#resources

Yes. Humble Bundles are legit. They work with the publisher to establish a baseline, and you get to adjust how much of your money goes to which party (publisher, humble, or the charity).

Thank you!

Gave +1 Rep to @jagged tiger

@hearty forge This is advertising at this point, it's not a cybersecurity related resource, it's a clothing store.

Sorry, it's not. its seek discomfort which believes true happiness and freedom exists outside your comfort, It's way more than a "clothing store"

research about it please 🙂

Thanks and apologies James

Literally not a cyber security resource, you've posted it several times, the embed text says it's a store. If you post it again, it will be met with a mute and a warning.

alright, sorry.

If you're interested in learning Reverse engineering. for beginners: https://youtu.be/D6mVIos-S2M

https://youtu.be/tWSa1L5L394

Hello all, I kinda feel bad posting so soon but we have great event that is free for virtual attendees. If you are in data analytics or data science or in product development you know the pains of getting the right data when you need it. You either get a massive data dump of all the data including PII that you don't need or want or you get Dr. No'd because the data base has PII that they can't share so the just block the whole database.

As data governance and policy management get modernized this will be easier and give your teams the data agility they need to move fast and do it securely so you remain compliant. Anyways, I digress. The event is called AIRSIDE. We have an in person element in NYC at the TWA hotel and the virtual experience.

https://airside.live/2022/virtualexperience

We have great speakers from FINRA, Yotpo, Snowflake, Capital One, Amazon Web Services(AWS), Kyndryl, Slalom, DataOps.live, The World Bank, Collibra, DataWarrior, Bill.com, Cooley LLP, Splunk

If you have questions let me know. Happy to discuss more.

Very Good Youtube Channle about RE and Malware analysis
https://www.youtube.com/c/DrJoshStroschein

I am trying to level up my personal notation skill for taking notes and document my knowledge and new stuff I learn. I was wondering if anyone has a recommendation for a service/app for organizing personal notes. Would love to hear what you guys use and don't forget to include why you recommend it. 😀

I just began using obsidian as well

I like cherrytree ngl

But obsidian does have some cool features

came across this post in linkedin

In June 2022, Microsoft free training and free exam vouchers for AZ900,DP900,SC900,AI900,PL900
https://www.linkedin.com/posts/activity-6933891706970849280-rx-7

IIRC you have to a student or with a company.

If anyone is interested in a read of a draft of my Bsc (it's not perfect, it's a draft but pretty complete). Dissertation which states the problems of static analysis of malware, and compares various machine learning models in their effectiveness of classifying potential malware https://resources.cmnatic.co.uk/Dissertation/Ben_Eriksson_CT6039_Disseretation.pdf

not sure who the resource is for - curious minds maybe? But I'm quite proud of it and my masters thesis extends this into using ML and dynamic analysis

no, the above post is for everyone. For student https://docs.microsoft.com/en-us/learn/certifications/student-training-and-certification https://docs.microsoft.com/en-us/learn/certifications/student-discounts

It does't have to be tryhackme specific b ut I'm not on my work machine so I was wondering if there any documentation or modules that I can just read while I'm at work

https://gbhackers.com/hacking-tools-list/

cool beans, ill take a look

not a bad list, not complete but not bad (not sure id call them top 1000) one of the missing things id add would be a linux distro https://www.tracelabs.org/initiatives/osint-vm

heyo!
Microsoft cloud challenge starts soon - today, and free exam vouchers are waiting for you:

AI-102: Designing and Implementing a Microsoft Azure AI Solution
AZ-204: Developing Solutions for Microsoft Azure
AZ-220: Microsoft Azure IoT Developer
AZ-400: Designing and Implementing Microsoft DevOps Solutions
DP-420: Designing and Implementing Cloud - Native Applications Using Microsoft Azure Cosmos DB
MS-600: Building Applications and Solutions
PL-100: Microsoft Power Platform App Maker
PL-200: Microsoft Power Platform Functional Consultant
PL-300: Microsoft Power of BI Data Analyst
SC-200: Microsoft Security Operations Analyst
SC-300: Microsoft Identity and Access Administrator```
https://www.microsoft.com/en-us/cloudskillschallenge/build/registration/2022?wt.mc_ID=Build2022_corp_soc_oo_tw_MFSTLearn_5_10

There's a few there I don't have.

I'll need to get them.

I cannot decide which to get, haha. The one which seems most fun is also least useful for me, but maybe that is the purpose of the challenge, to explore fun stuff.

@jagged tiger

Lets not post resources that contain illegal stuff, mmkay? @azure bolt

It's also hard to moderate content as part of an archive. If it's something that's available on github, just post the link to the repo please

It's all shit about carding, there is literally no legit use for this. Stop trying to peddle it.

I looked at the archive on mega, it's all carding stuff. Aka stealing credit/debit cards

I mean stop trying to share this around servers meant for learning ethical hacking, not fucking stealing credit cards

this is not a cyber crime discord

go away

If it contains any content that deals with stealing CC info, that's definitely illegal.

No

No it would not

Dude stop

You're sharing tips on how to commit crime. Also wouldn't be surprised if it was backdoored

That's not how 'stealing your own card info' works.

We do because again this isn't a cyber crime discord

Go to 4chan or something

Zepher, please stop. Thanks for pointing out contents though

Again, learning. Training.

RIP. Thanks Juun 👀

https://www.youtube.com/watch?v=_mZBa3sqTrI You think you know plaintext?

^Can confirm that's a really good talk

After 6+ months of juggling full time work and bootcamp assignments, I’m working on my final presentation to showcase my learning and skills. Could anyone recommend a tutorial on how make a nice, interactive PPT/ video presentation? Many thanks!

Hi all. Can someone help me with a sample/template OSINT report for reference? I am preparing my first one and would appreciate any help. Thanks

(ISC)² is offering 100,000 free exam vouchers for the (ISC)² entry-level cybersecurity certification exam bundled with free enrollments in the (ISC)² entry-level cybersecurity certification online self-paced course.

Note: Only UK residents ages 16 and older are eligible to participate in the program.

https://cloud.connect.isc2.org/100K-inthe-UK
please, make use of this free opportunity

Admin, this is not a self-promotion post.

@stuck abyss @sweet ridge @tacit burrow

@icy marsh blessed sir

Come be

With me

And vc 😉

#Bars

Did you sign up?

Not in the UK

Ah, so it's locked to UK.

I didn't check it out, an unverified user posting a link is super sus imo.

It’s directly to isc2.org so feels legit to me haha

some of you would find this quite interesting 👀 , just wanted to share it! https://youtu.be/zaMLZaUiGgs

https://github.com/Security-Champions-Beta/Gitlab_CI-DAST-OWASP_ZAP

https://ohshitgit.com/

this was my best logical choice to ask the question, but does anyone have a resource to set up a linux server through vm so i can basically set up my own lab?

You can get Ubuntu server and run it as a vm

not sure if i have that set up properly or not but if i've done it correctly then i should have, i'm hoping lol

not spending all night again fighting it, so thank you i'll begin researching it agian in the morning

My pentesting notes and guides. Hope this is helpful 🙂
https://viperone.gitbook.io/pentest-everything/
https://github.com/The-Viper-One/Pentest-Everything

Hello everyone ! Does anyone have documentation on polyglot files to understand how it works ? It seems really interesting

I am so dumb…I was going about this all wrong and this is legitimately what I was looking for. Thanks you

Gave +1 Rep to @kind trout

np

Thank you for sharing, great idea 🙂

Gave +1 Rep to @static veldt

Thank you 🙂

Gave +1 Rep to @left granite

https://www.upskillcyber.co.uk/candidates - UK Only sponsored 10 week course
There's some conditions such as not having/pursuing a cyber security related certification or degree etc. so make sure to check if you're eligible but, from what a mate said, completing it gives you the following certifications: GIAC Foundational Cyber Security Technologies (GFACT), GIAC Security Essentials Certification (GSEC)
Don't know if it's useful to anyone but thought it might be worth sharing

Studying for the OSCP and would like to learn of alternative methods to metasploit. Anyone able to recommend a blog/articles that detail the use of tools outside of MS to get reverse shells/drop executions?

Tbh I’m still learning how to get into boxes but I assumed that metasploit still handles payload and handler info? Like even if I got the script outside of MS, I’d need to use msfvwnom to generate the reverse shells?

Def my lack of experience but THM goes hard into the MS ecosystem so I don’t know much outside of it

That’s a neat site , looking at it rn

Interesting. If that’s the case why not allow MS at all then? If I can still use the scripts stored in its framework?

The more I learn the more I discover I’m still a script kiddy lol

Which also happens to be owned by offensive security 🤔

So searchsploit is still g2g then? Seems just like more work for the same payoff

Sure thing

With plain shell payloads yes, not with meterpreter payloads

Another question, would any have a guide on learning about reverse engineering? I think? My use case is;
Given a closed source program, it encrypts a 6 digit code with DES, and outputs it as a proprietary file format. How can I learn to view the encrypted content to then attempt to brute force the code/key?

decent article on some nifty bash tricks
https://levelup.gitconnected.com/5-bash-syntax-for-going-beyond-traditional-shell-scripting-6904d3e71af6

If you’re asking about RE resources I’d look at Practical Binary Analysis from NoStarch press.

https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/kali-linux-team-to-stream-free-penetration-testing-course-on-twitch/amp/

No access to materials or labs though.

Lol what were you thinking bro? They'd give their highest selling course for free to literally everyone?😂😂 Come on, that's offensive security

Also the course to be stream is 1.0 version, now i guess we're at 2.0 after 1-2 changes in curriculum

Btw i had a question to experienced people here in Infosec. I just completed my university exams, and today i resume hacking studies for oscp. Should i contribute 5 hours to network Pentesting and 5 hours to Pentesterlab badges in a day? Is it a good approach?

Or do i need to make any changes to this? Any suggestions are welcomed

10 hours per day is a lot

I commented as I've spoken to people who thought they were getting access.

I want to just get oscp done with before the end of this year. I have started preparing two times till now but had to quit due to university shenanigans. But my exams are over today so might as well buckle up and get started with oscp prep

Yeah but don't burn out 😉

Yessir..

Btw for people who have done some exercises/acquired some badges. What path/badge should i start with? Essential badge or HTTP badge?

@prisma bison

-ban 729595049347907594 -ddays 1 Soamming twitch, not here for THM

🔨 Banned ItsMe#9384 indefinitely

@sturdy shell

It is still an awesome opportunity to learn lots of cool stuff, imo. About your plan... 10h a day is a lot. You get burned out really quick. Pace yourself, lower that time and keep it consistent rather than throwing yourself into binge learn like that. 6h a day is still plenty, and way way more realistic, and you will still progress quickly if you keep the tempo.

This could be useful for anyone.

why not share the tweet link so people can directly check it out

I don't use Twitter and it's not my screenshot.

https://twitter.com/TCMSecurity/status/1536054896981463040

thanks

Gave +1 Rep to @simple juniper

Thanks for explaining it and making me understand! I'll stick to your advice and reduce it down a bit 😇

Gave +1 Rep to @mighty gazelle

I am going all in with this! Offensive security can wait. I mean there's actual incentive to attend TCM's streams...

Have fun learning!

Any practical oriented syzkaller tutorials out there?

Kernel fuzzing is new to me and I'm barely getting into linux subsystems to the point where I can make a few misc kernel modules

But kernel fuzzing seems far away

For anyone interesting in the CCNA

https://www.packettracernetwork.com/labs/packettracerlabs.html

Hi all, I'll be streaming a walkthrough of Bravery from the Digitialworld series (VulnHub) on 17 June. The machine is available for everyone to download and deploy themselves.
https://www.vulnhub.com/entry/digitalworldlocal-bravery,281/
I really encourage those who are currently enrolled or plan on taking the OSCP to tune in as I'll be using this to demonstrate how one should approach the machines in the labs and the exam.
Hope to see you everyone there!
https://discord.gg/CZC54puC?event=984942367377334322

Hello all, just joined and relatively new to all this! I'm looking for the 'Find command' room for linux. Looks like it was previously here https://tryhackme.com/room/thefindcommand but no longer available. Anyone know if it has been moved somewhere. I tried searching for rooms using 'find' but cant locate anything similar. Thank you 🙂

https://tryhackme.com/room/linuxstrengthtraining

This room has a bit on the find command

Ah that looks ideal, thank you 👍

https://academy.tcm-sec.com/p/pnpt-live

hey,
I have a question regarding the registry
as an upcoming (hopefully 😅 ) cyber security personnel I probably will have to investigate IOC's
and one of them is Registry
is there a blacklist of malicious keys/values ? that should raise a suspicious, as each software creates its own key it can be hard to know what is legit and what could be malicious

• while writing that question I can to the realization that maybe it is better to go by a whitelist instead of a blacklist as it is probably more practical
  so check whitelisted keys and if you see some key that is not in the list it could be analyzed for a final conclusion

https://cr0mll.github.io/cyberclopaedia

This a personal project for creating a large resource for aspiring hackers to learn any aspect of hacking from. Growing every day

Looking for good resources about storing confidential data in corporate environment. More likely about types of storage, backups, restoring confidential data, policies about storing data and etc... can be a book also

https://explore.skillbuilder.aws/learn/course/external/view/elearning/11458/aws-cloud-quest-cloud-practitioner

For anyone looking for a hands-on interactive way to learn AWS

what are yalls favorite blogs for vuln research and binexp?

Usually, the best binexp is by random people, I wouldn’t look for specific blogs, I would look for new CVEs and check if the person that found it posted a writeup / blog, for research go to the blackhat / defcon youtube, best there is.

https://www.hertzbleed.com/

^^Awesome study! Read the PDF!^^

https://www.ired.team/

Pretty dope cheatsheet for quite a few items

Hey! Can someone tell me how to get started with code reviews? What prerequisites are required?

I have this table

Does anyone know a good resource for learning Cloud interactively? I appreciate the plethora of videos but would prefer to learn by actually using it

From what i know you can get 1 yr access to AWS and Azure for free... Could try using that

https://github.com/The-Viper-One/ActiveDirectoryAttackTool

4 year old script???

Are you sure that's OSCP friendly?

https://portswigger.net/web-security/jwt

New labs 👍

Anyone have a good resource for learning hydra? This shit is so cryptic for some reason. Specifically learning to brute login forms

Don't want to be that guy, but just read the documentation 🤷‍♂️

And if that doesn't work, you can always google something along the lines of "thc-hydra guide" or "thc-hydra ctf" and see how people use it. I'm sure there's also a hacktricks page including it.

Hi guys,
Does anyone have a good resource / good place to start on av killing techniques or uninstalling?

https://github.com/Orange-Cyberdefense/arsenal/blob/master/mindmap/pentest_ad.png

Honestly I don't recommend hydra for anything even slightly complicated

what would u recommend?

Hey! Just started learning buffer overflows. Just wanted to know if there's any prerequisites to learn before starting it?

I just don't want to be lost while learning it. So i am trying to learn the prerequisites first

Seconding @lunar bay, Burp is the only other tool I know of for form bruting but it gets rate locked in the free version

yea its too slow. how fast is pro?

Not sure, but I believe the specs are posted online

@ebon jasper @lunar bay There's Turbo Intruder whoch I haven't tried, and there's ZAP. They're both much better than Hydra for anything even slightly complicated when you're dealing with http logins.

Hey, This is imo great opportunity for all Spanish speaking people. I found out on different server that The National Defense University in Argentina has opened a 100% free, 100% online tecnicatura degree (closest thing is an US associate degree) in Web and Mobile app Programming for anyone who wants to do it. IT IS IN SPANISH. https://www.iua.edu.ar/?page_id=6268

anyone know a good website for documenting resources on the website for studying?

Workflowy is pretty good

Useful for *nix priv esc: https://gtfobins.github.io/

I use Obsidian to take notes, really cool and powerful tool (and free too!). It allows you to connect your notes and view them in a graph view, if you're the visual type it will help very much in memorizing the connections between different topics. If you are not familiar with Markdown you'll have to learn the syntax, but I think it is pretty easy to catch up with the basics, after that you won't want to use anything other than this for taking notes I think - at least this is the case for me:) https://obsidian.md

Does anyone have good resources for learning syzkaller?

thank you so much i will check it out

Gave +1 Rep to @faint bridge

much appreciated

I was looking for obsidian specifically after seeing someone use it and didn't know what the name was but this is it so thank you :D

you're welcome:)

I'm doing windows privesc20 room and I found this article on google search about how to perform net command operations to enable or disable Administrator and Guest accounts on Windows.
https://www.sony.com/electronics/support/articles/00123047

It's pretty cool..

Hey is anyone aware of errors in Spike package in ubuntu? I want to use it on Ubuntu but my spike script always produces an error called undefined symbol s_readline() or any command i write

I just started THM and realise I need to change my note taking setup. Right now I use a free StandardNotes accounts. But I'm missing inline images and maybe syntax highlighting. What do you guys use? Anyone got experience comparing Obsidian to StandardNotes?

check the pins in this channel for reccomendations and a lot of other info on note-taking :)

ah thank you, I'm new to discord aswell, feeling slightly overwhelmed atm 😉

I simply use pen and paper. It's slower but I remember much more when I write rather tham type. I guess a decade of school embedded that in me 😅

The one real advantage that digital notes have over pen and paper is cross referencing and tagging notes

Searching too

Control F through your handwritten notes, I dare you

https://academy.avast.com/hs-fs/hubfs/New_Avast_Academy/What is an IP Address/IP-adresses-infographic.png?width=580&name=IP-adresses-infographic.png

https://medium.com/netdevops/what-are-network-prefixes-e1923a1d6a3e

Ew medium link

learn > b*tch

Hey i am learning buffer overflows through vulnserver. I am not getting a shell even after running my exploit script with the shellcode. Vulnserver is getting a connection but the shell is not coming through in nc

Any help?

My python script

Is this a Tryhackme room?

iirc based by the data sent it's vulnserver so it's fine

although #resources isn't the best place for the question @lucid edge, #infosec-general would be better

Yeah, I was just asking because if it was a room then #room-hints or #room-help would have been where I would send them, but thanks

Might be useful for some people here and didn't know where else to post it. Fully unattended install of a custom Kali ISO. For everyone who perma bricks their VMs 🙃
https://github.com/xbufu/custom-kali-iso

-ban @zealous raptor -ddays 1 Nitro phishing. Secure your account and then appeal this ban by emailing bans@tryhackme.com

🔨 Banned Thek41234#3878 indefinitely

Nope vulnserver for bof

Will keep that in mind, next time! Thank you sir! 😊

Gave +1 Rep to @tribal gull

Love Obsidian, but have no experience with StandardNotes to Obsidian. I went from OneNote and I will never look back.

And here's the Windows version. Currently only Windows 10, but will update it for Server later
https://github.com/xbufu/custom-windows-iso

A while back I had my hands on a huge database dump. I ventured into a lot of hashcats' features and advanced options in an attempt to crack as many of these hashes as possible. Here is a run down of the stuff I found very useful.

Happy cracking!

https://www.youtube.com/watch?v=m5Ix94hbzaU

Uhm @odd quest ?

@gaunt needle Did you read the channel description?
Please avoid self-promotion of paid content here.

@hushed estuary sorry for the ping

https://gist.github.com/sloanlance/f481b7b8ffc0bfa3f46a1c942c7e7b78

@undone belfry please stop self promoting

You have 7 messages in this discord, now 8. They've mostly been self promotion or arguing when we ask you to stop. Please stop otherwise you will be banned @undone belfry

this seemed useful to shadow as then you could use your own vim/nvim config to edit remote files without having to move the entire configuration

Does anybody know or have any good resources on Crowdstrike, on how to query it?

Does anyone know what to do if you’re logging into kali Linux on your VMware virtual machine and you randomly get the error unable to contact settings server when you try to login

#infosec-general

https://www.microsoft.com/en-gb/events/training-days/
another az-900 and sc-900 free training + exam(free voucher) starting soon

ACloudguru July Free month: https://acloudguru.com/blog/news/whats-free-at-acg?utm_source=b2cleads&utm_medium=email&utm_campaign=ecomm_b2c&mkt_tok=MTk0LVVIUC02MDkAAAGFbTh6AL7ObIB3fRZvCCR1xK9XWqDXbLSMr9Ua52oGz2CHh2KNqCzWbujLy2nF27z236x6r4603xEkSZe3sK56c4ZtaKyEz5sMYKu1R3CQQWfPqd0

Does anyone have any good splunk or crowdstrike resources, cheatsheets outside of what thm offers? Or any tips and tricks from somebody experienced with these apps?

To help companies implement threat hunting for #log4j everywhere, I have updated my open-source log4j bypass tool to search for many more bypasses and to be much easier to use.

You can find the link below! Please feel free to use in your work and share!

https://github.com/cyberqueen-meg/log4j-bypass

NDC conferences are just amazing! They have some classics like The Art of Code and loads more! And my favourite thing is that every single talk is uploaded to their youtube, meaning they have 1000s of talks about literally everything! High recommend!
https://youtube.com/c/NDCConferences

Hello, I want to learn assembly for reverse engineering and malware analysis, can someone point out a good resource for that? Any dialect will work, I just need to get my hands dirty

https://twitter.com/nickap1c/status/1546750502322712577

Hey this repository might be a good place to start there is also a video in there which is super good and then bunch of challenges with explanations etc. if you cant sovle them : https://guyinatuxedo.github.io/01-intro_assembly/assembly/index.html

Mh, always giving me an "there was an error loading this page" when trying to open your notes

https://nickapic.notion.site/Ethical-Hacking-Notes-d7b12ee8bd954df6a3bcc335f5de26b7 this link?

Yes

Try this one : https://enotes.nickapic.com

though seems to be working for me

Nvm, seems to be some issue on my side, works in my VM. Thanks for sharing. Will have a look at those notes, seems to be quite a lot 🙂

Gave +1 Rep to @tranquil shuttle

No problems at all

Thanks!!

Gave +1 Rep to @tranquil shuttle

@fallen zephyr

Learning AWS
Does anybody have experience with a good resource to learn AWS, for advanced Linux users with knowledge of basic networking and so?
I will try Udemy, Youtube and online tutorials, but if anybody have experience with some particular resource being good, and not for total (Linux/networking) beginner.

I love these! Really cool, I love the organisation

INE has some great content for cloud and aws if you want to try those

ayy Thanks a lot

Gave +1 Rep to @versed spire

Saved them, thanks!

Gave +1 Rep to @tranquil shuttle

ayy no problems at all

https://fourcore.io/blogs/how-a-windows-process-is-created-part-1

We just put out a technical blog on how Windows processes are created!
Learn about the process creation workflow, deep windows process internal, types of Windows processes and Process APIs and Data structures.

Thx, I have subscription to INE, so finally time to use it again 🙂 I noticed they actually even got me free voucher for some Cloud cert, might be included.

no problems and yes its most probably the cloud fundamentals one its a preety good primer for their more vendor specific courses like AWS, Azure

Welcome to the book of tricks, hacktricks contain notes, guides and cheatsheets for a whole lot of areas in cybersecurity, what it be escaping sandboxes, creating shells, image forensics, you name it, they have a little of everything.

https://book.hacktricks.xyz/welcome/readme

http://Www.amazon.com/shops/pratttech

What are you linking here ?

https://github.com/CISOfy/Lynis

My Notes about "CSRF Attacks & Exploits"

https://sl4x0.github.io/CSRF-Attacks-&-Exploits

https://www.xmind.net/m/WwtB/ enjoy

https://swanandx.github.io/lemmeknow-frontend/

this is cool from @remote wind

PyWhat's Rust counter-party, LemmeKnow, as a website 😄

https://free-for.dev/ There's a security section too

https://education.github.com/pack - adding on to that for students specifically

https://sha256algorithm.com/

page not found (?)

https://www.geoguessr.com/

Thanks for pointing it out.

Gave +1 Rep to @sonic abyss

https://ohshint.gitbook.io/oh-shint-its-a-blog/

Credit to @orchid basin this is amazing ^

Credit to 7oaster who isn't in this server lol

I just found him post about the fact that he made it

Check out my notes about Clickjacking & Race condition.
Happy weekend! <3

https://sl4x0.github.io/Clickjacking-Attacks
https://sl4x0.github.io/Race-Condition-Attacks

https://github.com/HashPals/Search-That-Hash

lil project by @sonic abyss 🙂

INE has some great content for cloud and aws if you want to try those

https://tenor.com/view/cat-wow-surprise-shock-fear-gif-17912457