7MS #517: DIY Pentest Dropbox Tips - Part 6

7MS #517: DIY Pentest Dropbox Tips - Part 6

Today we're continuing a series we haven't done in a while (click here to see the whole series) all about building and deploying pentest dropboxes for customers. Specifically, we cover:

Auto installing Splashtop
This can be done automatically by downloading your splashtop.exe install and issuing this command:

splashtop.exe prevercheck /s /i confirm_d=0,hidewindow=1,notray=0,req_perm=0,sec_opt=2

Auto installing Ninite
This can be done in a batch script like so:

agent.msi /quiet ninitepro.exe /select App1 App2 App3 /silent ninite-install-report.txt

The above command installs App1, App2 and App3 silently and logs output to a file called ninite-install-report.txt

Auto installing Uptimerobot monitoring
We do this by first creating a script called c:\uptimerobot.ps1 that makes the "phone home" call to UptimeRobot:

Start-Transcript -Path c:\heartbeat.log -Append Invoke-Webrequest https://heartbeat.uptimerobot.com/LONG-UNIQUE-STRING -UseBasicParsing Stop-Transcript

Then we install the scheduled task itself like so:

schtasks.exe /create /tn "Heartbeat" /tr "powershell -noprofile -executionpolicy bypass -file c:\uptimerobot.ps1" /rl highest /f /sc minute /mo 5 /ru "NT AUTHORITY\SYSTEM"

Avsnitt(683)

7MS #122: OFFTOPIC-An Apology to Elephants

7MS #122: OFFTOPIC-An Apology to Elephants

Preview76 wordsThis episode is about a documentary called An Apology to Elephants. It's all about the treatment (or mistreatment) of elephants, and the main message of the movie is, "Please don't go to the circus when it's in town, because you're supporting elephant abuse." Even if that message was a little heavy handed, I certainly will pass on tickets next time a circus act comes through town. You can subscribe to the 7 Minute Security podcast here.

20 Dec 20158min

7MS #121: Migrating from Tumblr to Ghost-Part 2

7MS #121: Migrating from Tumblr to Ghost-Part 2

Part 2 concludes my journey in moving 7ms.us from Tumblr to a Digital Ocean droplet running Ghost. Here are the key resources mentioned during the podcast: How to run multiple Ghost blogs on one DI VPS. The key takeaway here was that I had to upgrade to the $10 droplet (I did a "flexible" resize to add more proc/memory) and then the second instance of Ghost installed fine. Turning on CloudFlare SSL was easy. I chose flexible SSL since I wasn't using a "real" cert. I also wrote a rule to force HTTPs for all connections. And, just for grins, I turned on DNSSEC. Because...why not? :-) I picked a strong root password for my DI droplet, but I still don't like the idea of IPs banging on that connection all day and night. I followed this article on installing Fail2Ban to prevent my SSH login from being abused. There are a few IPs that I want to perma-ban, so I'm going to look throughthis article and this one which looks a tad easier. You can subscribe to the 7 Minute Security podcast here.

19 Dec 20158min

7MS #120: THE PURGE!

7MS #120: THE PURGE!

Announcing the 7MS PURGE! I've got a back log of episodes banked and I want to get caught up for the new year. So I'm going to release one (or maybe more) episodes per day between now and 2016. Plus (spoiler alerts!) in 2016 we're moving to a Monday/Wednesday/Friday release schedule. Yep, 7MS three times a week - thanks for the idea, mom! Subscribe to 7MS on iTunes here.

18 Dec 20152min

7MS #119: Migrating from Tumblr to Ghost-Part 1

7MS #119: Migrating from Tumblr to Ghost-Part 1

In this episode I talk about my adventures in moving my brianjohnson.tv Tumblr content over to a Digital Ocean hosted droplet running Ghost. I think you'll want to check this episode out, because in part 2 I talk about the challenges I faced in hosting multiple Ghost instances on one DI droplet. I will also be talking about how to enable CloudFlare SSL (for free!) as well as enabling Fail2Ban to keep annoying people/IPs from brute forcing your SSH root account!

17 Dec 20158min

7MS #118: Should Phishing be Fair?

7MS #118: Should Phishing be Fair?

This episode discusses an important and rhetorical (to me) infosec question: Should phishing campaigns be "fair?"

15 Dec 20157min

7MS #117: OFFTOPIC-Alive Inside

7MS #117: OFFTOPIC-Alive Inside

Today I talk about one of the most moving films I've ever seen - a documentary called Alive Inside.

10 Dec 20157min

7MS #116: Tips for a Succesful Vulnerability Scan

7MS #116: Tips for a Succesful Vulnerability Scan

In this episode I complain about getting stuck in NY for two days, and also how to efficiently scan for vulnerabilities when your time is crunched.

8 Dec 201514min

7MS #115: OFFTOPIC-Love and Mercy

7MS #115: OFFTOPIC-Love and Mercy

We're going off-topic today and talking about the new(ish) movie about Brian Wilson's life called Love and Mercy.

4 Dec 20157min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
flashback-forever
rss-krimstad
olyckan-inifran
rss-vad-fan-hande
rss-viva-fotboll
aftonbladet-daily
rss-sanning-konsekvens
svenska-fall
krimmagasinet
fordomspodden
motiv
blenda-2
dagens-eko
rss-frandfors-horna
spar
svd-nyhetsartiklar
rss-expressen-dok
spotlight