Goodbye, 2016!

I don't know why people feel the need to write something for the end of the year.

This has been a crazy year for myself and for the state of cyber security in this country and worldwide.

New attack techniques have been discovered and for the first time hackers interfered with democratic elections.

I normally hate celebrations and all the connected rhetoric but I'm graduating in cyber security next week and that seems me a perfect timing for what's going on.

Hopefully, I'm going to go back working in the field soon.

I don't know what I'm going to do or what specific role I'm going to play in this context.

I only know this is but the starting point for the career I want.

We'll see what happens.

How to automate post exploitation with a Meterpreter script

Metasploit is a powerful attacking tool, but you can get the most out of it by automating the post exploitation stage.

After getting a shell on the victim system, if you run some commands recurrently, you can use a script to run them automatically for you.

To demonstrate this, I created a script, named netapi_post.rc, where I listed the commands I wanted to be automatically run.

After that, I exploited my victim XP machine by using the multi/handler exploit, setting up windows/meterpreter /reverse_TCP as a payload (check the embedded video for more details).

How to create basic Snort IDS rules

This post follows up to Install Snort in Kali Linux, the easy way.

I am going to create some basic rules to use Snort as an IDS.

The first thing to do is defining what Snort has to protect as the Home network.

You need to edit its configuration file (/etc/snort/snort.conf) as follows:

1. Change the value of the line ipvar HOME_NET from any to your home network range (in my case, 192.168.2.0/24)
2. Change the value of the line ipvar EXTERNAL_NET from any to !$HOME_NET (in other words, uncomment the last line shown in the first below screenshot). The value of the EXTERNAL_NET variable will have to be defined as any network other than the Home network.
3. Apply customized rules by editing the file /etc/snort/rules/local.rules, as shown below.
4. Edit /etc/snort/snort.conf by adding a line that includes your customized rule file.