CptOfEvilMinions

icon indicating a website link https://holdmybeersecurity.com/

icon location https://HoldMyBeerSecurity.com author. CSEC@RIT. Views and opinions are my own.

Results 25 issues of CptOfEvilMinions

Osctrl assumes self-signed

1 comment

Osctrl assumes self-signed certificate for Osquery deployment but that is not the case. Since we are using AWS LB with ACMs certs, our certs are signed by a trusted authority....

enrollment
osquery

Add PoC for Ansible using AWS secrets

Process injection(psinject not working)

1 comment

## Empire Version - 2.5 ## OS Information (Linux flavor, Python version) - Linux KaliLinuxVM 4.19.0-kali3-amd64 #1 SMP Debian 4.19.20-1kali1 (2019-02-14) x86_64 GNU/Linux - Python 2.7.16rc1 - Microsoft Windows 10...

osctrl-admin sticky sessions

`osctrl-admin` requires the load balancer to use sticky sessions to allow for successful login. If multiple `osctrl-admin` instances are set up behind a load balancer using round robin for routing...

osctrl-admin
backend

Review new Osquery tables

Review new osquery tables and add them to config

Create Osquery query for TCC failures

``` Sandbox: bash(918) System Policy: deny(1) file-read-data /Users/hton/Documents ``` Osquery query unified logs for TCC failures.

Create Osquery query for Downloads

Create Osquery query for Downloads that collects newly created files hashes, extended attributes, etc.

Gitbook: Phase 2: Initial Compromise

Gitbook: Phase 3: Establish foothold

1 comment

Gitbook: Phase 8: Complete mission