Introduction to Logging with Fluent-Bit and OpenSearch Char published on 2024-01-26 included in Logging OpenSearchI’m planning on a talk discussing opensource C2 (command & control) frameworks like Havoc and Mythic. To be complete, there really needs to be a good environment to test and demonstrate against. And to be thorough, this environment should at least have some basic security controls in place. As I keep finding poor documentation online, these blog posts will help to consolodate some lessons learned. Logging Logging is the most critical security control to implement.
HavocC2 Donut Plugin Char published on 2023-12-04 included in Havoc-C2Havoc C2 plugin for Donut I just made a Havoc C2 plugin to help spawn donut-generated shellcode into a new process. Will add some more features as time permits - really wanted this to help out with a ‘bypassing EDR’ talk I’m planning for next month. There’s a python plugin for the main and dev branches in the Havoc-Donut plugin repository. Make sure to use a Havoc C2 dev branch that contains this pull request.
OpenStack Containers Char published on 2023-11-10 included in OpenStackIf you’re just trying to play around with OpenStack, definitely look at DevStack first. Before I go into any significant detail, here’s my current OpenStack (2023.1) configuration: Docker-Compose and general setup is documented in GitLab It will pull a single minimized Docker image (~600MB) from my DockerHub Why Containers? I’ve found that packaging my OpenStack configuration inside containers helps organize and revision control my OpenStack setup quite well. A number of containers will be privileged or host networking - if you’re going to use openvswitch and qemu, it’s going to be privileged.
OpenStack Char published on 2023-11-09 included in OpenStackOpenStack cloud for your home lab This is going to be a series of blog posts about running OpenStack for a home lab. It’s not for everyone, but I’ve found it very useful. OpenStack is a great set of microservices that can be run and provide a set of cloud interfaces into your home lab. I use a Linux desktop for everything and prefer using libvirt/virt-manager for most virtual machines (VM).
Bypassing Defender Char published on 2023-11-06 included in talksThis talk on bypassing anti-virus (Windows Defender) was given in-person to DC719. A later recording is available on YouTube along with the slides on Gitlab. Given how popular this was, a future talk on bypassing EDR is coming up. Will be in-person at DC719 in January. A recording will be posted later, but will not include some details.
Blog Site Under Construction Char published on 2023-11-05 included in IntroductionHi! This blog site is currently under development… and will change a lot in the next few days. Content will include Cyber Security Software Development Hardware Development Cloud Project Contributions OpenStack CoreBoot Talks