Check out the post I post for the CDW Blog: How to Address 3 Next-Generation Firewall Management Challenges https://blog.cdw.com/services/how-to-address-3-next-generation-firewall-management-challenges
What is the OSCP Offensive Security Certified Professional (OSCP) is an entry-level hands-on penetration testing certification. The OSCP is one of a few certifications by Offensive Security. It consists of the self-study Penetration Testing Training with Kali Linux (PwK) class and an online proctored practical exam. The course costs at minimum $800 USD and includes 30 days of lab access and one OSCP exam attempt. There are packages that include longer lab access and you can extend your lab access if you find you need longer to prepare.
In July I wrote for the CDW blog about the new version of the Cisco Identity Services Engine (ISE) software. Exploring Key Features of Cisco ISE Release 2.6 The latest version of this cybersecurity tool offers unique device identification and an IoT protocol.
This project started with the idea of purchasing a cheap security system off one of the Chinese stores. After a little hunting, I found Digoo DG HOSA 433MHz 2G&GSM&WIFI Smart Home Security Alarm System Protective Shell Alert with APP which looked interesting so picked one up to tear apart. I was curious about how various communication methods were implemented. This is the first part of this adventure the next part will be exploring the firmware of the device.
OpenSky is a proprietary trunking radio that is designed to carry both voice and data traffic. the protocol is marketed as to be secure and private. Opensky operates on the 700, 800, and 900 MHz bands. OpenSky was originally developed by M/A-Com as part of the Monarch wireless voice and data system for FedEx in the 90s. Later M/A Com was purchased by Tyco Electronics who was then purchased by Harris RF Communications.
In March I posted the following article on CDW blog Enhancing Password Security Through Memorized Secrets Revisiting NIST recommendations provides some essential techniques for protecting your organization’s accounts
Back on May 18th, I attended the inaugural BsidesNH event. It was a fantastic one-day event. The day started pretty early for me driving down from Maine arriving at Southern NH University. I arrived to pick up the fantastic badge made out of an old 3.5″ disk. After grabbing some coffee and a snack I settled into the auditorium and for a day of great talks. There were a few that stood out to me from the day that I will talk about.
Intro During my OSCP studies, I realized I needed a more efficient system for cracking password hashes. The screaming CPU fans and high CPU usage became a problem. I first tried using hashcat and the GPU on my MacBook Pro in OS X. There are some bugs and problems with hashcat on OS X that would make it crash in the middle of cracking a hash. Also, I was not interested in investing a server with a bunch of GPUs, the high costs to do this would outweigh the amount of time I need the system.
Topic Index Note: This material is based on the First revision of the OSCP and does not cover topics in the new version (v2?) OSCP Notes – Buffer Overflows OSCP Notes – Enumeration OSCP Notes – Metasploit OSCP Notes – Password attacks OSCP Notes – Pivoting OSCP Notes – Shell and Linux / UNIX OSCP Notes – Web Exploitation OSCP Notes – Windows Student Notes and Guides OSCP Goldmine (not clickbait) | 0xc0ffee☕ My OSCP Diary – Week 1 – Threat Week GitHub – areyou1or0/OSCP: OSCP abatchy’s blog | How to prepare for PWK/OSCP, a noob-friendly guide Thunderson’s Journey To The OSCP Passing OSCP – scund00r Introduction · Total OSCP Guide Introduction · OSCP – Useful Resources The Journey to Try Harder: TJnull’s Preparation Guide for PWK/OSCP | NetSec Focus Thoughts on OSCP certification and the exam!
I needed to set up and Meraki API key to test, well an Meraki API that was in beta. This is the process I used to get started with some of the basics of the Meraki API and getting a test environment up and running. There are lots of great references covering the basics of REST APIs like the REST API Tutorial. These resources will do a much better job then I can of explaining REST APIs.
On March 6th Cisco released 29 high and medium rated PSIRT notices for NX-OS based platforms. These platforms include the Cisco Nexus 3000 – 9000 series and Nexus adjacent platforms FX-OS and UCS Fabric Interconnect platforms. Not all advisories affect all platforms but all platforms are affected by at least one high rated vulnerability. The vulnerabilities range from command and code execution, privilege escalation, denial of service, and arbitrary file read vulnerabilities.
This is a collection of notes from my notebook I’ve made for various language, applications and whatever else I am doing. The notes are informal, random and not comprehensive. AVR Development C Notes gdb notes git / GitHub notes Pointers in C / C++ Radare2 Cheatsheet STM32 Development Notes Strings in C tmux Notes VI Notes
This post is some free-ish form notes about a project that is either work in progress or complete. Description This project is a small sensor to monitor Temperature, Humidity, and Light levels. The project may end up in a toy Star Trek TNG Tricorder case at some point in the future, but I wanted to document where it is at a today. Originally I used an Adafruit Huzzah (ESP12) board, but after I determined I wasn’t going to use the wifi, I switched to the Adafruit Adalogger board.