Securing Your Small Business

by Vince
in Blog
Hits: 515

 “How I Hacked Your Small Business… and How You Could Have Stopped Me” is the title of a talk I gave earlier this year at BSides College Station – back before Corona Virus had us all on lockdown.  The point of the talk is to give a step-by-step walkthrough of how I’d build an anonymous attack platform and set about to take over the infrastructure of a small business.  It wasn’t a blueprint but it was near close because I wanted to show small business owners and small business defenders what it would look like.  In the middle of the talk, I flip the script and I proceed to go into the steps for stopping me.  While this post isn’t that talk, there are some overlaps.  In my day to day work, I see the same issues time and time again and there are some points in my Bsides talk that are worth repeating.

Read more

Vulnhub My CMSMS: 1 Walkthrough

by Vince
in Blog
Hits: 1258

The description states:  "Like its name, this box contains some interesting things about CMS. It has been designed in way to enhance user's skills while playing with some preveleges. Its a quite forward box but stay aware of rabbit holes."

I think the description pretty much nails it.  It's beginner to intermediate -- I think leaning definitely towards beginner but there are some rabbit holes that you might want to hammer on that could lead to some lost time.  I don't want to get too deep into it so let's kick it off with Nmap:

Read more

Vulnhub Vegeta: 1 Walkthrough

by Vince
in Blog
Hits: 2878

The description states:  "THIS IS A MACHINE FOR COMPLETE BEGINNER , GET THE FLAG AND SHARE IN THE TELEGRAM GROUP (GROUP LINK WILL BE IN FLAG.TXT)"

I would say that's a fair assessment but I could also see this causing some problems for beginners.  In general, I think it's always good to remember that "beginner" is based on a person's level of knowledge, tools, etc. 

Assuming that a beginner is reading this post for some help, let me toss out a couple of tricks and also show how I spider out with my enumeration and then come back to what's important. 

First, we kick off with Nmap:

Read more