[/blogfolio]

SANS SEC504 | GIAC GCIH PT.2

    I've completed reading the books multiple times. My index is almost done. The goal is to not use the books...too much. I got through the practice without em.

    After the exam I will share my index and method for study given no issues like failure come up.

    Update: Index is now available via hyperlink above. Each color corresponds to the book-day that contains the entry. The Index document is in NO WAY a relfection of the amount of information provided from the SANS instruction and/or books. This is simply an index of information that I way need to reference come certification test time. With that being said.... your Index should be 4-5 times bigger IF you don't have a good amount of the information stored in your brain. My Index will continue to be updated until the test is complete. Peace.

  • uhBuford
  • July, 2024

What applications for Web Apps Ethical testing?!

    In the realm of cybersecurity, having a robust toolkit for web application security assessment is crucial. Here are some of the most effective open-source tools that can help infosec professionals identify and mitigate vulnerabilities in web applications.

    1. **OWASP ZAP (Zed Attack Proxy)**
       - A popular tool maintained by the Open Web Application Security Project (OWASP).
       - Features automated scanners and a set of tools for finding security vulnerabilities in web applications.
       - Suitable for beginners and advanced users.

    2. **Burp Suite Community Edition**
       - The free version of the Burp Suite from PortSwigger.
       - Includes essential manual testing tools.
       - Can be extended with plugins to add more functionalities.

    3. **Nikto**
       - A command-line tool that scans web servers for vulnerabilities.
       - Detects outdated versions of web servers and identifies various security issues.

    4. **Wapiti**
       - A command-line tool that performs black-box scans of web applications.
       - Scans for a variety of vulnerabilities, including XSS, SQL injection, and file disclosure.

    5. **Arachni**
       - A feature-rich, high-performance web application security scanner framework.
       - Supports both command-line and web interfaces.
       - Extensible with custom scripts and plugins.

    6. **Vega**
       - A free and open-source web security scanner and testing platform.
       - Includes an automated scanner for quick assessments and a proxy for manual testing.

    7. **W3af (Web Application Attack and Audit Framework)**
       - An open-source web application security scanner.
       - Combines black-box scanning with a variety of plug-ins for different types of vulnerabilities.

    8. **OWTF (Offensive Web Testing Framework)**
       - Aimed at making penetration testing more efficient.
       - Integrates with other tools and automates many testing tasks.

    9. **SQLMap**
       - An open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws.
       - Features a powerful detection engine and many niche options for the ultimate penetration tester.

    10. **Metasploit Framework**
        - While primarily known for exploitation, it includes tools for web application scanning and exploitation.
        - Extensible with a wide range of modules for various tasks.

    These tools can help in identifying and mitigating security issues in web applications. Always ensure to use these tools ethically and only on systems where you have explicit permission to test.


  • uhBuford
  • Jul, 2024

SANS SEC504 | GIAC GCIH

My server is too loud.

    So I fixed it without modifying the hardware. The IP is the IP address of the Poweredge server. Username and passsword are those setup for iDRAC. Yes, I-DRAC @ home. Pro Tip: | Have a homelab that allows you to test what you 'might' want to implement at work. Group policy updates, pushing network scripts, etc can all be practiced in the safety of your own env... because of the advances of technology [cheap enterprise hw@home]. It comes down to life choices based on what is considered important. In grade school I traded my holo-pokemon cards for $. $ I used to buy a ugly-funky-wobbly thinkpad then taught myself from that day on. YOU CAN BE AWESOME IF YOU FOCUS! "No time like the present". Ok, i'm done. Read up.

    ##Fan control enable## ipmitool -I lanplus -H 192.168.1.209 -U root -P PASSWORD raw 0x30 0x30 0x01 0x00 ##Make the fans silent @ 20%## ipmitool -I lanplus -H 192.168.1.209 -U root -P PASSWORD raw 0x30 0x30 0x02 0xff 0x14

  • uhBuford
  • May, 2024
SAN SEC 504 I choose you.

    I'm in study mode for most of this week and will not be able to assist much. As always, feel free to send me your inforsec questions. GIAC GCIH soon hopefully!

  • uhBuford
  • May, 2024

We made a public minecraft server. Moderated in survival mode.

DJI Mini 2 SE gimbal mount upgrade

    The DJi Mini 2 SE has a huge flaw. The camera gimbal is flimsy, comes apart easy, and costs approximately $80-120 to have repairs "professionally done. I opt'd to design a mount that attaches to the oem location under the gimbal dampener mount and provides the stability required while allowing for full travel of movement in every direction.

    As you can clearly see I am many many MANY versions in and am not sure where this will end up. Best of luck to myself.

    Printing another one...

    Version 3.0~ish. Seems pretty weak. Decent concept to improve on though.

  • uhBuford
  • Feb, 2024

I'm going to switch back to Ubuntu as a daily driver

    Because i'm so damn tired of Windows just installing bull$#!@ whenever it wants.

  • uhBuford
  • Jan, 2024

Back with a new page

The pursuit

    In the digital realm, where circuits hum,
    Dwell minds unique, where thoughts do come.
    In the cyber sea, where bytes align,
    Lives a world where differences shine.
    
    For some, the dance of social grace,
    Is a labyrinth, a daunting space.
    Neurodivergent souls traverse,
    Navigating with minds diverse.
    
    In pixels and code, they find their home,
    Where judgments fade, and they can roam.
    Yet, in the dance of human interaction,
    They may find challenge, a subtle distraction.
    
    Misunderstood, they often feel,
    As social cues, they struggle to reel.
    In the whirlwind of conversations fast,
    They may find themselves outcast.
    
    But let us pause, and take a glance,
    Beyond the surface, give them a chance.
    For in their minds, brilliance gleams,
    Innovative thoughts, vibrant dreams.
    
    Their quirks and idiosyncrasies,
    Are part of what makes them, if you please.
    So let's embrace their unique way,
    And make room for them in the cyber fray.
    
    For in understanding, we may find,
    That differences enrich humankind.
    So let's build a world where all belong,
    Inclusion, acceptance, our hearts' song.
    
  • uhBuford

Hide my plaques inside the closet, I just can't explain it.

    Actually I can. It's life. In life new accomplishments mean more to me. Also, there isn't much space for all that noise on the walls. It is motivation, for the kids, to keep pushing.

  • uhBuford
  • Febz, 2024

What is my trick to staying certified?!

    Never let them expire and use continuing education to my advantage. Never stop learning! Your SANS CEUs can be used for Comptia and/or isc, etc. DYOR.

    Hey! Guess what?!, new banner! bam, in your face.

  • uhBuford
  • Febz, 2024

I'm GIAC GSOC certified now!

    I supposed the study time and SANS SEC450 6 day "bootcamp" did help. To each their own. I learn better on my own.

    Now back to securing the world I love.

  • uhBuford
  • Jan, 2024