Skip navigation

Category Archives: Infosec

SIPRnet Outage == Rogue Drone Strikes?

It has recently come to light that the SIPRnet infrastructure at Creech Air Force Base crashed on September 9th, but where the story gets interesting is that, in the subsequent couple of weeks, US drone strikes in various locales resulted in a LOT of collateral damage, from civilian casualities to full-on attacks against US-aligned Syrian rebels.  Creech Air Force Base is located in Nevada and most of the drone strikes around the globe are controlled from its dimly-lit command center, so there is definitely room for a theory that there is a correlation between the crash and the “rogue” drone strikes.  An upcoming “surprise” security audit (pentest) might reveal some answers, but it is unlikely that that answer will ever be unclassified. Very interesting, regardless.

One Path to Pentesting

It has been a couple of years since I discovered PentesterLab, and I continue to be impressed by their vulnerable VM exercises and the corresponding coursework offered for free, but their Pentester Boot Camp is something that anyone interested in getting into infosec (and especially pentesting) should take a look at. It uses a Try Harder-style approach whereby it gives learners just enough about a topic to dig deeper and learn for themselves.

The boot camp teaches many topics, including (but not limited to):

  • Linux (basic administration) and Scripting (Ruby/Python/Perl)
  • HTTP, including setting up a LAMP stack from scratch and writing your own HTTP client
  • DNS and whois lookups
  • Zone Transfers
  • SSL/TLS, including writing your own SSL client
  • SQLi and LFI
  • Wireshark and traffic analysis
  • iptables
  • NMAP
  • and much more

I highly recommend it, as there is something for people of any skill level.

They also have a new paid offering that looks promising, with new hands-on exercises every month, videos, PDFs and more, for around $20/month.  I’ll probably be checking that out soon.

 

PHP Backdoors Collection

Need some nice webshells?  Your target is using PHP?  Try out this collection of PHP Backdoors!