Saturday, August 24, 2019

Demon Linux Updated

It's Finally Here!

Demon Linux has finally been updated. I updated the UI/UX and built this image from scratch which includes,
  • New icons and a fresh new look
  • New tools and apps installed by default
  • New UI/UX features
  • Built from Debian Buster
  • New Linux Kernel
  • New menu and keyboard commands
  • Added hardware support
  • Updates to all system features, including VMWare installation tools and options.




The Demon Linux App Store is a brand new project that I integrated directly into the ISO. I have been thinking about this for as long time now and finally decided to put forth the effort to make the UX stand out above the rest. This is still new, though and still a WIP (hence the "BETA" language everywhere ...). Because this is still in BETA form, I highly recommend running the Demon App Store from the terminal to look out for any errors that may occur. /usr/local/sbin/demon-app-store.sh

If you'd like to see any apps (that are not already available in the Debian repositories) added to The Demon Linux App Store, please let me know via email (weaknetlabs)at Gmail.

Demon Linux Installer

The installer was completely updated to use GRUB2, Debian Buster, let the user choose the kernel, and it's self maintained (will update before each run) as I have separated it into two parts.


Download Demon Linux

If you'd like to give my ISO a spin, please head over to the Demon Linux Official Site and download it for free. If you would only like to check out the included projects, you can get them from my GitHUB page,

Code repository for Demon Linux Installer
Code repository for Demon Linux App Store

Thank you, friends. I hope that you are all doing well.
~Douglas

Friday, January 25, 2019

The Grimoire of Demonology

The Demon 😈

Well, WNL8 will be my final version of WeakNet LINUX- for a long time at least. This new project is built from XFCE and contains all of the same great tools (well, I am still building this out as you're reading this) as WeakNet LINUX.



You can skip the TL;DR and go right over to DemonLinux.com to grab a copy or read more about the distribution. As for the UI/Theme/Idea - I can't say that I wasn't inspired by the world's most beautiful car :)

The development process for Demon was staggering and trying. I almost about gave up on the project so many times while trying to move my arms fast enough to balance and maintain what I later learned was a house of cards. I honestly tried to attribute the plight to the name of the distribution; 😈. Choosing XFCE, Debian Stretch, the file manager, the theme, making customizations and altering items, all, was a painstaking process which required many hours of testing and development. I ditched window managers and started the project over at least 4 times before realizing that the Buster version of Debian itself was creating it's own problems.

In fact, a lot of issues even arose from the fact that we are in the middle of several releases of Python, all of which are required for the various InfoSec-related tools. Lots of popular frameworks and tools for InfoSec have a ton of dependencies and strange quirks for getting up and running. My job is to build them all out for you and have them ready so that you don't have to - you can just dive in and start hacking.

So, I have been thinking over moving away from WeakNet LINUX for a long while now and my brother gave me the inspiration when he mentioned that the UI/UX shouldn't be the learning curve for my users, no, it should be the information security and technical stuff. WeakNet LINUX was targeted at advanced Linux users. So, with that advice, I decided to offer the new UI/UX with a whole new look, feel, branding, and all for a new year, 2019. Something easy-on-the-eyes and easy to use. My favorite part of the UX is the WIN key to search :) It's so fast.

The Grimoire

I am currently studying for the world's hardest test and I have been using PWK, HacktheBox.eu, VulnHub.com, and Udemy.com as resources. This is very good advice for anyone interested in one day entering the field of information security/IT - as I am now constantly learning new things. I LOVE HacktheBox.eu. It's quite similar PWK labs from Offensive Security, but a lot less expensive, ~$100 annually, plus there are a lot of great things to do besides CTF/Boot to root/Penetration testing. On the right pane of this weblog you can see my badge and progress in the labs. It is updated in real time.

Anyways, with all of this said, I couldn't help but to take an actual tome of notes and my own scripts and code of my travels (notes go a long way) and I also couldn't help but to share them. So, I present my latest side-project, The Grimoire.

The Grimoire is a lot of things - a repository of specially crafted code for enumeration, digital forensics, and penetration testing. Oh, and did I mention a boat load of notes? Notes, notes, notes, and cheat sheets.


I truly feel that the only way I am going to beat this upcoming test is to stick to a strict methodology, a flow chart if you will, to which I can ensure that no step is missed during enumeration. This is my philosophy to the mantra, "try harder." Anyways, this repository can be used in any OS. I tried to list any dependency for any of the script that I made within the script itself as comments or notes. Just look at how committed I am to my notes,

Mentioned Resources

I am currently enveloped in the following mentioned resources,
  • Offensive Security - PWK
  • HacktheBox.eu
  • Udemy.com
    • Hands-On Penetration Testing Labs 2.0 (Link)
    • Kali Linux Web App Pentesting Labs (Link)
    • Certified Wireless Security Professional (CWSP from CWNP) (Link)
  • VulnHUB.com (Link)

And I highly recommend all of them.

Thanks for stopping by,
~Douglas

Saturday, October 20, 2018

Updates, Updates, Updates...

WeakNet LINUX

Hello everybody! A couple days ago I announced on Twitter and Facebook the latest WeakNet LINUX update was released and I am already working on update 9. This update includes the following software for your VMs:
 1. Seth, RDP tool (GitHUB)
 2. KeepNote (Debian APM)
 3. Dradis CE (GitHUB)
 4. ACLPwn (GitHUB)
 5. VEGA (WNL)
 6. Johnny (GitHUB)
 7. Nemesis
 8. NMAP compiled / installed and Debian APM version removed
 9. Cool Retro Terminal (GitHUB)
 10. MassScan
 11. Nikto2 (CIRT.net)
 12. ByteForce (WeakNet Labs/GitHUB)

 X. UI Updates
  a. New Icons
  b. Wallpapers
  c. Desktop menu update

New Tutorials Mini Series

I want to first apologize up front for not having a good setup to record my voice and screen at the same time. I just can't justify the cost of the hardware and software at the moment, so please bear with the poor audio. I did order a new microphone, but the software I am using ONLY allows me to record 5 minutes at a time as a license restriction. If anyone has any suggestions for great screen capture software, I really could use some. I use an AverMedia LGP2 for gaming that I might try to apply to these tutorials in hopes that the quality is much better. It just seems like a pain the rear to get it up and running for such a simple task :)

Anyways, these videos cover how to make a mini SIEM for web application and web service monitoring. If you enjoy them, please





Conferences

I just returned from some pretty awesome conferences, the Three Rivers Information Security Symposium, and Splunk> .conf18 in sunny Orlando Florida.

Let's start with the Bad and the Ugly

At the incredibly disorganized and poorly planned Splunk> conference, I attended the Splunk> Fundamentals 2 course- which wasn't good. I don't recommend it if you are up in the air due to it's ridiculous cost. It covered subjects and areas that you would have already discovered and adventured to if you were seriously using Splunk> after passing the Fundamentals 1 exam. It was also very cramped in the room. We had to share long tables with many people, so I literally had just enough space on the table for my laptop and was sitting on the end side of the table. This means, I had to stand up and pull in each time someone wanted to leave the room. The teacher made a massive amount of stupid mistakes during her lessons. In fact, some of them were repeated all the way to the end of the training and the students in the classroom were constantly telling her to do it correctly before she even noticed the issue. Then, on the last day of training, another teacher stepped in to show us a lesson and he was foreign, which is okay, but, I didn't understand a word he was saying and other students sitting by me were asking me what he was saying. I don't get it.

This is the awesome right here: after the exam, the teacher announced that anyone who took the Fundamentals 2 course in the past failed or struggled in the third course- ? It's like a disclaimer stating that the Fundamentals 2 course is pointless. Also, they surprised us by saying that the exams are no longer open book and require us to pay and go to specialized testing facilities to take them. That's a bit disheartening considering that the Fundamentals 1 exam had a lot of questions that were not in the training materials. She also, that our current certificates are now dated because of this new change. I don't have any good opinions about that company, but that is not what this blog is for.

As far as the conference itself, it was very disorganized.It seems like they were greedy and allowed too many people to attend. This made the experience rather annoying as it was forced to span several resorts- good luck running from the Swan resort to the Boardwalk resort between sessions when it's 90 degrees and super humid. Most of the sessions that I wanted to attend, I couldn't because they were full, and the hoodie size that both me and my coworker reserved, were not really reserved and all out. These are just few examples of why too many people make a conference a bad idea. I won't be attending the next Splunk .conf in Vegas even if it is free.

The Good

The Three Rivers Information Security Symposium, TRISS, is an incredible event. This years was the 3rd inaugural event. The first TRISS started in a classroom in Robert Morris University. The second year, TRISS grew and was held at the large conference room at the Double Tree Hotel, and the third - this year - TRISS was massive. It was held at the Monroeville Convention Center and had 3 rooms of sessions all day. This event blows my mind, to be honest. It's very well organized, contains talks by infosec professionals from all around the Western PA area, has TONS of sponsors (who give the swag and buy the food), and gives us a chance to network with individuals in our profession that are local. I, honestly, enjoyed this conference every time it was held. I wouldn't miss it for another.

If you are an InfoSec individual in the surrounding area, I would highly recommend asking your employer to send you to this conference.


Thanks for stopping by.
~Douglas