Skip to content

Instantly share code, notes, and snippets.

View adricnet's full-sized avatar

Adric Net adricnet

14 followers · 3 following
View GitHub Profile
@adricnet
adricnet / flashtalk-filesystems.md
Created September 25, 2025 15:59

Why might you care about filesystems

in 02025 CE ?

"in a investigation, details matter" -Dr. Emma Watson, OBE, Bill and Ted's Bogus Journey

  • Endpoints: more than you may think
  • Serverless, chatbots, APIs: maybe filesystems less important
    • although ../ won't stop and that's a filesystem path polite cough

Limits and shapes user and miscreant activity:

@adricnet
adricnet / kali-config-monkeypatch.md
Created November 1, 2019 21:35
Minimally customize a Kali ISO for moar package goodness 
root@kali:~/Desktop/live-build-config# cat kali-config/variant-light-voltron/package-lists/kali.list.chroot 
# You always want those
#kali-linux-core
kali-desktop-live

# Kali applications
#<package>
# You can customize the set of Kali metapackages (groups of tools) to install
@adricnet
adricnet / some-conf-talks.md
Last active October 15, 2019 02:05
Conference talks I missed live, watching videos
@adricnet
adricnet / cuckoo-windows.md
Last active April 12, 2018 17:17
Cuckoo 2 python 2.7 32bit on Win x64

Some obstacles overcome to get a Cuckoo 2 sandbox going on the class laptop: Win10x64 Pro. This is just my notes and rambling and intent is to write up a working build in case someone else in 610 or the community wants it.

Book

Upstream installation instructions, might give harmless cert error: http://docs.cuckoosandbox.org/en/latest/installation/guest/agent/

Python

@adricnet
adricnet / poof-msf3-joker.md
Last active March 22, 2018 01:30
Proof of obtaining flag? Metasploitable 3's Joker card

The live demo attempt method (FileInsight):

  1. Use web developer tools or Burp to capture source of index page. (Ctrl-A, Ctrl-C)

  2. Paste that HTML into a new buffer in FileInsight.

  3. Trim away everything but the suspicious bitstream.

  4. Select the bitstream (Ctrl-A) and use the Decode tools in the left pane to convert Hex to ASCII (no key).

@adricnet
adricnet / 2018_kick_scribble.md
Last active January 22, 2018 22:12

Theme: Learn to Attack

Why?

  • Purple is a lovely colour
  • Lose less at CTFs
  • Get another security certification

Why (srsly)

@adricnet
adricnet / 2017-profdev.md
Last active December 18, 2017 14:54
2017-profdev

==Major

  1. GSE (done)
  2. SOC Summit workshops
  3. MGT517 SecOps Design and Operation
  4. Security Onion Con / B-Sides Augusta
  5. Investigation Theory (AND)
  6. FOR572 self-study (4A)
  7. DataCamp: Python Data Science ( 7 of 20 )
@adricnet
adricnet / spring_cloud_lab_pm.md
Last active June 22, 2017 13:48
Spring Cloud Lab Experiment Results

In which we derive some lessons from the now decommisioned lab resources recently experimented with

Resources

  • an Amazon Workspace with Windows and Office, rented for a month
  • a Droplet with Docker, running an infosec app of interest, for a couple months
  • Chromebook as client to all

Test tasks

@adricnet
adricnet / dexray_rocks.md
Last active March 2, 2021 10:12
dexray testing
@adricnet
adricnet / add_to_bashrc.md
Last active March 16, 2017 13:13
Fun stuff from #investigationtheory class. Get these to work and then share. Save time, reduce dangerous typos.

##Fun stuff from ITTAM class. Get these to work and then share. Save time, reduce dangerous typos.

alias safe="pbpaste| sed -e 's,http,hXXp,g' -e 's,\.,[.],g' | pbcopy; echo 'URLs broken!'" 
alias unsafe="pbpaste| sed -e 's,hXXp,http,g' -e 's,\[\.\],.,g' | pbcopy; echo 'URLs restored!'" 

alias unb64="pbpaste | base64 -D"

alias infected="7z -pinfected a infected.7z"