Wednesday, 21st February 2018.

Posted on Monday, 19th February 2018 by Michael

In this video, I give a review of the Infosec Addicts Powershell for the infosec professional class. To learn more about this class or to sign up visit their website at the following link : https://infosecaddicts.com/product/unlimited-classes/

Posted in OSCP | Comments (0)

Posted on Thursday, 15th February 2018 by Michael

In this 4th video part 2 of the series. I take a look at sickos 1.2 and how to escalate our user-level shell to root. We will make use of Burp and some other tools for web testing. Stay tuned as we root this box.

Some items that I did not get into the video.

  • Bruteforce over ssh for user john
    • No successful passwords found
  • Kernel exploitation
    • Problems with compiling
    • Ones that compiled did not work.
  • If you know why my code did not work let me know in the comments.

 

Posted in OSCP | Comments (0)

Posted on Sunday, 11th February 2018 by Michael

In this 4th video of the series. I take a look at sickos 1.2 and gain a web shell on the system. We will make use of Burp and some other tools for web testing. Stay tuned as we explore this vuln VM further.

Posted in OSCP | Comments (1)

Posted on Monday, 5th February 2018 by Michael

In the final video on the BrainPan Vulnerable VM I look at gaining root access using the user shell I got from the buffer overflow. We will use tools such as LinEnum.sh and Linuxprivchecker.py to discover ways to privilege escalate to root.

Posted in OSCP | Comments (0)

Posted on Wednesday, 31st January 2018 by Michael

In this second installment of my progress against BrainPan I go through the identification of the buffer overflow vulnerability identifying the required bytes, offsets, returns and so on to craft my own exploit in python to gain shell access to the victim. Follow along and make sure you subscribe and like the video. If you have questions comment below or on youtube.com. Thanks Mike

 

Posted in OSCP | Comments (0)

Posted on Sunday, 28th January 2018 by Michael

In this video, I take my first look at BrainPan. The video shows the identification of a buffer overflow in a service running and my ability to crash the application. In the next video, we will look at how to get control of the EIP and create a payload for exploitation. Make sure to subscribe and follow me on youtube.

 

Posted in OSCP | Comments (0)

Posted on Friday, 26th January 2018 by Michael

In this video, I take a look at the vulnerable VM called Stapler. While there are many vectors to get to root. We will cover just one method from zero to hero in the video. Make sure to subscribe and like the video.

Posted in OSCP | Comments (0)

Posted on Friday, 26th January 2018 by Michael

Early this year I made an attempt at the OSCP. While I learned a lot I missed the passing grade by a few points. In this series, I will reflect back on that and discuss my path moving forward.  Follow me on youtube.com and subscribe.

Posted in OSCP | Comments (0)

Posted on Thursday, 4th January 2018 by Michael

Turning your Coinbase wallet into a monthly income through mining

If you are following me on my journey you would see that in my last post I created my first cryptocurrency wallet. I used the CoinBase service, due to how easy they are to use and for their current promo of giving all new signups and refers $10.00 free in bitcoin.  If you have not signed up for CoinBase yet click here for your $10.00: https://www.coinbase.com/join/5a2a946e6854b3024e7daeb7

In this article, we are going to invest the $110 dollars from CoinBaseinto cloud mining to turn your initial $110 dollars into a side income.

However, before we go any further with this post I want to remind you of several things. I am not a financial advisor, nor am I master at cryptocurrency, any information I post is my opinion. If you choose to follow it, you do so at your own risk. Remember never invest more into this then you can stand to lose.  At times, there may be referral URL’s used instead of the company’s main site as I do get referral perks for some of the solutions I use. With that being said I will not refer something that I do not believe in and or use.  So, if you find what I am posting helpful please feel free to use my links so I can continue to dabble in cryptocurrency.

While there are many options out there for mining none is as easy to get into as cloud mining. With very little knowledge and money, you can be mining cryptocurrency in a few minutes.  There are many providers out there some better than others and each with their own risk. So like all investments you should only invest what you could stand to lose. After reviewing several companies and finding one that still had contracts for sale I settled on Hashflare:  https://hashflare.io/r/269AA42.

Pro’s

  • Easy to use.
  • In the cloud mining field for a decent amount of time
  • Can sign up with a credit card or cryptocurrency (bitcoin).
  • Daily payments.
  • Low maintenance
  • Contracts still in stock.

Con’ s

  • Slow support
  • Recent increase in new contract prices
  • Removable for lifetime contracts (only affects those that had them at time of removal)
  • Contracts only last a year
  • Not offering detailed proof of operations (This is changing a lot recently and I will discuss)

Let’s discuss some of the cons as this is where you need to determine your risk acceptance before plunging into a contract for mining. When I first started investigating Hashflare there was a huge divide on are they legit or not. Those of them that were for it were huge fanboys making bank on their referral program and service (many youtube sensations like crypto nick and a few others. Though don’t get me wrong Nick has also put his money where his mouth is and owns over a 100TH on Hashflare). Those of them against it really had no solid evidence on if it was a scam or not. Many of them complained that support does not answer your messages, that they don’t share hosting location, technical information,  or there are non-mining service outages, such as delays in BTC payments due to the BTC network. However, most of that has started to change as the service is growing. While the support is still awfully slow they are starting to come public with their business and technology.  The only other huge con that made me hesitate was the 1-year contract. While other companies offer opened contracts you need to read the fine print or between the lines. In the world of technology 1 year is a long time, what is great for the job now may not be even worth running in a year. The difficulty rates change every two weeks, cost of power fluctuates, the value of the coin changes and newer and better mining solutions are being developed. So who is to say that your open-ended contract will be worth enough to keep it after a year. Many cloud services will suspend/cancel the contract if it is not within a certain percentage or profitability because they will lose money. So with Hashflare only having it for a year was not a concern for me, the cost is cheaper than several of their competitors who offer open contracts and it also costs less than me running one in my house. With all the pro’s and con’s, I decided to start off small to get a feeling for the solution myself. You will see, however, that I quickly decided to invest additional funds to increase my returns faster, as I feel the service is reliable enough to do so.

When I first signed up for HashFlare I invested 450 dollars into it for a total of 3TH of hashing power. Since the price increase late December into early January, this price is now $660 dollars for those that want to purchase a new contract. Even at the new price, the contract is still very profitable with the price of bitcoin at the time of this article being slightly under 15K you would be able to recoup your cost in approx. 4 months or less, leaving 8 months of profits/reinvestment. Since my initial purchase, I have also added an additional 11TH to my contract for a total of 14TH. This is generating between 20 and 30 dollars a day in the current market we are in. The total cost to me for all this hashing power was approx. $2017.50 with the old pricing and discount codes.  In the last 23 days of using their service, I have made $428.57 after fees. The image below shows my payouts. The numbers in red are the total maint fees, blue is the payout before fees and the green is my take home after fees. You can also see in the chart where I increased from 3TH to 14TH. The chart reads from left to right. Please remember these values change as the price of bitcoin changes, at the time of writing this article I am looking at a return on investment of just over 4 months.  Like all investments the better bitcoin does the faster I will get my returns back.  In the current market, I am looking at an annual return on my investment on the low side of 6k and high side of around 9k, before taking out my initial investment.

If you are looking for a discount code feel free to message me and if one is available I will send it. Also, make sure to use my referral link if you are interested in signing up: https://hashflare.io/r/269AA42

So how can you do the same? Well, you already have 110 dollars in BTC thanks to using this link: https://www.coinbase.com/join/5a2a946e6854b3024e7daeb7 and investing $100 dollars using your credit card or bank.  Currently, on hashflare, you can get 500 GH of bitcoin hashing power for $110.00 (note that when paying for contracts with bitcoin you need to account for rises and dips in the value as the transaction is verified). So how much could you actually earn from your $110 investment? Using a mining calculator you can quickly calculate your possible return on investment.  Here is an example: https://www.cryptocompare.com/mining/calculator/btc?HashingPower=500&HashingUnit=GH%2Fs&PowerConsumption=0&CostPerkWh=0. At the current market value of bitcoin at the time of this article, your 110 dollar purchase of 500GH will bring in $29.10 a month before maintenance fees. Hashflare maintenance fees are .035 for every 10,000 GH per day, so you should see no more than .035 taken out daily from your payouts. So in a months time, you should see about $28.05 in profit at current market value and in a year you should make $336.00.

Now that you are mining you have two options of what to do with your payouts. Option 1 is you can use Hashflare's reinvest feature to reinvest your earnings into buying more hashing power which in returns increases your power and payouts.  This is great for those that want to start small and build a lot of hashing power for little out of pocket. Option 2 and the one I am currently following., is you get your initial investment paid back and then decide to reinvest or use that additional funds elsewhere such as on exchanges for trading or if a better cloud solution comes out.

Remember investing and earning side income through cryptocurrency is risky so always only invest what you can stand to lose.

Stay tuned for the next step on my journey where I write about the gotchas and how to avoid them to be able to take advantage of altcoin booms for quick returns. If you decide to sign up please use my referral code: https://hashflare.io/r/269AA42 . Also do not forget to grab your $10.00 in bitcoin here: https://www.coinbase.com/join/5a2a946e6854b3024e7daeb7

Posted in Digital Currency | Comments (0)

Posted on Tuesday, 19th December 2017 by Michael

Early 2009 I first heard of bitcoin and tried to wrap my head around it. As a person that works in information security, I could not first wrap my head around it at first and had many things on my plate at the time. I spent some time with it for a bit and then kind of forgot about it. This later would become a kick myself in the butt moment.

Before we go any further with this post I want to remind you of several things. I am not a financial advisor, nor am I master at crypto currency, any information I post is my opinion. If you choose to follow it, you do so at your own risk. Remember never invest more into this then you can stand to lose. At times, there may be referral URL’s used instead of the company’s main site as I do get referral perks for some of the solutions I use. With that being said I will not refer something that I do not believe in and or use.  So, if you find what I am posting helpful please feel free to use my links so I can continue to dabble in crypto currency.

Fast forward to December 2017, the price of bitcoin has just recently jumped up to close to 20k per coin a few weeks earlier and is still holding high in the 17k to 19k range. Also, bitcoin futures have just been released and I am finally getting into crypto currency. A bit late, or is it? I have missed the easy become a millionaire overnight phase but I believe there is still a lot of potential, which make the risk worth it.

At the start of December, a friend of mine posted a referral link to CoinBase offering new sign ups $10 free in bitcoin when they purchased their first $100 worth of crypto currency. CoinBase system was very simple to understand and navigate. They were also trending as one of the top wallets at the time. I decided that I could safely lose $100 dollars and give this a shot. The signup process was very straight forward and simple. It took less than 5 minutes to get the account created, upon account completion as promised I received my free $10 in bitcoin. I was now the happy owner of $110 dollars of bitcoin and had entered the crypto currency world. Join CoinBase for $10 free and follow my blog posts to see how to turn that 100 into a side income doing nothing. Click here: https://www.coinbase.com/join/5a2a946e6854b3024e7daeb7

Now what? Do I keep buying coin like you would buy stock? Could I afford to make money by doing that? What were my options to increase my profits with little money out of pocket in the shortest period possible? So many questions running through my head. I took to the almighty Google to figure it out and I am going to document the journey here.

Posted in Digital Currency | Comments (0)

About Consulting Products Page