Rob VandenBrink Diaries

Back to Handlers

• NMAP Scanning without Scanning (Part 2) - The ipinfo API
• Scanning without Scanning with NMAP (APIs FTW)
• Why yq? Adventures in XML
• Got MFA? If not, Now is the Time!
• API Rug Pull - The NIST NVD Database and API (Part 4 of 3)
• The CVE's They are A-Changing!
• A Vuln is a Vuln, unless the CVE for it is after Feb 12, 2024
• Netstat, but Better and in PowerShell
• What is sitemap.xml, and Why a Pentester Should Care
• JQ: Another Tool We Thought We Knew
• Shodan's API For The (Recon) Win!
• Citrix ADC Vulnerability CVE-2023-3519, 3466 and 3467 - Patch Now!
• HAM Radio + Enigma Machine Challenge
• Taking a Bite Out of Password Expiry Helpdesk Calls
• Today I Learned .. a new thing about GREP
• DNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer
• Finding that one GPO Setting in a Pool of Hundreds of GPOs
• Update to RTRBK - Diff and File Dates in PowerShell
• Playing with Powershell and JSON (and Amazon and Firewalls)
• Port Scanning in Powershell Redux: Speeding Up the Results (challenge accepted!)
• Finding Gaps in Syslog - How to find when nothing happened
• Breakpoints in Burp
• NMAP without NMAP - Port Testing and Scanning with PowerShell
• Taking Apart URL Shorteners
• A "DHCP is Broken" story, and a Blast from the Past (or should I say "Storm" from the past)
• It's New Phone Day! Time to migrate your MFA!
• Using NMAP to Assess Hosts in Load Balanced Clusters
• When Get-WebRequest Fails You
• Finding the Real "Last Patched" Day (Interim Version)
• Using Passive DNS sources for Reconnaissance and Enumeration
• Geoblocking when you can't Geoblock
• DR Automation - Using Public DNS APIs
• Microsoft Out of Band Update Resolves Kerberos Issue
• Changing your AD Password Using the Clipboard - Not as Easy as You'd Think!
• Sorting Things Out - Sorting Data by IP Address
• SharpRDP - PSExec without PSExec, PSRemoting without PowerShell
• Fun with DNS over TLS (DoT)
• Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers
• Fun with NMAP NSE Scripts and DOH (DNS over HTTPS)
• Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3)
• Using the NIST Database and API to Keep Up with Vulnerabilities and Patches - Playing with Code (Part 2 of 3)
• Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3)
• What's in Your Clipboard? Pillaging and Protecting the Clipboard
• Office 365 Mail Forwarding Rules (and other Mail Rules too)
• SHA3 Hashes (on Windows) - Where Art Thou?
• Hashes in PowerShell
• Base Conversions and Creating GUI Apps in PowerShell
• Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
• No IOCs? No Problem! Getting a Start Hunting for Malicious Office Files
• VMware Patches for Bugs in DHCP Service (Workstation, Fusion, Horizon, VMRC)
• Not all Ethernet NICs are Created Equal - Trying to Capture Invalid Ethernet Frames
• Whodat? Enumerating Who "owns" a Workstation for IR
• Auth-mageddon deferred (but not averted), Microsoft LDAP Changes now slated for Q3Q4 2020
• March Patch Tuesday is Coming - the LDAP Changes will Change Your Life!
• VMware Patch Alert!
• More on DNS Archeology (with PowerShell)
• Mining Live Networks for OUI Data Oddness
• Vulnerability on specific Cisco Industrial / Grid router models
• Mining MAC Address and OUI Information
• Investigating Gaps in your Windows Event Logs
• Combining Low Tech Scams: SMS + SET + Credit Card Harvesting
• When Users Attack! Users (and Admins) Thwarting Security Controls
• The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
• Samba Project tells us "What's New" - SMBv1 Disabled by Default (finally)
• Dumping File Contents in Hex (in PowerShell)
• Using Powershell in Basic Incident Response - A Domain Wide "Kill-Switch"
• Verifying Running Processes against VirusTotal - Domain-Wide
• Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
• The Other Side of CIS Critical Control 2 - Inventorying *Unwanted* Software
• Netstat Local and Remote -new and improved, now with more PowerShell!
• Unpatched Vulnerability Alert - WebLogic Zero Day
• Pillaging Passwords from Service Accounts
• Service Accounts Redux - Collecting Service Accounts with PowerShell
• Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
• Finding Local Administrators on a Domain Member Stations
• Using AD to find hosts that aren't in AD - fun with the [IPAddress] construct!
• Powershell, Active Directory and the Windows Host Firewall
• Mitigations against Mimikatz Style Attacks
• Wikipedia Articles as part of Tech Support Scamming Campaigns?
• Struts Vulnerability CVE-2017-5638 on VMware vCenter - the Gift that Keeps on Giving
• Microsoft LAPS - Blue Team / Red Team
• Still Running Windows 7? Time to think about that upgrade project!
• Is it Time to Uninstall Flash? (If you haven't already)
• Data Exfiltration in Penetration Tests
• Certificates Revisited - SSL VPN Certificates 2 Ways
• Using Certificate Transparency as an Attack / Defense Tool
• Dissecting Malicious MS Office Docs
• Where have all my Certificates gone? (And when do they expire?)
• Let's Trade: You Read My Email, I'll Read Your Password!
• Digging into Authenticode Certificates
• Cracking AD Domain Passwords (Password Assessments) - Part 1 - Collecting Hashes
• Passwords Part 2 - Passwords off the Wire using LLMNR
• Should We Call it Quits for Passwords? Or, "Password Spraying for the Win!"
• What is My IP Again?
• SSH Server "Time to Live"? Less than a cup of coffee!
• Attacking SSH Over the Wire - Go Red Team!
• Securing SSH Services - Go Blue Team!!
• Auditing SSH Settings (some Blue Team, some Red Team)
• No IPv6? Challenge Accepted! (Part 1)
• Rooting Out Hosts that Support Older Samba Versions
• As Your Admin Walks Out the Door ..
• What did we Learn from WannaCry? - Oh Wait, We Already Knew That!
• OAuth, and It's High Time for Some Personal "Security-Scaping" Today
• The Quest for the Universal Fingerprint
• Migrating Telnet to SSH without Migrating
• Packet Captures Filtered by Process
• Phishing for Big Money Wire Transfers is Still Alive and Well (or: For Want of Good Punctuation, all was Lost)
• Infected Apps in Google Play Store (it's not what you think)
• Microsoft Patch Tuesday, or is that "Patch Next Tuesday"? - Flash Player RCE patched today
• 2 Apple Updates Today as Well - GarageBand and Logic Pro X
• Investigating Off-Premise Wireless Behaviour (or, "I Know What You Connected To")
• RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
• Stuff I Learned Decrypting
• Do You Use VirusTotal? Give PacketTotal a Spin!
• Making Windows 10 a bit less "Creepy" - Common Privacy Settings
• Protecting Powershell Credentials (NOT)
• If DDOS Attacks are Natural Disasters, is it Time to Update your DR Plan?
• What Does a Pentest Look Like?
• Microsoft Patch Tuesday Analysis
• Apple iOS 10 and 10.0.1 Released
• If it's Free, YOU are the Product
• MS Office 2013 - New Macro Controls - Sorta ...
• Using File Entropy to Identify "Ransomwared" Files
• Pentesters (and Attackers) Love Internet Connected Security Cameras!
• LogMeIn Captain! A "Not so Phishy" Phishing Campaign
• Controlling JavaScript Malware Before it Runs
• DNS and DHCP Recon using Powershell
• A Wall Against Cryptowall? Some Tips for Preventing Ransomware
• Pentest Time Machine: NMAP + Powershell + whatever tool is next
• Assessing Remote Certificates with Powershell
• Powershell and HTTPS ? It Ain?t All Rainbows And Lollipops! (or is it?)
• Libraries and Dependencies - It Really is Turtles All The Way Down!
• New Burp Feature - ClickBandit
• Uninstalling Problem Applications using Powershell
• The Perils of Vendor Bloatware
• Nessus and Powershell is like Chocolate and Peanut Butter!
• Google Reconnaissance, Sprinter-style
• Windows Service Accounts - Why They're Evil and Why Pentesters Love them!
• Yes Virginia, Stored XSS's Do Exist!
• SSL, SSL - Where Art Thou SSL?
• The Powershell Diaries 2 - Software Inventory
• The Powershell Diaries - Finding Problem User Accounts in AD
• Select Star from PCAP - Treating Packet Captures as Databases
• Syslog Skeet Shooting - Targetting Real Problems in Event Logs
• No Wireshark? No TCPDump? No Problem!
• A Different Kind of Equation
• Throwing more Hardware at Password Cracking - Lessons Learned
• oclHashcat 1.33 Released
• BURP 1.6.10 Released
• Raising the "Creep Factor" in License Agreements
• Which NTP Servers do You Need to Patch?
• Bridging Datacenters for Disaster Recovery - Virtually
• What's Wrong with Bridging Datacenters together for DR?
• Flushing out the Crypto Rats - Finding "Bad Encryption" on your Network
• Google Web "Firing Range" Available
• "Big Data" Needs a Trip to the Security Chiropracter!
• CSAM Month of False Postives - False Positives from Management
• Hacking with the Oldies!
• CSAM Month of False Positives: Ghosts in the Pentest Report
• CSAM Month of False Positives - Our ISP Says We're Hosting a BotNet!
• Identifying Firewalls from the Outside-In. Or, "There's Gold in them thar UDP ports!"
• "Death" of Internet Services
• Apple iCloud Security Incident
• Dodging Browser Zero Days - Changing your Org's Default Browser Centrally
• One More Day of Trolling in POS Memory
• Point of Sale Terminal Protection - "Fortress PCI at the Mall"
• Trolling Memory for Credit Cards in POS / PCI Environments
• Metasploit Update Alert
• Egress Filtering? What - do we have a bird problem?
• Finding the Clowns on the Syslog Carousel
• Certificate Errors in Office 365 Today
• New Security Advisories / Updates from Microsoft - Heads up for Next Patch Tuesday!
• Canada's Anti-Spam Legislation (CASL) 2014
• Assessing SOAP APIs with Burp
• Another Site Breached - Time to Change your Passwords! (If you can that is)
• Collecting Workstation / Software Inventory Several Ways
• Breaches and Attacks that are "Not in Scope"
• Beefing up Windows End Station Security with EMET
• Heartbleed, IE Zero Days, Firefox vulnerabilities - What's a System Administrator to do?
• Apache Struts Zero Day and Mitigation
• Fun with Passphrases!
• Be Careful what you Scan for!
• The Other Side of Heartbleed - Client Vulnerabilities
• Brace Yourselves (and your Users / Clients) for Heartbleed SPAM
• All things not Heartbleed
• Windows 8.1 Released
• Dealing with Disaster - A Short Malware Incident Response
• Patch Tuesday pre-Announcement - XP officially becomes the enemy next week
• TCP/5000 - The OTHER UPNP Port
• Mitigation Fail for Gas Pump Skimmers
• More on HNAP - What is it, How to Use it, How to Find it
• A Tale of Two Admins (and no Change Control)
• Isn't it About Time to Get Moving on Chip and PIN?
• New ISO Standards on Vulnerability Handling and Disclosure
• Hello Virustotal? It's Microsoft Calling.
• You Can Run, but You Can't Hide (SSH and other open services)
• How-To's for the Holidays - Java Whitelisting using AD Group Policy
• Target US - Credit Card Data Breach
• Passive Scanning Two Ways - How-Tos for the Holidays
• Adobe Updates today as well.
• Those Look Just Like Hashes!
• Scanning without Scanning
• Even in the Quietest Moments ...
• Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel 0 day exploit in wild
• ATM Traffic + TCPDump + Video = Good or Evil?
• Kaspersky flags TCPIP.SYS as Malware
• CSAM - Why am I seeing DNS Requests to IANA.ORG in my Firewall Logs?
• Oracle releases Oracle Critical Patch Update Advisory
• Java Quarterly Updates
• CSAM: Microsoft Logs - NPS and IAS (RADIUS)
• Am I using my Fingerprints yet?
• How do you spell "PSK"?
• More Goodies in the Apple Security Update Basket!
• Apple DDOS? Nope, just the update coming down!
• Cisco DCNM Update Released
• Apple IOS 7 - Brace for Impact!
• Happy Friday the 13th !
• Java and Old Hash Algorithms
• Get Ready for PCI 3.0
• What's Next for IPS?
• Building Your Own GPU Enabled Private Cloud
• Is "Reputation Backscatter" a Thing?
• Fibre Channel Reconnaissance - Reloaded
• ZMAP 1.02 released
• Hmm - where did I save those files?
• Can You Hear Me Now? - - - Um, not so well ...
• Java 7 Update 21 is available - Watch for Behaviour Changes !
• Oops - You Mean That Deleted Server was a Certificate Authority?
• Sourcefire VRT Community ruleset is live
• Several Cisco IOS DOS Issues Resolved
• Which IPS is "The Best"?
• IPv6 Focus Month: Barriers to Implementing IPv6
• All I need Java for is ....
• Silent Traitors - Embedded Devices in your Datacenter
• "Get Java Fixed Up"
• Be Careful What you Wish For!
• When Disabling IE6 (or Java, or whatever) is not an Option...
• What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
• Firefox and Thunderbird Updates
• Hotmail seeing some temporary access issues
• SQL Injection Flaw in Ruby on Rails
• All I Want for Christmas is to Not Get Hacked !
• What's in Your Change Control Form?
• Risk Assessment Reloaded (thanks PCI ! )
• Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
• Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
• Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
• Firefox 16 / Thunderbird 16 updates
• Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
• What's on your iPad?
• IE Zero Day is "For Real"
• Auditing a Network for VOIP Call Quality Metrics
• Snort Updated today
• Vote NO to Weak Encryption!
• Vote NO to Weak Keys!
• Today at SANSFIRE - Dude Your Car is PWND !
• Today at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet
• Browsers and SSL Security - a Race to the Bottom !
• vSphere 5.0 Hardening Guide Officially Released
• It's Phishing Season! In fact, it's ALWAYS Phishing Season!
• What's in Your Lab?
• Too Big to Fail / Too Big to Learn?
• Are Open SSIDs in decline?
• Patch for Oracle TNS Listener issue released !
• FCC posts Enquiry Documents on Google Wardriving
• An Impromptu Lesson on Passwords ..
• Stuff I Learned Scripting - Fun with STDERR
• It's Cyber Monday - Click Here!
• Pentesters LOVE VOIP Gateways !
• Stuff I Learned Scripting - - Parsing XML in a One-Liner
• Juniper BGP issues causing locallized Internet Problems
• Stuff I Learned Scripting - Evaluating a Remote SSL Certificate
• The Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real !
• Critical Control 11: Account Monitoring and Control
• Critical Control 4 - Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
• Apache HTTP Server mod_proxy reverse proxy issue
• Critical Control 2 - Inventory of Authorized and Unauthorized Software
• TLS 1.2 - Look before you Leap !
• When Good CA's go Bad: Other Things to Check in Your Datacenter
• Should We Still Test Patches?
• America's Got Telnet !
• Disaster Preparedness - Are We Shaken or Stirred?
• When Good Patches go Bad - a DNS tale that didn't start out that way
• Putting all of Your Eggs in One Basket - or How NOT to do Layoffs
• 8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
• Ping is Bad (Sometimes)
• "There's a Patch for that" (or maybe not)
• "Too Important to Patch" - Wait? What?
• Update for RSA Authentication Manager
• More on MAC OSX Malware - MACDefender Fake Antivirus
• "Do It Yourself" Crimeware Kit for OSX
• Sony PlayStation Network Outage - Day 5
• What's Your (IP) Address Worth?
• The Recent RSA Breach - Imagining the Worst Case, And Why it Isn't Time to Panic (Yet)
• Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
• Blackberry BES Server Updates for PDF Vulnerabilities
• Is Infosec seeing "Death by a Thousand Budget Cuts"?
• Network Reliability, Part 2 - HSRP Attacks and Defenses
• Interesting DDOS activity around Wikileaks
• How a Tablet Changed My Life
• Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
• Cyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
• Cyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
• Cyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
• Cyber Security Awareness Month - Day 19 - Remote Access Tools
• SORBS.NET - email RBL issues
• Cyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
• Network Reliability - the Good, the Bad, the Ugly, and the Not-so-Bright
• Change is Good. Change is Bad. Change is Life.
• Access Controls for Network Infrastructure
• FBI, Slovenian and Spanish Police announce more arrests of Mariposa Botnet Creator, Operators
• Snort 2.8.6.1 and Snort 2.9 Beta Released
• NoScript 2.0 released
• The 2010 Verizon Data Breach Report is Out
• Bogus Support Organizations use Live Operators to Install Malware
• New Mac malware - OSX/Onionspy
• SPAM pretending to be from Habitat for Humanity
• Layer 2 Security - Private VLANs (the Story Continues ...)
• Adobe Shockwave Update
• Security Awareness – Many Audiences, Many Messages (Part 2)
• Layer 2 Security - L2TPv3 for Disaster Recovery Sites
• The Many Paths to Security Awareness
• Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
• Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
• What's My Firewall Telling Me? (Part 4)
• Not Every Cloud has a Silver Lining
• New Risks in Penetration Testing
• Cisco Security Agent Security Updates: cisco-sa-20100217-csa
• Cisco ASA5500 Security Updates - cisco-sa-20100217-asa
• Multiple Security Updates for ESX 3.x and ESXi 3.x
• Defining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
• Support for Legacy Browsers
• APPLE-SA-2010-02-02-1 iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch
• NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
• VMware vSphere Hardening Guide Draft posted for public review
• Microsoft OfficeOnline, Searching for Trust and Malware
• Cisco WebEx WRF Player Vulnerabilities
• Beware the Attack of the Christmas Greeting Cards !
• Layer 2 Network Protections – reloaded!
• SPAM and Malware taking advantage of H1N1 concerns
• Updates to Sysinternals Toolkit
• Microsoft Black Screen of Death - Fact of Fiction?
• Using a Cisco Router as a “Remote Collector” for tcpdump or Wireshark
• Windows 7 / Windows Server 2008 Remote SMB Exploit
• Apple Safari 4.0.4 Released
• Layer 2 Network Protections against Man in the Middle Attacks
• Microsoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET)
• Cyber Security Awareness Month - Day 30 - The "Common" IPSEC VPN Protocols - IKE / ISAKMP (500/udp), ESP (IP Protocol 50), NAT-T-IKE (500/udp, 4500/udp), PPTP (tcp/1723), GRE (IP Protocol 47)
• New version of NIST 800-41, Firewalls and Firewall Policy Guidelines
• ICANN Strategic Planning (2010-2013) Consultation
• New VMware Desktop Products Released (Workstation, Fusion, ACE)
• AT&T Cell Phone Phish
• THAWTE to discontinue free Email Certificate Services and Web of Trust Service
• Cyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)