Latest Posts
How To Bypass xlsx Spreadsheet Protection
Introduction The problem you’ve encountered is you have an .xlsx file that has password-protected data inside and you need to get at that information. I encountered this scenario while attacking the Search machine on Hack The Box and, as such, this post will contain spoilers for the retired machine. In…
Read more
BloodHound: Incompatible Collector
Problem If you’re having problems with your SharpHound output uploading to BloodHound, you may be victim of an old version/new version incompatibility. “File created from incompatible collector” and “NaN%” are super frustrating, particularly because you’ll only come across this roadblock when you’re in the throes of an engagement. In my…
Read more
Quick Hit: windows-exploit-suggester.py Won’t Read .xlsx Database
Problem windows-exploit-suggester.py isn’t reading the database file generated from the –update. It claims it doesn’t support xlsx files even though I ran pip install xlrd. Solution I don’t really know exactly *why* this doesn’t work and maybe will come back later to figure it out but I’m working on an…
Read more
AutoRecon Broke!
Problem “I used Tib3rius’s AutoRecon successfully, like, a week ago but now it’s broken!” Chances are that you also recently ran an apt update && apt upgrade during the intervening period and now your trusty sudo $(which autorecon) commands are complaining about not knowing what autorecon is. See “Related Errors”…
Read more
VMware Workstation: “‘MonitorLoop’ power on failed.”
Are you trying to power on a virtual machine on your ESXi host and VMware Workstation is telling you, “Unable to change virtual machine power state: Module ‘MonitorLoop’ power on failed.” There are two reasons you’d be seeing this. Your datastore is running out of disk space You recently experienced…
Read more
A Belated Review of “SEC573: Automating Information Security With Python”
Over the 20 or so years I’ve been writing code I’d never taken a class in a language. As a web developer (PHP), software engineer (Perl), or SysAdmin (bash, Python), I’d simply Googled my way to competency. My personal journey into IT was through the U.S. Army when the Army…
Read more
A Tale of Two PoCs or: How I Learned to Stop Worrying and Love the Honeypot
Direct calls to my mobile from the branch chief, Jim, were recent occurrences, as COVID-19 teleworking efforts dragged into their 6th week and day-to-day operations at my cyber defense employer continued to transform around a remote workforce. The phone call was about an e-mail sent 20 minutes earlier from the…
Read more
“Cards Against Humanity” Remotely
I am typing this for my friends who have responded to my call on social media for a good old fashioned game of (socially distant) Cards Against Humanity. What follows are the requirements to get everyone up on a knock-off game. Requirements: Proficiency with Zoom (only the host needs a…
Read more
Steam Crashes When Launching in Linux Mint
I recently tried to launch Steam on my Linux Mint daily driver to experience a Dungeons & Dragons throwback with Baldur’s Gate. A window popped up to check for updates and seemed to progress normally until it crashed. There was no feedback received, save from unhelpful errors inside /var/log/syslog. Solution…
Read more
Trick certbot into auto-configuring Amazon Linux 2
I use Let’s Encrypt to enable SSL/TLS encryption on all my websites. It’s brain-dead simple to configure with the EFF’s companion certbot tool and has gone a long way into the massive increase in HTTPS-by-default across the web. Unfortunately, certbot is not as familiar with the distant relative of the…
Read more