Recent Posts
Next Chapter: Startup Life (Smart Pricing Table)
After 6 years hacking cloud infrastructure at Oracle, I’ve packed up and joined the startup life.
I’m partnering with Joe, creator of Smart Pricing Table, an insanely helpful proposal-writing platform for agencies (or anyone).
What makes Smart Pricing Table worth this investment?
- The product is actually helpful, and truly loved by its users.
- Joe is the perfect founder for this product, with years of actual agency experience.
There are a lot of “proposal software” products out there… and they’re mostly glorified word processors + signature software.
How To Stop Tcpdump (Without Losing Data)
TLDR
Use --immediate-mode
* **, e.g.
tcpdump --immediate-mode -w out.pcap
And then use Ctrl+C to stop tcpdump
whenever you feel like it, without fear of data loss.
* --packet_buffered
should do the trick but is not present in older versions of tcpdump
; see below.
** But if you’re just printing to the console (that is, not using -w
to save to a file), then the non-lossy behavior will be enabled by default, so no need to use these options.
SYSVOL, Groups.xml, gpp-decrypt, and xq
Today I learned about SYSVOL, Groups.xml, and how it can contain admin passwords (in an insecure configuration). Long story short, if you gain access to a SYSVOL share, poke around and check for Groups.xml and its cpassword field (or any file with cpassword).
Decrypting the password is easy with gpp-decrypt (see also a more modern and slick gpp-decrypt in Python).
And my favorite tidbit was finding xq, “jq for XML” — a slick tool for grabbing values out of an XML file. I used a fork with a --raw
option: https://github.com/boyska/xq
Finding a Fuzzer: Peach Fuzzer vs. Sulley
In an effort to achieve platform independence, I am reposting popular blog posts from years ago. Adjust accordingly, and enjoy!
Originally posted on Medium, 2016-02-10.
A few months ago, I started looking at fuzzing tools. Finding a decent open source tool to use was more trouble than I expected, so I decided to write about it here.
tl;dr
I went with Sulley because it is open source and much more usable than Peach. However, it is less mature, bugs and all, so much so that I needed to fork the project to keep using it. The new project is called boofuzz.
Tcpdump Colors With Rainbow
🌈
As you know, tcpdump
is a handy command line version of Wireshark.
Among its use cases is running from a headless server, from within tmux, or just feeling more l33t by running everything from the command line.
While using tcpdump
recently for some in-depth monitoring and debugging, my soul pined for colored output to highlight IP addresses, ports, MAC addresses, etc.
There is an old feature request for this very option, not yet implemented. tshark
has a --color
option which adds handy Wireshark-themed coloring to your packet summary — cool, but not what I was looking for.
About
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. Among his passions are hacking, teaching kids to program, attending orchestral concerts with his wife, raising his daughter, and figuring out how he can get paid to do it all… legally.
Specifically, he has performed his fair share of penetration with a little fuzzing on the side. Joshua is the maintainer of the boofuzz network protocol fuzzing framework.