We had a pretty solid push the first half of the year with updates to the site and projects. We’ve picked up some business that has left us fairly busy. The forecast for 2018 looks is:
- IPv6 Scanner, I actually wrote this a few years ago on an assessment and then prompt lost the source so I’m cleaning it up and making it ready for prime time.
- SMBv1 Validator. Pretty self explanatory, that scanner is about 90% done I’m just adding threading because it is slow right now doing them one at a time with a full connection and handshake. Project is on GitHub and the post is Here
- Extra Secret Classified Project! Actually, we just don’t have a name for it yet but it is a mix of stuff we look for on assessments as some menu driven python code.
- Watering Hole Attacks, this is a favorite of mine.
- Metasploitable3 walk-through.
- Low power linux dropbox using Nexx 3020H hardware. Device build Here and installing Responder on the device is Here
After a few false starts we have the knowledge base up and running, the goal is to put 3 or 4 new entries per week. If you have suggestions for a technique or tool to feature let us know. Tell us how to use it and we’ll even credit it to you.
If you haven’t noticed we’ve been publishing more content lately. Partly, this is because we had a lull in the schedule to actually get things done and we also had a bunch of half finished stuff that we focused on getting done.
Here are the things you will see soon.
The last recon-ng installment, this one is exciting because it is the actual nuts and bolts
Relatively soon, some of these are half done some are nothing more than a title and vague idea at this point.
Phish Stories, I once wrote a post [———- THIS ———-] big
OSINT Tutorial for Dimitry
Penetration Testing Trade Craft
Not as soon.
Tool Usage Wiki, this is the equivalent of letting someone watch you make the secret sauce
There are a few things that I didn’t care for about hosting code on our website. Not being able to directly upload and download python code as a .py file was a real pain.
I use GitHub to download other great projects for penetration testing and decided to see how complicated it was to setup. It was super easy, there was even a HELLO WORLD tutorial.
All of the code will continue to be hosted on this page but new projects will contain a link to the GitHub repository.
Secure Network Management on GitHub
We have been so busy that we haven’t been getting content onto the website. Here is a quick rundown of what is going on.
We are giving the keynote address on emerging threat trends at New Mexico Technology in Education November 20th. http://nmtie.net/2014-conference/
We will be presenting ‘Why you don’t need a pen test’ to the Albuquerque Chapter of ISACA on December 9th. http://www.eventbrite.com/e/why-you-dont-need-a-penetration-test-plus-sandworm-demo-tickets-14154631885?aff=eorg
And because we hate free time we are partnering with Albuquerque Health Care for the Homeless to provide a vulnerability assessment of their network. Being part of the InfoSec community is important, but helping those in need in our local community is part of being a good citizen.
Once all the dust settles, we will be posting more tutorials and content.