Is IP masquerade and Network Address Port Translation(NAPT) the same? I’m not sure whether it is the same thing or not but I realized the mechanism is almost the same where both IP masquerade and NAPT changes TCP/UDP port and many-to-one relation is allowed:multiple private addresses share one global IP address. If it is different which part is IP masquerade and NAPT is different?
Unless someone has my private ssh key, how is leaving an aws instance open to 0.0.0.0 but only on port 22 via ssh insecure?
The ssh key would be distributed to a small set of people. I prefer to not need to indicate their source IP addresses in advance.
I do see another similar question SSH brute force entry in aws ec2 instance .
If you disabled password based login via SSH, then it is very hard to brute force an SSH login using a private key (
Maybe this covers it? Just want to double check since in the security world you do not get a second chance.
I’m planning to write a Driver that unhooks the rootkit hooks in the miniport layer (hooks of device objects or major function array)
but i want my driver to be generic and work in most windows versions and both 32 and 64 bit windows
the problem is patchguard, so will patch guard block attempts to modify the memory image of the miniport drivers?
you might be asking how the rootkit patched it in the first place then, its a bootkit so it bypassed the patchguard protections but didn’t disable it.
and if it is protected by patch guard, then how can i unhook the hooks in the driver module?!
GOALS: run a powershell script without showing the window (it’s ok if it pops up for few seconds).
PROBLEM: the script
tcplisten.ps1 works just if the window is displayed to the user. All the attempts below don’t work. Because when I run
netstat -ano -p tcp, port
9999 is not listening.
$ Listener = [System.Net.Sockets.TcpListener]9999; $ Listener.Start()
powershell.exe -windowstyle hidden .\tcplisten.ps1
powershell -windowstyle hidden -command $ Listener = [System.Net.Sockets.TcpListener]9999; $ Listener.Start()
-NoProfile -NonInteractive -ExecutionPolicy Bypass
powershell -NoP -NonI -W Hidden -Exec Bypass -Command
Start-Process powershell.exe -ArgumentList "-WindowsStyle hidden -file .\tcplisten.ps1"
Create a .vbs with this script and run it
command = "powershell.exe -nologo -command C:\Users\Utente\Desktop\tcplisten.ps1" set shell = CreateObject("WScript.Shell") shell.Run command,0
QUESTION: is there a solution? Am I doing some mistake?
Here is an excerpt from Andrew S. Tanenbaum, Computer Networks, 5th edition, Chapter 5 (The Network layer), Page 455:
My question is on the second paragraph. From what I understand, basically this part talks disadvantage of using NAT(Network Address Translation). I don’t understand what second paragraph is trying to say about disadvantage of using NAT because it seems to me that the second paragraph is saying about benefit of using NAT because by using NAT, we can solve the problem of depletion of IP address.
Can anyone explain to me what the second paragraph is trying to convey?
With nmap you can see a live system’s or server’s open, close and filtered ports. But how to show server’s port as filtered but it is configured as open.
My personal IPs on AWS are being scanned for 3379. Apparently, this is SOCORFS, registered to one Hugo Charbonneau. This port is getting scanned a lot more often in recent months: https://isc.sans.edu/port.html?port=3379
Does anyone know what this is? It’s possible someone found a vulnerability in this protocol and we’re not yet publicly aware of it.
UPDATE: I reached out to Hugo, will update if I have information from him.
UPDATE 2: Hugo used to work at Socomar International (over 20 years ago), which was a company who built technology for ship tracking. SOCORFS may be “Soco RFS”. Socomar was dissolved in 2006 though. All content I could find online was that it’s unlikely that this company’s products are widely used today. So, there’s a good chance port 3379 is actually being used for something else, nothing related to SOCORFS.
In Pathfinder, there is an item called the Monk’s Robe. I like the idea, and have tried to bring it to 5e, but I don’t know if it is balanced. Thoughts?
Monk’s Robe Wondrous item, rare (requires attunement) 1 lb.
When worn, this simple brown robe confers great ability in unarmed combat. If the wearer has levels in monk, their Unarmored Movement speed bonus and Martial Arts die are treated as a monk of 5 levels higher. If the wearer is not a monk, they gain the Unarmored Movement speed bonus and Martial Arts die of a level 5 monk.
If the wearer is a monk of 16th level or higher, their Unarmored Movement speed bonus is 35 feet and their Martial Arts die is a d12.
I am trying to learn about pivoting/port forwarding and how to take full advantage of it. If I am connected to a network with the ip
192.168.0.10 and can see that
192.168.0.11 has access to a website hosted on
10.10.10.10 I am able to gain access to the webpage using meterpreter by doing:
meterpreter> run autoroute -s 10.10.10.0/24 meterpreter> run portfwd add -l 8080 -p 80 -r 192.168.0.11
localhost:8080 in a web browser. From here I can use meterpreters TCP scanners to see there are other machines on the
My question is, how can I then attempt to gain access to another machine, say brute force `10.10.10.11′ ssh port?
Also in an effort to gain a better understanding of what metesploit is doing, how could I also achieve this setup with proxychains? and would this allow me to use the kali tools on my host:
192.168.0.10 directly on the target network
For security reasons in public spaces administrators choose to disable the USB interfaces.
Is there a possibility for having something like port knocking on disabled/sleeping USB interfaces?
Port knocking in this case would be a detection of a specific kind of device (basically from
lsusb information) and ideally some kind of special file inside of a USB pen drive.
Ideally, it would also require multiple USB pen drives with multiple password files.
Is this possible and was this ever done?
Would is be a secure method to unlock the USB interfaces for administrators and administrators only?