Aggregator
分享图片
DEF CON 32 – RFID 101
Authors/Presenters: Ege Feyzioglu & Andrew M
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – RFID 101 appeared first on Security Boulevard.
Introducing BloodHound CLI
We created a new tool to help you install and manage BloodHound instances, BloodHound CLI!
GitHub - SpecterOps/bloodhound-cli
Written entirely in Go, this command-line tool can be cross-compiled to support Windows, macOS, and Linux, so you can use whichever operating system you like as your host system for BloodHound. You only need to have Docker installed.
BloodHound CLI dramatically simplifies installation and server management. You can use BloodHound CLI to pull logs and monitor your containers. Read on to learn more about a few of the specific commands.
$ ./bloodhound-cliBloodHound CLI is a command line interface for managing BloodHound and
associated containers and services. Commands are grouped by their use.
Usage:
bloodhound-cli [command]
Available Commands:
completion Generate the autocompletion script for the specified shell
config Display or adjust the configuration
containers Manage BloodHound containers with subcommands
help Help about any command
install Builds containers and performs first-time setup of BloodHound
logs Fetch logs for BloodHound services
running Print a list of running BloodHound services
version Displays BloodHound CLI's version information
Flags:
-h, --help help for bloodhound-cli
Use "bloodhound-cli [command] --help" for more information about a command. Installing BloodHound
Recently, we talked with some of our community members to learn about their experiences with BloodHound Community Edition. One problem they reported was retrieving the initial password for the default admin user. Previously, installing BloodHound required pulling down the Docker YML file, running the Docker Compose commands, and monitoring the output to grab the initial password.
Now, you only need to run ./bloodhound-cli install and wait. BloodHound CLI will pull the Docker Compose file (if it doesn’t exist), randomly generate an initial password, and then display the initial credentials at the end of the installation.
$ ./bloodhound-cli install[+] Checking the status of Docker and the Compose plugin...
[+] Starting BloodHound environment installation
[+] Downloading the production YAML file from https://raw.githubusercontent.com/SpecterOps/BloodHound_CLI/refs/heads/main/docker-compose.yml
[+] Downloading the development YAML file from https://raw.githubusercontent.com/SpecterOps/BloodHound_CLI/refs/heads/main/docker-compose.dev.yml
graph-db Pulling
app-db Pulling
bloodhound Pulling
graph-db Pulled
app-db Pulled
bloodhound Pulled
Container bloodhound_cli-graph-db-1 Running
Container bloodhound_cli-app-db-1 Running
Container bloodhound_cli-bloodhound-1 Running
Container bloodhound_cli-app-db-1 Waiting
Container bloodhound_cli-graph-db-1 Waiting
Container bloodhound_cli-app-db-1 Healthy
Container bloodhound_cli-graph-db-1 Healthy
[+] BloodHound is ready to go!
[+] You can log in as `admin` with this password: JqNmrSuFWb5k8qj5EVL0f2OtUppzmZ4Y
[+] You can get your admin password by running: bloodhound-cli config get default_password
[+] You can access the BloodHound UI at: http://127.0.0.1:8080/ui/login
You can customize your installation by setting your initial password or adjusting the default username.
Customizing BloodHoundThe config command is here to help you manage your server settings. As mentioned above, you can use it to set the initial username and password manually or set any other value you need in the bloodhound.config.json file. You can also use the config and config get commands to retrieve all config or individual values.
Wrap UpWhether you’re starting fresh with BHCE or a veteran user, BloodHound CLI makes everything simpler. The tool can manage your configuration, monitor running containers, and pull logs. We will continue developing this new tool to simplify server updates and other maintenance tasks.
You can grab the first release, v0.1.0, here:
Release BloodHound CLI v0.1.0 · SpecterOps/bloodhound-cli
Introducing BloodHound CLI was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.
The post Introducing BloodHound CLI appeared first on Security Boulevard.
Introducing BloodHound CLI
Introducing BloodHound CLI
Introducing BloodHound CLI
SecWiki News 2025-01-17 Review
更多最新文章,请访问SecWiki
SecWiki News 2025-01-17 Review
CVE-2024-12071 | Evergreen Content Poster Plugin up to 1.4.4 on WordPress authorization
CVE-2024-13503 | Newtec iDirect NTC2218/NTC2250/NTC2299 up to 2.2.6.19 Network Packet buffer overflow
CVE-2024-13502 | Newtec iDirect NTC2218/NTC2250/NTC2299 up to 2.2.6.19 Web Administration Interface os command injection
【已支持暴露面风险排查】Rsync缓冲区溢出与信息泄露漏洞(CVE-2024-12084/CVE-2024-12085)
CVE-2024-50967 | Becon DATAGerry up to 2.2.0 REST API Endpoint /rest/rights/ information disclosure
TikTok 在美最高法院败诉,准备周日关闭美国服务
美国最高法院裁定除非字节跳动出售TikTok 否则禁用的相关条款是符合规定的
Фальшивые учителя охотятся за кодами доступа к Госуслугам
Lazarus Group Targets Developers in New Data Theft Campaign
How Russian hackers went after NGOs’ WhatsApp accounts
Star Blizzard, a threat actor tied to the Russian Federal Security Service (FSB), was spotted attempting to compromise targets’ WhatsApp accounts through a clever phishing campaign. The campaign The campaign started with a spear-phishing email that was made to look like it was sent by a US government official. “We have established a private WhatsApp group to facilitate discussions regarding the latest non-govermental initiatives aimed at supporting Ukraine. This platform will also serve as a … More →
The post How Russian hackers went after NGOs’ WhatsApp accounts appeared first on Help Net Security.
Advanced Persistent Threat (APT): Examples and Prevention
Advanced persistent threats (APTs) use sophisticated tools and techniques to breach systems and maintain access—all while remaining undetected. Unlike other cyberattacks, APTs work over an extended period, using more resources to achieve specific objectives, such as stealing sensitive data or bringing down operations.
The post Advanced Persistent Threat (APT): Examples and Prevention appeared first on Security Boulevard.