gnugro - Network

Adding 2FA with Asterisks.Stumbled upon an old self-hosted article i created in 2012 on using Asterisks to call with a code as a po'...

Adding 2FA with Asterisks.

Stumbled upon an old self-hosted article i created in 2012 on using Asterisks to call with a code as a po' folk two-factor auth and decided to post it on GitHub so I don't lose track of it again. I'll add some other examples like returning the 200 OK and 401 Unauthorized header, an example Go implementation of the PHP code, and an implementation using a sqlite backend to store the user info.

https://github.com/thedunston/asterisks2Fa

I know there are other solutions, but I'm a self-hosting fan of some services.

If Facebook's company gets compromised, they...metaploit.

If Facebook's company gets compromised, they...metaploit.

browmal now supports extracting macros from office documents.https://github.com/thedunston/browmal/tree/main/no-server-required@DaveMWilburn...

browmal now supports extracting macros from office documents.
https://github.com/thedunston/browmal/tree/main/no-server-required

@DaveMWilburn there is a no server version with the WASM app base64 encoded in the index.html file and the JSON files due to CORS blocking access to those files. Thank you for your pointer.

browmal: (https://github.com/thedunston/browmal): A WASM app to parse PE files in your browser, everything stays local. (You will need a web...

browmal: (https://github.com/thedunston/browmal): A WASM app to parse PE files in your browser, everything stays local. (You will need a web server and I included a basic Go web server, without TLS, though can add a self-signed cert, if needed).

I've been tinkering with using Go to parse PE files. I've also been curious about creating a WASM app with Go for some time. The OMAT tool from anticrypt.de inspired me to try to figure this out so I used one of the many tutorials I've been reading to parse a PE.

There are a lot of limitations to what can be performed in the browser sandbox so this is a start.

This is a great resource Reverse Engineering for Everyone:https://0xinfection.github.io/reversing/

This is a great resource Reverse Engineering for Everyone:

https://0xinfection.github.io/reversing/

I need to get my garage window fixed so i can get back into coffee and chocolate roasting.

I need to get my garage window fixed so i can get back into coffee and chocolate roasting.

This is interesting:City of Greensboro to allow parking tickets to be paid with donation to Teacher Supply...

This is interesting:

City of Greensboro to allow parking tickets to be paid with donation to Teacher Supply Warehouse

https://myfox8.com/news/north-carolina/greensboro/city-of-greensboro-to-allow-parking-tickets-to-be-paid-with-donation-to-teacher-supply-warehouse/?utm_source=facebook.com&utm_campaign=socialflow&utm_medium=referral

I started rewriting the program Kraken to help with scanning for malware using Yara and it collected autoruns and stored those in a DB. I...

I started rewriting the program Kraken to help with scanning for malware using Yara and it collected autoruns and stored those in a DB. I added collecting process listings, local users, scheduled tasks, and running services. Then I realized that data is just sitting in a database waiting for someone to review it. I then realized who is going to look through dozens of systems data or search through it, when they could do that with another tool like Splunk? However, not all organizations can afford Splunk or have the in-house talent to setup free tools. That's when I switched gears and decided to focus on the data in the database or in CSV files that folks may already have collected.

I wrote goMeeb to help with analyzing CSV files for virtually any data that needs to be collected to analyze hosts for anomalies - namely latent malware. One technique I learned is examining the average number of times a process is running, DLL loaded, user processes running, across multiple systems from my training at the Mossé Cybersecurity Institute. Then I talked with my friend and former colleague Melanie Brown, a mathematician, and she told me about using logarithms to detect anomalies. Further, goMeeb has two programs that uses logarithms to identify anomalies.

All you need is to collect the data on hosts in your organization into CSV format. I chose CSV because many native tools can export to CSV or that data can be collected and saved to CSV from other EDR or SIEM tools.

This is a pre-release to help incident responders with analyzing dozens of hosts to perform a cursory review of datasets. You just select a header to perform the analysis on and then adjust the thresholds to help with identifying anomalies. Another tool, benny, is used to compare a baseline configuration with other hosts. Some demonstrations and further explanations are on the GitHub page.

The tool benny is named for Benjamin Mossé who helped me learn to interpret the results.

mel and meeb are named for Melanie and helping me understand how logarithms work. I just hope I explained it properly on the GitHub page.

https://github.com/thedunston/goMeeb/

I went to twitter for the annual #ClearTheList and donated to a bunch of teachers and got sucked into 'twitter' again. so much more...

I went to twitter for the annual #ClearTheList and donated to a bunch of teachers and got sucked into 'twitter' again.

so much more wholesome here.

You want to help train existing infosec professionals on detecting and responding to cyberattacks? Come work with...

You want to help train existing infosec professionals on detecting and responding to cyberattacks? Come work with me.

https://www.linkedin.com/jobs/view/3924867251/?refId=HkW1kq0YSF2Bvx9xboAXJw%3D%3D&trackingId=HkW1kq0YSF2Bvx9xboAXJw%3D%3D

Hey Folks,If you are wondering how to start the process of creating a System Security Plan or new to a role in Cybersecurity and wondering...

Hey Folks,

If you are wondering how to start the process of creating a System Security Plan or new to a role in Cybersecurity and wondering where to start, then here is a guide I created on using the CIS Critical Security Controls as a starting point.

https://github.com/thedunston/System-Security-Plan/blob/main/Creating%20a%20System%20Security%20Plan.pdf

It walks through each control and provides some suggestions on how to document and test the controls.

The CIS Critical Security Controls provide a great foundation for creating a cybersecurity program and could be used to ensure you are covering the most essential aspects of your existing program.

New Incident Response Tool. goBodyFile creates a body file and timeline to support incident response investigations. It uses Nicolas BAREIL...

New Incident Response Tool. goBodyFile creates a body file and timeline to support incident response investigations. It uses Nicolas BAREIL @nicob timeliner to process the body file that is generated. This is an alpha release:

https://github.com/thedunston/goBodyFile

*Waves frantically* at @H4zy 👋🏿​

*Waves frantically* at @H4zy 👋🏿​

Hey Folks! I'm looking for some Windows/Linux IR folks to test a timeline tool I'm working on.

Hey Folks! I'm looking for some Windows/Linux IR folks to test a timeline tool I'm working on.

In other news, I successfully defended my dissertation yesterday and was thrilled when my committee returned from deliberating and called...

In other news, I successfully defended my dissertation yesterday and was thrilled when my committee returned from deliberating and called me: Dr. Duane Dunston, EdD.

Hey Folks, sorry about the interview session with PancakeCon, I completely forgot that I had posted about it here and I didn't provide...

Hey Folks, sorry about the interview session with PancakeCon, I completely forgot that I had posted about it here and I didn't provide an update. I was knee-deep into my dissertation and updating folks that expressed an interest slipped. My sincere apologies.

My RSA workshop was rejected. I'll start applying to other Cons and see if it'll be accepted.

My RSA workshop was rejected. I'll start applying to other Cons and see if it'll be accepted.

Hiring Assistant/Associate Professor to teach...

Hiring Assistant/Associate Professor to teach Cybersecuirty:

https://champlain.interviewexchange.com/jobofferdetails.jsp;jsessionid=398A9B748035DB2360AB29F4DA907DC8?JOBID=157891

Does anyone else search for files with the term "Password' but use 'assword' and then giggle like a school kid?Probably...

Does anyone else search for files with the term "Password' but use 'assword' and then giggle like a school kid?

Probably just me. 😅​

Does anyone know how to scrape only the front page of a website and capture the images so they are relative?

Does anyone know how to scrape only the front page of a website and capture the images so they are relative?