Day 3

SPF/DKIM/DMARC SPF Sender Policy Framework Whitelisting of Mail Senders (resp. their MTA) # SPF Record stoege@cas-puffy RD:0 $ dig txt ost.ch +short "v=spf1 mx a:smtp01.ost.ch a:smtp02.ost.ch a:smtp03.ost.ch include:spf.protection.outlook.com -all" "atlassian-domain-verification=mAHOHBOXxMe1UY/dDOFAqWSzeWJyoFosKuUf0NbaXHjWQcQOedw8QsLnPhPTF+pU" "MS=ms41259948" "google-site-verification=uXsX_aEfoeSpZ9tzZgcmmRCl99PcBClh8usP1_eoLDM" "QuoVadis=f5454eb2-12d3-4af4-8db6-173f2d4c8e67" "have-i-been-pwned-verification=9e7ce5e8d1af7986d410ec1f1991a6e7" "" # Hosts stoege@cas-puffy RD:0 $ dig +short smtp01.ost.ch smtp02.ost.ch smtp03.ost.ch 146.136.105.31 195.176.16.73 152.96.81.81 # Include MSFT stoege@cas-puffy RD:0 $ dig +short txt spf.protection.outlook.com "v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/48 include:spfd.protection.outlook.com -all" DKIM Signature of Mail Headers

Day 2

2nd. Day at Ost … and it was cold again and i went by motorbike … brrrrr … Protocols for Tunneling outgoing Traffic ssh netcat -> tcp socket http https icmp smtp citrix Teams, Skype, Lync DNS Tunneling attacker --- www --- fw --- company --- AD (DHCP/DNS) |-------- Exchange Let’s start with DNS Tunneling FQDN Max Length: 255 char (RFC 1035) iodine -> DNS Tunneling over IP, Part on Kali -> give a try … Exfiltrate Traffic Recursive DNS RCE Webshell Bindshell -> new Port Bindshell -> same Port -> easy to detect Reverse Shell Netcat nc.

Build Hackinglab VM from Scratch

Download OVA https://livecd.hacking-lab.com/ https://livecd.hacking-lab.com/largefiles/livecd/daily/hl-livecd.ova Configure VM Import in Vmware Fusion Adjust 4 CPU, 8 GB RAM Add 2nd Disk boot login hacker/compass, root terminal, apt-update-everything.sh reboot Menu start -> 00 - About -> Change Keyboard Layout -> ch add 2nd disk root terminal mkdir mkdir /opt/cas mount /dev/sdb1 /opt/cas get blkid blkid /dev/sdb1 |cut -d" " -f 2 |sed 's/"//'g UUID=efc2c706-ffed-4e81-af02-16e59e6911db update fstab UUID=efc2c706-ffed-4e81-af02-16e59e6911db /opt/cas ext4 errors=remount-ro 0 1 add own repo sha256: a8c929d4fd0343bf94135abc09bab775bf65d563348ca8ab826c6b35ef9edc9b

Whois

Whois limited since GDPR 2018 stoege@puffy200 RD:0 $ whois stoege.com Domain Name: STOEGE.COM Registry Domain ID: 1553432436_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2019-05-15T18:11:02Z Creation Date: 2009-04-25T05:34:02Z Registrar Registration Expiration Date: 2022-04-25T05:34:02Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Registrant State/Province: ZH Registrant Country: CH Registrant Email: Select Contact Domain Holder link at https://www.

Day 1

First Day First Day onsite. Looking forward for some interesting Moments and Month … Prüfung: 2h Theorie, zählt 50% 5h Lab, zählt 50% -> gibt Gesamt Note für’s Zeugnis Masstab für “6er” liegt bei ca. 80%, bei der Praxis etwas tiefer ;) Präsens Unterricht Freitag: Schule plus 6 Tage: Q/A plus 13 Tage: Abschluss Übungen 14 Tage: nächster Schultag Assignments Ausgabe: Tag xxx plus 1.5 Woche Zeit und dann am Dienstag 17-18 Uhr Sprechstunde

Onsite at OST

Onsite Schultage: Freitag, 08:30 - 17:00, OST Rapperswil Datum Typ Modul Detail Dozent 08.10.2021 Unterricht Reconnaissance 1/2 CAS Start Ivan Bütler 22.10.2021 Unterricht Reconnaissance 2/2 Network Scanning Ivan Bütler 05.11.2021 Unterricht Man-in-the-Middle Spoofing, Phising Ivan Bütler 03.12.2021 Unterricht Gaining Access Explotation, Attack Thomas Röthlisberger 17.12.2021 Unterricht Maintaining Access C & C Thomas Röthlisberger 07.01.2022 Unterricht Lateral Moveement WinAttackLab Thomas Röthlisberger 11.02.2022 Unterricht Disk & Network Forensics Imaging, Sleuth, … Raphael Rosenast 25.

Bash while loop

Source https://linuxize.com/post/bash-while-loop/ while loop while [CONDITION] do [COMMANDS] done Example i=0 while [ $i -le 2 ] do echo Number: $i ((i++)) done Infinite while Loop while : do echo "Press <CTRL+C> to exit." sleep 1 done Single line while :; do echo 'Press <CTRL+C> to exit.'; sleep 1; done Read a File Line by Line file=/etc/passwd while read -r line; do echo $line done < "$file" Break Statement i=0 while [ $i -lt 5 ] do echo "Number: $i" ((i++)) if [[ "$i" == '2' ]]; then break fi done echo 'All Done!

Bash for loop

Source https://linuxize.com/post/bash-for-loop/ for loop for item in [LIST] do [COMMANDS] done loop overstrings for element in Hydrogen Helium Lithium Beryllium do echo "Element: $element" done loop over a number range for i in {0..3} do echo "Number: $i" done loop over number range and increment by 5 for i in {0..20..5} do echo "Number: $i" done loop over array elements BOOKS=('In Search of Lost Time' 'Don Quixote' 'Ulysses' 'The Great Gatsby') for book in "${BOOKS[@]}"; do echo "Book: $book" done The C-style Bash for loop for ((i = 0 ; i <= 1000 ; i++)); do echo "Counter: $i" done break and continue Statements for element in Hydrogen Helium Lithium Beryllium; do if [[ "$element" == 'Lithium' ]]; then break fi echo "Element: $element" done echo 'All Done!

Bash

Source https://linuxize.com/post/bash-for-loop/ Bash BASH for loop BASH while loop sha256: 1c5a97339ecb3835b5262ed063593b0cc61047fe118454cc0e41ff2a2a9b816a

Links

Submit URL URL Kommentar sha256: 5a435c353625ca104716332149688bd030004d896774b4803af081bf77057021 MyLinkList test - http://www.test.ch Password Storage Cheat Sheet¶ - https://cheatsheetseries.owasp.org/ - - cut here - - SQL Injection Prevention Cheat Sheet¶ - https://cheatsheetseries.owasp.org/ - - cut here - - The Fuzzing Project - https://fuzzing-project.org/ turnoff.us - comics - https://turnoff.us/ Frida cheat sheet - https://awakened1712.github.io/ - - cut here - - CAS Cybersecurity gitbook documentation - https://cas-cyber.gitbook.io/ - - cut here - - MOBEXLER - A Mobile Application Penetration Testing Platform - https://mobexler.

Hello

… the famous hello world :-) sha256: ad07413ba21280e6ad9f8f0120b4420f0055def2997015e6e5b7a617caf0834b