Opsdisk Blog

Restoring a 37 Year-Old IBM F Mechanical Keyboard

Brennon — Sun, 08 Nov 2020 00:00:00 -0600

I wanted to share my journey from start to finish to restore a 1983 IBM Model F XT mechanical keyboard to it's former glory. It includes the steps, mistakes, and additional hardware required to make it functional with a modern computer. This blog post is dedicated to my dad for teaching me about computers.

Brute forcing Gumroad Discount Codes

Brennon — Sat, 02 Mar 2019 00:00:00 -0600

tl;dr - I notified Gumroad about a low-risk brute force attack against the discount voucher endpoint and it was fixed in a few weeks. Props to Sahil and his team at Gumroad for the quick fix!

Scantron - A Distributed nmap and masscan Scanning Framework

Brennon — Mon, 15 Oct 2018 00:00:00 -0500

Original post can be found here: https://developer.rackspace.com/blog/scantron-a-distributed-nmap-scanner/ The Threat and Vulnerability Analysis team at Rackspace is charged with providing internal vulnerability scanning, penetration testing, and red/purple teaming capabilities to reduce cyber-based threats, risk, and exposure for the company.

Review of "Automating OSINT - Master Class"

Brennon — Fri, 27 Jul 2018 00:00:00 -0500

I had the opportunity to take Justin Seitz’s Automating OSINT (Open Source Intelligence) Master Course (https://register.automatingosint.com/) and wanted to write up my experience with it. I took the Master Course which bundled an introduction to Python in addition to all of the OSINT focused modules.

OSCP Review

Brennon — Tue, 18 Oct 2016 00:00:00 -0500

Overview I finally got the opportunity to take Penetration Testing with Kali Linux (PWK) and the accompanying Offensive Security Professional Certification (OSCP) exam. There are already lots of great reviews about the course, content, labs, etc. that you can find here: https://www.offensive-security.com/testimonials-and-reviews/

pagodo.py - Passive Google Dorking

Brennon — Thu, 18 Aug 2016 00:00:00 -0500

Introduction The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and applications on the Internet. There are 2 parts. The first is ghdb_scraper.py that retrieves Google Dorks and the second portion is pagodo.py that leverages the information

rack-bob

Brennon — Sat, 09 Jan 2016 00:00:00 -0600

Motivation Short for Rackspace bob-the-builder, this script builds servers with Rackspace's rack binary https://github.com/rackspace/rack. The goal of the project was to combine a number of DevOps concepts I've been learning lately. Minimize building servers by hand/GUI and treat infrastructure-as-code by utilizing an API.

Edwards Aquabot with Beautiful Soup and TwitterAPI

Brennon — Sat, 19 Dec 2015 00:00:00 -0600

Introduction Here in South Texas, outside water usage is dictated by the water level in the Edwards Aquifer, "a unique groundwater system and one of the most prolific artesian aquifers in the world" (https://en.wikipedia.org/wiki/Edwards_Aquifer). Home owners can only water their grass on

theHarvester Reboot

Brennon — Wed, 16 Dec 2015 00:00:00 -0600

Introduction One of the most popular tools to collect email addresses and other target information during a pen test is theHarvester, written by Christian Martorella @laramies of the Edge-Security Group. The source code can be found here: https://github.com/laramies/theHarvester, but it comes with Kali by default.

metagoofil File Download Rewrite

Brennon — Sat, 31 Oct 2015 00:00:00 -0500

Introduction One of the best tools for conducting document and metadata reconnaissance during a pen test is metagoofil, written by Christian Martorella @laramies of the Edge-Security Group. The source code can be found here: https://github.com/laramies/metagoofil, but it comes with Kali by default.

BASH Alias-like Shortcuts for Windows

Brennon — Sun, 30 Aug 2015 00:00:00 -0500

Introduction Ever wanted to have persistent, BASH-like aliases for Windows? Unfortunately, Windows makes this a little more convoluted, but it is still possible! In the Unix world, users have the ability to create a file, usually called .bash_aliases, that contains user-defined shortcuts for executing commands.

dnmapR (dnmap revised)

Brennon — Fri, 15 May 2015 00:00:00 -0500

For security processionals and penetration testers that want to distribute nmap scans to different clients, Seb Garcia created a great tool called dnmap, short for distributed nmap. There are two main parts to dnmap. The first is the server component, which hosts the commands that clients run.

Synack Red Team Firewall Script

Brennon — Sat, 09 May 2015 00:00:00 -0500

This blog describes a quick and simple BASH script I wrote when I started doing penetration testing with Synack's Red Team. I wanted to write an easy and straightforward script before starting to scan targets.

Building a Core SSH Memory-Only Virtual Machine

Brennon — Thu, 30 Apr 2015 00:00:00 -0500

What is the Core Project? The Core Project is a project dedicated to providing a small, minimal Linux distribution that can be configured for any number of purposes. Tiny Core is designed to run from a RAM copy created at boot time.

Release of batchconfig.py

Brennon — Tue, 21 Apr 2015 00:00:00 -0500

batchconfig.py is a Python script to create customized Windows batch files for the purpose of conducting quick Incident Response, surveying a box post-exploitation, or assisting network administrators in managing their networks. batchconfig.py is written for Python 2 and only requires a configuration file and an output batch file