Recon Copy pasta stuff I use for recon - both inside and outside of a target. Host Discovery Ping Sweeping: IP_RANGE='192.168.0.0' SUBNET_MASK='/24' nmap -sn -oA onlineHosts "${IP_RANGE}/${SUBNET_MASK}" -sn: Use ping scan for host discovery (don’t run a port scan) -oA: Store output in normal, XML, and grepable file formats Parse IP Addresses from gnmap file grep "^Host: " onlineHosts.gnmap | grep "Status: Up" | \ cut -d " " -f 2 | sort -n | uniq Skip ICMP checks ...

Create Screen Session screen -S <name> Attach Screen Session screen -x <name> Background Screen Session ctrl a d

Premise This is a quick and dirty tutorial on how to get set up with the AWS EC2 API. Credentials Go to http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-set-up.html and follow the instructions to get your access key and secret access key. Install the CLI Component For this to work, you’ll need python and pip. Once you’ve ensured both are installed, run this command: pip3 install awscli Generate your config and credentials file Now that you have your credentials, go ahead and run this command: ...

This will be a quickie. Basically, the UNM CS machines have the sl (steam locomotive) command set up, which is incredibly annoying if you happen to accidentally type “ls” incorrectly - something I manage to do quite regularly. Let’s replace this with ls. Open ~/.bash_profile with your favorite text editor, and toss this in there (if it’s not already there): source ~/.bashrc Next, open ~/.bashrc and throw this up: alias sl='ls' alias LS='ls' alias l='ls' If there’s something already in there, do not overwrite it, unless you know what you’re doing. Just append this to whatever is already there. ...

This will help you set up vnc for the cs machines for UNM Obviously, if you’re not a computer science student at UNM, this will not be very interesting to you. However, since I have been asked this question on multiple occasions, I figured it would be good to get the process documented and easily accessible. Here goes: Log into your CS account. Run this command: touch ~/.vnc/xstartup Throw this into that file with your favorite text editor: ...

Reverse Engineering Methodology Use jadx (used to analyze java bytecode) to disassemble an APK. Another great tool is Apktool Terminology Activity Something a user “touches” What launches when you tap the application icon Service Long running process that runs in the background An example of this is spotify - you listen to music while doing stuff on other apps Intent Used to facilitate communications between different Android objects A message that states that you did or want something to happen For example, this could be something like the phone ringing, or receiving an SMS message Intents are used to start activities and services or deliver a broadcast message Intent Receiver Respond to input, which could be something like an SMS message, losing WiFi, etc. For example, if you lose WiFi connectivity while playing a game like Gwent, you get a message stating that you’re no longer connected to WiFi. Content Provider Interact with app storage, typically looks a lot like SQL commands Resource: https://www.youtube.com/watch?v=OLgmPxTHLuY ...

Installation on Centos 8 sudo dnf makecache sudo dnf install -y epel-releasesudo dnf makecache sudo dnf install -y ansible Resource: https://linuxhint.com/install_ansible_centos8 Build Control Node I used an Ubuntu 20.04 instance for this. While I do provide installation instructions for Red Hat, everything is focused around Ubuntu. If you want to use another OS, you’ll just need to change the commands for installing and the username (ubuntu). Create SSH key for management ssh-keygen -b 4096 -f ~/.ssh/control_node -N '' Copy SSH key to managed node(s) If you want to use SCP, you could use the following function (don’t forget to change your management key from mgmt_key.pem to whatever you call it, or omit the -i ~/.ssh/mgmt_key.pem if you’re using passwords for SSH): ...

Keyboard Shortcuts There are many useful keyboard shortcuts that I’ve come across over time, and I try to include them here so they don’t get forgotten. DevTools keyboard shortcut COMMAND+SHIFT+I Resource: https://developer.chrome.com/docs/devtools/shortcuts/ Open Finder OPTION + COMMAND + SPACE Resource: https://www.howtogeek.com/661251/how-to-open-finder-with-a-keyboard-shortcut-on-mac/#:~:text=Luckily%2C%20you%20can%20open%20Finder,window%20for%20quick%20file%20searches. Open Spotlight COMMAND + SPACE Maximize window COMMAND + TAB to highlight the minimized window you want to maximize. Before releasing the COMMAND button, hit the OPTION button (ALT on a windows keyboard). ...

This contains various commands and information that I find useful for AWS work. Install latest version of AWS CLI on linux curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" \ -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install Resource: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html Check AWS CLI is installed if ! [ -x "$(command -v aws)" ]; then echo 'Error: AWS CLI is not installed.' >&2 else echo 'AWS CLI is installed.' aws --version fi Credentials Use env vars Create the following env vars with your AWS credentials: ...

Automated Scanning Tools These are tools that can be run by attackers or defenders to get a sense for all of the assets in an environment. Create audit user to use for running tools export AUDIT_IAM_USER="usr-security-audit" aws iam create-user --user-name "${AUDIT_IAM_USER}" aws iam attach-user-policy --user-name "${AUDIT_IAM_USER}" --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess aws iam attach-user-policy --user-name "${AUDIT_IAM_USER}" --policy-arn arn:aws:iam::aws:policy/SecurityAudit aws iam create-access-key --user-name "${AUDIT_IAM_USER}" Be sure to create a profile in your ~/.aws/config and ~/.aws/credentials for this user to make copy and pasting the steps for tools below as easy as possible! ...