Zachary O'Neill - Nom. Tech. Bytes.

Zachary O'Neill

AWS IAM Recon

This post will focus on tools for performing IAM permission enumeration on AWS accounts. Custom, poorly written IAM roles and policies are some of the most common misconfigurations in regards to AWS architecture. That said, we'll discuss various resources that can help you breathe easier. First is MAMIP, a simple

AWS EKS ASAP

EKS is a powerful CaaS solution for hosting k8s in AWS. Though setting up a cluster can be a convoluted task, this quick point of reference will help you strap on those elastic pants and get deploying. We'll first dive into what deploying EKS looks like and what additional resources

AWS Threat Detection & IR

AWS Threat Detection & IR

Re:Inforce 2021 Presentation Notes The “Auto-Enable” in Organizations from a root account enables services below if enabled on new and existing member accounts. A brief touchpoint on each AWS security related service for Threat Detection & IR is provided below. GuardDuty - Uses ML to present security alerts for your

ssh... Quiet Down Now

ssh... Quiet Down Now

As we all know AWS provides great solutions to a vast number of common technical problems. One such solutions excited me as a Security focused AWS Architect recently, and I wanted to share this finding aka Session Manager [https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started.html] . This feature

☁️ Compliance Pt. I

infosec Featured

☁️ Compliance Pt. I

This post is about my experience while covering the infamous cloud shared responsibility model. I'm writing this because it's 2021, and people still often assume because they're utilizing a IaaS/PaaS offering it's secure! Well, I'm here to assure you there's a little thing called the shared responsibility model that

Sailing the AWS IaC Seas

devops Featured

Sailing the AWS IaC Seas

Infrastructure as Code is an incredibly valuable solution with a ton of applicable use cases in modern cloud practices. Often times I'm approached to build out solutions from scratch or from existing cloud environments using either CloudFormation (AWS IaC) or Terraform. Both these solutions present benefits in multiple ways and

HackTheBox - Resolute | Write-up

hackthebox Featured

HackTheBox - Resolute | Write-up

Tools impacket- sudo apt install -y python-impacket evil-winrm- git clone https://github.com/Hackplayers/evil-winrm cd evil-winrm install gem evil-winrm Foothold enum4linux 10.10.10.169 From the output, I obtained both a list of users, as well as a password that appeared to be setup for first time users

HackTheBox - Forest | Write-up

HackTheBox - Forest | Write-up

Tools bloodhound- sudo apt install python-pip pip install bloodhound impacket- sudo apt install -y python-impacket evil-winrm- git clone https://github.com/Hackplayers/evil-winrm cd evil-winrm install gem evil-winrm Foothold nmap -v -sV -sS -T5 10.10.10.161 User RPC on port 135 was open, so I attempted an unauthorized

Kubernetes Cluster w/ Vagrant, conjure-up, juju on AWS

Kubernetes Cluster w/ Vagrant, conjure-up, juju on AWS

This guide is for those looking to configure a K8s clusters for testing purposes on AWS. It leverages Vagrant/Ubuntu/conjure-up/juju to provision a cluster on nearly any cloud provider in 10 minutes. This guide is specific to using AWSCLI and therefore AWS to configure the cluster. This cluster

Kubernetes Self Hosted Home Lab

Kubernetes Self Hosted Home Lab

This post covers how to install Docker & Kubernetes on Windows 10 Pro/Ent using Hyper-V/PowerShell/Chocolatey. Ensure Hyper-V features are enabled before proceeding. All commands are run via PS. — Docker Setup — Install Chocolatey: Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')

Domain Auditing for Microsoft AD/GP

Domain Auditing for Microsoft AD/GP

This post covers domain reporting via PowerShell to HTML for compliance change reporting purposes. The following is written to provide guidance and transparency for those seeking out simplistic answers to complex compliance requirements. With expensive paid solutions such at Netwrix requiring setup time and hardware requirements. I'm here to tell

CDN Features w/ Cloudflare

CDN Features w/ Cloudflare

The following content is a summary of the security features Cloudflare offers to help mediate web hosting risk. Cloudflare is a Content Delivery Network that focuses on simplicity and ease of use. In order to setup, you create DNS records and follow a few incredibly easy steps. But what's this

SysOps AWS Certification Preparation

SysOps AWS Certification Preparation

This post covers how I prepared for the test, and the resources I used. After using AWS for 5 years I decided achieving and attaining this would be something beneficial. I enjoy using AWS and think in terms of evolving the space they're still the go-to in 2019. I'll share

DUO MFA for RADIUS VPN Connections

DUO MFA for RADIUS VPN Connections

This post covers implementation for MFA via firewall VPN connections using RADIUS authorization. 1.) Log into your DUO admin panel and create an application for RADIUS. 2.) Install the DUO Auth Proxy client on the server you wish to use to submit the RADIUS requests from. You'll specify the Integration

Link Dump

Secure Yourself or the Enterprise: https://decentsecurity.com/ Virus Scan File or URL: https://www.virustotal.com/ Hacker News: https://news.ycombinator.com/ KitPloit Pentest Tools: https://www.kitploit.com/ 0x00sec: https://0x00sec.org/ Thugcrowd: https://thugcrowd.com/

Nano Server 2016 Image Creation

Nano Server 2016 Image Creation

I recently took a dive into Nano Server 2016 and it's capabilities. I figured I'd share my findings and explain how to get exposure and setup Nano Server. You'll need: Nano Server Image Builder https://www.microsoft.com/en-us/download/details.aspx?id=54065 Server 2016 Media: https://www.microsoft.

PXE Boot Surface MDT/WDS

PXE Boot Surface MDT/WDS

This is a simple how-to for booting Surface Pro 4's to PXE. This guide utilizes both PXE and UEFI on a Windows MDT/WDS setup. Verify the following DHCP roles are configured on the correct DHCP server scope: 066 Boot Server Host Name: IP of MDT/WDS Server 067 Bootfile

AWS Tools

A collection of 3rd party AWS tools. Defensive: Scout Suite: https://github.com/nccgroup/ScoutSuite Prowler: https://github.com/toniblyx/prowler CloudMapper: https://github.com/duo-labs/cloudmapper CloudTracker: https://github.com/duo-labs/cloudtracker PMapper: https://github.com/nccgroup/PMapper AWS Inventory: https://github.com/nccgroup/aws-inventory Offensive: fireprox: https://github.

Security Practices to Preach

Security Practices to Preach

A guess to better security posture and practices. Defensive Security is a critical and effective way of thinking. In this post we'll cover it from a domain perspective aka corporate network. I'll go over each proposed layer of security and how to protect yourself as well as others while operating

Windows 10 Privacy Hardening

Windows 10 Privacy Hardening

This covers removing the default trackers and data collection methods included with a default installation of Windows 10 across all versions. I've been asked by colleagues to write down my process for hardening windows systems and share. Many of these people have extensive backgrounds in UNIX, but aren't familiar with

Windows 2016 Domain Controller Setup

Windows 2016 Domain Controller Setup

This guide assumes you have a hypervisor and VMs and/or physical boxes to support setup. This guide uses a fresh install of Server 2016. Install the following roles by opening up server manager and enabling the following: Active Directory Domain Services DHCP Server DNS Server File and Storage Services

MSSQL .BAK Encryption

MSSQL .BAK Encryption

This post goes over TSQL commands to setup and test encrypted backups for MSSQL. Commands provided are intended to be ran on both a Source and Target instance. These should be ran using an SA account to avoid permission issues. If storage paths don't work, just use c:\temp\ and

Drupal/WordPress Environment w/ Docker

Drupal/WordPress Environment w/ Docker

This Tutorial assumes your have Docker Toolbox installed and fully operational. Within Docker Quickstart Terminal get a copy of the latest MySQL image: $docker pull mysql Start your MySQL container running: $docker run --name mysql -e MYSQLROOTPASSWORD=example -d mysql Get a WordPress image: $docker pull wordpress Get your WordPress

Selenium Setup in Visual Studio

Selenium Setup in Visual Studio

This is a generalized guide for configuring Selenium on Windows. 1. Create a directory named Selenium under C:\ 2. Copy the directory downloaded from http://docs.seleniumhq.org/download/ in this example I'm setting up the Java specific package. 3. Within IE set all Security Zones to the same protection

Chocolatey w/ PsExec for Patch Management

Chocolatey w/ PsExec for Patch Management

This post covers deploying Chocolatey [https://chocolatey.org/] to enterprise devices. The idea is to provide a solution for 3rd party product patching that's both free, and automated. To start you'll need domain admin privileges and just a couple minutes. First, we'll need psexec installed on one machine within the