test

At my 9 to 5 each quarter we are given a week to focus on a technology or an area that we want to level up on. This Hack Week I chose Python. I will be posting some of my projects along the way. For the first project I built a simple Tip calculator . This project helps you get a better understanding of Data Types and how to manipulate Strings. https://replit.com/@atomixgray/tip-calculator-start Rock, Paper, Scissors! The main goal of the next project is to get you familiar with Random and using Modules. This was a fun one. https://replit.com/@atomixgray/rock-paper-scissors-start Next up is For loops. What a challenging and fun project. Password Generator https://replit.com/@atomixgray/password-generator-start We are now at “Day 7” and building a Hangman Game . This touches on For & While Loops, IF/ELSE, List, Strings, Range, Modules. “Day 8” brings on another fun challenge creating a Cipher shift code! This challenge teaches you more on functions using ...

Today we are back in the lab and working on a "Credential Grab". The PowerShell module once again brought to you by PSPete. (Full Screen to view - sorry) The script itself is pretty basic but can save you a bit of time each day. 1.) Prompts for the account password you wish to "grab" 2.) Ask for Server you'd like to connect to: 3.) Using Pete's module it reaches out using CyberArk's RESTAPI: 4.) Connects to desired safe grabs password: 5.) Password is copied to your clipboard: 6.) RPD session is opened: 7.) Simply Paste your password and you're logged in: https://lnkd.in/e_rms2D Module installation Copy the CredentialRetriever folder to your "Powershell Modules" directory. Get-Module -ListAvailable CredentialRetriever Import the module: I mport-Module CredentialRetriever Now that we have the module installed we can start our custom script found here . (work in progress) The script itself is pretty basic. Launc...

Tonight we are working on some CyberArk automation inside of VsCode.   The building and provisioning of safes can become cumbersome when you're enrolling several hundred users a week. With the help of an amazing PowerShell module by PSPETE  we can make quick work of this. Revision 1.0 of this script will do the following. 1.) Create Users Safe 2.) Add users network account to safe with customizable permissions 3.) Add a local CyberArk support account group with customizable permissions 4.) Add Vault Admin group for more support options with customizable permissions 5.) Add Users (new) Privileged account into their newly created safe. 6.) Run a Reconcile on the account to bring into CyberArk management. .   I will upload everything to  https://github.com/atomixgray/cyberark/  after a little more testing. Revision 2.0 will include an option for bulk uploading users via a CSV file.

IR with Bro "Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well" Let's have some fun with Bro!  Today we are digging into a PCAP that captured the angler malware. Angler was one of the leading exploit kits used by cybercriminals to distribute malware ranging from ransomware and banking Trojans to ad fraud. Like most other exploit kits, it focused on web-based vulnerabilities in the browsers and their plugins. Angler was one of the few exploit kits during its time that offered fileless infections, where malware never touches the disk and only resides in memory to avoid detection.  Angler has been inactive since June 2016 but still fun to look at. $ mkdir working folder $ CD into a new working folder We have captured a PCAP with some unusual traffic. To begin ...

I'd like to start things off with I am NOT a coder...  .. but I wrote a very simple script to help automate some of my Recon for Sub-domains. Doing this manually is a huge under taking and of course time consuming. This is just the beginning of the horribly named script "Sub Num Num" But what's it do? This script reaches out to cert.sh and certspotter checking for valid sub-domains - next it runs a quick  probe on (80,443) We are then left with valid targets to begin a deeper dive.(Directory brute forcing etc..) You can access the current code here..  https://github.com/atomixgray/subnumnum Installation  (note GoLang is needed for the httprobe) If you have git installed 1.) sudo git clone https://github.com/atomixgray/subnumnum.git 2.) chmod +x subnumnum.sh Lets do a quick hunt on gemini.yahoo.com (There is currently a public bounty on this Sub) Comments and suggestions are more than welcome!

I've been working from home for about a year now and have to admit I love the commute. I've quickly learned a few things and thought I would share a few tips. With that my top 10 tips for working remote. 1.) Get dressed. This may sound silly but keeping a routine as if you're actually "going into the office is an important step. Not only that this will also help with step number 5. 2.) Set up an area used exclusively for work.   This will help you psychologically separate from your home and work life. Not only that but you may be able to deduct your workspace from your taxes. I am by far a tax pro so I would ask your accountant. Also, spend a little money fixing up your office. A little art on the walls and a comfortable chair will go a long way. 3.) Stay out of the fridge .   Forget about the freshmen 15. I was quite surprised by how many times I walked downstairs from my office to open the fridge just because it was there. Don't change your eating habits...

Today we are going to add a new feed to our Anomali Threat Server.   Called Hail a Taxii Anomali makes this process extremely easy. Login to your Anomali STAXX server Then click the setting tab in the upper right corner. This will bring you to the site where you can add your new Feed. As you can see I already have 3 feeds added - the default Limo, Alien Vault OTX, and IBM X-Force. Click on Add Site in the upper right. The Add New Site Window is launched. For the Description I've added "Hail A TAXII" and the Discovery location is simply the poll location for Hail A TAXII   "http://hailataxii.com/taxii-discovery-service"  Username: guest  Password: ***** Click on Add Site / Discover (depending on the version you're running) Once the Discover process is complete your left with several new Feeds to add to your arsenal I've enabled all the above Feeds and ran a quick Poll. As you can see below we have started to collect Intel "data...