Skip to main content

Posts

GCIH & GWAPT Review - Talk or Walk?

I currently have 7 certifications combined from both organizations. I have received certifications from in class boot-camps from both as well as on-demand. The following information is my opinion alone. So, the GCIH and GWAPT, Better than CeH & Net Defender? More relevant than Sec+ & Net+? My opinion is BOTH. First things that stood out to me: CeH & Practical exam had a SHOCKING amount of grammar errors, syntax, and all around cohesiveness that really demonstrated they don't have a capable or in-tune US market team.  This is a well establish issue with CeH, and CompTIA has acknowledged this and taken advantage of it by adding Pen+ and highlighting US based customer service. GCIH & GWAPT -- I get it, it is pricey, and I get it now. The labs they "ship" with, albeit just custom VULNHUB VMs (now owned by OFFSEC, so we will see how that pans out...), they make it "easy" to learn the basics. Point of interest: I am currently in GPEN, and the dynamic W...

theZoo repository for reverse engineering and exploit development!

 Looking for a place to download raw malware for analysis and even exploit development? After using multiple repositories for one by one download and analysis, I have finally found that theZoo is a regularly updated repository with everything you need. Below I will walk you through the downloading of the repository and some basic use cases. First, a shout out to  DAS MALWERK  and  crackmes  for your efforts in so many engineers learning! theZoo: First, warning! Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! I prefer to run all my analysis on my Cuckoo workstation so as to be safe should I let one of these things run wild on a VM, I can easily recover. Getting Started Clone the repository with git clone https://www.github.com/ytisf/theZoo. Go to the directory and run pip install --user -r requirements.txt. This should install all the...

(Updated for 2020) Easy Install Ghidra on Windows 10

*Updated for 2020 v9.1.2* Ghidra, an NSA tool recently published by the NSA is a software “reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission."  I decided to do this tutorial because there is (at this time) limited English directions for the amateur available.  Now, this tool is open-source and hosted on Github for transparency. The source code is not kept a secret, but many people are probably skeptical of installing NSA applications on their machines anyway. With the occurrence of the Shadow Brokers and the inevitable future exposure of NSA applications, I do not think this is the last time an NSA application will be made public for the "greater good". So, let's benefit, and review the software installation for Windows 10 below. I have added some screenshots to the default Ghidra installation steps to help those who want to streamline deployment. 1) Download https://ghidra-sre....

A 2020 guide to installing a Cuckoo Sandbox!

Listen here, people. There is some amazing documentation within the Cuckoo Sandbox documents...alongside some amazing grammar issues that make interpretation of the material a hinderance to the layman. They and those on the Github message boards are savage. They forget most of us are students or hobbyists, saying things like "did you check the boards?" or,  "read the documentation". I got frustrated with this, so here is my guide on installing a Cuckoo Sandbox with what I believe are real-world explanations of what you might encounter as issues...the same ones I did and suffered through. I have compiled the best guides AND the best common troubleshooting issues below. The guide below assumes a VirtualBox Host and a Windows 7 analysis guest. P.S. Many of these steps are taken right from the Cuckoo install pages, but I added some (hopefully) useful context and pre-attack common issues. [The Easy Parts - PreReqs] Most guides suggest installing Ubuntu, but I ...