If you want to debug/inspect/analyze SSL/TLS traffic made by curl, you can easily do so by setting the environment variable SSLKEYLOGFILE to a file path of your choice (for storing the secrets), and then point Wireshark to use this file. Let’s see how: In Wireshark, go to Edit -> Preferences -> Protocols -> SSL -> (Pre)-Master-Secret log filename, and set the path: Then start the Wireshark capture. In your shell, you can now set the environment variable and make a request: ...

I recently bought an Intel NUC8i7HVK to work as an ESXi host. In this post I walk you through the process of installation and initial setup. Hardware The NUC8i7HVK is the top-of-the-line model of the NUC kits and comes with an i7-8809G processor. It ships with neither memory nor storage, so picked up the following additional components: 2 x Samsung 32 GB DDR4-2666, SO-DIMM (M471A4G43MB1-CTD) 1 x Intel SSD 660p Series 1.0 TB, M.2 80 mm (SSDPEKNW010T8x 1) 1 x SanDisk Ultra Fit 16 GB (SDCZ430-016G-G46) An interesting fact to note: in the official specs, Intel mentions 32 GB as the maximum memory size. However, with 32 GB sticks now readily available and 64 GB being listed as the maximum memory size for the i7-8809G, I gave it a shot and installed 2 x 32 GB of RAM. It worked without issues. ...

TL;DR: Pivot by setting up a portproxy between your machine and a machine in another network using netsh interface portproxy add v4tov4 listenport=<port in> connectport=<port out> connectaddress=<destination>. Let’s say machine A has access to a Windows machine, B, which has an additional interface configured to reach machines in another (internal) network, including machine C. As our machine A cannot directly talk to machine C and vice versa, what can we do to pick up files hosted on our machine A from machine C, or do further reconnaissance of C from A? ...

Accessing the internet via restricted networks can be a pain. But so can be securing a network and putting those restrictions in place. Let’s have a look at how DNS tunneling can in some cases allow getting data in and out, when regular access is blocked or otherwise restricted, but DNS queries work. Seeing this technique in action can help you understand how unauthorized users could get around your security measures and use less monitored channels for communication (e.g. for malware command and control), or may come in handy when doing an attack simulation yourself. In addition, it’s a fun way to mess with captive portals which often kind of “man-in-the-middle” your connection to direct you to a sign-up page, but still let you resolve names in any state. ...

If you ever find yourself on a Windows system needing to make a HTTP request, the Invoke-WebRequest cmdlet will be your friend. Let’s have a look on how to send various things with iwr (legit alias!) and how to get around common issues. We will be focussing on (manually) sending/requesting data, not so much on reading/parsing it. In case it’s the first time you’re using Invoke-WebRequest or doing stuff with PowerShell in general, I recommend reading this post sequentially from top to bottom. ...