hate it. Getting Started Install gcloud on MacOS First install the SDK: brew install --cask google-cloud-sdk Once that’s done, you’ll be prompted to make some slight modifications to your ~/.zshrc file: echo '\n# Google Cloud' | tee -a ~/.zshrc echo 'source /usr/local/Caskroom/google-cloud-sdk/latest/google-cloud-sdk/path.zsh.inc' | tee -a ~/.zshrc echo 'source /usr/local/Caskroom/google-cloud-sdk/latest/google-cloud-sdk/completion.zsh.inc' | tee -a ~/.zshrc source ~/.zshrc Install gcloud on Ubuntu echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources....

Front-End Ajax Submit a POST request via a form without reloading the page As an added bonus, this will also print the response output to the DOM. <!DOCTYPE html> <html lang="en"> <head> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script> <script> $(document).ready(function () { // Create a compute node for the specified email and return its public IP address function createCompute() { // Handle the POST request and subsequent response data $.ajax({ type: "POST", email: $("#email").val(), url: "https://awesomeendpoint....

Installation on Ubuntu 20.04 sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install terraform # Verify it works terraform -v Resource: https://learn.hashicorp.com/tutorials/terraform/install-cli Commands This is used to download and configure providers in your terraform code: terraform init Resource: https://learn.hashicorp.com/tutorials/terraform/eks Reconfigure state If you need to reconfigure your state, run the following:...

Find a string Alt+b Once you’ve done this, be sure to encase the string you want to find in “”. For example: "string to find" Open breakpoints window Ctrl + Alt + b Preset breakpoints Click Debugger Debugger options… Set specific options Check the box next to preset BPTs Click OK Debug Android Activity Find an activity in a package that you want to look at Click Debugger -> Debugger options -> Set specific options Set the ADB executable (you can find this with which adb) Click Fill from AndroidManifest....

Reverse Engineering Methodology Use jadx (used to analyze java bytecode) to disassemble an APK. Another great tool is Apktool Terminology Activity Something a user “touches” What launches when you tap the application icon Service Long running process that runs in the background An example of this is spotify - you listen to music while doing stuff on other apps Intent Used to facilitate communications between different Android objects A message that states that you did or want something to happen For example, this could be something like the phone ringing, or receiving an SMS message Intents are used to start activities and services or deliver a brodcast message Intent Receiver Respond to input, which could be something like an SMS message, losing WiFi, etc....

Wireshark Filter where the source ip is not 192.168.1.1 ip.src != 192.168.1.1 Filter where the destination ip is not 192.168.1.1 ip.dst != 192.168.1.1 Find packets with a string in them frame contains <thing to search> For example: frame contains google Resource: https://www.cellstream.com/reference-reading/tipsandtricks/431-finding-text-strings-in-wireshark-captures Show hostnames Go to View -> Name Resolution -> Check the box next to Resolve Network Addresses Resource: https://unix.stackexchange.com/questions/390852/how-to-filter-by-host-name-in-wireshark Filter TLS traffic ssl.record.version If you want to only show TLS v1....