MujereSec101

 In this write-up, I am going to explain how I set up the GOAD Active directory lab from my Windows host using VMware, along with a number of errors and steps and procedure I went through how I fixed them. GOAD (Game of Active Directory) lab is created by Orange Cyberdefense to provide pentesters a ready-to-use, vulnerable AD environment in which to practise common attack methods. As described in the Github page, “the lab is intended to be installed from a Linux host”, but it is still possible to successfully install the lab from a Windows host. I did not want to install the lab inside a virtual Ubuntu machine, as nested virtualisation would slow down performance too much. On high level, my setup will look like: Windows host: with Vagrant installed to run the VMs on VMware. VMware Pro: with Ubuntu 22.04 VM installed to run ansible playbooks to make the AD vulnerable. In this environment, there are two different available labs: GOAD : 5 vms, 2 forests, 3 domains (full goad lab) GOAD...

  Regular expressions - Notes Introduction What are regular expressions? Regular expressions (or Regex) are patterns of text that you define to search documents and match exactly what you're looking for. Why should I learn how to use them? Even if you won't need them sooner or later, it's a great tool to know how to use. It will make you more capable in CTF's, and potentially a better developer if that's a goal you have. You spend a little time learning it and save yourself lots of time in the long run by using it. I know all that, but I'm lazy. This is a lazy person's tutorial. There's a little reading, and then you  learn by doing . Where's the 'Deploy' button? There's no machine to deploy.  There are two ways to test your expressions. Either: create a text file with some test paragraphs (in a Unix machine) and then use  egrep <pattern> <file>  to see what matches and what doesn't, or use an online editor like  https://r...

Nmap Live Host Discovery - Notes The following shows steps that  Nmap  carries out to discover the systems that are online before port-scanning. This stage is crucial because trying to port-scan offline systems will only waste time and create unnecessary noise on the network. The ff. presents the different approaches that  Nmap  uses to discover live hosts. In particular: ARP  scan: This scan uses ARP requests to discover live hosts ICMP scan: This scan uses ICMP requests to identify live hosts TCP /UDP ping scan: This scan sends packets to TCP ports and UDP ports to determine live hosts. Let's also introduce two scanners,  arp-scan  and  masscan , and explain how they overlap with part of Nmap’s host discovery. We will use  Nmap  to discover systems and services actively. Nmap was created by Gordon Lyon (Fyodor), a network security expert and open source programmer. It was released in 1997. Nmap, short for Network Mapper, is free, open-...