WSR: #9: Feburary 13th - 20th 2022

Creating a custom C2, needing a new bookshelf for nostarchpress books, and more

Published: February 20, 2022

| Reading Time: 4 minutes

This Week’s Recap

Every Sunday I post a quick recap of what I’ve worked on the previous week in my free time. Here is what I worked on this week.

2/14/2022

Rewatched 5 Year plan Into InfoSec Part 2. This is something I go back and rewatch every few months. It’s the single most insightful hour of security advice I’ve come across. Its the type of advice that keeps you motivated to learn as much as you possibly can. I highly recommend everybody watches this.
Happy Valentines day!

2/15/2022

Read through this awesome research on deobfuscating redacted text by @2600AltF4 (Who is the lead security researcher at Bishop Fox). Really interesting stuff. I always internally felt that this was possible which is why I crank up the blocksize on all my redactions. The difference is pretty huge although, admittedly, I should just use a black bar.

Started working on a C2 program in python
- Decided I wanted a python project that will push the limits of my python knowledge so I started working on a custom C2 program.
- The point of this project is to work on it up until I’m in that zone of “I need to do more research to implement this feature”. Then doing research on what I need to learn to develop that feature, then coming back to the C2 to implement those new features.
Technically got it working, but there are lots of issues that will require refactoring a lot of how the server handles incoming beacon connections. Will probably work on this tomorrow.
- Right now the server can send commands to the beacon and when the beacon checks for instructions it will execute commands from the client machine and send the results back.

2/16/2022

Essentially re-wrote the entire C2 to be multi-threaded and added a few other features to the server infrastructure to make it a little more usable.
- Added multi-threading
- Added a better user input method (basically just a thread running that accepts user input)
- Added very basic connection management (The server will accept all incoming connections)
I’m making a conscious effort to plan out the design in a more logical way. I’m very used to making quick and dirty scripts that only need to be run a few times. Here was me brain dumping how I wanted the C2 to work.

 1
 2
 3   Server     
 4  ________    
 5  |==|=====|  
 6  |  |     |                       ______________________
 7  |  |     |       .---------.     \                     \
 8  |  |     |  ---->| Threads |----->) thread_serverListen )
 9  |  |     |       '---------'     /_____________________/
10  |  |==== |            |                      |              .-----------------------------------------------------.
11  |__|_____|            |                      '------------->| - Listens for server connections coming from beacon |
12                        |                                     '-----------------------------------------------------'
13       ^                |          ______________________
14       |                |          \                     \
15       |                '---------->) thread_getInput     )
16       |                           /_____________________/
17       |                                       |             .-----------------------------------------------------.
18       |                                       |             | - Gets input from user                              |
19       |30 seconds                             |             |  1. Help                                            |
20       |                                       |             |  2. Run (command on beacon)                         |
21       |                                       '------------>|  3. Debug                                           |
22       |                                                     |  4. clear                                           |
23       |                                                     |  5. Exit                                            |
24       |                                                     '-----------------------------------------------------'
25       |
26 Beacon      
27 ________    
28 |==|=====|  
29 |  |     |  
30 |  |     |  
31 |  |     |  
32 |  |     |  
33 |  |==== |  
34 |__|_____|  
35

Finished chapter 4 of Hacking APIs. (Again, I forgot a lot of it from my previous read)
Did some digging into some of the tools I learned about in Hacking Apis
- Wfuzz
- Arjun

2/17/2022

Watched How To Burn Out In InfoSec And What To Do Next By Corey Ham
Some of the key takeaways

> If you feel like you can't finish your work on time its most likely your boss's fault
> In an interview make sure that you're asking about the training. Companies that want to train you don't want you to leave
1. Sleep is important
2. Ask for help
3. Managing time is so important
4. Avoid social media on busy days
5. Chose your commitments carefully*
6. Spend time outside/recharging
7. Intentionally choose a diet that works for you
8. Keep phone on do not disturb
9. Compartmentalize work
10. Allow closure on projects
11. Set realistic expectations

Added Security Library to my site which is a collection of security books I’ve read and liked.
Started using LeechBlock to limit time on twitter/linkedin/*worksites*

2/18/2022

Bought plane tickets for Wild West Hacking Fest!
Cleaned up some of the code for my C2 project.

2/19/2022

Picked up a copy of Black Hat Python, 2nd Edition. Very tempted to read some tonight but I should finish my other no starch press book first…
- Welp. Ended up reading chapter 1…
Finished chapter 6 of Hacking APIs.
Read Mr.dOx’s brilliant research about using noVNC for phishing.

2/20/2022

Wrote this blog :)

Have any questions

Do you have any questions? Feel free to reach out to me on twitter. See you next Sunday. :)