Snort Rules
I was really impressed with the way this article was written. It illustrates what Snort can achieve with practical examples and context against the OWASP top 10.
Getting the opportunity to use Scapy hands-on in a demo was amazing!
DEFCON704 hosted the event, where we learned how this Python library is capable of manipulating packet data in a variety of protocols. This simplifies the attacker's workflow considerably.
The highlight scenario was setting up an Evil Twin with an updated Linux distribution and the Scapy library.
We also touched on the specific FCC regulations and other laws applicable to this class of attack.
I was really impressed with the way this article was written. It illustrates what Snort can achieve with practical examples and context against the OWASP top 10.
After procrastinating for weeks, I finally started to set up Ansible in order to administer my Cisco switches and routers. They are all ancient, but functional enough for my needs.
My main laptop still has Windows, but I downloaded WSL to allow Ansible to function properly.
The first hour I spent scanning the Ansible documentation. The gist is you can write files that act as instruction manuals for what devices you want configured, and the desired configurations. This requires a functional SSH connection to each device (which, to my knowledge, has to be set up manually).
The tricky part is understanding what terms you need in a playbook / inventory file and where they belong. I found that googling and looking at visual examples was the best way for me to understand this.
Cisco devices in particular are tricky because you interact with them via a CLI, not python. It is necessary to tell Ansible this so you don't get errors related to it trying to run Python on the managed device.
Also, remember to install ansible-pylibssh (or paramiko).
pip install ansible-pylibssh
Following is the functional inventory file I used:
all:
children:
routers: #this is the name you give to groups of devices
hosts:
router_one: #this is the name you use to identify each device
ansible_host: ip.address.of.device
ansible_user: username
ansible_port: 22
vars:
ansible_connection: ansible.netcommon.network_cli
ansible_network_os: cisco.ios.ios
ansible_become: true
ansible_become_method: enable
ansible_become_password: password
# how to get password here securely
After purchasing a bundle of used Cisco devices for CCNA training, I learned the majority of devices were password locked (ugh). The seller insisted that no passwords were set, so I was stuck.
As you probably guessed, I learned how to get the devices into ROMMON mode to overwrite the current start config with the blank slate available on a different part of flash. But before I went about wiping all the devices, I looked into how feasible it would be to brute force the passwords.
The only passwords that needed to be attacked were the ones that are MD5 hashed. The rest were clear text or the cipher option.
Playing around with Hashcat, I first attempted a public wordlist without any hits. I started reading about how templates can be used to construct custom word lists. This is convenient when the password behavior is predictable.
For instance, many people enter passwords in the form <alphabetical><numerical><special characters>. A set of rules can be written (see maskprocessor) and used with Hashcat to generate passwords that follow this form. This avoids guessing the garbled mess that password managers would use by default.
I will eventually show the exact difference in stats, but it is orders of magnitude easier to crack formulaic passwords.
references - maskprocessor, hybrid attack