Recent Posts
How To Stop Tcpdump (Without Losing Data)
TLDR Use --immediate-mode* **, e.g.
tcpdump --immediate-mode -w out.pcap And then use Ctrl+C to stop tcpdump whenever you feel like it, without fear of data loss.
* --packet_buffered should do the trick but is not present in older versions of tcpdump; see below.
** But if you’re just printing to the console (that is, not using -w to save to a file), then the non-lossy behavior will be enabled by default, so no need to use these options.
read more
SYSVOL, Groups.xml, gpp-decrypt, and xq
Today I learned about SYSVOL, Groups.xml, and how it can contain admin passwords (in an insecure configuration). Long story short, if you gain access to a SYSVOL share, poke around and check for Groups.xml and its cpassword field (or any file with cpassword).
Decrypting the password is easy with gpp-decrypt (see also a more modern and slick gpp-decrypt in Python).
And my favorite tidbit was finding xq, “jq for XML” — a slick tool for grabbing values out of an XML file.
read more
Finding a Fuzzer: Peach Fuzzer vs. Sulley
In an effort to achieve platform independence, I am reposting popular blog posts from years ago. Adjust accordingly, and enjoy!
Originally posted on Medium, 2016-02-10.
A few months ago, I started looking at fuzzing tools. Finding a decent open source tool to use was more trouble than I expected, so I decided to write about it here.
tl;dr I went with Sulley because it is open source and much more usable than Peach.
read more