5 posts tagged with "BPATTY"

Release notes for v1.2​

New/updated content​

• atexec.py - new!
• bbot - new!
• docker - new!
• exiftool - new!
• farmer.exe - added code snippet to help the WebClient service start automatically
• gettgtpkinit.py - new!
• getst.py - new!
• gettgt.py - new!
• hashcat - corrected information about IPMI cracking
• impacket - new!
• jq - new! - starting with a command to take just computer names and descriptions out of a computers.json file from BloodHound
• klist - new!!
• metasploit - added information about using an RHOSTS file, as well as logging all output to a "spool" file
• mergy.py - new! - takes a list of machines running WebClient and smashes it together with an output file full of machine names and descriptions
• net.py - new!
• netexec - added better way to find hosts without SMB signing, as well as finding/sorting shares
• nmap - added notes about finding "up" hosts from IPMI scan
• FGDS.sh - new! - script for Google dorking while also using ProtonVPN to rotate IPs
• pingloop.sh - new! - when you need to ping sweep through a list of hosts regularly to monitor when they come online!
• ProtonVPN command line reference - new!
• ProtonVPN IP cycler - new! - script to rotate your ProtonVPN IP every few minutes
• rbcd.py - new!
• secretsdump.py - added correction to dumping hashes with history included
• smbclient.py - new!
• winrm - new! - for remoting into stuff
• wmiexec.py - new!
• pywhisker.py - new!

New things in the oven for future releases​

Tools​

• CanaryTokens and other things in this nice Twitter thread
• ffuf
• SmartDeploy notes (I'm currently playing with a trial version) it won't meet my imaging needs unfortunately :-(
• Stirling-PDF
• Wazuh quick start guide

General cleanup​

• Review all docs tagged with review
• Go back into each tool page and provide the source download link
• Under review: a BPATTY reader noted "I’d have to disagree with your comment in certipy.py on bpatty, about a 401 unauthorized means the endpoint has been hardened. A 401 is exactly what we want as the web app is blocking us as we didn’t provide creds to log on. Having the site accessible is good news. Having a 403 Forbidden on the other hand, is generally bad news and I’ve never had this work."

Software and misc guides​

• Audit-Inspector
• ADEssentials - looks interesting...a tool for healthy Active Directory management
• GOAD - lots of podcast listeners ask about this one
• Logging and alerting best practices according to CISA
• IPv6 - what's the best strategy to handle this from a security standpoint?
• 0365 - perhaps a quick cheat sheet on common security policies for O365.
• RemoveBackgroundWebGPU for removing backgrounds from stuff
• SCCM - deploying automagically in a lab (I believe this is rolled into GOAD now.

BPATTY turns 1.1 today for its 1-week anniversary. So, so exciting, right? Yes, it is indeed! I got a truckload of goodies for you!

Release notes for v1.1​

OMg SEARCH!​

We've now got searching capabilities courtesy of Algolia!! Check the upper right of the screen and click into the little magnifying glass dealy!

New/updated content​

• create shared folder script - new!
• dcomexec - new!
• efflanrs - new!
• egress filtering ideas - new!
• enter-pssession - new!
• evil-winrm - new!
• get-scheduledtask - new!
• hashcat- new!
• lvresize - new!
• net - new!
• metasploit - new! - starting with some info on dumping/cracking IPMI creds
• netdiscover - new!
• nessus install info
• notify - new!
• potatoes - new!
• powermad - new!
• powerupsql - new!
• proxmox - added info about running pnputil commands remotely
• proxychains - new!
• reg.exe - new!
• responder - added info on killing Responder since it seems to have a spam issue right now
• secretsdump - new!
• secretsdump loop script - new!
• sysprep - new!
• snaffler cleanup script - new!
• smbserver - added context for shadow credentials attack
• tasklist - new!

New things in the oven for BPATTY[RELOADED] v1.2​

• SmartDeploy notes (I'm currently playing with a trial version)
• Wazuh quick start guide

Welp, if you're reading this, then BPATTY has been successfully Docusaurus-ized, and here you are!

This 1.0 release takes some the relevant info/scripts/pages/etc. (I'm still working on the migration) from the original (and now read-only) BPATTY on GitHub along with a big import of my other tips and scripts I've been waiting to publish for a long time!

Lots more to come in coming weeks, and if you have an idea for an edit/addition or catch a spelling mistake or whatever, feel free to raise an issue and I'll get back to you as soon as I can.

Things I'll be working on next:​

• Adding search
• Pulling the rest of the content from original BPATTY (that's still relevant)
• Reviewing the documents tagged as review and cleaning them up

-- Brian

On the Windows side of things I like using Notepad++, and am also trying to optimize my writing workflow by writing and posting things in Markdown format to BPATTY via SFTP. So far this NppFTP plugin has made that a snap. Sure, it might have malware and be sending my SFTP creds God knows where, but so far? Worth it!

On the Mac side of things, BBEdit has similar functionality.

-- Brian

If you can read this, the upgrade from old school BPATTY to BPATTY[RELOADED] is happening.

It will be a slow process, but we'll get there.

I'll use this blog to punch in updates as I make them.

-- Brian