24 May 2023
Summary Learn how to run Windows inside of containers on Linux with Docker, using the VulnHub Lab GitHub repository, which includes a customizable container environment with HTTP web server, Trever C2, Merlin, Akali Linux instance, and vulnerable Linux targets. Highlights
24 May 2023
This segment references the following Github repository: https://github.com/SecurityWeekly/vulhub-lab Summary A new GitHub repository, “vulhub lab,” was created for Linux post-exploitation research. The lab includes several vulnerable containers and C2 servers which can be utilized for learning about post-exploitation techniques. Highlights
24 May 2023
wpscan is a free tool for scanning WordPress; let’s face it, there are many vulnerabilities in WordPress! This segment will walk you through installing, configuring, and using wpscan. You can find the technical segment write-up here. Summary Learn how to use WPScan to scan WordPress sites stealthily for vulnerabilities and […]
24 May 2023
Summary This episode covers the Log4J exploit step-by-step, with a warning to only use the information responsibly. You can download the document referenced in this technical segment here. Highlights
24 May 2023
You can find the code referenced here: https://github.com/SecurityWeekly/vulhub-lab. You can access the slides for this segment here: Building Vulnerable Docker Containers (slides).
24 May 2023
Summary This segment discusses Part 2 of the network scanning slackbot, which uses the Python Nmap library to scan a specified network and match manufacturer names, default usernames and passwords, and SSH and HTTP credentials. Highlights
24 May 2023
Summary This technical segment discusses creating a Python script to scan a network for default credentials and send notifications through a Slack bot. The initial release is here: https://github.com/SecurityWeekly/netslackbot Highlights
24 May 2023
Summary This technical segment covers working with Nmap Vulners and Flan Scan for vulnerability scanning. You can download the instructions for this technical segment here. Highlights
19 May 2023
I’m certain this has been written about before. I believe it’s worth laying out again. This month I will have covered information security for 17 years. The vulnerability hype cycle has not changed. While I do not have all the answers, I do have confidence in our community that we […]
1 Jun 2023
Paul’s Security News – June 1, 2023
Larry and I were supplied with a handle of Dewars Scotch this week (yea, things go downhill when I am not in the studio all the time). Rather than complain about it (er, okay, we complained about it anyway), we’d make Old Fashioneds. They were pretty good, but not as […]