by Ric | Aug 15, 2022 | Blog
I was invited to the Cloud Village in Defcon to give the talk “How to do Cloud Security assessments like a pro in only #4Steps” It was amazing, hopefully I will do it also next year, in case you were not there please find below the abstract and slides:...
by Ric | Mar 13, 2022 | Blog
by Ric | Mar 7, 2022 | CISO
Este es el domain 1 de C-CISO, aquí pondre notas y conceptos interesantes. Lo primero que me llamó la atención es que el CISO le reporta normalmente al CFO o al COO y no siempre al CTO, CEO o CIO como me pude haber imaginado…
by Ric | Jan 22, 2022 | Cloud
...
by Ric | Nov 12, 2021 | Blog
Para hacer una lista de pods, replicasets y deployments puedes usar los nombres cortos: kubectl get po,rs,deploy Todos los nombres cortos son: | Short name | Full name | | ——————– |...
by Ric | Nov 2, 2021 | Blog
Si ves estos namespaces, son defaults en k8s $ kubectl get namespaces NAME STATUS AGE default Active 11h kube-node-lease Active 11h kube-public Active 11h kube-system Active 11h Kube-system son los que necesita k8s, notmalmente son los control plane agents. Default...
by Ric | Oct 23, 2021 | Blog
Estoy tomando el curso Introduction to Kubernetes (LFS158x) https://training.linuxfoundation.org/training/introduction-to-kubernetes/ Y tiene una sección con minikube. Minikube es una herramienta que administra maquinas virtuales en donde corre un cluster o mejor...
by Ric | Jul 14, 2021 | Blog
La semana pasada pasé el curso de Certified Red Team Operator de zero-point security Voy a dividir la reseña como siempre en dos partes, el curso y el examen. El curso El curso tiene cosas únicas muy interesantes a un muy buen precio: Siempre tendrás accesso al...
by Ric | Jun 11, 2021 | Blog
If when Cobalt Strike you get this error StartService FAILED 1053 when you are doing privilege escalation: run sc start <serviceName> [SC] StartService FAILED 1053: The service did not respond to the start or control request in a timely fashion. Try changing the...
by Ric | Jun 3, 2021 | Azure tools, Blog, Cloud
Hi, I just got confirmation that i passed my exam 🙂 I think this one is by far my favorite Course/Exam of Pentester Academy. I will divide my review in two parts. First the course: Attacking and Defending Azure AD Cloud: Beginner’s Edition and then the exam:...
by Ric | Apr 29, 2021 | Blog, News
This beauty was finally published today CVE-2020-22789 (after almost a year of our report). Is an unauthenticated stored XSS (the worst kind) in a Data integration software used by huge companies like airports and electricity providers. This was found with my...
by Ric | Apr 28, 2021 | Blog, Herramientas / tools
Hay muchas formas de hacerlo, pero primero que es password spraying? Es cuando usas un password o un hash (normalmente NTLM). Una forma muy común es usando crackmapexec root@kali:~/Desktop/tools# crackmapexec smb 192.168.2.2 192.168.2.21 192.168.2.169 192.168.2.78...
by Ric | Apr 27, 2021 | Blog, Herramientas / tools
Este va a ser un post muy rápido de como usar mimikatz si ya eres admin. Activa “shell” Entra a “Powershell” desactiva el real time monitoring “Set-MpPreference -DisableRealtimeMonitoring $true” sal de la shell “exit¨ empieza...
by Ric | Apr 24, 2021 | Blog, Herramientas / tools
La siguiente serie de posts serán un extracto del curso “Attacking Active Directory with Linux”. Al final de los posts haré un review del curso completo. Este es el escenario: Se asume que ya estamos dentro de la red. Primero un scan a toda la red: nmap...
by Ric | Apr 23, 2021 | Blog
After a month of passing the exam, i finally got my certificate today. To be CISM certified you need to: Pass the exam Prove that you have the experience. Of the exam: There is a new exam way of doing things. Before it was only 3 or 4 times a year and huge exams. Now...
by Ric | Apr 18, 2021 | Azure tools, Blog, Cloud, Herramientas / tools
365-Stealer is the tool written in python3 which steals data from victims office365 by using access_token which we get by phishing. It steals outlook mails, attachments, oneDrive files, OneNote notes and injects macros. You can find the tool here...
by Ric | Apr 11, 2021 | Azure tools, Blog, Cloud
La ventaja y el problema de cloud es que expone componentes de infaestructura que antes no estaban expuestos. Un ejemplo de esto son usuarios de AD. Ahora con Azure AD casi cualquier persona puede tratar de entrar al email de una persona y a los archivos (o365) Como...
by Ric | Apr 9, 2021 | AWS tools, Blog, Cloud
...
by Ric | Apr 8, 2021 | AWS tools, Azure tools, Blog, Cloud
Hoy dí un webinar que aunque esta en ingles quedo muy bien 🙂 On Thursday 8 April, our CTO Ralph Moonen and Senior Security Specialist Ricardo Sanchez organized the webinar: “Security Challenges of a Cloud Migration”. The webinar can be viewed back. Cloud...
by Ric | Mar 28, 2021 | Blog, Cloud
I just passed the Pentester Academy Container Security Professional (PACOSP) certification 🙂 Course It is all part of the Container security learning path. I took it as a bootcamp of 4 weeks with one live class per week of approximately 2.5 hours. During the week...
by Ric | Mar 17, 2021 | Blog, Cloud, Herramientas / tools
Docker containers run with the following capabilities by default: Capability Description SETPCAP Allow a process to change it’s own capabilities set (within the set it is already allowed). Should not be dangerous in practice. MKNOD Allows creation of special...
by Ric | Mar 11, 2021 | Blog, Herramientas / tools, OSCP
Este es un Proxy que es chico y genial para webservers https://github.com/sensepost/reGeorg Lo subes a una página web, por ejemplo la version .php y lo llamas desde el la command line. $ python reGeorgSocksProxy.py -p 8080 -u...
by Ric | Mar 10, 2021 | Blog, Cloud, Herramientas / tools
Cuando tienes Docker es muy sencillo, pero que pasa si solo tienes curl? #So you ‘create’ the container from the image: curl -H ‘Content-Type: application/json’ -d ‘{“image”: “redis:latest”, “cmd”:...
by Ric | Mar 6, 2021 | Blog, Cloud, Herramientas / tools
Containers vs Virtual Machines Basics: Los procesos deben correr como si estuvieran en otra computadora (process namaspace) Idem IPs (network namespace) Usuarios diferentes (user namespace) Las resouces debe ser limitadas (cgroups) No deberias poder escapar el...
by Ric | Feb 21, 2021 | Blog
Definiciones Incidente es un evento negativo Incident management, es el manejo del incidente para reducir el impacto y regresar a la normalidad Incident response: Es la respuesta (procedures, people, capabilities) para manejar el incidente. BCP (Business continuity...
