Skip to main content

Writing · 19 posts

Blog

Lab writeups and technical deep dives.What I learned, written down so I'll remember it.

Network Discovery and Service Enumeration with Nmap: ARP Sweeps, Version Detection, and NSE Against an Exposed MongoDB

Network Discovery and Service Enumeration with Nmap: ARP Sweeps, Version Detection, and NSE Against an Exposed MongoDB

A hands-on SEC504 Nmap reconnaissance walkthrough across a 172.30.0.0/24 lab subnet: contrasting unprivileged and privileged ARP host discovery, full-range TCP scanning and version detection that unmasks Dropbear SSH on a non-standard port, and NSE scripts that surface an unauthenticated MongoDB 5.0.27 and an SMB server (FILESTOR) not requiring message signing.

Nmap 7.60NSE (mongodb-databases, smb2-security-mode, nbstat)Slingshot LinuxCLI
AI-Assisted Incident Handling: Deobfuscating Malware, Generating PowerShell Tooling, and Drafting an IR Playbook with a Self-Hosted gpt-4.1

AI-Assisted Incident Handling: Deobfuscating Malware, Generating PowerShell Tooling, and Drafting an IR Playbook with a Self-Hosted gpt-4.1

A hands-on SEC504 workflow using a self-hosted gpt-4.1 (OpenWebUI/Docker) as an incident-handling force-multiplier: deobfuscating a variable-fragmented malicious batch script and extracting its IOCs, generating a PowerShell baseline-collection tool for Compare-Object diffing, and drafting a MITRE ATT&CK-mapped incident-response playbook, all on a local model so malware and IOCs never leave the environment.

gpt-4.1OpenWebUIgoaichatDocker
Malware Analysis with Strings, Regshot, and Process Monitor: Profiling AnalyticsInstaller.exe from Hash to Wiper Payload

Malware Analysis with Strings, Regshot, and Process Monitor: Profiling AnalyticsInstaller.exe from Hash to Wiper Payload

A hands-on SEC504 malware-triage walkthrough on Windows: hashing AnalyticsInstaller.exe with Get-FileHash, pulling IOCs with Sysinternals Strings (a www1-google-analytics.com typosquat C2, an HKCU Run key, an encoded PowerShell payload, and a destructive AnalyticsBackup.bat), then detonating it under Regshot and Process Monitor to confirm the 'Analytics Backup' scheduled-task persistence and the cmd.exe to powershell.exe -EncodedCommand execution chain.

PowerShellGet-FileHashSysinternals StringsRegshot
Blog - Security Labs & Technical Writeups | Luis Javier Lozoya