Posts
How To Stop Tcpdump (Without Losing Data)
TLDR Use --immediate-mode* **, e.g.
tcpdump --immediate-mode -w out.pcap And then use Ctrl+C to stop tcpdump whenever you feel like it, without fear of data loss.
* --packet_buffered should do the trick but is not present in older versions of tcpdump; see below.
** But if you’re just printing to the console (that is, not using -w to save to a file), then the non-lossy behavior will be enabled by default, so no need to use these options.
Posts
SYSVOL, Groups.xml, gpp-decrypt, and xq
Today I learned about SYSVOL, Groups.xml, and how it can contain admin passwords (in an insecure configuration). Long story short, if you gain access to a SYSVOL share, poke around and check for Groups.xml and its cpassword field (or any file with cpassword).
Decrypting the password is easy with gpp-decrypt (see also a more modern and slick gpp-decrypt in Python).
And my favorite tidbit was finding xq, “jq for XML” — a slick tool for grabbing values out of an XML file.
Posts
Finding a Fuzzer: Peach Fuzzer vs. Sulley
In an effort to achieve platform independence, I am reposting popular blog posts from years ago. Adjust accordingly, and enjoy!
Originally posted on Medium, 2016-02-10.
A few months ago, I started looking at fuzzing tools. Finding a decent open source tool to use was more trouble than I expected, so I decided to write about it here.
tl;dr I went with Sulley because it is open source and much more usable than Peach.
Posts
Tcpdump Colors With Rainbow
🌈
As you know, tcpdump is a handy command line version of Wireshark. Among its use cases is running from a headless server, from within tmux, or just feeling more l33t by running everything from the command line.
While using tcpdump recently for some in-depth monitoring and debugging, my soul pined for colored output to highlight IP addresses, ports, MAC addresses, etc. There is an old feature request for this very option, not yet implemented.