Tech Help

Lets Talk Hacking First Hacking comes in many shapes colors and sizes these days. It could be a single system being taken over by malware, or it could be a cloud account that has access to 20 systems, development keys, and ability to reset other users credentials. There is a wide range of ways to gain access to information in today's modern infrastructure landscape. Some of the more common types is system and account compromise. Both can lead to each other given the right scenarios, and sometimes neither is necessary for compromise of information. Such as a website that has an exploit which leaks information it shouldn't. Finding evidence of these may come in various flavors as well. Such as an antivirus detection alerting but not quarantining, or a network detection tool flagging a suspicious pattern of callback-like activity. In both of these example cases, you'd want to further investigate. In this post, we'll walk through doing this under the system compromise persp...

Defense Penetration Testing (Pentests)      Many pentesting firms have done this for a while now so there's nothing new here, but I'd like to show you why and how pentests can be performed by shipping a raspberry pi (small, single board computer) and letting your staff power it on or setting it up to be left there. But before we do that, lets discuss why this would ever be a thing. There is a number of problems that arise that merit this sort of working as a defacto/standard operating mechanism and it only makes sense to offer the same.  Problem 1: "Scheduling/We can't perform testing during work hours"      Often employers won't have a way to get people to unlock the doors for you after hours and stay with you to perform testing, including wifi, physical, or internal pentesting techniques. This is the most common reason to say "okay well we can setup a laptop and leave it there".  This would work great for many reasons, because then they have all...

  Much props to ImHex (https://imhex.werwolv.net/) for the awesome tool. Thanks for reading Watching! If you need any IT or CyberSecurity work remotely or within the DFW area, please contact us over at  FeemcoTechnologies .

Introduction      I recently asked what tutorials I should do, and the first response that made sense to do was to write a how-to for making a lab environment. Because this is a tech blog, I think it's safe to assume this meant tech lab, or even hacking lab, not like science lab or something too crazy like that, though those are also things that probably could use a how-to these days. Generally, labs like this would be made to test new ideas, technologies, or techniques. When used for hacking labs, its usually the same with a gearing towards exploitation, with malware analysis, the same geared towards understanding the malware. So, lets go through some basic setups, the requirements for them, then follow that up with a dive into ways we can expand on that as well for different variations.       To do this, we're going to be using virtualization and containers, as this will provide us the widest range of capabilities for what we want to do. I'm going to...

Introduction      I recently found myself in need of a live wordpress system to install and test various tools against, as well as test for and validate exploits. So as part of my lab setup series, I'm going through a quick step-by-step version of configuring a quick wordpress lab.     This lab uses containers to make this an easily followed process and simplicity sake. If your specific lab needs a virtual or dedicated machine to run your testing, this may not be the ideal place to start. Either way, challenging myself to do some tutorials, so lets get into this!  Requirements:      So, there are a few requirements expected before this lab can be ran, though this should be generally cross platform: docker (or docker desktop) docker-compose an attacker system/container (in my example, I had curl, wpscan and greenbon/openvas installed on a separate container that I used to test against this) Steps: 1. To start with, just simple docker-compose f...