Hero Image
Cyber Security Notes

My notes on Notion (backup link) I take notes using Notion. Lots of commands, tools, hints, and tips. Over 72,000 words so far! Screenshot as of October 2021:

    Monday, March 7, 2022 | 1 minute Read
    Hero Image
    MITRE D3FEND - Security BSides London Talk

    Back in November I gave a talk at Security BSides in London about MITRE’s D3FEND framework. Audio is a bit off until 1:27, then it’s fine. Watch it here:

    Monday, January 10, 2022 | 1 minute Read
    Hero Image
    Creating an HMI in CODESYS

    Introduction Learning CODESYS Temperature Control HMI Code Variables HMI Simulation Comments? Introduction Until now I’ve used OpenPLC for all my PLC (ladder logic) projects, as it’s very user-friendly and it makes using an Arduino as a PLC very simply. However, as I was studying LL and ST, another piece of software kept being mentioned - CODESYS. According to CODESYS, they are “the leading manufacturer-independent IEC 61131-3 automation software for engineering control systems”.

    Monday, October 18, 2021 | 3 minutes Read
    Hero Image
    HoneyBOT (pcap Analysis)

    https://cyberdefenders.org/labs/45 Contents Description Tools Questions 1. What is the attackers IP address? 2. What is the targets IP address? 3. Provide the country code for the attackers IP address (a.k.a geo-location). 4. How many TCP sessions are present in the captured traffic? 5. How long did it take to perform the attack (in seconds)? 6. No question 6 . . . 7. Provide the CVE number of the exploited vulnerability. 8.

    Monday, October 11, 2021 | 5 minutes Read
    Hero Image
    Structured Text in OpenPLC

    Introduction Structured Text Project Examples Two-Button Latching Circuit One-Button Latching Circuit with Emergency Stop Playing with Timers Steady(ish) State (e.g Temperature) Comments? Introduction After playing around with ladder logic (LL) in OpenPLC, I wanted to get a basic grip of structured text (ST). While LL is a visual method of programming PLCs, ST is a C-like language for programming PLCs, featuring well-know coding functions such as IF and WHILE.

    Monday, September 27, 2021 | 7 minutes Read
    Hero Image
    Arduino as a PLC with OpenPLC and Ladder Logic

    Introduction Getting It All Working Installation First Project Video Walkthrough Project Examples Two-Button Latching Circuit One-Button Latching Circuit with Emergency Stop Playing with Timers Steady(ish) State (e.g Temperature) Comments Introduction PLCs (programmable logic controllers) are used within the operational technology (OT) space, such as in the industrial control systems (ICS) that manage manufacturing, energy generation, and robotics. PLCs are often integrated into SCADA systems, where a PLC is used to monitor inputs (e.

    Monday, September 20, 2021 | 5 minutes Read
    Hero Image
    Network Analysis - Web Shell

    https://blueteamlabs.online/home/challenge/12 Contents Introduction Questions What is the IP responsible for conducting the port scan activity? What is the port range scanned by the suspicious host? What is the type of port scan conducted? Two more tools were used to perform reconnaissance against open ports, what were they? What is the name of the php file through which the attacker uploaded a web shell? What is the name of the web shell that the attacker uploaded?

    Monday, September 6, 2021 | 6 minutes Read
    Hero Image
    XLM Macros (Document Analysis)

    https://cyberdefenders.org/labs/55 Contents Description Helpful Tools Questions 1: Sample1: What is the document decryption password? 2. There is no question 2 . . . 3: Sample1: This document contains six hidden sheets. What are their names? Provide the value of the one starting with S. 4: Sample1: What URL is the malware using to download the next stage? 5: Sample1: What malware family was this document attempting to drop? 6: Sample2: This document has a very hidden sheet.

    Wednesday, September 1, 2021 | 6 minutes Read
    Hero Image
    L'Espion (OSINT)

    https://cyberdefenders.org/labs/73 Contents Description Questions 1: Github.txt: What is the API key the insider added to his GitHub repositories? 2: Github.txt: What is the plaintext password the insider added to his GitHub repositories? 3: Github.txt: What cryptocurrency mining tool did the insider use? 4: What university did the insider go to? 5: What gaming website the insider had an account on? 6: What is the link to the insider Instagram profile? 7: Where did the insider go on the holiday?

    Tuesday, August 17, 2021 | 5 minutes Read
    Hero Image
    Log Analysis - Privilege Escalation

    https://blueteamlabs.online/home/challenge/4 Contents Introduction Questions What user (other than ‘root’) is present on the server? What script did the attacker try to download to the server? What packet analyzer tool did the attacker try to use? What file extension did the attacker use to bypass the file upload filter implemented by the developer? Based on the commands run by the attacker before removing the php shell, what misconfiguration was exploited in the ‘python’ binary to gain root-level access?

    Monday, August 9, 2021 | 3 minutes Read
    Hero Image
    Six Months as a SOC Analyst - My Top Three Tips

    Introduction It’s already been six months since I started my journey as a Security Analyst (time flies!) so I thought I’d share some thoughts to help other aspiring SOC Analysts. I started with no professional IT experience, only a lifelong interest. My background was primarily in engineering. I prepared for an infosec role by doing CompTIA Security+ and Blue Team Level One certifications (review here), playing around on TryHackMe and with Security Onion, and generally learning as much as possible.

    Sunday, July 25, 2021 | 8 minutes Read
    Hero Image
    AfricaFalls (Disk Image Forensics)

    https://cyberdefenders.org/labs/66 Contents Introduction Tools Preparation Questions #1: What is the MD5 hash value of the suspect disk? #2: What phrase did the suspect search for on 2021-04-29 18:17:38 UTC? #3: What is the IPv4 address of the FTP server the suspect connected to? #4: What date and time was a password list deleted in UTC? #5: How many times was Tor Browser ran on the suspects computer? #6: What is the suspects email address?

    Sunday, July 18, 2021 | 6 minutes Read