Reverse shell methods
Sep 30, 2013
Welcome and Hello! Let’s get started… Today’s topic: Reverse Shells
What is a Reverse Shell? A reverse shell is a method by which penetration testers (and bad guys!) can gain a shell, or user command access, on a target. They are very useful because they initiate communication from a trusted host inside the perimeter to a host outside of the perimeter. This means a reverse shell has the capability to bypass firewall ingress rules, which would prevent incoming connections - aka bind shells - from reaching into the network to gain user command access on a host.
OSX Terminal - List Processes
Jun 23, 2012
The UNIX command for listing processes from the command line is:
ps “ps” stands for “process status” and by default it will print a list of processes identifiers, controlling terminals, CPU time (user and system), state, and the associated command. Here is the output I see when I type “ps” at the terminal:
$ ps PID TTY TIME CMD 17559 ttys000 0:00.05 -bash 23627 ttys000 0:00.01 man ps 23630 ttys000 0:00.
Federal conference takeaways
Jun 12, 2012
Network Defenders MUST Understand What They Defend I know, this is common sense, right? Wrong. Enterprise networks continue to grow cruft; very rarely will they stagnate. Often times networks are set up by one group of people, all of whom are long gone by the time you show up to do your job and leave behind no documentation (feeling that gut churn yet?). What do you do then?
Your job. It is up to you, as the network defender, to understand what the network you’re protecting is used for.
Powershell Environment Variables
Mar 13, 2012
Here, I will describe a couple of methods to determine Powershell’s environment variables.
Environment variables correlate names to values of special paths that the host Operating System relies on for functionality. For example, Windows hosts use an environment variable called TEMP to label a folder as the place for applications to place data that is temporary in nature - such as application installers.
Method One ls env: That’s “ell-ess space env colon.