After deploying the new HAK5 C2 Cloud instance on AWS LightSail (tutorial here), I found that my wouldn’t connect if I had https enabled on my C2 instance. I didn’t feel comfortable not using https, even though I have it locked down to IP addresses because even sensitive customer data would still be sent i ...
Last year I wrote on article on deploying the C2 application on AWS LightSail, as a number of things have changed since then, including an updated version of the application, I thought I’d update the tutorial. Update, if you are using with C2, be sure to check this post too as there can be issues connecting with ...
When playing around with scripts for use in cyber security consultations or pen tests, I discovered there’s A LOT of data exfiltration scripts out there but I have some fundamental concerns about the scripts that I can’t get past: The scripts generally send captured sensitive data such as Wi-Fi passwords, l ...
So I recently delved in to the world of with a view to making a low-cost (disposible) Rubby Ducky for cyber security and pen testing work. Unfortunately, while these little boards are “ok”, the DigiKeyboard.h library is built to map US keyboard scan codes to ASCII characters. For UK keyboards this is OK fo ...
As a basic presentation tool, PowerPoint is great and used correctly, the animation features can create some decent flows but I’ve always been frustrated by the fact that you cannot set individual slides to get to the end of their animations and automatically move to the next slide. There’s a bunch of sugge ...
I recently had a very frustrating issue where my laptop was struggling to upload anything to anywhere (OneDrive, photo uploads, etc.) were appalling but other than that, everything was running fine. First things first, I performed a speed test on my device (one via Google, one via Ookla): Both tools showed a consistent ...
It seems that in the recent shift-around’s that Microsoft have done of the Office 365 / Microsoft 365 platform, they’ve really screwed up a number of things (see my last post about probems with the Information Protection functionality). The latest one seems to be with DKIM setup for your domain names ̵ ...
Updated 2 May 2022 Updated due to changes in the Microsoft 365 admin section To access DKIM now, you must: Login to the Microsoft 365 Defender Portal (AKA Security & Compliance Center) here: https://security.microsoft.com/ Click Policies & rules Click Threat Policies Click DKIM If you have problems with the set ...
UPDATE: Solution detailed at the bottom, currently Rights Management can only be enabled by PowerShell because – well – Microsoft. I’ve adapted a quote often used for REGEX to summarise the problems of setting up Microsoft Information Protection within Microsoft 365: “So you have a problem you c ...
Spoiler alert: the problem for me was a recent update from Microsoft: KB5011497 I recently had one of those days when reconfiguring a domain controller I’d been playing with to start using it properly but part of the process was a domain name changed and after doing that, I had all sort of weird behavior and fail ...
Bob McKay's Blog