UPDATE: This post is now defunct because I created an updated version of the DigiKeyboard package for UK keyboards available here: https://github.com/p0ep0e/DigiKeyboardUK So I recently delved in to the world of with a view to making a low-cost (disposible) Rubby Ducky for cyber security and pen testing work. Unfortuna ...
The Ninja Ducky Toolkit is a set of basic scripts for setting up a means to exfiltrate data via USB keyboard implant devices (like the awesome and original Rubber Ducky from Hak5). You can retrieve the current toolkit from the GitHub repository here, the rest of this article is dedicated to explaining the how and the w ...
After deploying the new HAK5 C2 Cloud instance on AWS LightSail (tutorial here), I found that my wouldn’t connect if I had https enabled on my C2 instance. I didn’t feel comfortable not using https, even though I have it locked down to IP addresses because even sensitive customer data would still be sent i ...
Last year I wrote on article on deploying the C2 application on AWS LightSail, as a number of things have changed since then, including an updated version of the application, I thought I’d update the tutorial. Update, if you are using with C2, be sure to check this post too as there can be issues connecting with ...
When playing around with scripts for use in cyber security consultations or pen tests, I discovered there’s A LOT of data exfiltration scripts out there but I have some fundamental concerns about the scripts that I can’t get past: The scripts generally send captured sensitive data such as Wi-Fi passwords, l ...
As a basic presentation tool, PowerPoint is great and used correctly, the animation features can create some decent flows but I’ve always been frustrated by the fact that you cannot set individual slides to get to the end of their animations and automatically move to the next slide. There’s a bunch of sugge ...
I recently had a very frustrating issue where my laptop was struggling to upload anything to anywhere (OneDrive, photo uploads, etc.) were appalling but other than that, everything was running fine. First things first, I performed a speed test on my device (one via Google, one via Ookla): Both tools showed a consistent ...
It seems that in the recent shift-around’s that Microsoft have done of the Office 365 / Microsoft 365 platform, they’ve really screwed up a number of things (see my last post about probems with the Information Protection functionality). The latest one seems to be with DKIM setup for your domain names ̵ ...
Updated 2 May 2022 Updated due to changes in the Microsoft 365 admin section To access DKIM now, you must: Login to the Microsoft 365 Defender Portal (AKA Security & Compliance Center) here: https://security.microsoft.com/ Click Policies & rules Click Threat Policies Click DKIM If you have problems with the set ...
UPDATE: Solution detailed at the bottom, currently Rights Management can only be enabled by PowerShell because – well – Microsoft. I’ve adapted a quote often used for REGEX to summarise the problems of setting up Microsoft Information Protection within Microsoft 365: “So you have a problem you c ...
Bob McKay's Blog