Podcast
PING is a relatively new, bi-weekly foray into the technical side of the Internet. Conversations include various experts who helped build the web or are helping make it function better. Each episode runs between 30-40 minutes. Explains, “This is right up there is ‘The Hedge.’ Lots of history and discussions on current state of protocols.”
TechSequences offers lively conversation on the consequences that have come along with the internet and related technologies. Discussions explore the impact these world-changing innovations have had on our lives and cultures as well as future possibilities.
Script
Find All Inbox Rules that Forward Emails Externally in Office 365 using PowerShell provides a simple way to identify the existing Outlook forwards that are directed outside your organization, so you can help proactively prevent any leak of sensitive data this might create. Thanks to the author, Embry, who explains the script will also allow you to “block or remove external forwarding configuration.”
Tutorial
Power DNS serves as a nice introduction to the official Domain Name System RFCs for those who aren’t especially familiar. It builds on some fairly basic principles with the goal of providing an easier entrypoint for understanding this protocol.
Threat Hunting
lucky-luk3/Grafiki: A sysmon tool for build more complex graphs to help your hunting analysis.
alexandreborges/malwoverview: Malwoverview.py is a first response tool for threat hunting, which performs an initial and quick triage of malware samples, URLs, IP addresses, domains, malware families, IOCs and hashes.
sk4la/plast: Modular command-line threat hunting tool & framework.
SQL Injection Tools
sqlmapproject/sqlmap: An automatic SQL injection and database takeover tool.
kleiton0x00/Advanced-SQL-Injection-Cheatsheet: A cheat sheet that contains advanced queries for SQL Injection of all types.
the-robot/sqliv: A massive SQL injection vulnerability scanner
nearform/sql: SQL injection protection module
Azure Tools
Azure/Azure-Sentinel: Cloud-native SIEM for intelligent security analytics for your entire enterprise.
cloud-custodian/cloud-custodian: Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
nccgroup/ScoutSuite: Multi-Cloud Security Auditing Tool
Free Tool
ping.pe is a nice ping/MTR combination for troubleshooting connectivity problems. Includes a TCP port checker and DNS diagnostics with dig from multiple locations. Explains, “I work for an ISP so I’m often looking at routing on a more global level – what route is traffic taking inbound, what loss exists and where, are neighbour networks accepting route advertisements, etc. I’ll often start with ping.pe to get a general overview, and then start digging into public route servers from there.”
NAPS2 (Not Another PDF Scanner 2) is a simple tool for scanning documents to PDF (as well as other file types). This one-click scanner allows you to rotate, crop and rearrange scans and includes an integrated OCR. There’s also an optional CLI that can help with automation and scripting, an MSI installer and application-level configuration available for group policy (GPO) deployment, plus portable archives available with no installation required. Describes it as a “very quick/simple-to-use PDF scanning tool, newbie friendly.”
Windows Terminal is a fast, powerful, open-source modern terminal application for command-line tools and shells like Command Prompt, PowerShell and WSL. Features include support for multiple tabs, panes, Unicode and UTF-8 characters; a GPU-accelerated text-rendering engine; and custom themes, styles and configurations. Adds, “Combined with WSL2 and your choice of Linux distro, it’s nice to work in a Linux shell instead of command prompt sometimes. Windows Terminal gives you both in the same window. I spend most of my time doing network troubleshooting in Linux instead of cmd.”
PerigeeCopy is an answer to some of the annoying limitations of the built-in file operations of Windows Explorer. This configurable Win32 shell extension lets you copy, move and delete files and more with the ease of the Explorer GUI. Calls it a “great copy/paste utility. Allows you to automatically rename files if you’re copying or moving them.”
CrystalDiskInfo is an HDD/SSD utility for reading and monitoring disk status. Provides detailed information on the disk, gives you a snapshot of the health of your drive and detects and prevents disk errors. Describes it as “one of the most dependable SMART utility tools I’ve used and easily portable.”
WakeMeOnLan allows you to remotely turn on computers by sending a wake-on-LAN packet. Once you’ve allowed the utility to scan your network to collect the MAC addresses of all the machines, you can remotely trigger any computer with one click. Also works from the command line.
Invidious is an open-source, multiligual alternative front-end for YouTube that can protect your users from Google’s spying and ads. Allows users to subscribe and create playlists without a YouTube account and also offers a developer API.
WANem is a wide area network emulator for application testing over a LAN environment. WANem allows you to set up a transparent application gateway to simulate WAN characteristics like network delay; packet loss, corruption or reordering; disconnections; jitter etc. Can be used to test data/voice applications in a realistic WAN environment. Adds, “WANem works well, we have it set up in a virtualized environment. When we need it, it’s as simple as connecting up a few virtual links inline of a server to play around with different scenarios.”
Syncthing is a fully secure, open-source file synchronization program. Syncs files between two or more computers in real time with no central server involved—thus ensuring complete privacy.
VeraCrypt is a highly secure, open-source disk encryption solution. This multiplatform software adds enhanced security to the encryption algorithms that allow it to resist new developments in brute-force attacks as well as solving many of the vulnerabilities and security issues found in other products. Describes it as “more secure [than Cryptomator], but requires FUSE.”
Tablacus is a lightweight, open-source Windows utility program featuring an extensible tabbed file manager. But it’s more than just a file explorer, as explains, “Almost like a sandboxed way of running your elevated credentials so you don’t have to swap to another computer or VM just to elevate… You get context menus, toolbars, tabs, script controls and more. It is great for sys admins to run in their regular profile while protecting their elevated creds.”
Magical Jelly Bean is a simple utility for retrieving the original Product Key (cd key) that was used to install Windows from the registry file.
Zoiper is a multi-platform VoIP application for 3G or WiFi. This ad-free softphone offers a simple GUI and quality audio, while using little memory and CPU—which makes it a good choice for older hardware. Compatible with most VoIP service providers and PBXs. Includes it among the “tools I love.”
Disk Inventory X is a Mac disk usage utility that displays the sizes of your files and folders in graphical treemaps. Can help you discover what’s using up all your available space. Describes it as “similar to Space Sniffer. Helpful for getting a visual overview of your disk usage and cleaning up the disk.”
Training Resource
The XY Problem explains a simple strategy for understanding how to avoid chasing after a misguided plan, partial fix or workaround that just wastes time. Can help improve your troubleshooting and people management skills to more quickly achieve an optimal outcome. Adds, “it’s really helped me understand that I’m worried too much about what other people think they want and how we can help them get what they want even if we have to put up with lack of listening and tantrums of wanting their own way.”
