There are situations when you want to deliver arbitrary content, beit a file, binary, picture or otherwise, and you need to be able to restrict access via some equally arbitrary means. It’s easy enough to do this using an Apache server and some mod_rewrite rules but you can just as easily employ Cloudflare Workers to have a highly-available, rapidly updatable delivery method. There’s also a bunch of different names for this but I like the term ’token gated/gating'.
A couple of days ago JC/yosignals/thecontractor wrote a blog about generating a wordlist for Three-Word Password Attacks using Python. The source dictionary for generation is the Oxford 5000 corpus which is an expansion on the Oxford 3000, a list of the 3,000 core words that English language learners should know.
The prototype in Python is neat and straightforward. The 5000 word (newline-separated) source is ingested to a list. The Python itertools.
The executive summary for any report acts as a concise overview of the engagement process, the reported findings, and recommendations. The audience for the summary tends to be decision-makers and influential stakeholders, and the summary serves as a tool for them in prioritising risk mitigation efforts, meeting requirements for audit and compliance obligations, and identifying actionable remediation. Getting this section of the report right is crucial for communicating the risks affecting your client and for guiding them towards the solution.
Oftentimes on engagements, I find myself with credentialled access to a Windows host. Whether it be the product of harvesting credentials, stealing them from docs or scripts, or being provided with them as part of a collaborative exercise, the first thing I like to achieve is the ability to route network traffic via the host and to avoid having to do anything else with the host for the rest of the engagement.
This is a somewhat dated guide that I wrote on deploying a Windows AD Hacklab using Vagrant and Ansible. I originally published it on my own blog back in 2020 then pulled it down. In the inbetween, Andy Gill kindly let me publish it to his blog and there’s no real reason to duplicate it over here so you can read it on ZeroSec.