scriptmonkey

1. NFTF Quickie – VBS Funtimes – Run Scripts? Get Prompt This is probably a duplicate somewhere but wanted it noted for my own use anyway – here’s a very handy VBS that does the job nicely for accessing useful commands as a user on a locked down desktop. Using VBS to fire up FTP as a local command shell

12Run ftp... CreateObject("WScript.Shell").Run "cmd.exe /k ftp"

Using the above and… Continue reading

Cross posting some work of a friend of mine that I was helping with, I say “helping” in the lightest form of the word (I had a domain controller ready to test, he didn’t).

Meatballs (over at: http://rewtdance.blogspot.com) has been doing some work attempting to put together a metasploit module to decrypt passwords found within the sysvol folder on win2k8 domains.

However rather than just settle for the disclosed… Continue reading

…running Centos 6.2

After seeing a great little tutorial courtesy of @hak5darren I decided to implement this on my VPS box to provide a little extra security while removing the need for private keys.

Granted I can still use private keys at home but it’d be nice to have access to my box when I maybe don’t have access to my private key or using it via an internet cafe.… Continue reading

In my line of work we encourage encrypted communications and securing sensitive data especially when it comes to PII.

However it’s increasingly common to see systems put into place that are obviously only there to mitigate litigation aspects should anything go wrong.

Take American Express for example:

An email from them asking you to send a copy of your passport/driving licence/etc… to confirm your identity suggests that you may reply… Continue reading

Figured I’d keep a copy of this on here for the next time I need to do malware investigation.

  • urlvoid.com – checks URL’s against lots of blacklists, emergingthreats, malwaredomainlist and zeustracker/etc…
  • ipvoid.com – Same as above but for IP addresses
  • support.clean-mx.de – Searches above databases and records logs of abuse claims. Useful as it can sometime give you extra URI’s for a host to comb your logs for. Also usefully… Continue reading