BaffledJimmy

Reading Time: 5 minutesI have a thing for abusing sysadmin tools and trying to live off the land as much as possible.  This post discusses the possibility of a management host being compromised, and an entire estate being affected very quickly.  Less ethical people could even create an Ansible playbook to start crypto mining or similar, but this post will focus on pentest persistence through various methods. This post actually grew out the work I was doing to automate C2 infrastructure using Terraform…

Read More Read More

Reading Time: 6 minutesI recently attended the 7 Day Boot Camp from Firebrand UK.  Over here, Firebrand have a reputation for being quite pricey which puts a lot of budget managers off when they see the headline figure.  However, you get what you pay for and I would recommend them for your organisation’s training.  They also do a Firebrand Passport which can give you pretty large discounts when you buy blocks of training upfront – ideal for larger organisations or those with a…

Read More Read More

Reading Time: < 1 minuteWe tend to spend a lot of time stuck in hotel rooms or data centres, crunched over a computer.  Coupled with a swanky expenses policy can mean a rapidly expanding waistline and poor CV health.  Plenty of research exists to suggest that this is a ‘BAD THING’. This quick workout is something that you can adapt and add to as you get fitter or more robust.  You don’t need anything apart from time to complete this workout, however if you…

Read More Read More

Reading Time: 2 minutesI’ve recently decided to migrate my home lab from Virtualbox on Xubuntu onto ESXi 6.0, to try and speed things up slightly.  Due to the slightly ancient Microserver I am running (N54L with 16GB RAM and tweaked BIOS) there is no way to get decent RAID running without adding in a replacement RAID controller.  Lots of people decide to plump for the P410 and they can be found pretty cheap on Ebay. This quick article is primarily to serve as…

Read More Read More

Reading Time: 5 minutesIntroduction Since I have been making the leap into the commercial sector of InfoSec, I knew that moving from the public sector into commercial would be quite a leap in technical challenge and excitement.  To give myself a broad knowledge base and credibility in the industry, I decided to sign up for the Offensive Security Certified Professional certification.  This post will quickly gloss over my background and prior experience before covering some tips that I found useful, as well as…

Read More Read More