#resources

the framework

yeah angr is pretty good specially for binary exploitation

with this script i can get flag of all files of crackme

with one click

i forgot the room name 👀

have heard a lot of angr but never used it..

maybe because I am not good with RE or PWN

original plan was to mess with pwn

but then i move to this

just gotta add graphical view and i am done then

wait wait what

i am done

how many lines is it?

not so much

rip crackmes

just 52 till now

@regal torrent u remember that soiler

it was a part of it

and then old man came

wdym

spoiler

u almost accepted bribe

😂

huhhhhhhhh

what challenge

was it

it was just a chat in general section then para jumps out

smh my memory is so bad

wait

you said something about project

i think

omg @regal torrent😱

sorry

@tender river If it really worked the way you told, good job then.

yup

https://hackwarenews.com/top-hacking-simulator-games-every-aspiring-hacker-should-play-part-1/

^Worth the read

Wot

I would added 'Welcome to the Game 1 and 2 to this as they're not super realistic but altogether fun

that would be gr8 for our kid right @regal torrent

?

smh

im straight

i go after the cute girls ykno

me too @yume chan

smh

I'd like to join that smh

Not because I've followed this conversation lol

Just cuz

join wot senpai

No idea at this point.

(If you haven't caught on, I'm intentionally confusing you)

(yeah i havent caught on sigh)

Aww

¯_(ツ)_/¯

Although, that article is worth the read

Hacknet was mentioned previously and it's a lot of fun

aye played the sakura mod

smh visual novel

ish

you have the tsundere

the senpai

and the typical heroine

Tfw when yume turns hacking into a hentai visual novel

i did not do that

😦

I think Para is joking haha

Lol

...

....

https://github.com/N0000000B/Bkdr

Hi guys this my script i was unable to implement many features in it

this is still under development phase

cool thanks for sharing 😍

i want you all to look at this and contribute too to make it an awesome tool

hmmm

iirc theres alfred too

developing both of them would be sweet

also let me know if there are any bugs

ja

?@Yume

wdym

cough cough

?????

i am dyeing

from what

did u check that script Yume ?

yep

i did

nice

thats why i said twas cool

have u tried it on crackme ?

not yet

i will do it

after doing

ok

onetwoseven

this @shut ferry

gave this to me

im urged to root it by concsiousnesness

any crackmes you recommend? @tender river

ok

any u want to try

i just want to knw how much useful it is

c ya all ....gn

alright gn

will test it out rn and tell you how it goes tom

i luv u

gn

you should make error checking when there are no arguments set @tender river

maybe a help option could be nice

I think I never posted this here

?

http://github.com/mzfr/liffy/

or maybe did not sure

just a small tool I revived for LFI

nah its the first time seeing this

thanks for sharing

👍

😱 😱 😱 😱

why ur always better than me ....

@whole grove

lol

just wait ....i will surpass u

Good luck 😜

i am so pupmed now

Yay rivalry

😛

btw @tender river in what sense you meant you'll surpass me... on THM rank or on making some tools/rooms?

overall....😤

lul good luck then... I'll see you after 100 years

😜

matter of months pal ...😈

I think that's what I just said... I'll see you after 1200 months

now mathematics is also added ...

hahahah

O damm

YOU WERE RIGHT @ebon valve

RVB is funny af

^

The blue guy that isnt tucker or the rookie

Lmaooo

And the rookie just lets the red guy take the flag

You're in for a ride, it's a long and fantastic series

The first few seasons are my favorites but that's just mostly from the nostalgia of them

This is great

@tender river May the skills be with you.

How are the rookies

So dumb

Well, you dont get sent to bloodgultch for being smart

Lol

Played a tiny bit of hacknet while working tonight. That game is a such a power trip, it's just so flipping easy

O

It is

Tired Nite 4, kinda meg

*meh

Very over the top and incredibly unrealistic in command execution

The games in my steam lib

I should play it

Give me a terminal game lack hacknet anyday over that

*like hacknet

It's very over the top military sim

1v1 me hacknet @ebon valve

Also the tutorial sucks compared to hacknet, too hand holdy

Just gonna this out there, I'm probably not the one you want to go against in an infosec comp

Psh

Lmao

#521382216304033794 ??

Not to be boastful

Yeaaaah, this should be moved to general

How would I show the arrogance of youth if I didn't attempt something nigh impossible

I love Nite Team 4 - if you just did the tutorial then.. you're missing a lot.

ngl

What's nite team 4?

A new hacking game @elfin mountain

Oh I'll Google it

https://store.steampowered.com/app/544390/NITE_Team_4__Military_Hacking_Division/

The steam page^

https://attackdefense.com/

Check out this site

I think I checked that out a while ago but i'll have to give it another poke

Also, I'll give Nite Team another shake

The tutorial really put me off, I'm not a fan of the pure over the top nature with very little actual terminal interaction

I can see it now

exploit port 22

Immediately finds ssh password and username

Hacknet just hides all of it's things behind animations but eh, it's still just a game

Still waiting for the article headline

?

How I got my oscp after playing hacknet

Fucking christ

One day

Whoever wrote hackmud doesn't use a terminal worth shit

The term nav in this is ass

Isnt hackmud that js hacking game @ebon valve

The terminal was def using js key val pairs

I heard that game was good but no one plays it

I wasn't really impressed, the core mechanics are lacking

I'm also really picky tho

I mean

You're an official pentester

You have a higher quality pallet

¯_(ツ)_/¯

yeah, I guess I would definitely say these games are meant for beginners

I mean they arent even real commands

So I wouldnt say they're for beginners

Tbh I was super hoping one of them would have actual commands

But I'm sure there are legal reasons or some other bullshit that they don't do that

hacknet has some actual commands for the base system

I mean if they did far less people would be able to play them

I can't imagine most people reading the man page for hydra for a hacking video game

I honestly wish Hacknet had a terminal only mode w/ tmux style hacking

even then, spoon feeding some of that could help

Yea but then it would limit the difficulty of their puzzles

true

If they use fake commands and design a game around that

fuck it, I should just play portal 2 again

It would be a better experience than having to work around something thats already established and complicated

@ebon valve go play all of the community test chambers

Lol

I should check that out actually

but tbh I'll probably mess around with the main story

When I was brute forcing for an htb I just started up portal

how far are you?

Still ch8

Almost done with it I think

good chapter tbh

I like 8

lots of funny dialogue

Wheatly remains my favorite

wheatly is hilarious

I also maintain that he isn't a moron

hmmmm

I guess I'll concede and say he's misguided

Ye

Potato glados is still gr8

How I got my oscp after playing hacknet
Not gonna happen, because there's nothing PortHack binary file that will hack a port in just .1 seconds.

it would be funny

if that was possible

Anyone have any specific hacking games they recommend?

Wargames from overthewire
Hack-exercise series

@ebon valve

Live done bandit (albeit quite a while ago) but I should definitely revisit overthewire

Underthewire has powershell puzzles btw

Never heard of the hack exercise series, I'll have to check that out

Sorrrrrryyyyy

Exploit exercise*

That was dumb 🙈

Oh well, same difference lol

Lol 😊

Exploit Exercises is always a good choice.

Yup

lab.pentestit.ru

Dude, that's totally confusing.

Which token to which services, I asked in their telegram community and they ignored so I ignored them too xD

Haha how so? Hit me on DM

Did I hear powershell

I rly need to learn how to use thay

Learn PowerShell in a Month of Lunches is also a fantastic book for that

@forest pecan I've written a blog on ROP chains, I'll be able to upload the blog post tomorrow, let me know the procedure.

Amazing, I've DM'd you 😃

https://d4mianwayne.github.io/ROP-Tools-Usage/

I will try my best to post chapter 2 on TMM but schedule is tight today.

https://d4mianwayne.github.io/ret2libc-pwntools/

Not sure if this is posted here before or not

https://www.malware-traffic-analysis.net/

but pretty good website for PCAP and malware analysis

@whole grove Thanks, need it for malware analysis.

https://gtfobins.github.io/

very useful!!

Indeed.

^

Life Saviour

anyone who has the subscription on TryHackMe?

I do

I was looking for a team or a person who can create a team having subscription as i will be completing all free challenges by tomorrow so i didn't wanted to waste my time. Also i will be creating some challenges this weekend and would love to share them on TryHackMe. Can you help @forest pecan

Oh wow, we'd love to have your challenges on TryHackMe!

The teams (as is currently stands) do not actually do anything unless you're in one of our special CTF rooms.

Which are not available to the public yet.

Can you add me there?

I can share my profile with you privately if you require!

Add you where sorry?

if there is any place in those special CTF team?

Not at the moment, there will be soon!

oh no problem! i will wait then 😄

We're planning a bi-monthly competition

that sounds awesome

till then let me create some challenges and also complete the ones who are left (Free)

Thanks @forest pecan 😄

Yeah, no worries.

Any issues, just give me a shout

hey all i m just newbie could u help what all resources i should refer

How much of a "newbie"? Like do you know about operating systems and networking? Do you know how some of the tools work? Do you want to attack web apps or a network?

yes i do know

Not meaning to overwhelm you. The more detailed your question, the more accurate will be the answer

i do have knowledge about networking and os .web app developer as well.wants to take my ctf skills high

hope i m clear now

Yes yes. Ok so I'm assuming you wanna get into web app hacking

So try googling about SQL injection, XSS, CSRF and a few other vulnerabilities. Then read/learn how these are exploited using pre built tools.

For eg, you use dirb for directory bruteforcing

ok

@tame arrow there's an OWASP web app room which has some tasks related to web security

there's also the webappsec101 room which has another web security box

there is also... DVWA on rp: nmap

and that's friggin confusing

be like my - try everything same time

Araki: Does RP: NMap
Also Araki: Does Joystick

JoyStick is meant to be hard lol

It's likely between about a high-end easy to a low-tier medium on HTB if that gives you a good idea of the difficulty of JoyStick

@ebon valve yeah, i know

https://github.com/mzfr/gtfo

Just created this

@whole grove just what i needed, thx a lot

👍

@whole grove this is something I could see being put into the standard installation of Kali, great work!

Thanks

I wish they add this to kali 😅

Hope so

^

I first thought to add something like exploit-db to this but then realized that there is already searchsploit for that

^

I am looking for some good resources on reverse engineering

TryHackMe -> Hacktivities -> Search 🙂

There are a few rooms available

Oh nice. Thanks 🙂

😄

Oh God, RE.

Haha RE

Makes me re

https://github.com/Sq00ky/LPEC

Anyone have Tyupkin source code

Simple bash ping sweep

#!/bin/bash
for i in {1..255}; do
    ping -c 2 192.168.1.$i | grep ttl | grep "seq=2"
done

better to use grep "from". because icmp_seq can change.

root@lab:~# ping -c1 192.168.245.129
PING 192.168.245.129 (192.168.245.129) 56(84) bytes of data.
64 bytes from 192.168.245.129: icmp_seq=1 ttl=64 time=0.019 ms

@ruby tide that was a design choice, -c 2 in case its on a larger network and a far away device isn't in the MAC table of the switch, so it'll need some time for ARP. Not sure how Linux ping works, but on Windows usually at least one packet drops.
| Grep seq... is 100% unnecessary if you're only doing 1/device anyway.

true....but what if the wrong packet gets dropped? in your example the grep option will miss the result if the wrong packet gets dropped.
root@lab:~# ping -c4 192.168.245.129
PING 192.168.245.129 (192.168.245.129) 56(84) bytes of data.
64 bytes from 192.168.245.129: icmp_seq=1 ttl=64 time=0.026 ms
64 bytes from 192.168.245.129: icmp_seq=2 ttl=64 time=0.078 ms <-- if this one gets dropped for instance
64 bytes from 192.168.245.129: icmp_seq=3 ttl=64 time=0.035 ms
64 bytes from 192.168.245.129: icmp_seq=4 ttl=64 time=0.072 ms

also I would advice to do the ping sweep in a one-liner so you don't leave unnecessary tracks on the remote system. but this is just my opinion. I give you many kudos for helping people getting better in what they want to do 👍

https://github.com/snoopysecurity/awesome-burp-extensions?fbclid=IwAR3vs9Z8C376uWZbNOhS68sZgaD4oaEJOMJ_mEcqv7VO_kQB8UO_k5yZPjg

https://d4mianwayne.github.io/posts/fmt-bof

Beatiful!

Really? Appreciated. @keen summit

Yeah!!!

For the ones who are totally new into CTFs

https://github.com/JohnHammond/ctf-katana

Wow, that is informative!

Thx

Haha John's actually in the discord

Hi John

Hi John!

Hi John!

Hi John!

Hi John!

Hi John!

Hi John!

lmao

He must get this everywhere he goes

Feel bad for them

Hi @rich shore 😄

Damn it, someone must say "Hi" to me too

Kidding

Hi @white pivot 😄

I was kidding lol

We must respect our Seniors B[)

😎

Robin > 0x4c304c

I don't think so

This was something great!

https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/

Isn't DarkStar is making a room on this already.

I just hope to not have the same problem with like I still have with that Blue room

What's the advantage of remotely bluescreening a system other than DoS?

@white pivot stability issues, blue is incredibly stable but it has a tendency of deleting a flag

Wow, tendency to delete a flag.

That's a new thing

It's been ongoing for a while but it's because one of the flags is in a sensitive Windows location that the OS really doesn't like

I prefer having it there all the same but it's something new

https://github.com/mzfr/rsh

@white pivot

https://github.com/viper-framework/viper

@spare oar Damn it, thanks

@white pivot ;)

How do you know I'm a binary guy?

@white pivot seems like you forgot me as well xD

If you keep changing username I might even forget the THM

Ahahahaah 😂

If someone have books related to Malware Analysis can you share here?

I meant to say it here. But I have a few books I can share. They maybe a bit older but still useful. Just let me know how

@ebon valve can we share the books directly here?

bah I cant upload more 🥴

Let me organize a google drop for the random books I have. Then I will share.

AHAHAHHA

Remove these two for a while as well!

@fleet lava just drop me in PM - as soon the admin allow us to share the books. We will share here? Much better?

yeah sounds good. I have Encase books, CEH stuff, and other what nots

Encase! hmmm i don't know about that

Oufff! forensics!

yeah i dabbled in forensics for a while. It actually lead me into this side of the fence.

oh that's great!

@spare oar I have a book or two about it
Woukd you rather have the ebook or the pdf?

The Malware Analysis book

@naive loom you can share those if PDF (eBook)

I had PMA and MA by Monappa K both are great books! curious to know if you have any other !

I'd say PMs preferably, I would like to stay away from piracy as this is a community directly related to TryHackMe as a company 😉

@ebon valve knew that. That's why asked for the perms ^_^

All good! Thank you for asking before doing ❤️

@ebon valve ❤️

Yup, I shouldn't share anything here don't worry Dark :)
I don't want to put my actions' responsability on you guys!

https://github.com/fireeye/flare-emu

https://github.com/trustedsec/physical-docs

https://osintframework.com/

Something i am curious to work with!

https://start.me/p/ZME8nR/osint

For reversing and exploiting the master is ricardo narvaja

http://www.ricardonarvaja.info/

https://youtu.be/3BQKpPNlTSo

Hoooo boy

Microsoft already took down the download buuuuuut

Wait so they had a privesc just sat on their website?

Kind of, this is a utility that just acts as a nice example of a way you can do this priv esc

any outdate cert binary signed by microsoft iwll work

Ah, hahaha

I'll have to take a look

@ebon valve @regal torrent @minor sigil

https://www.kitploit.com/2019/10/suid3num-script-which-utilizes-pythons.html

you gotta need some time to get through this!

https://github.com/xrkk/awesome-cyber-security

https://distrotest.net/

thats cool

Indeed @shut ferry !

https://youtu.be/4DY4TXhmpGo

@tepid patio the intro is cut off but I gave this talk last month on that

this your talk?

ooh yes

yeah haha

an american accent, i knew you were american but this still surprised me 😂

Haha I'm the weird american admin

That's a really nice talk though @ebon valve

Thanks! ❤️

|| I may be doing videos soon for our site so you'll get to hear a lot more of my lovely voice ||

We are already fallen in love with you @ebon valve

Dark is spoiling

Just found this so thought to share @white pivot @ebon valve

https://web.archive.org/web/20170704144922/http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/

https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained/

@spare oar aw shucks haha

Oooo I'm going to have to take a look at that over lunch

@ebon valve gotcha 😉

These are the approved wallpapers from TryHackMe - Free To Use by anyone who would like to put these as their wallpapers 😉

@naive loom here you go 😉

Thanks man

:D

Welcome 😄

https://crontab.guru/#

👀

!help

BOT Dev:
  botdev      
Blog commands:
  blog        
  github      
Fun Commands:
  ashu        
  boop        
  dark        
  honk        
  skidy       
Rank Commands:
  leaderboard 
  rank        
  rules       
Social:
  reddit      
  social      
  tweet       
  twitter     
  website     
Utility:
  wiki        
Verifying/Role Assigning Commands:
  verify      
xkcdCog:
  xkcd        
​No Category:
  help        Shows this message
  ping        
  uptime      

Type !help command for more info on a command.
You can also type !help category for more info on a category.

I ported over a Python 2 script for checking for MS17-010 vulnerability to Python 3 - https://gist.github.com/Stormy102/caac9ec724abe4e70277c6a2478629da

Oh wow! These are awesome!

Super simple vpn launch script I use

Edit it as ya need

@ebon valve that's what i am using 😛

alias vpn="openvpn /home/TryHackMe/tryhackme.ovpn"

Hop into .bash_aliases and there you go 😉

^^^^

https://syhack.wordpress.com/2019/09/23/iot-pentesting-approach-methods/amp/?__twitter_impression=true

ah cheers, I use aliases for updates, but hadn't considered one for this. Saves me having to keep look round for where I saved my ovpn file

Updated to fix that typo haha

I have different aliases for different services - htb for my Hack the Box VPN and thm for my TryHackMe VPN

I have vpn and htbvpn

I posted my aliases somewhere I'm sure

I have things like radare2cutter, ida, metasploit all aliased

if you want a super wholesome experience, do alias please="sudo"

or alias please="sudo !!"

hahah yeah

such a useful command

when is university slated to be put into production? will there be a additional cost?

is it only going to be used for .edu students?

https://github.com/z3pp/ZFuzz
not finished at all, but I would like some advices 🙂

How fast does it compare to something like GoBuster?

Looks good tho

not more fast than gobuster now, but more flexible

Awesome

Ill try it out

normally there is a little problem with pwntools and I will fix that tomorrow I think

Looks good @shut ferry

thanks

you have this one too which is very good

https://github.com/ffuf/ffuf

https://github.com/BC-SECURITY/Empire

I assumed it had been abandoned. Nice 😄

Heck yeah, I'll have to see if they have anything fun that I'll need to add into RP: PS Empire

@ebon valve would be nice if u added a list of prereq needed for the PS install, didnt realise my kali vm were missing stuff like libopenssl-dev amongst others but somehow the setup went through

Did the requires part of the installation not catch that? PS Empire should have an autoinstaller for required packages

it caught the openssl one with a error

think there were 2 others which didnt

the first time i ran empire launcher.bat was corrupted

or not written correctly

not sure if dependency or something else since i manually install a huge chunk of typical apts in development

Coincidentally, I just pulled a new kali VM for recording yesterday. I'll run the installation on that and add any issues/prereqs from that onto that room

@ebon valve if you're talking about an updated VM for the Kali room, a few thoughts: (1) if you can keep it from starting the new-user wizard stuff on launch that'd be sweet and (2) within the last week, when i try to do apt install <whatevs> it says it's "unable to acquire the dpkg frontend lock." I wind up having to run lsof /var/lib/dpkg/lock and kill the PID associated w/ that process so i can use apt again (maybe something has it locked and is baked into the image that was pulled for the room?)

Oh no, I wasn't looking at the kali vm for that. This is a personal VM for having with doing recording

We can certainly take a look at the kali vm for that room though soon

ah ok, well, scratch that then 😛

Duly noted though haha

A tip: for those that haven't already, sudo apt install tldr and then tldr command when you need help using that command. It's like man pages, but tl;dr.

Also apropos is meant to be pretty good

https://github.com/chubin/cheat.sh

^ more for programming but love the entire concept

tldr is one of my favorite apt packages

will definitely check everything out, thanks

OSINT Tools

@odd quest this should be better now

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE

And this https://prune2000.github.io/tools/pentest/

Very good for everyone who's new to linux: https://linuxjourney.com/

@crimson thunder that site looks great, thanks for sharing! Plus Linux Basics for Hackers is also a solid resource 😄 for those interested

Hey all, I've been working on a project for a while and I think it's finally in a good enough state to start raising awareness about it. The project is called Lancer and it's essentially an automated recon tool. Based on the results of an Nmap scan, it can automatically run directory enumeration on a web server, extract SSL certificate information, download any anonymous FTP files and get the hostname of a remote computer. If anyone's interested in trying it out, the Github repo is below. Feel free to comment and tell me what you think of it 🙂 https://github.com/Stormy102/Lancer

Will check when I have the head cool for it! ;)

@rose bobcat feature request: anonymous SMB too

If you look on the README it’s coming in 0.2.0 😁

Also MS08-067, MS17-010, Bluekeep, SMB/RPC Null Sessions and another load of stuff I can’t remember of the top of my head haha

@odd quest Once I've finished some of the banner-grabbing modules, I'll start work on the anonymous SMB. Currently planning on SMB null session, getting the list of shares if able to, and starting an SMB connection to get the OS version - any other suggestions? 🙂

Windows commands, for those of us who don't like Windows (and others)
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/windows-commands

https://0x00sec.org/ Pretty cool forum going into a lot of different topics and writing walkthroughs for HTB.

good metasploit cheatsheet
https://www.tunnelsup.com/metasploit-cheat-sheet/

anyone have a nice book to read?

beginner preferably

@agile delta For?

nice nmap cheatsheet (you can download it as a .pdf too)
https://www.stationx.net/nmap-cheat-sheet/

the stationx ceo on linkedin is so cringe

@tepid patio agree!

Hello everyone

https://tenor.com/view/hello-there-gif-9442662

i am trying to do the day 6 on the 25 chistmas event but i am stuk at dns data exfiltration

where can i find decent information that help me decifer wireshark dns exfiltration data?

or am i in the wrong channel hehehe

nevermind i allready found it

good sqli introduction?

@crimson thunder theory or practical?

https://tenor.com/view/why-not-both-gif-11478682

but preferably practical because I'm trying some basic techniques I've read about but I can't get them to work

https://www.youtube.com/watch?v=ciNHn38EyRc

And the Juice Shop and DVWA rooms are nice playgrounds

Same with WebGOAT

that's what I'm playing around with but I can't get things donw

ty ε>

If you want more targeted training, consider PortSwigger's free online academy

what kind of training is it? like video-lectures? and also, you mean free-free, right?

Mhmm

free-free

It's some videos but mostly reading and hands-on labs

I wouldn't be recommending it if it weren't free-free lol

if you can vouch for it I'll definitely give it a try tomorrow

Absolutely

thanks

@ebon valve I started going through it. I can't believe that this exists and that it's free. thanks a lot for the tip

anyone have any experience with this as a valid method or do i need more?

By O'Reilly, sounds good.

@wraith mason Is that a video series specifically offered from O'Reilly or is it in a bundle of some sort? I think that'd be super sick if that got put in a Humble Bundle O_O usually only videos I see are from PACK. It's not terrible, but I don't / haven't read anything off their platform yet.

@topaz cave it is a video series but the last i looked he was no longer offering it over amazon and stuff, you now have to subscribe to website to get video access ... give me a sec and ill look for the website ....

https://www.oreilly.com/online-learning/individuals.html looks like he is cashing in now for 35 a month you can access the videos

what do you think about the crackstation list? can it be a good alternative to rockyou?

are there any username lists similar to rockyou.txt?

https://github.com/sshell/reddit-analyzer

@honest dock yes, seclists have usernames: https://github.com/danielmiessler/SecLists/tree/master/Usernames/Names

thanks @tepid patio ! 🙏

Np!

Resource from HackerOne (Bug bounty site) - https://www.hackerone.com/hacker101

Also one @somber plaza posted in General - https://leanpub.com/web-hacking-101

Reverse Engineering 101 by Malware Unicorn

https://malwareunicorn.org/workshops/re101.html#0

https://portswigger.net/testers/penetration-testing-tools

https://osintframework.com/
lays it out in a very nice and interactive way

at work we use a really nice one for SQL map that automatically generated the syntax

CO2

idk if somebody just knows this, but i think it could be interesting

http://researchclinic.net/links.html

Guys, I'm working towards my CEH (for now), could anyone provide me with some good study resources? I have their course material purchased but seems a little bit unrealistic haha

CEH is unrealistic to begin with tbf

in what way @tribal walrus ?

I bet @arctic mist will wanna tag in here

CEH is kinda a fun one in that you should only really go for it if HR needs you to have it

i know, that's one of the reason i'm looking to do it

i don't really agree with their views in 100% of the cases

but if this helps me get into a pentester role, i find it a good starting point :/

DoD?

i'm not a british citizen

That's US

oh

nah, i'm in uk

that's the only real place I know of that still has CEH

CREST is a better shout for the UK

well, i applied for a few places, a lot of them asked for CEH for whatever reason

even Deloitte

They have quite a few equivalency programs

i don't have any certification related to pen testing yet

i did apprenticeships

and currently i'm doing my first security focused role as an analyst integrating stuff like nessus for an msp

but i wanted to focus for the technical aspect, u kno

but idk why, even though it's not an amazing qualification people still look for it

Are you paying for CEH yourself?

If you don't mind me asking

yes for the exam, my company can pay for a bootcamp for me

but i felt it is quite unnecessary as i'm looking for other certs next year

which are more expensive

@ebon valve you're probably more articulate atm, could you hop in here? It's the good ol' CEH paradox: I'm about to black out here (sleep schedule is messed up)

Thank you for your time @tribal walrus

Np

The CEH paradox to which Dan is referring to is that it really had mixed value

The be all end all of it is, does your company want you to have it and does it give you value to have it for your work? If not, don't get it.

The EC Council has a very bad rap for that cert as it's widely regarded as 'vocabulary in cert form'

Again, your millage may vary depending on what your company deems

let me give a little bit of context on this

i was looking into getting CEH for a while, it seemed that a lot of jobs i was looking for was looking for it. I joined an MSP and they want to provide infosec services including pentests and stuff. I purchased my CEH voucher before knowing how reputable it is

Oh

after that, i'm not sure what i'll be doing, as part of my apprenticeship i got a few other vouchers

i got a N+, Cysa and S+

Since you've already paid for it, get it

Didn't realise you had no flex on the CEH bit

Me brainlet

not sure what you mean by no flex

you mean flexibility? i have to do it by october next year

I meant flex on buying CEH, i.e., I didn't realise you had already bought it

Waot

yeah, everywhere i looked it said about it, so i just went with the heard

@arctic mist CEH

but now, i know a little bit better about certs so dunno what to say haha

EC Council has a very shady view of the internet and have their own definitions for terms

never

I'm only taking it because it's part of my degree program

EC councils material (for the most part, generally speaking) is wrong

My boss took the CEH once upon a time and emailed the publisher of the course material, their response was something along the lines of "yeah, we've been hearing that a lot'

i heard about the content of it being incorrect

i'm watching their course material and also have a supporting book about it

and the book seems to diss the EC Council material being very poor

their labs are rather stupid

I've experienced first hand

@arctic mist i have their labs. just getting to them now 😄

I can think of one example offhand

remote packet capture lab

haha, i'm still at reconnaissance

well thank you for this very instructive conversation

I took no part in it but I'm making a meme about it

Everyone: Don't get CEH, it's bad and wrong
@gritty barn :

( @gritty barn all jokes in good nature fam)

My uni is putting us through CEH next semester. It’s basically an entry grade qual that gives people an ego

If it wasn’t free I wouldn’t be doing it

@crimson thunder no offense taken :P, at least for others to know.

@storm ether well, do you think i have more experience than an entry level person haha?

to be fair, thanks to this group of peeps(tryhackme) i gained most of the knowledge i have now

getting back to my initial point of this discussion - does anyone have any GOOD resources in regards to this mess i got myself in? hahaha

I wouldn’t know. Just because someone has a rank doesn’t mean they understand the concepts

that's true. but isn't that the whole point? getting knowledge to understand how certain things work?

that's largely up to you though

as for resources, it would be better if you asked for something more specific. like the other day I specifically asked for sqli material and got a few solid recommendations

^^ this

The way to improve is to specifically look at topics such as sqli

Self learning is massive, no employer will hold your hand going forward they may pay for certs but the learning aspect is on you

okay, so i've asked a very broad question looking for a very broad answer. is there something wrong in that?

otherwise i would've been more specific about it

well one broad answer is that pluralsight has some good material, and even a learning path for ceh

oh yeah, you're right. i forgot about that

Good resources on what? @gritty barn

@white pivot just looking for general info in regards to CEH, anything ranging from quiz type apps websites or books that people recommend in regards to it. but for now i'll look into pluralsight

Read Georgia Weidman's Pentesting book.

And I might have archive for CEH on my mega.

Ping me up later, I'll send those to you. @gritty barn

whenever you got time 🙂 thank you

https://www.bc-security.org/post/the-empire-3-0-strikes-back

https://education.github.com/pack

A bunch of free stuff for students

😮

RIGHT

This is a great way of centralising a bunch of student offers. Realised I’ve been using a bunch of them for a while

But hey free domains. I’ll take them

More Shodan codes: https://www.reddit.com/r/netsecstudents/comments/eerigu/shodan_gift_codes/

if it wasn't for you I would've been crying

in about an hour when this batch will have been claimed too

I don’t suppose anyone has any resources for bin exploits?

!gtfobins

Something went wrong!

then practice on the sudo room

I think you need to

!gtfobins find

I meant stuff like overflows

Not that crap 😂😂

@storm ether I have literally thousands of stuffs on binary exploitation.

https://www.slideshare.net/mobile/AngelBoy1 @storm ether

Just check it out.

This is exactly what I have been looking for! Thanks man @white pivot

Only if you take a look at my pwning folder, 2+ GB of stuffs only on stack pwn lol. Let alone the heaps (not counting the papers)

I can send them in batches if you want. @storm ether

Please do. I’ve been looking for stuff like this for about 10 days, this seems like a gold mine

Lol, and you didn't even thought of pinging the guy who has the status set to "Pwning binaries"?

Anyways, come to DM I'll send those.

https://github.com/D4mianWayne/PwnLand

Will update it. @storm ether

But checkout the resources file.

I didn’t even realise you had that set aha. Haven’t been too active in this discord

Guys

Any tutorial on shell coding?

Am a noob in this

@compact tangle https://www.youtube.com/watch?v=HSlhY4Uy8SA

@compact tangle

Thanks guys👍

A free ethical hacking course on udemy which I don't know for how long will be free but here you go everyone :D https://www.udemy.com/course/ethical-hacking-beginners-to-expert-level-kali-linux-tutorial/?couponCode=D3D6A1483CC290181F2A

@pliant compass added to my library 🙂 thank youu

@pliant compass whoa thanks

Happy to help:))

@pliant compass have you gone through it? do you know if it's any good?

another one here: https://www.udemy.com/course/wi-fi-hacking-with-kali/?ranMID=39197&ranEAID=je6NUbpObpQ&ranSiteID=je6NUbpObpQ-RClTFmloYXJYv2NP12vgtQ&LSNPUBID=je6NUbpObpQ&couponCode=1_LAKH_FREE_COUPON

Nope, just found it too, but I don't think udemy would let anyone put a course and price it 200$ if it's not useful at least a little

Woaaah thanks

Idk it had a pretty interesting syllabus

@pliant compass no actually I think that's what it does... 😛 no course actually costs that much, the discounts are permanent afaik

anyway, rather than passing urls i will give you this: https://www.discudemy.com/language/English/2

enjoy free courses guys

:))) thank uuuu

Litterally nothing at udemy is full price

@crimson thunder awhh man, u might be right but I really hope its not like that bc it seemed to be pretty cool stuff in there

They are almost always discounted

Ye they re all about marketing and offers

do we actually care? hahaha, we can find these courses for free xD

=))) yeah, true dat

@gritty barn that website seems a little sketchy though. check this out:
https://www.discudemy.com/go/java-programming-complete-beginner-to-advanced
go to that link and hover over the link. what do you see? it's a different link and then redirects you there I think

i've noticed that

but as far as i am aware it works fine

@crimson thunder i've noticed the redirect. I think that's how they look at the number of clicks redirected from their website to get comission?

in my browser it was blocked

Idk, just pointed it out

yeah, i use icognito without extension on a vm

you can always copy paste the coupon to udemy anyway

true

so, yeah. sketchy but useful

https://www.bellingcat.com/resources/how-tos/2019/12/26/guide-to-using-reverse-image-search-for-investigations/

https://medium.com/bugbountywriteup/jobs-in-information-security-infosec-93a5efc12ca2

Is shell code is in hex

How do we read/write it?

Do we write it normally then encode it in hex?

Yes @compact tangle

@white pivot

Yo

Like we use shell code in c++

What you mean?

For example string="\x0..."

Can we do the same in python?

Shellcodes are usually hex encoded because they're just opcodes

Yes we can

@compact tangle The link I gave to optional, there's a example script for spawning a shell via shellcode execution.

What's the python version of
__asm{}

There's a pwntools function

Wait, you can't just directly have ASM in Python

Without ctypes, most probably.

You can also generate shellcode via msfvenom if I recall correctly

https://github.com/avishayil/caponeme#caponeme

Hello there
I want to start learning about malware analysis can anyone direct me to a good resources for beginners
thanx

Start with reverse engineering first

There's some re resources in here

@tribal walrus
Thank you for ur reply,
sadly there's only two rooms in here, I'm actually looking for directions or advice from an experienced person, about what the best resources like books, websites courses to get started.

@white pivot

@mint wigeon there are a few things up in the chat

@mint wigeon I'll send you those by evening.

@white pivot if its fine could u hit those over to me aswell

Sure @ashen scarab

:)))

That being said, my post for reverse engineering is down on THM blog..have to do some fixes, it has a lots and lots of reference resources. I'll add more.

hm thats weird

wonder what happened to it?

Grammatical mistakes. @ashen scarab

wow what that stinks :/

Not that much, I told Skidy to took it down as some attachments were needed.

gotcha, if u need help with grammar i gotchu

Grammatical mistakes mostly occurred because it was so cold and I couldn't checked it twice and had to write it fast.

https://twitter.com/noneprivacy/status/1211317673415659521

https://www.ubuntupit.com/essential-nmap-commands-for-system-admins/

Good read on basic nmapping

https://captmeelo.com/pentest/2019/12/30/lesser-known-tools-for-android-pentest.html

https://youtu.be/4ZtFk2dtqv0

Hey guys, I have made a PDF out of all the resources docs from the Advent Challenge. Now that I have the authorization to publish it; here we go (feel free to give me feedback, or suggest modification via issues on the github):
https://github.com/horshark/thm_hacking_encyclopedia

I am aware it is not yet perfect, I will be making changes in the future ;)

https://twitter.com/0xhorshark/status/1212390461492649985

Thank you! That's really awesome

For those who are looking to learn basic understandings and want to ask any sort of questions. I have just started streaming THM sessions and some HTB retired boxes to help new starts out

I mentioned it a couple of months ago but I found this could be two birds with one stone situation to create a resources library for others

looks good, watching now 🙂

oh damn

Thanks to everyone for coming along. I'll be sure to be doing these quite frequently. Even if I did stumble and overcomplicate a load of stuff xD

@storm ether do you always do them a the same hour? Cause it happens to be in the middle of the night for me lmao

@storm ether If you give me a link and a time you're streaming TryHackMe content, I can promote it if you want?

That sounds great @forest pecan.

@naive loom no last night was just a taster to get everything set up

Alrighty!

Be sure to tell us when you do, I'll come by ahah

and we at it again

https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

https://github.com/BinaryDefense/artillery

https://github.com/tacticthreat/PenetrationTesting-Notes

https://github.com/denisidoro/navi

https://www.octopitech.com/archive

https://gchq.github.io/CyberChef

a while back someone said on this channel that if you sign up on hackerone you get a free e-book of web hacking 101. I did sign up but I got no copy. have I missed something?

@crimson thunder i have that book. it's for companies interested in bug bounties

Can you get it for free though? I'm aware that you can buy it

off the record I can point out that anything can be found for free if you google hard enough

it's a useless book

it has like 7 pages why companies should join hackerone

@gritty barn alright, if that's your feedback, sold 😛

yup, wasted 10 minutes of my life

if you want a copy i might still have it

@tribal walrus well, not anything. outdated versions of anything maybe

@gritty barn nah, the portswigger academy has some great material, I'm just always looking for more

but if it's essentially useless as you say then I pass ofc

let me know if you want e books, i got a lot of them

can I dm?

sure you can

If anyone is interested in learning some steganography techniques I'm going to be streaming a box creation tonight so can answer plenty of questions about techniques and detection

i would watch that stream dude

@gritty schooner now

https://www.twitch.tv/root_optional

Just grabbing a coffee and collecting food but I’ll be live for another few hours

https://community.turgensec.com/ssh-hacking-guide/

https://github.com/vaib25vicky/awesome-mobile-security

Anyone taken or got any thoghts on the Advanced Penetration Testing course on Cybrary by Georgia Weidman? Worth it? Or should I just write down the topics and try to do my own research via YouTube etc? Quite like the idea of some structured learning for a change, but don't want to waste my time.

I think it's supposed to mirror the PWK/OSCP course quite closely, but without the major price tag (might look into this in the future once i'm a bit more confident with my knowledge)

It is all metasploit and nap, idk your skill level but it's very beginner @reef sigil

thanks @shut ferry - i'm ok with nmap, not used metasploit much but i think i can find out what I need to know from searching around instead of sitting through a full course.

Yeah, IIRC it's pretty much $11 wasted and it basically teaches you one thing in metasploit

Tbh it’s a good idea to not get used to metasploit. Oscp doesn’t allow it bar one use which you have to justify

Does explain one part of DEVA also

I hate this autocorrect

DVWA

Not deva

cool, thanks both. Answered my question 👍 back to good ol' Google I go.

https://ctf101.org/

@ebon valve bookmarked, thanks

https://github.com/stuxnet999/MemLabs

Interesting

A little mind map regarding SSRF. I use Edraw MindMaster 2 open it 🙂

Thank you, @minor sigil !! Mind maps are really useful imo

Now that u said, i’ll also add the Broken Access Control one too xD

Mwell, since i’m freelancing doing pentests and other things i gotta keep things organized

In case you have questions regarding the content PM me and I'll do my best to explain it to you 🙂 I don't think the notes are really beginner friendly xD But as i said, PM me if u need anything explained

Another note. Feel free to modify/add/delete whatever u want from those 2 🙂

😄

https://identityaccessdotmanagement.files.wordpress.com/2019/12/ad-security-fundamentals-1.pdf

enjoy daily resource I found somewhere

screw it

2 for 1 day

https://www.packtpub.com/free-ebooks/hands-system-programming-c?utm_source=social&utm_medium=twitter&utm_campaign=freelearning

Oooh

https://embed.kumu.io/0b023bf1a971ba32510e86e8f1a38c38#apt-index/united-kingdom

Also fireeye maintain APT data

https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8

I was thinking about starting a YT channel for pwn challenges🤔

That'd be cool

I hope so, but firstly I gotta complete the first room of my first ever learning path.

hol up

we can make paths now?

Can we?

Wait, what? We can't?

imma go with we can and I just didn't know

@white pivot please do it would be so useful

@storm ether Sure?

I mean if people can look up to it then why not.

That’d be awesome @white pivot

Guess I’ll learn a few things from u ^^

Oh god, then it's settled

Tomorrow I'll make one...but it'd be just me simply doing things...no explaination just mostly workflow but then again I'll be available whenever any of you need me

https://www.redsiege.com/wp-content/uploads/2019/12/WA101-LayoftheLand.pdf

Excellent slide deck from Red Siege on web app pentesting

Here's the presentation: https://www.youtube.com/watch?v=rb7aVBEjbX8

This is easily the best beginner to intermediate course I've ever seen as well: https://www.udemy.com/course/practical-ethical-hacking/

There's a code on his twitter that gives you 90% off of it as well

It's pretty new and all of what he covers I would consider immediately applicable in a professional pentesting job

@storm ether You have any specific binary? I can pwn it and upload it to YT😄

player2 heap exploit 😉

@ebon valve can you send the code? For those without twitter

That would be way too....giveaway. @storm ether

Oh one sec

Not now, it's a fairly new machine.

THECYBERMENTOR
^That's the code
https://twitter.com/thecybermentor/status/1209257352412778499?s=20

Something else?

This guy's course is definitely good but I prefer read, practice, review and improvise if you don't have money for it lol.

I I think jail on htb is a bin exploit

not too sure tho

You have binary?

If yes, send it in DM.

-$20 bucks

Yeah it's super cheap

I'm gonna make a video later on Rope from HTB.

@ebon valve how long is the discount good for?

No idea, I don't believe he mentioned it on the twitter post

I'd imagine probably not much longer, maybe a week or so

Udemy does have sales nearly constantly though, 90% off is common there

^

Nothing on udemy is full price

Here's another excellent read: https://medium.com/@adam.toscher/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa

And if you enjoy some hardcore burp https://digi.ninja/blog/burp_macros.php

yes the cyber mentor zero to hero network penetsting course is also good

Code is dead

Died on Jan 1st

https://github.com/trustedsec/cve-2019-19781/blob/master/citrixmash.py

Press F to pay respects to Citrix

trusted didn't drop it, some indian group did

late friday

https://old.reddit.com/r/sysadmin/comments/en5y8l/multiple_exploits_for_cve201919781_citrix/?ref=share&ref_source=link

@tribal walrus trusted disclosed it, but so did Positive who are Russian

So loads of people found and disclosed I guess

key word

disclosed

They wouldn't have released the poc unless someone else did

https://www.youtube.com/watch?v=ZmZuKA-Rst0 this seems interesting

Follow up from https://www.youtube.com/watch?v=GIU4yJn2-2A

https://csilinux.com/?fbclid=IwAR3pfXMORvdmUXcnS0QCPc27XbFajkUGFfxd4FfcVtaISe9tH3a3c20TFvk

for those interested in blue

Seems cool

https://pentestlab.blog/tag/cpassword/

Guys, does anyone of you know if the Cyber Mentor's course on udemy is the same material that he has on youtube?

I think it's all custom

Don't quote me on that though

[11:19 PM] SherlockSec: I think it's all custom

s

m

h

jk, it's not that important anyway, I was just curious because then you're only paying for the certificate of completion, which... eh

https://medium.com/tenable-techblog/lets-reverse-engineer-discord-1976773f4626

book.pdf