Hi, anyone got a nice example of a customer facing business continuity plan?

Does anyone know of a good online CompTIA A+ course?

The official one maybe? Haven't done it

https://youtube.com/@professormesser
Professor Messer has the CompTIA A+ course.

Thank you

Gave +1 Rep to @simple juniper

Paul browning has the full course on yt

We don't help with schoolwork.

@ornate lichen free, publicly available book on Intel assembly language http://www.egr.unlv.edu/~ed/x86.html

@keen elbow https://institute.sektor7.net/

What book would you recommend to get started in cybersecurity and hacking?

Security + by Mike Meyers is a good one

https://explainshell.com

awesome site

mike meyers is such a good teacher.

He really is! Love all his material

https://www.academy.attackiq.com/courses/foundations-of-operationalizing-mitre-attck

https://danaepp.com/how-to-use-gpg-as-a-security-researcher

https://academy.tcm-sec.com/courses/
Practical Ethical Hacking (This is one going free right now), so if any beginner wants to enroll, here they can

Completed up a handful of certifications and wanted to reflect so I wrote this 'guide' - tips and tricks, getting certified on the cheap, my experience, and some thoughts on the CompTIA Secure Infrastructure Expert stack - also that poll on getting the CISSP https://www.allowsomedenyall.com/2023/04/comptia-secure-infrastructure-expert.html

Any CEH study groups ?? Pls reach me @daring blade

Hey folks! I am starting something new: https://github.com/DMaroo/GhidRust. I'd love if people could suggest new features, contribute to it (that'd be really awesome, thanks) and test it (once it matures).

GhidRust is a WIP Rust decompilation plugin for Ghidra, which dreams to be the one and only stop for any sort Rust binary analysis required inside Ghidra. As of now, it can detect Rust binaries, apply std library's function signatures and do very basic decompilation (still buggy).

I’m not an expert on Ghidra or anyone important but I do agree that decompiling Rustlang binaries is alien-language because we’re so used to C/C++

Agreed. The lack of any sort of Rust specific reversing tools is just astonishing. I hope that the Rust reversing ecosystem evolves and matures (like that of Golang, for example).

do we have latest discount voucher for thm premium subscription?

There was one emailed to A/B users a few weeks ago.

wait go has rev tools?

Yup. In fact Ghidra itself has a bunch of Go extensions like gotools and ghostrings.

I wanna learn go lowkehv

Can someone recommend me some resources about c2 server + deployment and things about it?

Hi, discussion of these topics is locked down to specific channels with access requirements, please don't ask here

Can you provide link to these channels?

They have access requirements

what are the access requirements for all of the advanced channels etc, is it level based?

like is there numerous advanced channels or is it just level 13 or certs?

Rank 0xD, completed OSCP, Throwback or be in a top field infosec job, IIRC.

Ty

Hi, I would like to extend to @junior hearth question, I'm having issue running Starkiller+death star or even starkiller_powershell for Throwback. I would love to have some recommendations for any alternative tools. I have tried to use the cs server from Rasta mouse, but I was not able to make it worked.

I asked them to avoid asking those questions here.
It seems your question is directly related to the tryhackme throwback network?

Hey guys, I've been thinking about migrating the Host OS of my laptop from Windows to Linux and am looking for good resources/guides on the best method for doing this. Any recommendations?

It's not that difficult, I think the hardest part is choosing which distro of Linux you'd want to use, have you given a thought?

@stuck abyssYes, I've used DistroChooser to narrow down some options. It suggested Devuan, Rocky, and Debian. I've also been interested in Arch

Arch is one I don't touch because I've always broken it.

Debian could be a good start.

I've only tried Mint, Ubuntu and Kali (I don't daily drive kali. and won't suggest you do it either)

I've run Mint before in the past on a VM. It was okay, however I didn't really like the UI. I probably will go with Debian.

pick a distro based on your use case

if you want a linux desktop or daily driver, i'd recommend something stable-ish, but not necessarily as stable as centos or rocky. if you want to set up some enterprise-like boxes, LTS is the way to go.

@jagged tiger It'd be for the purposes of having a linux desktop. Using my laptop is uncommon, but I'd like to have a dedicated device with linux as the host OS to experiment with. My primary desktop is Windows

And while I could continue using a VM on my primary desktop, I want the experience of using linux on metal. I believe VM's don't offer the same feeling

I would recommend Ubuntu or Fedora - if you want newer features, the 6-month release of Ubuntu is fine. If you intend to use it for schoolwork or actual work, you may want something more stable. Like Centos or Ubuntu LTS. You could go down the route of a less common distro as well, but part of the reason the RHEL upstreams and Ubuntu are popular is because there are pretty large and knowledgeable communities available for help

I could get down with either of those. When it comes to migrating, are there any good programs for taking snapshots in case I want to revert to my Windows OS?

Don't nuke the factory recovery partition

And 'reverting to your old windows' won't really be possible, as you're either rewriting the partition table or you are over-writing the original windows partition.

If anything, I would recommend you get a recovery ISO and key from the desktop maker.

Thank you for your advice, I appreciate it. Can you point me in a direction where I can learn a little bit more about how to format my drive and where to go after that?

https://docs.fedoraproject.org/en-US/quick-docs/getting-started-guide/

https://ubuntu.com/tutorials/install-ubuntu-desktop#1-overview

Thank you. I have got help with the issue from throwback channel 🙂

Gave +1 Rep to @odd quest

https://www.phind.com/ Like ChatGPT but has access to the internet and cites it's sources

Anyone knows a good resource of utilizing sleep based sql injection?

Portswigger!

https://portswigger.net/
Very good site for web hacking !

https://leanpub.com/riskidentificationbypenetrationtestingacomprehensiveguidetotheptesframework

Hello everyone;
A program to change ip address with tor written in python2.7 2 years ago. I have rewritten it for python3.x versions under the name of PrivacyNet and shared it on my github address. You can access the vehicle from the link below.
https://github.com/HalilDeniz/PrivacyNet

@still lark Please ask before posting content on malware

Oops sorry

Can I post it here ? , I am giving awareness about Malware

Malware discussion is restricted to the advanced channels #start-here

OK , Thank You 🙂

AI-based Password Guessing tool: https://github.com/D3vil0p3r/PassGAN

hashes.org doesn't exist

@barren vault

I think this message is not allowed in normal chats

@odd quest

:hammer: -ˋˏ ༻Ｏｎｙｘ༺ ˎˊ-#8899 has been banned.

Sorry was 4am for me when I was tagged & sleeping.

I'm New in TryHackMe,can
Anybody elaborate the streek freeze?

If you have a streak freeze for 1 day.

And you answer a question on Friday, Saturday.

Then Monday rolls around, and you forget.

The streak will freeze.

If you answer a question on Tuesday, your streak will +2.

Hi, I'm going to work on threat intelligence. Can you suggest any interesting websites to me? such as where to begin...

💀

hes just reverse image seraching

they have no osint knowledge

i have lucidsint

about 20x better than them stuff they used there

Who asked though?

no one

Fr

prob any.run, virustotal, virtualbox maybe, google cloud, replit cloud, joesandbox etc

im not very good at threat intel

i dont focus on threat intel much

Can u give me some of OSiNT if u use any ? And thank you so much 😊❤️

Gave +1 Rep to @steep spruce

:hammer: $ Lucid#8994 has been banned.

Lol

What does just happen ?

They have a blackhat tool in their bio

Oh I see

And I'm pretty sure I've banned them before for trying to doxx community members

We appreciate that my friend thanks a lot 🫡❤️

np

Is that a referral link?

Seems like it

@prisma bison ^

@swift saddle has been warned.

Thanks! :))

Gave +1 Rep to @fringe spire

Please don't post huge walls of text. If you have a resource you found that's useful, please just post the source and not 30 pages of links.

I think that's just the beginner free path?

oh ok i will remember this. deleting now

@zealous remnant Don’t post google drive links here please

#general message

just curios, whats wrong with them?

For security and safety

what might happen with a google drive link?

it's due that some can share some bad link

Is this a referral link or do you otherwise gain anything from it?

@sturdy shell

@sinful crag has been warned.

For the bros interested in Solidity and Smart Contract Security/Auditing
https://github.com/razzorsec/AuditorsRoadmap

Is there somewhere that I can find a document with all of the steps in the cyber kill chain detailed with the different tools that can be used for each step? For example enum4linux and linpeas are different options for enumeration.

I'm not sure if there is such a resource (aside from building your own), but the closest I can think of is this - https://www.amazon.com/RTFM-Red-Team-Field-Manual/dp/1075091837

Thank you for your help!

Gave +1 Rep to @brave harbor

Hey team, i was hoping someone could make a recommendation on a stage 0 dropper/shell manager to use. I am not looking for a C2 with a full suite for post-exploitation but more for initial access and persistance.

https://github.com/watchdog2000/py-de-fuscate - a malware analysis resource for files obfuscated with pyfuscate

Can someone please recommend some cyber books?

Sparc Flow has a bunch of books a that are awesome, they are a series. He takes you through realworld exploits while making the reading engaging.

Hi, I'm looking for resource so I can be really sharp within networking pretty much everything I need to know for hacking and what not. Anyone has any resources I can use or direct me to a course/site?

So networking or hacking? Studying networking is an entire field in itself. If you want to simply begin to become adept in the type of networking you generally need to know, in order to hack networks then THM's Network Services module is a good place to start. From there I would utilize someone on YouTube named professor Messer. If you're ever confused about a concept he can clear things right up

suggest me some practical books of Hacking or some resources plzz

The Hackers Playbook

https://github.com/AtonceInventions/Hypervisor

Various Linux tools

Would network+ teach me what I need to know for networking or is there another resource that's better

I'm not taking the actual certificate just using it as a structured learning path

https://github.com/CalfCrusher/MaccaroniC2

How deep do you want to go?
Just learning the concepts or looking to configure switches/routers as well?

For basics network+ as a learning path is good enough

It's easy as well as there are ton of free resources/courses online and on YouTube for Network+

Free 12 week course How to Learn Rust https://learning.accelerant.dev/how-to-learn-rust

Thanks

Gave +1 Rep to @remote wind

Do anybody has ec council courseware for ECSS or CCT certification

https://github.com/Orange-Cyberdefense/arsenal - Not my own project but maybe people here could make use of it?

https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2023_02.svg <- mind map for AD pentesting

Pure gold, thank you

Hi. I'm probably not asking in the proper channel, but does anyone have experience preparing VMs for upload to a tryhackme room? I'm creating a room for the capstone project and there just isn't much documentation on what they expect for an uploaded box...

!docs room-creation

@shut ferry ⬆️ should be a good start

This is what we're using for the pentest+ prep class I'm taking and it's been pretty great so far, lots of resources within.

https://www.pearsonitcertification.com/store/comptia-pentest-plus-pt0-002-cert-guide-9780137566068?gclid=CjwKCAjw67ajBhAVEiwA2g_jEK068H2WYER963lOfyKlf-wGUwtP2QfVKYzDtazdK3k2JXyMSY7uGBoCeGUQAvD_BwE

Thank you I'll check it out.

Gave +1 Rep to @sudden fern

no problem

Man why isn't this more prominently displayed with the development tab in thm? This is great thank you 🙏

Does anybody know what happened to the "my machine" page where you could deploy a Kali box not attached to a room?

Hello @sudden fern? Can I ask another question real quick ?

How can I (Account-Take-Over) any Account ? (2) https://medium.com/@ozomarzu/how-can-i-account-take-over-any-account-2-9533d54bc33e

Deprecated a while ago.
The attackbox/kali aren't attached to rooms, deploying it in one allows access from any

sorry for late reply but shadow was sleeping... so how can shadow help if you have not solved it yet???

Gave +1 Rep to @sudden fern

It's a well-known fact that shadows need sleep too!

I have not figured out my problem, despite working on it until my brain became mushy yesterday

It would probably be easier to explain specifically what's going on in a DM, if that's okay with you. I'm not trying to muddy up the channel too much. If not though, I'll happily muddy it up to meet my own needs lol

@zinc silo Hey, discussion of Google Dorks is okay within reason but please refrain from posting dorks to find vulnerable websites here 🙂

Hey guys, quick question for anyone that might have some advice. If I just started and want to get a book or two to read, which ones would you recommend? I have a basic understanding of programming from my electrical engineering curriculum, but thats about it

to fell a tree
jeff jepson
ISBN 978-0-615-33879-8

why this book specifically??? it is extremely good at teaching how to write and provide good learning content meaning it can teach you how to show your progress and methods in an easy to understand matter

and a bonus is you will learn a skill most hackers don't have

maybe one related more to cybersecurity?😂 @sudden fern

well report writing and getting points across is important in all of cyber security but sure
Black Hat Ruby: Offensive Ruby programming for Hackers and Pentesters

thanks!

https://youtu.be/KPd-ct3Fkg0
If anybody is interested in automating your google dorking and making your own search engine https://programmablesearchengine.google.com/about/

💀 🥲

Anyone has any good free courses or resource for learning the basic of computer components. Like (CPU,RAM) and everything else. Also is it recommended to learn more about computer architecture when learning more about hardware?

the comptia a+ probably covers most everything you need to know at a basic level

https://m.youtube.com/playlist?list=PLG49S3nxzAnnOmvg5UGVenB_qQgsh01uC

+1 for professor messor

https://danaepp.com/the-lucrative-economics-of-api-hacking

Hi, I want to join THM site and has come to my attention there are 20% off referrals codes. Anyone can help me out with that?

I'm not aware of any referral codes? Just the 20% student discount?

this might be better asked here: hey all Im looking for studying tips. Im going thru all the "easy" courses to get caught up on the basics. Do you write things down w/pen&paper while you go thru the material? are you typing it out in a note taking app (app?)? or do you just blast thru the, like I am lol? thanx

I use obsidian to take my notes. There are several note taking apps you can try. I'd suggest that you take notes of everything you've learnt for the first time so you can refer back to it later when you encounter the same challenge and you need help.

Taking notes is quite important. ill say even to prioritize it. taking notes is can save lots of time

I've not been taking notes at all until very recently and it's definitely helping. I also am forming a cheat sheet of sorts with a bunch of basic commands for various software we use

Blasting through without taking notes is a bad idea. The amount of knowledge to be learnt is infinite and you'll never memorize it all. Otherwise, you'll be wasting valuable time searching google when you encounter a challenge that you've done before but forgotten how to do. The better your notes are the more efficient you'll become at hacking. I would recommend noting in a digital format which makes searching faster and it's easier to reorganize everything as sections grow and warrant sub-headings. I originally started taking notes on my phone with One Note and I'm now converting all my notes into Obsidian because the amount of notes grew to such a stage I noticed it was slowing me down while trying to find things in One Note. After discovering Obsidian, I really regret not having migrated to it sooner.

https://blog.hacktivesecurity.com/index.php/2023/06/05/inside-the-mind-of-a-cyber-attacker-from-malware-creation-to-data-exfiltration-part-1/

@latent kelp That’s not a resource?

@simple juniper thank you!

Gave +1 Rep to @simple juniper

@hard solar thank you

@vapid root thank you much!

Great advice everyone. Ive begun taking notes on my studies using office word. Using the first three headings options seems to organize everything pretty well for now. Definitely going to check out obsidian today. Again, thank you everyone

Check out notion! Obsidian is the competition of notion, most say that it is somewhat better. They do have a ai that you could use in the app and collaboration system and allot more. Haven't tried Obsidian but I am using notion

looking a resource's for bug hunting and computer science & web hacking for a bug hunting

Look at the pins in the bugbounty chat

thanks

Gave +1 Rep to @flat falcon

I got a virtual machine with web server configured. I need to find vulnerabilities in it and report it.
So i am looking for some resources to write a report for that since I don't have experience writing reports.
Thanks in advance

Hi! I've recently upload this post about a homelab to study the eCPPTv2 certification. Because I don't know in which channel upload it, I am going to send it here. Hope you ejoy!

https://ruycr4ft.github.io/posts/eCPPTv2-homelab

kk

hai

https://cheatsheet.haax.fr/

yo, the shodan room is fixed and so is my blogpost 😄 (the images pointed to a broken URL. Fixed them 🙂 )

https://skerritt.blog/shodan/
https://tryhackme.com/room/shodan

Does anyone have any good resources for learning Python a little better? Preferably free, or low cost. I would like something that starts with the basics and has exercises where I can actually test my knowledge. I downloaded a couple of apps but they're like Duolingo of Python and are too easy...not enough ways to actually apply the learning, only very very easy multiple choice questions. Thank you!!

https://nedbatchelder.com/text/kindling.html

Also checkout the pinned messages in #resources

Kattis was missing from that list, that was an interesting one

Thanks!

Gave +1 Rep to @sonic abyss

https://github.com/hackclub/some-assembly-required
🙂

@brazen sequoia

@pale gull Please don't make posts like that here 🙂

Does anyone know any good resources for Rust coding and security standards.

@finite patio Please post the course link, not a link to YouTube on how to claim the course 🙂

A lot of mindmaps to help you navigate the cybersecurity universe:

https://github.com/Ignitetechnologies/Mindmap/tree/main

Also here’s a bunch of networking cheat sheets:

https://packetlife.net/library/cheat-sheets/

Thanks!! Some of that is going to be super helpful 😄

Gave +1 Rep to @untold nebula

https://github.com/The-Viper-One/PsMapExec

Would individuals appreciate a list of play books for all the common services/basic enumeration? Maybe with some automatic scripts to help enumerate

The Firefox extensions mind map here help me find some useful stuff

for those interested i shared my obsidian vault on github, it's public and most of it's redacted but every plugin and style still is maintained 😄
https://github.com/NicoBouquiaux/LYT-Kit_Redacted.git

hihi if you are looking at making an open source project I updated my article on my tips for it. i follow this formula myself and its worked for me, hope someone else finds it good

tl;dr - your readme / design is a lot more important than most people think 😄

https://skerritt.blog/make-popular-open-source-projects/

https://www.cybok.org/

From the university of Bristol in association with NCSC

Also https://github.com/ashemery/exploitation-course

Request for resources: Setting up an Nvidia GPU on a Linux server with no GUI for CUDA support (even more so for the GTX 2060) with PyTorch

I have followed quite a few guides and they either assume I have a GUI so I can click through an app, or it's not quite right 😦

IIRC nvidia drivers on linux require xorg to installed? It's been awhile

I managed cuda headless without too many problems but not pytorch
Is this your home environment? Happy to help in DMs etc

Proprietary ones definitely don't, my cracking rig doesn't have xorg afaik

yes my home environment, I am trying to mary https://github.com/paperless-ngx/paperless-ngx and https://github.com/PromtEngineer/localGPT

Do you know what Nvidia drivers you got? Are they GPU specific? The ones I'm installing look to be specific to something haha

ssh autumn@XXXXX
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Now I can't SSH in for some reason what a fun time

I love homelabs because you try to do something and everything breaks and its just a case of doing my job outside of my job to fix everything

Proprietary direct from nvidia iirc?
20 series is new enough that it should still be supported

what a way to learn that nvidia has first party driver support, i am still living in 2010 apparently

do you not have nvc++ installed? Last time I did CUDA on linux ( ~6 years ago) xorg had some library that was a dependency

I don't have the dev dependencies

Just runtime

Hmm

Like a 2-3gb download still though?

yeah, the CUDA libs themselves are pretty huge

I am not saying they have caused this, but I tried to set up a HP printer with its silly software and now I no longer have public / private keys on my machine....

What is the name of the site that has an archive of exploits?

https://www.exploit-db.com/ ????

lmfao if this is the one I am referring to I am so sorry for asking lol

I can't check rn cause my work firewall has it blocked. but in my defense it was a couple years since I last needed it hhaha

there's vulners too

hello. I am looking for Web Application CTFs styles of challenges whereby I can practice techniques such as XSS, CSRF and SSRF etc.

I've done the burp modules, tough I find them too theoretical. I've also completed the pwnCollege module which we're more my kind of thing.

best regards.

Owasp juice shop And PortSwigger Academy labs
Although very different, both can help you practice, and are free

does anyone know free iOS emulator for windows?

As this tool has a lot of unethical potential uses that are very low hanging fruit, I would ask that you not advertise it here.

https://anonchatgpt.com/

What's the catch? It's using gpts paid api and not storing queries, how is it making money?

I don't know how they make money but it saves login time to make some quick queries.

https://isc.sans.edu/diary/ViperMonkey+VBA+maldoc+deobfuscation/24346
https://www.decalage.info/vba_tools

I don't think this is really fitting content for this channel 😉

Works on my machine

Eh, discord bug

That's the image below that I posted that's spinning

Discord bug.

Ctrl and R might fix it.

Take alot of screenshot on Windows, and want the time stamp to feature on the command prompt or powershell?

###create a powershell profile, if it doesnt exist already
New-Item $Profile -ItemType file –Force
##open it in notepad to edit
function prompt{ "[$(Get-Date)]" +" | PS "+ "$(Get-Location) > "}
##risky move, need to tighten this up. Change your execution policy or it won't
#run the profile ps1
#run as powershell admin
Set-ExecutionPolicy RemoteSigned

Command prompt

setx prompt $D$S$T$H$H$H$S$B$S$P$_--$g

is it ok to learn from teh book which has reputation but its from 2008 -2012

i don't think fundamental change that much over time, whats is the advice ?

I have some older networking books that I have used to read about basic protocols and concepts that haven't changed. Just know that the info might be outdated and you should follow up with something more recent to ensure the info you know is up to date, if that makes sense.

Depends on which one. Plenty of them can still somewhat be relevant

Anyone that is a FL resident and over 18 and just getting started trying to get into the field might be interested in this: https://cyberskills2work.org/i/pathway/10121/detail (full disclosure, I just saw this on LI and thought I would pass it on, I know nothing else about the program except it's free and you should be able to do CYSA+ at the end)

Cleared my CRTE exam few days ago. Wrote an blog for its review and preparation guide along with my notes. Hope it helps anyone who is preparing for it.
https://0xstarlight.github.io/posts/CRTE-Exam-Review/

https://odyssey.hackrocks.com/info/about

This is a cool Homer's odyssey story inspired CTF

starts in 5 days

https://www.youtube.com/@webpwnized/playlists

https://twitter.com/shodanhq/status/1680723526494609409

https://youtube.com/@BranchEducation
Brilliant channel

I totally agree

Little tool I made, would be great if I could get some feedback 🙂

https://github.com/The-Viper-One/PsMapExec

https://github.com/RyanDodd21/GaTS/tree/main

PrivEsc and Enumiration script/tool downloader for windows + linux

feel free to suggest additional tools

guys, can you recommend some infosec news sources like newsletters, blogs etc. to be somewhat up to date?

dark reading
full disclosure
packet storm
threatpost

all of these have rss feeds too

thank you!

Gave +1 Rep to @sudden fern

no problem

generally some more general stuff news sources post about things like this too

like bleeping computer and ars technica

I've noticed for a lot of beginners they tend to not know any starting point on how to take notes, hence why i publicised a public repo of my redacted obsidian vault, which can be customized to your needs. Hope it helps new beginners on getting straight away started on taking notes while learning:
https://github.com/0xSoundOfSilence/LYT-Kit_Redacted

heh it's your opinion I guess
the creator of the room is also the creator of haiti
personally I find haiti better. everyone uses whatever they want at the end of the day

💜

https://faviconmap.shodan.io/

map of top 5000 sites and services, by favicon with the biggest favicons being the most popular

https://github.com/MatheuZSecurity/Koth-TryHackMe-Tricks

Does anyone know how I can set up a vulnerable server just like the one THM is using in the Burp Suite Room? I want to practice more penetration testing stuff on it. 🙂 Thanks

Yes. We need this

What sort of server?

Either a bank or crypto vulnhub VM at least for me

I can build the web app if necessary just don’t know how to make a vulnhub server

https://docs.bluekeys.org/guide/cyber-securite/owasp-top-10

hello people will you have the name of a blog which is represented as this site (exactly the same) but in English? it's a known blog but I can't find his name lmao. It bundles all the good cyber security resources for information

List of useful wiki like sites

• Wikis
  • https://www.thehacker.recipes/
  • https://cr0mll.github.io/cyberclopaedia/
  • https://www.ired.team/
  • https://book.hacktricks.xyz/

https://github.com/MatheuZSecurity/NullSection

I found this blog on **Some common Steganography tools for CTFs** and it is for extreme beginners in CTFs.
This writeup consists of the information which I found very useful as a complete beginner.

https://medium.com/bugbountywriteup/some-common-steganography-tools-for-ctfs-92e3de93f141

Is there a site where I can stay up to date about everything in pentesting ? Also about how AI is being used in cyber…i assume there are alot of AI tools that make life easy for pentesters, SOC analysts etc

Hey guys, in my journey learning bash scripting i have made a very dirty (stupid) subdomain enumeration tool. Maybe you will get something out of it! https://github.com/Luke57/subseeker/

I think this has been posted before but,
https://www.phind.com/
Basically free access to GPT4 + Tells you the sources + Can change website rankings - I've found it really helpful so thought it'd be worth posting

I don't understand, but here is a directory of vulnerable instance made by owasp:

https://owasp.org/www-project-vulnerable-web-applications-directory/#

hi guys... does anyone have resources for learning tcpdump and Wireshark?

THM has a few wireshark rooms.

thanks bro

Gave +1 Rep to @stuck abyss

https://youtu.be/EHp4FPyajKQ
Finally made it click watching this

Gave +1 Rep to @mystic siren

https://tenor.com/view/its-the-thought-that-counts-efe-omowale-assisted-living-its-all-about-good-intentions-only-kind-intentions-matter-gif-22405739

Hey guys , i'm going to do a telecommunications networks license at university and I want to take a little advance, are there any introductory courses to advise me?

Maybe have a look at Professor Messners Yt-Channel

https://www.youtube.com/watch?v=pdnW8l-URR4

https://inferi.zip/paper/transforming-mimikatz-into-a-shellcode-and-bypassing-defender

https://denizhalil.com/2023/08/03/360-free-rooms-tryhackme/

There’s this one too https://blog.tryhackme.com/free_path/amp/

https://inferi.zip/paper/lateral-movement-via-mmc20-application

Where did you get these rooms? A lot of them are private

they are always there dude

Private rooms can't be access...

Also, I seen this on your blog.

https://inferi.zip/paper/viewstate-deserialization-to-rce

Well, CC Pentesting for example, that's an extremely outdated and retired room

I don't understand the fuss behind TLDs like these, they are the exact same as any other one (like .tech or .com or .org)

Would you mind explaining your reasoning behind it? I'm just generally curious if I'm missing something

You realize that the domain name has nothing to do with downloading things?

sure

? Lol

and only you don't go

ya, exactly

well, there's nothing you can do about it if you don't have knowledge about how domains really work. We post papers with incredible subjects and techniques, it's up to the reader if he wants to or not.

@unique crown you deleted all messages lol 🤣

Found this awesome description of the RSA Algo
https://www.youtube.com/watch?v=Pq8gNbvfaoM

https://youtu.be/Gkq8Az4Sx98

https://inferi.zip/paper/from-amsi-to-reflection

https://www.youtube.com/watch?v=MwMjrLL6HmQ

Hey,
I have a Windows application that I need to reverse engineer and identify vulnerabilities within.
I've opened the folder with dotpeek and there are lots of dlls and I need some direction what to look for.
I'm looking for some tips or a link to a good source to learn from.
Thanks.

This is a top level view of the dlls:

https://www.youtube.com/watch?v=LB2Vu7y3QYI

https://github.com/public-apis/public-apis

You have www.vulnhub.com where you can exploit everything you want

@graceful hawk Code seems to not work, and we don't really want to advertise paid content in here 🙂

One question.

As a hacker is it better to know how "raw coded" things work, or use libraries that makes it easier. Say a hacker will use web socket to make something in realtime, will he use a library for that or just use a protocol/built in modules to do the job(Maybe the worst example).

Understand how it works at the lower level, then use a library to quickly get it done

https://github.com/fortra/impacket

https://youtube.com/watch?v=q3-xCvzBjGs
cool video for slow people like me

Very cool, thanks for sharing

Hi everyone

I recently wrote an article on Passkeys. They are a new passwordless authentication method that offer a safer and easier alternative to passwords. So if you want to learn more, click on the link below and let me know what you think 🙂

https://www.cybersecguidance.com/post/passwords-are-broken-all-hail-passkeys

Hello. I'm looking for a resource I can keep on my attacker VM that is a folder including all or most exploits/scanners that are transferred to windows targets and AD environments. I can make my own but I bet someone already made a git for it somewhere and includes things I don't know about.

Please @ me if you respond to this

https://www.edx.org/learn/cybersecurity/harvard-university-cs50-s-introduction-to-cybersecurity?webview=false&campaign=CS50's+Introduction+to+Cybersecurity&source=edx&product_category=course&placement_url=https%3A%2F%2Fwww.edx.org%2Fcs50

Is this new?

https://cs50.harvard.edu/cybersecurity/2023/
Says "Check back in October 2023 for the full course!"

Yeah, just asking if cybersecurity has been a course CS50 has been doing before I'm not sure

It's a new addition to the course

DarkNet Diaries RSS (for youtube)

https://www.youtube.com/feeds/videos.xml?channel_id=UCMIqrmh2lMdzhlCPK5ahsAg

https://vuldb.com/pt/?id.237516

this is my new cve

im currently doing the soc level 1 path. are there any good books to read about that topic?

Hi , any resource to walkthrough Android Hacking 101?

SOC lvl 1 path is quite broad
Is there any specific topic here you are interested in?

not really im too new to the field

but i search a bit on amazon and i think i found some interesting books

how do you convert a jar or dex file to apk

I have searched a lot online, tried dex2jar, apktool to no success

it was straightforward converting apk to jar but the recompilation seems different

sounds like a pickle, oops i mean onion

https://github.com/ANG13T/url_genie

The Simple CTF room is outdated because of the exploit was written 5 years ago, here is a little help how to solve/workaround the issue: http://tomsitcafe.com/2023/08/23/tryhackme-simple-ctf-modern-solution-2023-working-exploit-with-docker-io/

this way you don't need to rewrite/convert the exploit, and the console output will be usable

pyenv and virtualenv anyone???

yes your way will obviously work but using the tools intended for using any version of python with a specific script and its dependencies goes a long way

python2 script.py ?

well thinks ubuntu removed that binary by now.... and kali heavily recommends you use pyenv for running python2 scripts

oh I use it directly

Hi , any resource to walkthrough Android Hacking 101 in tryhack me room? Like you tube video walkthrough?

@graceful hawk Please don't post shortened links here

Free course on Linux and Shell Scripting
https://www.udemy.com/course/learn-linux-operating-system-from-basic-to-advanced/?couponCode=97EF644BCE13DC090941

cryptography association
https://www.cryptogram.org/

Please interact with the community before advertising your udemy courses.

Hi hackers, do someone have some really good indepth wapt resourse ?

Have you tried portswigger academy ?
https://portswigger.net/web-security

Yes I have

I just wanted to get some good videos

Hi guys, I may be interviewing some blockchain/crypto companies for a security roles in the near future. Is there any interview questions cheat sheets/tutorials/free online courses on cybersecurity related to blockchain/crypto?

Just dropped a brand-new video where I take you through the essentials of Server-Side Request Forgery (SSRF), demonstrate how ChatGPT can generate SSRF-vulnerable code, and share effective mitigation techniques! 🚀

https://youtu.be/_NSmeqeS7Go?feature=shared

https://cpu.land/

this is fresh, july

https://inferi.zip/paper/elf-rootkit-anti-reversing-techniques

https://math-on-quora.surge.sh/

maths LaTeX cheatsheet

Port Swigger is a great resource, I like how they break the concept down and give you lots of labs

https://sqrx.com

@rough void Can you interact with the community before posting your tools here, please?

not sure if anyone else is curious of Linux kernel dev,

TL;DR you need C

https://www.kernel.org/doc/html/v4.10/process/howto.html

I bought Hacking API book and now there is a video ! (also there is the API academy)

https://youtu.be/YYe0FdfdgDU?feature=shared

DFIR RSS Feed
https://thedfirreport.com/feed/

You might also enjoy this one by Jai Minton:
https://www.jaiminton.com/cheatsheet/DFIR/# 🥳

thanks

Gave +1 Rep to @craggy onyx

Thanks!

Gave +1 Rep to @craggy onyx

This information is from Cisco's YouTube channel video: The Essentials of CCST Certification

# CCST Cybersecurity

validates's skills and knowledge of:

- cybersecurity principles
- network security and endpoint security concepts
- vulnerability assessment & risk management
- incident handling
- 1st step towards CyberOps Associate certification
- CCST certification for life
- no recertification requirements

Cisco Certified Support Technician: Cybersecurity  (there is Networking too)

- cybersecurity technician
- jr cybersecurity analyst
- help desk support
- security operations analyst



## CCST Training

CCST Networking (free e-learning & prep exam)

- network basics
- networking devices and initial config
- network addressing & basic troubleshooting
- network support & security
- network tech career path exam


CCST Cybersecurity (free training)

- intro to cybersecurity
- networking basics
- networking devices and initial config
- endpoint security
- network defense
- cyber threat management

120 hrs to complete
then exam

skillsforall.com > Explore > Get certified > CCST

https://skillsforall.com/resources/ccst-cybersecurity?courseLang=en-US

https://skillsforall.com/career-path/cybersecurity?courseLang=en-US



### Exam

CCST have to use, config diagnose problems, deeper concepts

CCST exam $125 USD, online requires proctor & webcam

50 min exam, must pass exam for cert

CCST Networking exam Topics :

1. standards and concepts
2. addressing and subnet formats
3. endpoint and media types
4. infrastructure
5. diagnosing problems
6. security (subdomains, WiFi, firewalls)

for the Network packet module you need to download Cisco's network software to analyze packets and answer questions

CCST Cybersecurity exam Topics:

1. essential security principles
2. basic network security changes
3. endpoint security concepts
4. vulnerability assessment and risk management
5. incident handling

Pyramid of Pain , from SANS

https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

original link
https://www.sans.org/tools/the-pyramid-of-pain/

https://roadmap.sh/roadmaps

Very useful website learn cybersecurity or any other computer related field very easy with step by step guys enjoy

https://picoctf.org/about.html

hey, do you guys know of a resource about thc-hydra? I cannot find anything that lists modules, specific options for modules etc

Their github?

https://www.youtube.com/watch?v=wDMsh7TJuqw

search rana khalil in youtube

https://youtu.be/RZ4p-saaQkc?feature=shared

Any web security labs other than portswigger to practice?

maybe checkout vulnhub , only know about it never tried their stuff

it is more like retro htb

boxes to solve

Aside from tryhackme?

seriously why do i even bother to answer people. today onwards i am not going to help.

muted channel

Yeah ofc

TF what happened?

who knows? breaks are important though

https://medium.com/p/4fac9505c23a - Blog post on Imposter Syndrone (Admittedly self-written)

Yeah but you just need to realize the true secret, we're all imposters

Hey, noob here. Does anyone know any good resources about the process of recon/ how an experienced ethical hacker would go about recon?

TCM Ethical hacking course could be a great start on this, i guess

Ah thanks!

Hello guys, I'm preparing for CEH exam and so far it's not that good as I am reading the book the EC council have provided. I need any video content about CEH to prepare for it. So if possible please provide me with resources! Thank You

Could you please share a little bit about what course material it covers?

It's is given by ec council so it covers everything that you require for the exam. But as it is a text book it's a bit hard to read and understand

It covers all the 20 modules required for exam

Normally this is supposed to test your knowledge and your ability to research. Best I can do is to wish you luck

Haha ... Thank you

Gave +1 Rep to @hushed estuary

Free Event – worth checking out. Most interested in the talk on cloud lateral movement & hearing about the next gen of cloud attacks! Also, lots of info on new research & tools to level up your offensive sec game. And personally, don’t know who'd pass up a session with Stephen Sims.

HackFest Summit 2023
November 16-17 | Free Live Online
Details here: https://www.sans.org/u/1qTn

I'm looking to practice exploiting viewstate deserialization vulnerability.
anyone knows a machine wether it's on tryhackme or others?
or maybe setting up a new virtual machine that will have it?

https://github.com/Striving-to-learn/Cybersecurity-Resources been working on a comprehensive cybersecurity resource github repo . I'd like to get your feedback and suggestions.

I think is not working bro

try now. had to temporarily disable it @golden nova

Not bad

Looks pretty good, my only recommendation might be to maybe add a bit more Active Directory stuff, but maybe I just have an obsession with AD

https://www.futuretools.io/

Hello all! I'm looking for good ways to learn cybersecurity and stay up to date on news in the field on my phone. Are there any good android apps that you all would recommend as far as learning, or cyber news? Thank you!

Has anyone got any good links for phone number lookups?

Care to elaborate? What are you trying to do exactly?

this is the app i use for industry news

I'd recommend podcasts as well, such as CyberWire or Smashing Security

https://github.com/HI0U/Numverify-Req-Api

I created this Anki deck for my own study purposes. It's a compilation of basic questions and topics that I found useful maybe for interview preparation and general knowledge enhancement.
You can download it from the AnkiWeb page at https://ankiweb.net/shared/info/2114580232?cb=1694109492290 or from my GitHub repository at https://github.com/kevinalexandervanegaszubiria/Basic-Cybersecurity-Interview-Questions-Anki-Deck

https://github.com/hackerschoice/zapper

https://inferi.zip/paper/opening-the-hells-gate

https://infosecwriteups.com/22-6k-github-stars-note-taking-app-hit-by-critical-xss-vulnerability-842da56ae265

https://palant.info/2022/12/08/common-pitfalls-of-breaking-up-https-connections/

https://www.theseus.fi/bitstream/handle/10024/806660/Thesis_Syynimaa_Nestori.pdf?sequence=2&isAllowed=y

For all your blue teamers

https://www.softwaretestinghelp.com/ not sure if its been posted before but there are some nice tutorials here.

https://www.geeksforgeeks.org/difference-between-bind-shell-and-reverse-shell/#

To launch a Reverse shell, the attacker doesn’t need to know the IP address of the victim to access the target computer.

what about it?

victims machine connects to attackers machine

Is it possible to get the actual VM used in any of the rooms .... Say like the owasp top 10 room

When investigating a suspicious process on Linux, try this:

strings /proc/<PID>/environ

For example, a socat command was used to spawn a reverse bindshell backdoor. Environ entry shows SSH connection data and traces to the socat comand. Some versions of netcat do similar.

No, thm won't give out vms

Depends on what room

^ That's true.

There is some that are on Vulnhub,

I have a few of the older ones, like Blue, Retro! ETC.

But if it's THM's own they don't.

@pastel ravine Now you asked about OWASP Top 10, the Juicebox one is avaliable https://owasp.org/www-project-juice-shop/

hey ! every one
i have just recently got my CEH masters and ejpt certs . now to explore more about the field of malware analysis and detection. so i have decided to work on an open source anti malware (also as my final year project ) . I have read few research papers and patents for this , i will be very grateful if you guys can provide me with some resource or provide me some direction or things to consider or someone else project like this . i want to make sure that anti malware should be fairly easy to setup but offers customization for advanced users also most of the detection should be done on the host itself and not by sending a sample to cloud server. thanks in advance

@prisma bison

We create a small Active Directory lab using VirtualBox and a Windows Server Standard evaluation. We'll configure it to act as a Domain Controller and set up ASREPRoast and Kerberoasting attacks step by step.

💡 Key Highlights:

• 🏗️ Setting up the Domain Controller with ease.
• 🛡️ Exploring the ASREPRoast Attack and making a user vulnerable.
• 🔐 Testing the ASREPRoast Attack to obtain password hashes.
• 🕵️‍♂️ Continuing with the Kerberoasting Attack and creating a vulnerable user.
• 🔑 Cracking hashes and gaining access.

🎥 Watch the full video for practical insights and hands-on experience. https://shorturl.at/quAD0
https://shorturl.at/MQX06

📚 Remember, "Build it before breaking!"

Hello guys. Please can someon help with any comprehensive guide on threat modelling?

Throwing my cheat sheets here for others to utilize

Subnetting cheat sheet

Nmap cheat sheet (A bit long so discord scaled it down, apologies)

SOC Architecture map

https://www.youtube.com/watch?v=_tpB-B8BXk0

https://njmulsqb.github.io/2023/09/23/The-Blitzkrieg-Effect-Infiltrating-an-Enterprise-Active-Directory-Environment.html

https://github.com/MatheuZSecurity/Infector

Thought this might be a good place to ask - I just graduated from a cybersecurity bootcamp and tryhackme is something I consistently did the whole time. I want to start creating walkthroughs and writeups. Could anyone out there with experience recommend some tools they use to write theirs. Which platform? Medium seems to be popular. How do you insert code into the articles, is there a software you use? Where do you store your images / screenshots. Any input would be greatly appreciated!

https://www.youtube.com/@DFIRScience

imo deciding what the "best tool" to use is procrastination. you will be infinitely better if you start writing & publishing rn then trying to decide what to use 🙂

I use Ghost, I do not like Medium. But I like Medium more than not writing at all 😄

Hashnode is good as you own the domain, so you get SEO goodies and a nice domain. Medium is good as the audience is already there

I agree with this so much.
I always end up looking for the "best way" to do something. Life is nowadays all about being as efficient as possible. Using "suboptimal" tools or making less mistakes is not being efficient.

I like this tale a lot

Stephen King, one of the most beloved, famous and bestselling authors
ever, often goes to writer’s conferences. After he talks for a little bit he
says, “Any questions?”

Inevitably, someone raises their hand—I’m paraphrasing here—and says,
“Mr. King, you are one of the most beloved, famous, and bestselling
authors ever. What kind of pencil do you use to write your books?” It’s
almost as if knowing what kind of pencil Stephen King uses will help
them be more like Stephen King

Hey, has anyone here used twingate before? If so, do you have any pros or cons or feed back? I'm thinking about using it for my personal network but I want to get the opinion of someone with experience

https://youtu.be/m6pJNW_jpw0?si=yPCorryRmEqotv3V

https://www.youtube.com/watch?v=zSDtZOOc--M

https://www.youtube.com/watch?v=0f5MY5vVsl0

can anyone explain the php data wrapper for me

Please engage with the community before posting/advertising links.

https://youtu.be/FvpZkEHpF8g?si=7Wxu8tyZ8VCMX7Nu

Very descriptive methodology for web testing

Yeah that was a really good video

hello Folks, do you have any resources to start simple projects with the Rasperry PI?

Here is something to secure or pen-test your Linux endpoints - VPS/VPC/Desktop https://github.com/bgenev/impulse-xdr Provides host & network intrusion detection; tracking indicators of compromise, security posture monitoring, alerting and active response.

https://www.edx.org/learn/cybersecurity/harvard-university-cs50-s-introduction-to-cybersecurity

CS50 just released this yesterday, its probably very basic but someone out here might enjoy it 🙂

It starts oct 2nd

Nice!

Anything CS50 is a + in my books

I took it over the summer and now my uni courses are boring because I already know the stuff

CS50 is in general a very good resources! Tons of free qualitative courses!

hey guys, does anyone know where to find labs on EDR evasion?

Harvard Launches Two New Free Certificate Course
https://www.classcentral.com/report/harvard-cs50-cybersec-sql/#free-certificate

@late comet please interact with the community before self promoting

Is there a zip file or similar I can download to have the same resources such as wordlists etc... that are available on the AttackBox ?

All wordlists are publicly available, they were installed by our AttackBox developer

You’ll just have to search around the internet for them

Please interact with the community before promoting your content 🙂

malware related content isn't discussed, much less promoted outside of the advanced channels here

@hushed estuary

Would you like it removed?

@shut ferry Malware is only allowed in #exploit-and-mal-studies

I'm just a member, not a mod or anything, but it'll be removed... as it just was, you can check the rules for how to get access to the advanced channels

My bad, I don't have access there.

I will, thanks.

Gave +1 Rep to @sullen palm

For a reason 😉

Please interact with the community before promoting your content here

I was working on an LFI lab yesterday and just happen to see this post by @rich shore about LFI to RCE without log poisoning. Pretty cool, just checking the vid out now: https://www.youtube.com/watch?v=yq2rq50IMSQ

Please don't ping them

duly noted.

Thanks 🙌
My YouTube feed omits anything cyber, definitely adding this to my list!

Gave +1 Rep to @digital lark

Yeah it was a nice synchronicity from the universe to me. I'm going to try it out after lunch to see if it works on the lab i was doing. otherwise i might just do it on my own machine via docker as per the vid

https://github.com/SegmaSec/JWT-Token

hey guys i really need help with this project, there's a check URL competition in my university for cybersecurity students to help spread awareness of malicious url's, the more you check and report the more points. the resources given to us are : https://www.virustotal.com/ , https://safeweb.norton.com/ , https://www.urlvoid.com/ . how might i have advantage over other's to win ?

a strong persistence tool for Linux

Hello can someone point me in the right direction of building a malware file checker in python

Does anyone know of websites or places I can go to practice bash challenges or bash scripts? I really enjoyed all the rooms on THM.

not sure if something is is like that. but you can build you bash scripts localy

Yeah I have been building some locally but kinda running out of ideas. I have been using Hackerrank as well.

you can automate things you learn

Cmd challenge is a good one

imo this is a good video on exploiting CAP theorem (and eventual vs strong consistency) to steal $$$

https://www.youtube.com/watch?v=m4Fi_a9QATM

Hey, have you checked out exercism.org? They have a Bash track you might be interested in. I find their content quite good for practicing. Used it for C and Python.

Thank you! This is exactly what i was looking for.

Gave +1 Rep to @outer oar

https://inferi.zip/paper/understanding-api-hooking - @inferigang

hello guy! How are you doing? I would like to ask if anyone can suggest tips and resources for the MS SC-200. Apart from books and the MS free material, do you know any good channel to learn by videos? For instance, I used to watch Savill's videos when I took the SC 900, but I noticed that he hasn't released any course for the SC 200. Thanks in advance!

Isn't this like the 4th or 5th time we've had to tell you that self-promotion is frowned upon here?

Facad1ng - The Ultimate URL Masking Tool - An Open-Source URL Masking Tool Designed To Help You Hide Phishing URLs And Make Them Look Legit Using Social Engineering Techniques https://github.com/spyboy-productions/Facad1ng

We have forked mitchmoser's SharpShares to add stealth and evasion features such as sleep/jitter and share spidering. We hope that it will be of help to fellow redteamers: https://github.com/Hackcraft-Labs/SharpShares

Hi! Any useful resources/videos to learn Android app development in Java?

Hey I’m a bug hunter but most of my sites that I want to attack use APIs and I don’t really know much on those. Anyone got some good tips or rooms for APIs and nginx

The owasp api top ten rooms are good https://tryhackme.com/hacktivities?tab=search&page=1&free=all&order=most-popular&difficulty=all&type=all&searchTxt=api

Thank you

Unlock the World of Ethical Hacking with Industry Experts at Techfest! 🌐🔒 Join us for a hands-on workshop that will empower you to safeguard the digital realm. Secure your spot today!
Register now at -
techfest.org/hacking

Grab offer & get full access to all the events at Techfest, IIT Bombay.

https://grow.google/certificates/interview-warmup/

https://github.com/MatheuZSecurity/Koth-TryHackMe-Tricks

@karmic shore Hey, please keep it English

And please do not self promote or advertise here 🙂

@shut ferry Hey, can you interact with the community a little more before posting your content? 🙂

Hey everyone, do you guys have any book or resource suggestions that can help me master active recon - from scanning to finding vulnerabilities?

i gotta give it to u its good script

Hey! Anybody with any necessary materials in preparation for CC ISC2 exam?

I'm not sure this is the server for it, but have you looked at the 1 Million Certified in Cybersecurity by ISC2? You're supposed to register and you'll be given 6-month access to the material.

Yes I have, but the review I read online made me know that the materials given on their portal is not sufficient to pass the exam

I have a few friends who relied solely on the material from ISC2 with no issues.

You might find the solution or material suggestions you are looking for in the Certification Station discord.

ISC2 CC material is all I used to pass the exam, the key is to understand the concepts and how to apply to different scenarios.

@teal snow please interact with the community before self promoting :)

Some black friday deals: https://github.com/0x90n/InfoSec-Black-Friday

https://www.linkedin.com/posts/matheus-alves-212775208_6-tips-on-how-to-hunting-for-hidden-rootkits-activity-7113904168989290496-oufd?utm_source=li_share&utm_content=feedcontent&utm_medium=g_dt_web&utm_campaign=copy

https://hack.ainfosec.com/

How many have you done?

I only just found it

But had a look at some of them and looked pretty cool

Done a couple so far but will come back to it later

They do.

https://github.com/0x90n/InfoSec-Black-Friday

have fun

FREE AI Resume builder (Pro Lifetime) Only valid for a couple more days.

• Sign-up here: https://www.rezi.ai/
• Click upgrade and select "Lifetime"
• Use code thanksrezi

Does anyone know a source to a malware free version of immunity debugger?

This is a really good service! I can vouch for that!

Interesting talk about safe/secure coding in C++: https://www.youtube.com/watch?v=I8UvQKvOSSw

https://github.com/R-s0n/ars0n-framework

I'm working on a tool https://github.com/NullRobot/Tooth-Fairy . ToothFairy.sh is a versatile tool designed to analyze and summarize data from network capture files and web content. For network captures, the script can extract and search for sensitive information such as email addresses, credit card numbers, passwords, file names, geolocation data, network shares, and more. ToothFairy.sh supports a variety of formats including pcap, pcapng, cap, snoop, netmon, and others.

I'd love any feedback. The web aspect of the script still needs a lot of improvement.

Interesting, I wrote a similar script that extracts RDP's, all ip's, http requests, dos attacks, host names, malware, pings and services. (but I won't be releasing mine)

Oh those are great ideas. @stuck abyss

Thanks 🤩

Gave +1 Rep to @sage heath

well that gave me a jump scare

cool project tho!

Thanks. It needs a lot of work. I'm using it for favorite THM rooms and wherever it falls short I'm updating it.

Gave +1 Rep to @sonic abyss

https://cs50.harvard.edu/cybersecurity/2023/

how basic is it? (because the cybersec chapter one in regular cs50 was very very basic)

pretty basic

still gonna go over it in winter break to see if I'm missing anything with fundamentals

https://securityzines.com/
Interesting concept 🤔

sorry for the ping but this looks amazing to try especially now that I'm using Wireshark in my pentests

Awesome. It needs a ton of work for the web aspect and going to make that improved. Please let me know what could be better.

I'll use it and try to mess with it and will help in whatever I can

Top AppSec Job Interview Question 12: https://www.youtube.com/watch?v=GOyUxCm1Qjs&ab_channel=HamzaAvvan

https://youtu.be/zA8guDqfv40?si=JGZsYiF6bLQwux1U

100+ AWS course enjoy 😉

https://breakthecode.tech/

https://github.com/ApprenticeofEnder/KaliDocker

I got fed up with VMs, I got fed up with USBs, and I didn't want to install to bare metal. So I made Kali work for me in Docker.

I mean it's technically possible

hey guys I really want to get good at forensics ctf any tips and resources?

Read read read.

What sort of forensics, all?

Or do you want to specalise, in memory. network, cloud, etc?

Ive been having fun doing the THM forensics rooms

Check the SOC Level 1 path for some forensics rooms

I want to be able to at least know the methodologies or any resources at all so I can at least have an idea to do the forensics sections in CTFs. I want to get good at it basically.

great thank you, you got anymore resources for forensics

Gave +1 Rep to @digital lark

I just started my forensics journey. I have some books on the topic that I bought in a bundle but I haven't read them so I can't give recommendations really

https://dogbolt.org/

self promo of a discord bot of hacking tools some may find useful https://skerritt.blog/the-ultimate-discord-hacking-bot/

https://www.youtube.com/watch?v=NhDYbskXRgc

Hey folks!

I recently made a substack all about security, both on the developer side, and how you can protect yourself as an individual too. First post is a round up of my favourite low-cost privacy and security enhancement tools. Feel free to share these with family or friends or even use them yourself!

https://robertbabaev.substack.com/p/0x01-a-privacy-and-security-suite

Hey @fallow saffron, can you interact with the community before self promoting, please

My mistake

Could you tell me the person name to contact for promoting any article

This defeats the point of the Discord, it is here for the discussion and celebration of TryHackMe 🙂

With a side benefit of sharing knowledge related to information security.

Yeah that's a good blog give it a try

I have shared it in only one channel right

That too resources

Small self-promo, I've recently finished writing an article I'm pretty proud of: https://medium.com/@aquilosec/a-pentesters-guide-to-graphql-68ac58777bd4. Let me know what you think!

I'm not sure why the image isn't loading 🙁

The embed?

Yep, it's fine though

Well written!

Thank you! Appreciate it

It's really nice article

Thank you!

https://www.youtube.com/watch?v=qNspXBXOpHA

#thm-community-media

Right, thanks!

@river wave can you just provide the article link please

yeah sure a just a sec

https://medium.com/@3aminne.v/enhancing-the-knowledge-of-your-information-system-for-robust-cybersecurity-2ed122cbfa14

here you go sorry if it was the wrong one

the original article you linked to was about CVSS

You posted a weird link redirect instead of the link to the medium article

https://medium.com/@3aminne.v/unveiling-the-next-frontier-whats-new-in-cvss-4-0-4c12dc436714

this one maybe

Mhm

not sure how to interpret this message X)

Here's a quick bash function I came up with for anyone wanting to easily share a terminal recording (using t-rec, filebin and copyq)

up() {
  local file_path=$1
  local file_name=$2
  local random_bytes=$(openssl rand -hex 16)

  curl -s -X 'POST' "https://filebin.net/$random_bytes/$file_name" \
       -H 'accept: application/json' \
       -H 'Content-Type: application/octet-stream' \
       --data-binary @"$file_path" > /dev/null
  copyq copy "https://filebin.net/$random_bytes/$file_name"
}

rec() {
    local timestamp=$(date +%s)
    t-rec -q
    up t-rec.gif terminal.gif
    mv t-rec.gif "/home/<user>/Pictures/Terminal/$timestamp.gif"
}

Automatically copies it to the clipboard

https://github.com/peterheinrich/InternetOverSpaghetti

check out my project. any feedback is greatly appreciated.
it a cli tools that helps you with searching and printing gtfo, lolbas, tldr(man page but like cheatseet for commands), generating reverse shell, and print your notes directly on cli.
https://github.com/foreztgump/gibme

https://roadmap.sh/

https://github.com/8u5h1d0/coffebreak

@desert imp please interact with the community before self promoting