Intro to Secrets Management using Vault
TL;DR Using short-lived secrets to access a database is much more secure than standard credentials
Tcpdump Notes
I have been using tcpdump recently and wanted to note down some of the commands Y’know, for future reference.
Cheat Sheet:
To monitor certain ports:
- In this case, monitoring for the existence of NETBIOS traffic
sudo tcpdump -n -i eth0 '(port 137 or 138 or 139)'
-n is to stop IP name resolution -i is for the interface
Record traffic looking for a specific host:
sudo tcpdump -i eth0 -n 'host 192.168.1.2 and (port 137 or 138 or 139)'
To write to a file:
sudo tcpdump -n -i eth0 ip6 -w ipv6.pcap
To select hosts from a Pcap file:
sudo tcpdump -n -r llmnr.pcap | cut -d " " -f3 | cut -d "." -f 1-4 | sort -u
This assumes the ip and port are together such as:
192.168.2.1.80
2021
Connecting to an Amazon MySQL RDS database
I recently received my AWS Solutions Architect Associate Cert, and I inadvertently learned more about Ops and DevOps in respect to automation, deployment an...
Connect to Splunk with Python
This post will cover the following: Connecting to Splunk with the Python SDK, executing a search and receiving the results Connecting to Splunk without ...
2020
Winlogbeat & ELK
TL;DR: Create Logstash conf.d file to allow Winlogbeat to be ingested into Logstash. Change Winlogbeat config file to use Logstash instead of Elasticsearch.
WinRM Cheatsheet & PowerShell Syntax
TL;DR Enable-PSRemoting Invoke-Command
Golang and Windows Network Interfaces
I have been working on Windows and needed to connect to a Network Interface (NIC). I ran into problems, here is what I learned and hope it saves the same tro...
Tcpdump Notes
I have been using tcpdump recently and wanted to note down some of the commands Y’know, for future reference.
Pivoting with SSH
Today I was trouble shooting a machine at work. I did not have access via RDP or VNC, so I used SSH to forward my traffic to the host so I could access a URL.
GitHub Actions
I participated in a DevSecOps type workshop on Saturday (May 9th) in which we created some GitHub Actions. This is a post to solidify the learning and be a c...
Slice Find & Remove Cheat Sheet
This post is a cheat sheet for removing values from a Slice (technically creating a new slice).
Threat Defense Workshop
On April 25th I was fortunate enough to participate in the Trend Micro Threat Defense workshop.
Incident Handling Certification
Since I blogged about my experience at OpenSoc, I wanted to expand on the value I found in my eLearnSecuirty Incident Response course. What you will find bel...
OpenSoc Experience
So Thursday (April 9th) I participated in an online blue team defense simulation event, known as OpenSOC.
Golang Parsing Strings
I have been working with Golang strings and how to manipulate them. Working from other blogs posts I’ve found. When I sit down to code, I seem to forget ever...
Code Highlighting
its workings
Welcome to Jekyll!
You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different wa...
This is from my Home PC
Blog from home installed jekyll on home PC, pulled GH repo. done :) (not that easy)
testing 2nd post on same day
2nd blog post this is some wording