Hack_Char's Blog

Introduction to Logging with Fluent-Bit and OpenSearch

Char published on 2024-01-26 included in Logging OpenSearch

I’m planning on a talk discussing opensource C2 (command & control) frameworks like Havoc and Mythic. To be complete, there really needs to be a good environment to test and demonstrate against. And to be thorough, this environment should at least have some basic security controls in place. As I keep finding poor documentation online, these blog posts will help to consolodate some lessons learned. Logging Logging is the most critical security control to implement.

/images/havoc-donut-plugin.png

HavocC2 Donut Plugin

Char published on 2023-12-04 included in Havoc-C2

Havoc C2 plugin for Donut I just made a Havoc C2 plugin to help spawn donut-generated shellcode into a new process. Will add some more features as time permits - really wanted this to help out with a ‘bypassing EDR’ talk I’m planning for next month. There’s a python plugin for the main and dev branches in the Havoc-Donut plugin repository. Make sure to use a Havoc C2 dev branch that contains this pull request.

/images/OpenStack-Docker.png

OpenStack Containers

Char published on 2023-11-10 included in OpenStack

If you’re just trying to play around with OpenStack, definitely look at DevStack first. Before I go into any significant detail, here’s my current OpenStack (2023.1) configuration: Docker-Compose and general setup is documented in GitLab It will pull a single minimized Docker image (~600MB) from my DockerHub Why Containers? I’ve found that packaging my OpenStack configuration inside containers helps organize and revision control my OpenStack setup quite well. A number of containers will be privileged or host networking - if you’re going to use openvswitch and qemu, it’s going to be privileged.

/images/OpenStack.png

OpenStack

Char published on 2023-11-09 included in OpenStack

OpenStack cloud for your home lab This is going to be a series of blog posts about running OpenStack for a home lab. It’s not for everyone, but I’ve found it very useful. OpenStack is a great set of microservices that can be run and provide a set of cloud interfaces into your home lab. I use a Linux desktop for everything and prefer using libvirt/virt-manager for most virtual machines (VM).

/images/defender-no-threats.png

Bypassing Defender

Char published on 2023-11-06 included in talks

This talk on bypassing anti-virus (Windows Defender) was given in-person to DC719. A later recording is available on YouTube along with the slides on Gitlab. Given how popular this was, a future talk on bypassing EDR is coming up. Will be in-person at DC719 in January. A recording will be posted later, but will not include some details.

/images/Hello.png

Blog Site Under Construction

Char published on 2023-11-05 included in Introduction

Hi! This blog site is currently under development… and will change a lot in the next few days. Content will include Cyber Security Software Development Hardware Development Cloud Project Contributions OpenStack CoreBoot Talks