Main
-
Whoami
Hi, I'm straysheep-dev.
I'm here learning security from an offensive perspective and documenting things in a useful way as I go.
I also focus on building defensive (or "visibility") tools, and configuration templates learned from applying offensive techniques to systems.
-
Connect
https://github.com/straysheep-dev
https://gitlab.com/straysheep-dev
straysheep_dev
straysheepdev
9906 9EB1 2D40 9EA9 3BD1 E52E B09D 00AE C481 71E0
-
Linux Configs
Various configuration files for Unix/Linux operating systems
-
Windows Configs
Various configuration files for Microsoft Windows operating systems
-
Ansible Configs
A collection of ansible roles
-
Terraform Configs
Various configuration templates for terraform
-
Vagrant Configs
Various notes and configurations for Vagrant
-
Alert Service
Send an alert (to Discord, Slack, or any webhook) based on a condition
-
OSCP
OffSec Certified Professional
-
OSWP
OffSec Wireless Professional
-
PNPT
Practical Network Penetration Tester
-
eCMAP
Certified Malware Analysis Professional
-
eCPPT
Certified Professional Penetration Tester
-
eJPT
Junior Penetration Tester
-
OpenSCAP Practical Usage
A complete guide to starting with OpenSCAP content focusing on Ansible.
- Install OpenSCAP
- Pull compliance profiles from GitHub/ComplianceAsCode
- Debug policies with Ansible's
-C
and-D
options - Apply, test, and maintain policies with Ansible tags.
-
Linux Utils
Visualization tools with built in parsing options in color. These tools are in the base of the linux-configs repo.
check-auditd.sh
Parse + search auditdcheck-baseline.sh
Parse aide resultscheck-baseline.sh
rkhunter / chkrootkit in colorcheck-processes.sh
Dump system + network process in colorcheck-strings.sh
bstrings-like recursive string parserGo to blog post CHECK BACK LATER!
-
VMware Kernel Module Signing
To run VMware on Linux with SecureBoot enforced, the vmmon and vmnet modules require signing to load into the kernel.
- Automates this process
- Run after each kernel update
-
pfSense Administration
This guide covers CLI usage and other things like:
- Home office / lab use
- pkgs for Zeek, sudo, and more
- GUI and CLI quirks
- External storage and ZFS
-
Deploy auditd
Installs and configures auditd to adhear to a specified policy on Debian / RedHat family systems.
- Use built in rules for PCI, STIG, OSPP
- Load your own custom rules instead
- Choose log size, number, and type
- Locks rules to prevent live modification
-
Deploy & Manage Sysinternals
Interactive PowerShell script to load Sysinternals onto a Windows machine.
- Deploys sysmon
- Can update sysmon
- Option to use SwiftOnSecurity config
- Option to supply your own config instead
- Option to add essential monitoring tools
- Option to add entire suite (malware analysis)
-
Deploy & Manage AIDE
Ansible role to deploy, run, and manage AIDE at scale
- Install AIDE (advanced intrusion detection environment)
- Initialize a database if one does not exist
- Check existing systems for integrity
- Update a database if one exists (optional)
-
Wireguard VPN / IDS Server
Combines and automates a number of components to monitor traffic on a wireguard interface.
- Provision with terraform
- Build with ansible
- Generates a QR code to onboard first client
- Logs minimum pcap data for Zeek
- Set retention period for pcaps
-
Build Tailscale Node
Automates deployment of a Tailscale node.
- Provision with terraform
- Build with ansible
- Automatically enroll the node into your Tailnet with an Ansible vault
- Logs minimum pcap data for Zeek on the tailscale0 interface
-
Manage OpenSSH Server on Windows
OpenSSH Server is not always available by default, and is time consuming to configure each deployment manually.
- Installs + modifies OpenSSH Server
- Enforces public key auth
- Can change the listening port
- Updates firewall rules
- Imports public keys
-
Tail-EventLogs PS Module
Windows has no
tail -f
equivalent to visualize live Event Logs. This is especially useful in tuning and testing sysmon rules locally.- Can tail any event log
- Filter based on Event ID
- Write to file with
Tee-Object
-
Windows Sandbox Configs
Detailed examples and premade .wsb files for:
- Ephemeral environment
- Development environment
- Malware analysis
The .wsb files and scripts are in the base of the windows-configs repo.
-
Connect-UsbipSSHTunnel PS Module
Convenience script to open a reverse ssh tunnel to the Windows host from WSL, giving WSL access to usbipd devices on localhost tcp/3240 without any inbound firewall rules active on the host.
Requirements:
- WSL is up to date
- usbipd is version 4.0.0 or later
- The Windows host has an ssh key that the target WSL instance will accept
- The ssh identity is loaded into Windows ssh-agent
- WSL accepts incoming ssh connections
- You can execute commands as admin (this script can run as a normal user but you need to know an admin's credentials)
- You have sudo privileges within WSL
-
Customizing Shell Profiles
Use your shell prompt to track the following (and more) in real time:
- Username
- Hostname
- TTY
- Date & time
- Network interface information
- Working directory
-
About
This site was created as a better way to document, maintain, and share notes with demonstrations or visual components, cross-platform.
The blog section (at the top) is where this content lives, and is an easily searchable archive of anything I've found useful to demonstrate. Try using the search function at the top of the page. It autocompletes suggestions from all of my content.
Using mkdocs to build this makes it both a searchable "database" with no backend, and an archive with everything in chronological order.