Friday, January 25, 2019

The Grimoire of Demonology

The Demon 😈

Well, WNL8 will be my final version of WeakNet LINUX- for a long time at least. This new project is built from XFCE and contains all of the same great tools (well, I am still building this out as you're reading this) as WeakNet LINUX.



You can skip the TL;DR and go right over to DemonLinux.com to grab a copy or read more about the distribution. As for the UI/Theme/Idea - I can't say that I wasn't inspired by the world's most beautiful car :)

The development process for Demon was staggering and trying. I almost about gave up on the project so many times while trying to move my arms fast enough to balance and maintain what I later learned was a house of cards. I honestly tried to attribute the plight to the name of the distribution; 😈. Choosing XFCE, Debian Stretch, the file manager, the theme, making customizations and altering items, all, was a painstaking process which required many hours of testing and development. I ditched window managers and started the project over at least 4 times before realizing that the Buster version of Debian itself was creating it's own problems.

In fact, a lot of issues even arose from the fact that we are in the middle of several releases of Python, all of which are required for the various InfoSec-related tools. Lots of popular frameworks and tools for InfoSec have a ton of dependencies and strange quirks for getting up and running. My job is to build them all out for you and have them ready so that you don't have to - you can just dive in and start hacking.

So, I have been thinking over moving away from WeakNet LINUX for a long while now and my brother gave me the inspiration when he mentioned that the UI/UX shouldn't be the learning curve for my users, no, it should be the information security and technical stuff. WeakNet LINUX was targeted at advanced Linux users. So, with that advice, I decided to offer the new UI/UX with a whole new look, feel, branding, and all for a new year, 2019. Something easy-on-the-eyes and easy to use. My favorite part of the UX is the WIN key to search :) It's so fast.

The Grimoire

I am currently studying for the world's hardest test and I have been using PWK, HacktheBox.eu, VulnHub.com, and Udemy.com as resources. This is very good advice for anyone interested in one day entering the field of information security/IT - as I am now constantly learning new things. I LOVE HacktheBox.eu. It's quite similar PWK labs from Offensive Security, but a lot less expensive, ~$100 annually, plus there are a lot of great things to do besides CTF/Boot to root/Penetration testing. On the right pane of this weblog you can see my badge and progress in the labs. It is updated in real time.

Anyways, with all of this said, I couldn't help but to take an actual tome of notes and my own scripts and code of my travels (notes go a long way) and I also couldn't help but to share them. So, I present my latest side-project, The Grimoire.

The Grimoire is a lot of things - a repository of specially crafted code for enumeration, digital forensics, and penetration testing. Oh, and did I mention a boat load of notes? Notes, notes, notes, and cheat sheets.


I truly feel that the only way I am going to beat this upcoming test is to stick to a strict methodology, a flow chart if you will, to which I can ensure that no step is missed during enumeration. This is my philosophy to the mantra, "try harder." Anyways, this repository can be used in any OS. I tried to list any dependency for any of the script that I made within the script itself as comments or notes. Just look at how committed I am to my notes,

Mentioned Resources

I am currently enveloped in the following mentioned resources,
  • Offensive Security - PWK
  • HacktheBox.eu
  • Udemy.com
    • Hands-On Penetration Testing Labs 2.0 (Link)
    • Kali Linux Web App Pentesting Labs (Link)
    • Certified Wireless Security Professional (CWSP from CWNP) (Link)
  • VulnHUB.com (Link)

And I highly recommend all of them.

Thanks for stopping by,
~Douglas

Saturday, October 20, 2018

Updates, Updates, Updates...

WeakNet LINUX

Hello everybody! A couple days ago I announced on Twitter and Facebook the latest WeakNet LINUX update was released and I am already working on update 9. This update includes the following software for your VMs:
 1. Seth, RDP tool (GitHUB)
 2. KeepNote (Debian APM)
 3. Dradis CE (GitHUB)
 4. ACLPwn (GitHUB)
 5. VEGA (WNL)
 6. Johnny (GitHUB)
 7. Nemesis
 8. NMAP compiled / installed and Debian APM version removed
 9. Cool Retro Terminal (GitHUB)
 10. MassScan
 11. Nikto2 (CIRT.net)
 12. ByteForce (WeakNet Labs/GitHUB)

 X. UI Updates
  a. New Icons
  b. Wallpapers
  c. Desktop menu update

New Tutorials Mini Series

I want to first apologize up front for not having a good setup to record my voice and screen at the same time. I just can't justify the cost of the hardware and software at the moment, so please bear with the poor audio. I did order a new microphone, but the software I am using ONLY allows me to record 5 minutes at a time as a license restriction. If anyone has any suggestions for great screen capture software, I really could use some. I use an AverMedia LGP2 for gaming that I might try to apply to these tutorials in hopes that the quality is much better. It just seems like a pain the rear to get it up and running for such a simple task :)

Anyways, these videos cover how to make a mini SIEM for web application and web service monitoring. If you enjoy them, please





Conferences

I just returned from some pretty awesome conferences, the Three Rivers Information Security Symposium, and Splunk> .conf18 in sunny Orlando Florida.

Let's start with the Bad and the Ugly

At the incredibly disorganized and poorly planned Splunk> conference, I attended the Splunk> Fundamentals 2 course- which wasn't good. I don't recommend it if you are up in the air due to it's ridiculous cost. It covered subjects and areas that you would have already discovered and adventured to if you were seriously using Splunk> after passing the Fundamentals 1 exam. It was also very cramped in the room. We had to share long tables with many people, so I literally had just enough space on the table for my laptop and was sitting on the end side of the table. This means, I had to stand up and pull in each time someone wanted to leave the room. The teacher made a massive amount of stupid mistakes during her lessons. In fact, some of them were repeated all the way to the end of the training and the students in the classroom were constantly telling her to do it correctly before she even noticed the issue. Then, on the last day of training, another teacher stepped in to show us a lesson and he was foreign, which is okay, but, I didn't understand a word he was saying and other students sitting by me were asking me what he was saying. I don't get it.

This is the awesome right here: after the exam, the teacher announced that anyone who took the Fundamentals 2 course in the past failed or struggled in the third course- ? It's like a disclaimer stating that the Fundamentals 2 course is pointless. Also, they surprised us by saying that the exams are no longer open book and require us to pay and go to specialized testing facilities to take them. That's a bit disheartening considering that the Fundamentals 1 exam had a lot of questions that were not in the training materials. She also, that our current certificates are now dated because of this new change. I don't have any good opinions about that company, but that is not what this blog is for.

As far as the conference itself, it was very disorganized.It seems like they were greedy and allowed too many people to attend. This made the experience rather annoying as it was forced to span several resorts- good luck running from the Swan resort to the Boardwalk resort between sessions when it's 90 degrees and super humid. Most of the sessions that I wanted to attend, I couldn't because they were full, and the hoodie size that both me and my coworker reserved, were not really reserved and all out. These are just few examples of why too many people make a conference a bad idea. I won't be attending the next Splunk .conf in Vegas even if it is free.

The Good

The Three Rivers Information Security Symposium, TRISS, is an incredible event. This years was the 3rd inaugural event. The first TRISS started in a classroom in Robert Morris University. The second year, TRISS grew and was held at the large conference room at the Double Tree Hotel, and the third - this year - TRISS was massive. It was held at the Monroeville Convention Center and had 3 rooms of sessions all day. This event blows my mind, to be honest. It's very well organized, contains talks by infosec professionals from all around the Western PA area, has TONS of sponsors (who give the swag and buy the food), and gives us a chance to network with individuals in our profession that are local. I, honestly, enjoyed this conference every time it was held. I wouldn't miss it for another.

If you are an InfoSec individual in the surrounding area, I would highly recommend asking your employer to send you to this conference.


Thanks for stopping by.
~Douglas

Wednesday, April 25, 2018

WeakNet LINUX Update #6 - HUGE

Updating Your VMs



This update could not have come at a sooner time! :) If you have an installed VM, I highly recommend deleting it from disk and start anew. I mean, that's the beauty of virtualization, amirite? But, some won't like that, and if you are one of those folks, just a warning - you may have to run the updater tool from the command line as so,

wnl8:~# wnl-update.sh

Thank you @Yas3r for the report on this issue. What I did was, retroactively went back through the previous updates, 1-5, and fixed some of the bugs there too. That's why I recommend doing this update from version 1. I have tested this update process, starting from 1 and going to 6, 4 times now and I have not hit any snags. If the OS updater tool that I made fails, it will not write the current version to your FS in /etc/wnl/version and thus can be executed again. This was done purposefully for those with unstable internet connections, etc.

Theme and UI Changes

The Theme was completely revamped for the UI. I structured it better and made things slightly smaller for screens with higher DPI. Alos, the bigger menu padding and window buttons accommodate touch screens a lot nicer. After running this update, you will also have to run, Desktop Menu->UI Config->Restart UI for the new UI to take effect. I am unsure how to do this programmatically using Fluxbox without killing it and couldn't find good documentation on it. Here is a close up image of the new Menu Theme,








You can click on any image above to view it in full size.

Change/Update Log

The updates include the following,
  • GetMalIPData (WeakNetLabs / GitHUB)
  • GoPhish Phishing Framework (GitHUB)
    • Startup script (WeakNetLabs)
  • Flasm
  • Random BUG fixes for dependencies
  • Binwalk
  • Radare2
  • Crunch
  • OWASP-ZSC
  • Vulners-Agent (GitHUB)
    • WeakNet Labs start-vulners script
  • VNC Viewer
  • IRSSI Startup Script
  • MITMF (GitHUB)
  • Removed menu referenece to "Bulk Extractor" as it is broken.
  • Credgrap_IE_EDGE PS1/Post exploitation script (GitHUB).
  • Frida (Reverse Engineering / Info Sec Tools) (PIP).
  • Credking (GitHUB)
  • tInfoLeak (GitHUB)
  • Bandit Python Secure Code Analysis Tool (PIP)
  • Slack Communication Tool (slack.com)
  • UI updates
    • Icons
    • Theme
    • Pixmaps
    • Menu
    • Updated Power Management Application
  • HUGE amount of BUG fixes!!


Thank you for your Support

The amount and utility of resources that I pack into these updates is crucial to WeakNet LINUX's success. Now, with that being said, I need to hear from more of you all about new tools, tools that you use every day for Information Security related tasks, and UI/UX suggestions to keep this project on top and of the highest quality. I am currently working on a few other small projects in my GitHUB as well that I want to integrate into the distribution's updates, including tools that I use / require on a daily basis as an information security engineer.

I am only one single dude on this entire project and I have little free time lately. So, please, if you enjoy the project - be patient with me and consider writing reviews online or telling your colleagues and hacker friends where this distribution lies among the rest for penetration testing! The only thing I ask in return is simply spreading the word of this OS so we can gather even more feedback and build it even better in updates, ISO, or future releases!

I really want to make a new splash page for WeakNet LINUX and remove the downloads and pages from this web blog site as soon as I can. I will be hosting the pages myself and it will have a stronger, more professional presence with goals, missions, etc outlined in a much clearer manner. So, stay tuned to my FaceBook and Twitter feeds (can be found on the right nav bar here) if not already for those upcoming updates!

~Douglas