#resources
tepid patio
companies House XSS https://forum.aws.chdev.org/t/cross-site-scripting-xss-software-attack/3355
calm ermine
For those in infosec.. or who have a company email address:
@sturdy shell You might like that
shrewd ginkgo
Nice! My notion was dying under python zth 
modest hedge
@tepid patio You seem to use notion a lot, any experience with building a website with notion?
Not sure which channel I should have put this into, I apologise if I made a mistake
pliant moat
@tepid patio its blank?
tepid patio
you can build websites with notion
i dont suggest it
and let me fix some git issues before posting again
Q.Q
pliant moat
Python is an interpreted language. That means that instead of translating the whole code into machine code at once, it translates the code piece by piece. And once it's converted a piece of code, it runs it, and then continues until the program stops running.
wb bytecode
and it techinically doesnt translate to machine code
its not a jit
pliant moat
thats gitbook?
modest hedge
do you know what notion is?
Yeah I am well aware, I just came across few posts that said its possible
tepid patio
hold up what you can build a website with notion
@azure widget yes, some people do
azure widget
Wack
tepid patio
and it techinically doesnt translate to machine code
@pliant moat feel free to make a PR ๐
modest hedge
i dont suggest it
@tepid patio Any particular reasons?
pliant moat
isn't notion for taking notes
modest hedge
Apparently you can also build a website with it๐
tepid patio
and let me fix some git issues before posting again
@tepid patio .
Ok I re-published Python Zero to Hero on Gitbooks ๐ https://beesec.gitbook.io/python-zero-to-hero/
I accidentally wiped all of it from Git lol so I was fixing it 
topaz gulch
@shut ferry not something I would recommend -- to beginners or otherwise.
tepid patio
@azure widget is hosting an AMA on the subreddit right now, ask your questions! https://www.reddit.com/r/tryhackme/comments/jkw05c/ama_cryillic_windows_hacking_expert_and_network/
copper jasper
New Cyber wiki for abbreviations or meanings:
https://www.notion.so/cd549e39a09b47bfbbfb315ef004d1bf?v=e371f05e67aa420984b2fdd3e1c72728
tepid patio
Can someone send me their fave resource from here
just any resource at all
so i can post to subreddit
odd quest
spiral zodiac
spiral zodiac
topaz gulch
smh
spiral zodiac
https://blog.ropnop.com/docker-for-pentesters/ is pretty good
waxen lodge
any top tier books i should look into?
haven't looked at any other than the python one
white pivot
echo horizon
Hey guys, does anyone know any good resource for learning basic linux
odd quest
The TryHackMe learn linux room, over the wire.
edgy plank
rapid vortex
Cyber security Coding challenges website anyone ?
fast wraith
Anyone know any good labs/resources for learning blue-teaming?
tepid patio
Cry answers that here if i rememebr https://www.reddit.com/r/tryhackme/comments/jkw05c/ama_cryillic_windows_hacking_expert_and_network/
fast wraith
ah okay there's some good stuff in there to start with, this tells me I need to stop procrastinating and learn Windows well lol, thank you @tepid patio I hope THM implement a Blue Team path soon ๐
spare flicker
Me too, I think it would be really interesting to add to some of the rooms, so you could look at the logs and see who was stealthy and who was not.
tepid patio
a Blue Team Path you say ๐
craggy onyx
Inside Radio: An Attack and Defense Guide, by Q. Yang and L. Huang. @crimson thunder
crimson thunder
your recommendations are always ๐ฏ ๐
craggy onyx
Also covers ZigBee, NFC, RFID, etc..
fast wraith
If anyone has any favorite infosec blogs or just IT related blogs, preferably with an RSS feed, please let me know! Looking to put together a dashboard in Django for a news ticker but with infosec/IT-related headlines.
craggy onyx
Have you seen feedly.com @fast wraith ?
fast wraith
I've heard of it! I'm doing the Django thing more as a learning project, I have this news-ticker module I made for hacktoberfest that I wanted to integrate into a bigger project ๐
craggy onyx
It's possible to get the desired source feeds from there.
fast wraith
oo yeah thats smart, I'll check out some news aggregators
cerulean viper
Microsoft Azure DevOps Solutions (AZ-400)
https://www.udemy.com/course/az-400-s/?couponCode=DISCUDEMY
[NEW] AWS Certified Cloud Practitioner - Step by Step
https://www.udemy.com/course/aws-certified-cloud-practitioner-step-by-step/?couponCode=LEARNAWS
[NEW] AWS Certified Developer Associate - Step by Step
https://www.udemy.com/course/aws-certified-developer-associate-step-by-step/?couponCode=LEARNAWS
Python Programming Beyond The Basics & Intermediate Training
https://www.udemy.com/course/python-programming-beyond-the-basics-intermediate-training/?couponCode=64C7CEAABD212104D6ED
Python Programming for Beginners to Intermediate
https://www.udemy.com/course/python-programming-for-beginners-to-intermediate/?couponCode=LEARNPYTHONFORFREE
Complete Wordpress Website Developer Course
https://www.udemy.com/course/the-complete-wordpress-developer-course-w/?ranMID=39197&ranEAID=tHnUyAHsRvI&ranSiteID=tHnUyAHsRvI-tkbJfNq0xQJ8c1VY0UcSPw&LSNPUBID=tHnUyAHsRvI&utm_source=aff-campaign&utm_medium=udemyads&couponCode=A2B5739AF8DD5717AE3C
Ultimate Wordpress Optimization 2020
https://www.udemy.com/course/ultimate-wordpress-optimization-2020/?ranMID=39197&ranEAID=tHnUyAHsRvI&ranSiteID=tHnUyAHsRvI-YNEb25tJA5am0UlUAKVG6A&LSNPUBID=tHnUyAHsRvI&utm_source=aff-campaign&utm_medium=udemyads&couponCode=1B4FD9002D862F02BD45
Blockchain : certified blockchain solution architect
https://www.udemy.com/course/blockchain-certified-blockchain-solution-architect/?fbclid=IwAR1HzmOqYLaTmPFi-75Fh3v0xJHYlNIDffD62zBPwkaHo0fhFpi3eNs2q7s&couponCode=8872A7DA716320411E6A
The Complete Front-End Web Development Course!
https://www.udemy.com/course/front-end-web-development/?couponCode=NOVFREE
Learn HTML5 Programming From Beginner to Pro
https://www.udemy.com/course/learn-html5-programming-from-beginner-to-pro/?couponCode=D8CE6156DD83AE0498AF
The Complete Full-Stack JavaScript Course!
https://www.udemy.com/course/full-stack-javascript/?couponCode=NOVFREE
Object-Oriented Programming - From Basics to Advance (Java)
https://www.udemy.com/course/oop-learnit/?couponCode=OOP_OCT_FREE_3
Learn XML-AJAX - For Beginners
https://www.udemy.com/course/learn-xml-ajax-for-beginners/?couponCode=YOUACCEL0CT30
HTML, JavaScript, & Bootstrap - Certification Course
https://www.udemy.com/course/html-javascript-bootstrap-certification-course/?ranMID=39197&ranEAID=tHnUyAHsRvI&ranSiteID=tHnUyAHsRvI-IxdYuuwdzJ3TCPYLwK9c.g&LSNPUBID=tHnUyAHsRvI&utm_source=aff-campaign&utm_medium=udemyads&couponCode=YOUACCELOCT30
Check Point : Check Point Certification Administrator
https://www.udemy.com/course/check-point-check-point-certification-administrator/?couponCode=9C9195674226DC7F8376
Google Chrome Extension Development For You [2020]
https://www.udemy.com/course/chrome-extension-development-course-for-everyone/?couponCode=D2A6B86F6B1572DA370C
Google Tag Manager For Beginners
https://www.udemy.com/course/google-tag-manager-for-beginners-b/?couponCode=FREEFORNOW
Start Coding Browser Extensions Using JavaScript!
https://www.udemy.com/course/google-chrome-extension/?couponCode=NOVFREE
ML for Business Managers: Build Regression model in R Studio
https://www.udemy.com/course/machine-learning-basics-building-a-regression-model-in-r/?couponCode=OCTXXX20
ActiveCampaign Email Automation Masterclass
https://www.udemy.com/course/activecampaign-email-automation-masterclass/?couponCode=2D7D051F0E8BE070FD4B
Microsoft Excel for Finance, Accounting & Financial Analysis
https://www.udemy.com/course/excel-for-business-users/?ranMID=39197&ranEAID=tHnUyAHsRvI&ranSiteID=tHnUyAHsRvI-pHDGkzrhmLDBZqBQZkauIQ&LSNPUBID=tHnUyAHsRvI&utm_source=aff-campaign&utm_medium=udemyads&couponCode=F83C0BAB2DED7AFFE10B
Internet and Web Development Fundamentals
https://www.udemy.com/course/internet-and-web-development-fundamentals/?couponCode=YOUACCELOCT30
north depot
Thanks
prime mantle
For anyone who uses XMind for mind mapping.
I've been using this workaround to export the maps in pdf format even tho they are for paid/pro users only.
Instead of exporting, Go to Print and print to file, it'll actually export the thing in a pdf file.
Came in handy to me a lot.
queen wyvern
That's something I've been using for ages to save webpages as PDF's ๐
Nice little thing to know
craggy onyx
tepid patio
tepid patio
azure widget
maiden smelt
glad hazel
Why it is so important to learn Vim? I find it so confusing lol
simple juniper
@glad hazel It's not so important to learn vim. It's just a text editor. You can use the one that's convenient to you like nano, etc..
shut ferry
crimson thunder
You don't need to learn vim, but if you do, use something like vimtutor (install vim and type this in your terminal). Whether you should, up to you, but in my experience most people who do, don't go back to using something else ๐
faint sluice
vi is pretty powerful to use, makes searching, editing files extremely quick with keyboard commands. You only really need to learn a few commands to get going quickly with it and it is on almost all unix systems.
topaz gulch
^^
ebon valve
azure widget
glad hazel
vi is pretty powerful to use, makes searching, editing files extremely quick with keyboard commands. You only really need to learn a few commands to get going quickly with it and it is on almost all unix systems.
@faint sluice yeah I used to Nano and some machine don't have it so deal with vim. I find it confusing but I guess i need to learn it
topaz gulch
Once you do get it, you'll be a lot more efficient @glad hazel
crimson thunder
army going strong in THM nowadays
topaz gulch
Ayeeee
glad hazel
Hello
I want to create simple ctf for my school
Can anyone guide me how can I do that?
for 35 to 45 people
they all are beginner
topaz gulch
I have some slides on my blog @glad hazel
(https://muir.land/content)
Dark has a bunch on his blog:
https://www.darkstar7471.com/resources.html
I think there might also be some on the help site
That might be more to do with submitting it here though
odd quest
There's an article on the help site that focuses on creating quality content, and one that focuses on passing room review
topaz gulch
Meh, that might come in handy
odd quest
They're separate, but inter-related
topaz gulch
^^
topaz gulch
Hm?
tepid patio
you can also ask Cmnatic this Wednesday 8pm GMT on Reddit
topaz gulch
Goddamnit Bee smh
glad hazel
I mean is that be too complicated?
topaz gulch
You can host it on your own hardware if you want
If you ask the admins really nicely they might also approve uploading it to THM and using that
glad hazel
I'm thinking to utilize my free aws account
topaz gulch
Actually, that probably doesn't need approval
odd quest
I mean technically you don't have to get it approved but it's best to
topaz gulch
Given it's not a big public event
It's polite to
I'm thinking to utilize my free aws account
@glad hazel That works too
glad hazel
Thanks
Again
you can also ask Cmnatic this Wednesday 8pm GMT on Reddit
@tepid patio sure bee
unborn gust
does anyone have recommendations of blog sites and authors to read and learn from?
odd quest
Bee has some excellent content, especially for data structures and algorithms type stuff
sturdy shell
If youโre wanting some really coool blogs re. resources about malware analysis & APT Tracking. I can share in the morning
azure widget
I got all the things
depends on what you want though
I cant just share my entire collection
queen wyvern
light crystal
9.41 dollars??
hasty fox
on that note, will someone unpin #resources message now that it is expired?
civic halo
It's still a great resource even if it's not free.
fast wraith
does anyone has some fun labs/CTFs/challenges to mess around with in SANS Sift workstation?
queen wyvern
I get ยฃ59.99 :KEKW:
@civic halo
Why did you guys get such a high price
It's FREE ๐
Oh my bad, one random character got added to the link ๐
light crystal
hey does anybody have coupon code for a udemy lec which teacher wifi hacking, andrid backdooring and interacting with it
cause i had found one yesterday but not able to find today
balmy arch
@sturdy shell Can you share those cool malware analysis & APT Tracking blogs?
glacial zodiac
balmy arch
@azure widget could you share your entire collection? ๐ผ
azure widget
Thatโs a negative
How can I be number one hecker man if I share all my secrets
I also just donโt want to compile all the random bookmarks and notes I have because itโs literally pages and pages
topaz gulch
Szy is number 1
@balmy arch As a general rule, notebooks aren't shared
Just snippets from them as and when necessary
You use those to build your own
balmy arch
Oh apologies I misread your comment, I missed the "can't", my brain read it as a "can".. Woopsy!
I'm looking for red teaming resources, if you've got some gold that hasn't already been mentioned here I'd love to hear it!
azure widget
red teaming is still super broad
Anything more specific about red teaming
Recon, specific vulns etc
visual trench
any resources on red teaming?
queen wyvern
๐
azure widget
genius
visual trench
Thank You๐
azure widget
I can shove all the red team resources I have at you but if you dont know what you want then all that Im going to give you isnt even going to make sense
a general rule of thumb when asking for resources or help is to be very specific like any resources using X technique to get Y or any resources on X protocol etc
azure widget
lost aspen
im doing a presentation on steganography soon, im looking for an example image that can show off the stegoveritas tool in particular, does anyone have any images that would work well for this?
crimson thunder
I don't remember but it might be worth to check out paradox's cc: steganography room, that tool is included
lost aspen
I don't remember but it might be worth to check out paradox's cc: steganography room, that tool is included
@crimson thunder Thanks
thanks exactly what I needed!
azure widget
west lark
what's everyones backup sites for sourceforge & github when they dont have the outdated software you need
lost aspen
i used cached internet files, like waybackmachine or google cache
sometimes it works, if its even old maybe check the eye
neat jay
O:
balmy arch
@azure widget agreed, I was looking to bolster my red teaming fundamentals. Can you perhaps recommend a good book that covers those? I've already got Red Team Development and Operations and the hacker playbook 3 on my list.
unique quarry
tepid patio
Cmnatic, TryHackMe's newest staff member, Lead Content Reviewer, Jr. Content Engineer, DFIR / InfoSec Grad is doing an AMA right now! https://www.reddit.com/r/tryhackme/comments/jnxhva/ama_cmnatic_lead_content_reviewer_and_jr_content/
mint basin
Okay so I donโt know if this would be the exact channel for this but I was wondering if anyone could recommend some books for ethical hacking and pen testing from a beginner stand point. Like I am currently working on an A+ cert but really wanna start going into the CEH stuff
odd quest
CEH is not a certification worth taking unless you're in India
ebon valve
Also #cyber-and-careers is the channel you're looking for โค๏ธ
mint basin
Thank you both!
crimson thunder
favourite IoT hacking resources? articles/blogs/tools/whatever would be helpful ๐
gritty barn
i got some on twitter, I can send you a link later if you want @crimson thunder
crimson thunder
thanks a lot bruv
gritty barn
no problemo
crimson thunder
do any of you use text-to-speech software?
civic halo
I used to. Not so much these days
crimson thunder
@civic halo which one?
civic halo
I used to use Speakonia (which used Microsoft TTS) and then eventually got my hands on a copy of DECTalk.
crimson thunder
I'll look them up, thanks. I tried to use the speak document feature in the default kde reader app but it's not working (even with the opt. dependencies that an article I found was telling me to install)
crimson thunder
does anyone know https://www.immersivelabs.com/ pricing? I can't find anything on the site apart from the demo offer
gritty barn
free if you are a student
crimson thunder
oh sweet. works with any student email or just edu?
gritty barn
uncertain of that
crimson thunder
thanks
azure widget
queen wyvern
There is a free part to Immersive Labs too @crimson thunder
Hosted at https://community.immersivelabs.online
But they need a work email address, Gmail,Yahoo won't work
magic perch
The 11th Annual Open Source Digital Forensics Conference takes place Nov 18, 2020 09:00 AM (EST), virtual and free.
Registration: https://www.osdfcon.org/2020-event/2020-register/
- Memory Forensics from Jamie Levy (Volatility)
- Recreating RDP sessions from lateral movement from Brian Moran (BriMor Labs)
- Android and iOS forensics using Python from Alexis Brignoni (FBI)
- macOS forensics from Sarah Edwards (BlackBag Technologies and SANS)
- Autopsy from Brian Carrier (Basis Technology)
- Registry forensics with Harlan Carvey (EY)
- IoT, Linux, forged images, & more...โ
sonic abyss
# Tools
https://github.com/Hack-with-Github/Awesome-Hacking
https://github.com/carpedm20/awesome-hacking
https://github.com/arch3rPro/PentestTools
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
https://github.com/coreb1t/awesome-pentest-cheat-sheets
https://github.com/enaqx/awesome-pentest
https://github.com/sobolevn/awesome-cryptography
https://github.com/swisskyrepo/PayloadsAllTheThings
https://github.com/jivoi/awesome-osint
https://github.com/redhuntlabs/Awesome-Asset-Discovery
# Sites
https://github.com/anu0012/awesome-computer-science-opportunities
# Cryptography
https://github.com/sobolevn/awesome-cryptography
I'd include PayloadsAllTheThings there for sure
sonic abyss
yesss sir
sullen turtle
i got some on twitter, I can send you a link later if you want @crimson thunder
@gritty barn do you mind sending this to me as well please :)
gritty barn
@sullen turtle I'm certain that i had some, either i am going nuts or some stuff has been removed, as i looked through 1 year worth of likes on twitter
gritty barn
i got other stuff i mean have a look lol
crimson thunder
I already found a link with a bunch of useful resources, I'm going to post that instead
gritty barn
Twitter
crimson thunder
๐
https://syhack.wordpress.com/2019/09/23/iot-pentesting-approach-methods/ is a good collection. @sullen turtle ping because you were interested
sullen turtle
ah thanks mate :)
sorry about causing you to go to the effort of looking through all your likes
crimson thunder
nah I'm the one to blame ๐
sonic abyss
Forgot to add to my list
https://book.hacktricks.xyz/
This is honestly so helpfull
Was made by the same person who made PEASS
Which is also a great tool
<link>https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite```It's really not helpful if you add links in codeblocks because then you can't click it
prisma bison
Just do <link>
sonic abyss
via code blocks
prisma bison
It auto embeds it
sonic abyss
ah k
prisma bison
No haha
sonic abyss
nvm im dumb
prisma bison
<https://google.com/>
sonic abyss
what is wrong with me
sonic abyss
its to much coursework
prisma bison
Just send them as plain text
tepid patio
tawny stone
https://github.com/RickdeJager/stegseek
Does rockyou.txt in ~5 seconds
tepid patio
Nice to see I've started a little war on speed ๐ฉ๏ธ
tawny stone
hehe, I saw your project as well
tawny stone
this took quite some effort, steghides codebase is all 2003 autotools crap
tepid patio
lol you're telling me
i gave up after trying to read that crap
they couldn't even use folders
took me forever to work out what the functions actually did too
tawny stone
I've spent half a day staring at profilers to get it from 10 down to 5 ๐
but it seems to scale reasonable well with threads, so maybe I can throw money at the problem
tepid patio
you don't thread?
tawny stone
I do, but I only have 4c/8t.
so maybe you can get near 1 second on a crazy threadripper setup
tepid patio
You could always try something a bit spooky:
- 1 thread given 1000 passwords
- thread async does them
Repeat?
although it might be too fast
odd quest
Spawning threads and letting your OS schedule them works decently
tawny stone
I tried that as well, but I can't measure any speedup on my machine, I'll have to rent a VPS with a bunch of cores some time
that = batching
tepid patio
I think async would work better here ngl
and it'd scale a lot better than threads would
but the last time I had to do async CPP I had to read Boost documentation
which is more 1990s webpages
tawny stone
Does async make sense for small work units? Or would you just have to split the wordlist in n parts and async those?
tepid patio
How are you reading the file? memory mapping?
And yes async works very well for the same function with different inputs
tawny stone
I forked steghide and added a new session type, the file is still read into their weird global thing
tepid patio
whereas threading works well for different functions imo
I forked steghide and added a new session type, the file is still read into their weird global thing
@tawny stone oh god
๐
I have no idea how they read files
buttt should be okay
actually theres a function in my stegcracker i can give u
tawny stone
they also use only 32 bits of randomness from the 128 bits they generate ๐
beautiful code
tepid patio
Oh also, you have overhead with threading but no overhead with async
as its single thread
but if you do async on multiple threads it might get even faster
or it might not
theoretically it'll be faster
tawny stone
My program currently wastes roughly half of the running time creating steghide selector objects, I'm not really bottlenecking on threading/locking
If I want to test threads v async I need more cores to play with
tawny stone
just tried a quick 'n' dirty build with one queue per thread and got another 20% boost. Now cracking rockyou in ~4.2 seconds ๐
tepid patio
Must go faster!
sonic abyss
https://github.com/RickdeJager/stegseek
Doesrockyou.txtin ~5 seconds
@tawny stone interesting
Way faster then bees
Freeeee
shut ferry
@tepid patio ๐
tepid patio
I saw that link
its okay because Don posted it
It is genuinely 100% free
It just didn't have context ๐
sonic abyss
No it's not free that's why I posted it xd
Fr tho I didn even realise it was
Until I saw it in another server
tepid patio
Go to #cyber-and-careersfor more info!
tepid patio
@tawny stone how easy is it to integrate your stegseek with another tool?
tawny stone
Well it's still based on steghides codebase, which is riddled with globals....
I can add some more command line flags to specify output file and whatnot. Integrating metrics might be tricky
What do you mean by integrate? Use stegseek in another tool or use stegseek to crack something else? @tepid patio
tepid patio
RustScan 2.0.0 release!
+ RustScan Scripting Engine - Nmap style scripts in Python/Perl/Shell
+ Repeated tries for failed ports (optional)
+ New address parsing tools, this is a โ breaking change
Continuously working on it still, but we've come a long way from where we started ๐
versed shoal
split fjord
Hello everyone !
I was wondering if anyone has any pdf (or any kind of documentation) on advanced scanning techniques on nmap? Thanks in advance !
crimson thunder
@split fjord I don't know exactly what you're looking for, but you can look at the official nmap book https://nmap.org/book/
or this https://www.amazon.com/Nmap-Cookbook-Network-Security-Scanning/dp/1507781385
If you can't get these, here are 2 cheatsheets:
https://www.sans.org/blog/sans-pen-test-cheat-sheet-nmap-v1-1/
https://www.stationx.net/nmap-cheat-sheet/
split fjord
Thanks @crimson thunder ! I have already read the "fat free guide", I will take a closer look at the free half of fyodor's book! In itself, to be more precise, I would like to deepen my knowledge on the subjects of firewall fingerprinting or the optimization of timings with heuristic studies
tepid patio
Neat little news roundup for cyber security & privacy in the subreddit ๐ https://www.reddit.com/r/tryhackme/comments/jp5sv6/since_the_election_news_took_place_this_week/
unborn gust
Hey guys, does anyone know how to update tools that I downloaded from giithub using git clone, or do I just need to delete the folder and re-download the whole repo?
unborn gust
@tribal gull Thank you so much haha
unborn gust
I keep getting this message I am not sure what I am doing wrong
unborn gust
@odd quest ahhh thank you
crimson thunder
^ on that tip, I was looking for a command to upgrade all pip stuff, and found this:
pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip install -U
can anyone say if it's correct and/or have a better alternative?
azure widget
shut ferry
This is by far my fav notetaking app ive ever used, its perfect for THM/HTB machines
https://obsidian.md/
north sedge
tepid patio
red gust
queen wyvern
Why not just link the website https://pauljerimy.com/security-certification-roadmap/ 
thick bridge
tryhackme blog down ?
simple juniper
Yea it's down for me too
arctic mist
crimson thunder
is it better than tldr? I mean other than the fact that you can use it without installing anything.
I've known it for a long time but I only use tldr
pliant moat
they have different purposes
topaz python
@crimson thunder Can you share a link with the 'tldr' you just mentioned, please? Is that a cheatsheet or tool compliation site?
crimson thunder
@crimson thunder Can you share a link with the 'tldr' you just mentioned, please? Is that a cheatsheet or tool compliation site?
@topaz python it's an apt package. It has a lot of practical examples for most commands. You can get it with# apt install tldr
topaz python
@crimson thunder Thank you. I appreciate the info.
crimson thunder
https://www.offensive-security.com/labs/individual/
vulnhub machines online, free for 3h/day
crimson thunder
ebon valve
odd quest
Yubi Yubi (key)
tepid patio
my one and only only
crimson thunder
I want it ๐ฆ
crimson thunder
tepid patio
?
shut ferry
sorry
crimson thunder
username checks out
shut ferry
was just testing automation script
tepid patio
Why this server....?
shut ferry
I recently took part in a Cellebrite CTF (mobile devices only) and found a nice write-up online on how they used terminal tools and not fancy expensive programs on iOS and Android devices. If anyone is interested in Digital Forensics, this is worth a read. Could be an idea for phone only rooms on THM maybe? https://ciofecaforensics.com/2020/10/30/cellebrite-ctf/
odd quest
@sturdy shell ^
glad hazel
Man I wan to know your secret to time management and how you can manage to be so pr0active - Ninja James
shrewd ginkgo
I just like pain
sturdy shell
Cellebrite CTF pogU, nice find @shut ferry (ty james)
I am looking for other ways to expand the iOS room so I'll give that a read
shut ferry
@sturdy shell Np's - I work in that field if you get stuck for ideas. Magnet is another company that have recently started doing CTF also (worth checking out ). Pretty much all the forensic software companies have started their own version of CTF's now. It think it's more a "Marketing" campaign, but CTF's are good fun.
sturdy shell
Yes definitely, love the idea of it - thanks for sharing!
reef epoch
Check out My NEW VIDEO ! (like & subscribe)
https://youtu.be/5mm6jEl3Dkk
topaz gulch
@reef epoch Is that monetised? ๐
odd quest
Dear AWS, for christmas this year I'd like to be able to upload and convert Ubuntu 2004 and the latest version of debian
shrewd ginkgo
cloud sluice
Does anyone have any good links to learn x86-64 assembly language? Thanks
light crystal
Check out My NEW VIDEO ! (like & subscribe)
https://youtu.be/5mm6jEl3Dkk
@reef epoch watching
wait what
balmy arch
@silent vine where do you find those?
silent vine
found that one on Twitter
spiral zodiac
faint sluice
this has a huge compilation of resources https://dfirdiva.com/free-training
shut ferry
brm brm
fast wraith
@faint sluice I vouch for that list, I am slowly working my way through it, she has a really cool lab build I'm jealous of too
tepid patio
- I am limited to amount of options in a reddit poll
- I only chose the most popular
- I asked people what they wanted in #general
If you read the post
Note: I couldn't add anymore due to Reddit's poll limitations, sorry!
modest hedge
What about obsidian?
@sonic abyss Doesn't obsidian come under markdown editors?
tepid patio
Dark is hosting an AMA, check it out! :D
https://www.reddit.com/r/tryhackme/comments/jsbf2h/ama_dark_content_director_and_community_manager/
azure widget
sonic abyss
This is actully really good https://www.gitbook.com
kinda like notion but you get a lot more for the free plan
shut ferry
kind violet
@shut ferry how did u install msf5
kind violet
pls make
shut ferry
it's up to a mod i think
kind violet
@shut ferry did u download ur pakage here?
https://github.com/rapid7/metasploit-framework/releases/tag/5.0.101
shut ferry
yes
kind violet
which one there?
shut ferry
the 5.0.101
shut ferry
A quick how to install msf5 first sudo apt-get remove metasploit-framework second download the link above and unzip it third sudo apt-get install libpcap0.8-dev sudo apt-get install libsqlite3-dev cd into unzipped metasploit folder bundle install ./msfconsole
kind violet
Thsnks dude
shut ferry
welcome ๐
crimson thunder
Are there serious issues with 6 rn?
odd quest
They're slowly getting fixed
tepid patio
The AMA with Dark is ending on Sunday if you wanted to ask more questions ๐ https://www.reddit.com/r/tryhackme/comments/jsbf2h/ama_dark_content_director_and_community_manager/
keen field
tepid patio
https://www.reddit.com/r/tryhackme/comments/jtgw39/another_interesting_week_in_cybersecurity_world/
^^ weekly news roundup
tepid patio
I question how this will be used ethically
reef epoch
How can other tools be used ethically ? the goal here is to share the knowledge and also such scripts can be used in penetration testing projects which are 100% legal
craggy onyx
That particular target context, WiFi passwords, is often associated with illegal uses rather than legal uses. Even in legal uses, the problem arises where no one can verify the legality of the target that is being assessed.
tepid patio
Okay, TimTaylor is 100% more qualified than I am and after talking to mods we don't believe it should be shared here. This isn't a warning either.
While it can be legal, the vast majority of people here will not use it for legal purposes. I suggest popping it into #advanced-general maybe (if we allow resources there) when you get the rank for it, as I would be okay with it there personally ๐
topaz gulch
Agreed
@reef epoch Try verifying with the bot -- it'll let you in there when you hit 0xD, complete Throwback, or get one of the higher ranked certs ๐
azure widget
We talk about all the fun things in the advanced chats
topaz gulch
Cry
For the record
The "crappy" privesc, has been solved
Granted it is a crappy privesc, but still
azure widget
did you change it?
azure widget
if you implemented the one thing I mentioned they wouldnโt come close to rooting it anytime soon
topaz gulch
No, they wouldn't
I'm sad I wasn't able to get that done
But it's going in one soon, if you don't get there first
azure widget
Fricking paid tools
azure widget
Iโm trying to find access
topaz gulch
Lemme know if you do. Might be able to do a collab? You sort that for the privesc, I write a webapp that doesn't give you the root pass when you navigate to the homepage?
azure widget
๐๐ฝ well talk about it later in a more appropriate chat
topaz gulch
๐ Suits me
odd quest
James. Gimme paid tool.
@topaz gulch ๐
shut ferry
azure widget
tepid patio
afwm, a window manager build in Rust https://github.com/grufwub/afwm
keen field
any recommended resource for BGP?
craggy onyx
Troubleshooting BGP: A Practical Guide to Understanding and Troubleshooting BGP, by V. Jain and B. Edgeworth.
tepid patio
Voucher giveaway on the subreddit! https://www.reddit.com/r/tryhackme/comments/juat7y/giveaway_4_vouchers_for_one_month_thm/
azure widget
Since @tepid patio wants to throw shade here have some resources https://github.com/ZeroDayLab/PowerSploit
https://github.com/EgeBalci/HERCULES
https://github.com/initstring/passphrase-wordlist
https://offensivedefence.co.uk/posts/covenant-profiles-templates/
odd quest
oooh hercules looks cool
azure widget
Of course the go program interests you
odd quest
I mean I just say "special payload generator" and was interested especially if it can replace msfvenom in places
azure widget
shut ferry
A nice tool I came across recently
https://github.com/thewhiteh4t/FinalRecon
shut ferry
https://ec.haxx.se/ - Everything curl
crimson thunder
I love the "export as a pdf"
sonic abyss
everything about hashes
reef epoch
Check out my LATEST VIDEO ! not monetized btw
https://youtu.be/LUxi_HU6DsQ
tepid patio
Important polls part 4 https://www.reddit.com/r/tryhackme/comments/juwd5k/poll_favourite_web_browser/
faint sluice
I'm dubious of Firefox's response
crimson thunder
azure widget
sonic abyss
sonic abyss
this is absolutely amazing
fast wraith
Micro-center started their black friday sale already, if mods are cool with it we should start a black friday finds thread https://www.microcenter.com/search/search_results.aspx?Ntt=5206&Ntk=Adv
azure widget
Sounds like it could be a cool Reddit thing cc: @tepid patio
tepid patio
Go ahead Cry โค๏ธ
tepid patio
@azure widget sorry i was joining a call when I said that.
You're a mod! Feel free to make a post on black friday stuff โค๏ธ (please do you know resources like this far better than I do โค๏ธ )
faint sluice
send me all your sales, I have enough credit for everything
sonic abyss
@azure widget @faint sluice Hi, here are some to get your started
https://ine.com/pages/black-friday-2020
https://www.microcenter.com/search/search_results.aspx?Ntt=5206&Ntk=Adv
https://github.com/0x90n/InfoSec-Black-Friday/blob/master/README.md
https://ethicalhackersacademy.com
lilac maple
icy marsh
@crimson thunder it's already there probably.can u check the pinned msg by taylor?
crimson thunder
I'm lost, what do you mean? where?
craggy onyx
Full disclosure: that's not family related. ๐
crimson thunder
oh hey, that's a very helpful link. I only reposted here now cause he posted that link on his twitter a few hours ago
thanks for pointing that out
tepid patio
Black Friday Cyber Security Deals ๐ฉ๏ธ https://www.reddit.com/r/tryhackme/comments/jvi24m/black_friday_deals/
tepid patio
Favourite resource to learn latex?
@crimson thunder i just google it tbh, bruteforce my way through
crimson thunder
I only do that when I have to. If there's a great resource out there that someone can vouch for, no reason to do it the hard way
sturdy shell
@crimson thunder #resources message enjoy (:
crimson thunder
@crimson thunder #resources message enjoy (:
@sturdy shell you the real mvp ๐
sturdy shell
azure widget
broken berry
My first video CTF write-up, written version on my blog (2 following links), i'm not english so my grammar is very bad, 
, and i say "so" 455x times 
https://www.youtube.com/watch?v=lMIgpPe4Y-c
https://backkk.github.io/
azure widget
pseudo mica
hello everyone
tepid patio
@pseudo mica you can talk in #general , #bug-bounty and #resources are more specific. For general hellos etc, #general is great! ๐
pseudo mica
okay
edgy plank
limber flower
Anybody got resources on VM creation from beginning to end on vagrant/kubernetes or a video tutorial would be nice. Have been planning to start room dev so that i can bring my ideas to fruition. Thanks in advance.
azure widget
Most of us donโt use vagrant or kubernetes for room creation, doesnโt mean we donโt know it we just typically donโt use them for room creation
limber flower
so what do you use, can you share or is it a secret๐
TBH i want it to be as easy and simple it can get.
azure widget
We just spin up a VM in a hyper visor or directly in the cloud
odd quest
That's as simple as it gets really
topaz gulch
^^
stable arch
just stumbled across this gem https://www.ired.team/
prime mantle
cerulean viper
50% Black Friday Discount
Offer Ends November 30th
To claim you discount please visit https://www.icsi.co.uk/pages/black-friday-offer
and use voucher code BF50 during checkout.
stable arch
50% looks pretty epic. @cerulean viper have you ever used one of their courses?
balmy merlin
I did there CNSS when they had a free deal and itโs a pretty good course iโm not entirely sure about the exam tho
stable arch
oh my even that course is super cheap right now
thanks @balmy merlin defo will look into their courses a bit more
queen wyvern
They gave this one for free a short while ago, and another one like a few weeks ago
balmy merlin
Their CPT is free as well which is accredited by CREST
queen wyvern
Yeah that one too
night holly
50% Black Friday Discount
Offer Ends November 30thTo claim you discount please visit https://www.icsi.co.uk/pages/black-friday-offer
and use voucher code BF50 during checkout.
@cerulean viper Just a quick note for this, if you're planning on doing the CPSA course, the Full Course Inc Voucher isn't part of the BF50 sale. Only the course material itself (ยฃ500 before BF50 code)
stable arch
so i'm having a look and don't think they offer the CPT for free any more
only these two
balmy merlin
Yea turns out it says join for free which is quite misleading and is only a free preview
stable arch
sneaky
well I've bought the CNSS as that looks pretty chill to just go over
if I like that course I'll grab the CPT as well
balmy merlin
Yea I enjoyed it a lot
unborn gust
Hey guys has anyone bought Tib3rius' Windows priv esc course from Udemy? I just wanted to know if its good and if anyone recommends it
topaz gulch
It's superb @unborn gust
unborn gust
@topaz gulch perfect! thank you i will get it then. I need to work on getting root on Windows machines haha
stable arch
@balmy merlin did you use that proctorU thing as well for the exam?
just finished the course
agile pawn
gaunt silo
any resources or materials for cloud pentest ?
azure widget
slender ibex
@unborn gust I know I'm late but I'm almost finished the winprivesc course from Tib3rius and its really good.
faint prism
https://cloud.contentraven.com/junosgenius/index (Free for 2020)
-- Juniper certification like CCNA/CCIE/ETc
unborn gust
<@!669293223969030162> I know I'm late but I'm almost finished the winprivesc co...
Awesome thank you for the feedback, I am about to purchase it and start working on it.
slender ibex
Tib3rius often has sales on his courses too. Keep an eye on his Discord.
blazing mortar
Tib3rius often has sales on his courses too. Keep an eye on his Discord.
Can I get an invite there?
odd quest
Via DMs please
slender ibex
@blazing mortar DMd you.
nova marlin
@faint prism I tried to register.. it needs a package code tho..
nova marlin
awesome!
thanks!! I am really new to it tho.
it just helps you get ready for certs?
faint prism
I think they actually give you the cert test as well since it's basically managed by Juno
When you do the criteria you get the certificate
crimson thunder
gentle shuttle
https://github.com/watchdog2000/lfi-fuzz - the lfi fuzz tool is complete. please message me if any bugs are found or if you require any help with it/the documentation is not clear. This is used to automatically enumerate LFI, bypass blacklists, and to automatically get code execution from LFI if possible.
tepid patio
Swafox is giving an AMA! โค๏ธ
https://www.reddit.com/r/tryhackme/comments/jxum9m/ama_swafox_web_app_penetration_tester_content/
icy marsh
I'll be doing a Black Friday / Cyber Monday deal for my PrivEsc courses. $9.99 each (unfortunately the best discount Udemy lets me do). However I might also release a limited amount of 100% off coupons on Twitter so snag one if you can.
this is from Tib.
https://twitter.com/TibSec/status/1330284323875004422
gritty barn
@icy marsh can you drop me a ping when he actually gives the discount? it's still 14.99 or something ๐
icy marsh
<@!259045405025763339> can you drop me a ping when he actually gives the discou...
ah okay i will.
gritty barn
ah okay i will.
Thank you Sir ๐
odd quest
@rustic forum Is the writeup approved on THM?
If so, please post it in #thm-community-media instead
If it's not approved please delete it.
@rustic forum I'm deleting that because it's not approved on THM. Please don't post unapproved writeups.
rustic forum
Yeah man that's alright I get it ๐ 
crimson thunder
https://www.baeldung.com amazing java resource
reef epoch
Check out my LATEST VIDEO ! not monetized btw
https://youtu.be/tgmt-nXcDSU
outer nimbus
https://www.osintdojo.com/
https://osintframework.com/ that was a sweet ling , try tis one. Fair trade! lol
azure widget
topaz gulch
For anyone working on the BoF prep room:
https://github.com/MuirlandOracle/stack-bof-fuzzer
white pivot
Muir, now it's time make the autopwn for those BoFs?
verbal yew
Anyone know any good sources to get information about zero-day vulnerabilities?
verbal yew
I see, thanks.
topaz gulch
Time, and knowledge ๐
topaz gulch
Nah, I can do a Win32 stack BoF with no protections in 20 minutes. I can't do any others at all ๐คฃ
light crystal
```
I'll be doing a Black Friday / Cyber Monday deal for my PrivEsc courses. $9....
i aint on twitter
can u send me a coupon pls
and which course btw?
light crystal
but i wont be able to get coupons as i dont know when it will come
as i dont have social media accounts
tribal gull
you can still check their twitter from time to time even without an account
light crystal
but i wont be pinged
tribal gull
it's not a thm organized giveaway so can't help you tbh
light crystal
yea iknow
void whale
light crystal
icy marsh
no this one is not. this is a old one. I don't know why i got this in my notification
light crystal
why does twitter choose a random name for me
i have to deactive my account now
it gave me number 9
i wanted 10
gritty barn
or maybe not <:kekw:658061932577816606>
I have that one in my basket already. I am looking for the 9.99
white pivot
Once you get him 9.99, Chev would ask for 5.99
azure widget
sonic abyss
fringe spire
@icy marsh buy it.
tepid patio
Twitter
unborn gust
"First to the key first to the egg!!"
azure widget
Do I even ask why that exists in the first place
tepid patio
basically, this furry enjoys being a furry and cryptography and decided to do it. They also hope to inspire other less technical furriers into becoming cryptographers. All around, quite good
For what its worth, furriers and the like are very good at explaining things. This is easily the best explanation of DNS on the internet ๐ https://www.youtube.com/watch?v=4ZtFk2dtqv0
azure widget
@tepid patio I love the random part at 13:04 where he wins something on ebay
tepid patio
glad hazel
Any good resources for compTIA Security + apart from pro. Messers?
fast wraith
I love testout's labsim training, I get a good student discount but they are worth it, very high quality content https://testoutce.com/products/comptia-security-plus-year-training
verbal siren
@glad hazel I used the book by Darril Gibson. You can buy it on Kindle. https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059
This is for SY0-501 version though.
fast wraith
Great tool to help you choose the fastest DNS server for your machine. https://www.grc.com/dns/benchmark.htm
unborn gust
<@!708034733661224961> I used the book by Darril Gibson. You can buy it on Kindl...
That book is amazing! I used it to study and passed. It is a 100% recommendation from me.
glad hazel
Ok, Thanks
night ether
@tepid patio that guy explains dns so well ahahah
real cosmos
@glad hazel I am studying for CompTIA Security+ too. Udemy has some good practice tests as well. Jason Dion and Mike Meyers' org were both good resources when I took the Network Plus and currently using them for Security+. https://www.udemy.com/course/comptia-security-practice-exams/ (Wait for it to go on sale if you can - I think I got it for like $15 or less was lowest-Udemy has weird random flash sales) Good luck!
unborn gust
<@!708034733661224961> I am studying for CompTIA Security+ too. Udemy has some ...
I am know that there is a new version of the exam that is out now. I am not sure until when you can take the SY0-501 but just make sure that you are studying and registered to take the correct version.
gritty barn
I am know that there is a new version of the exam that is out now. I am not sure...
I am taking SY0-501 on 22nd of December
unborn gust
I am taking SY0-501 on 22nd of December
You should be fine honestly try to skip the technical questions until the end and focus on the multiple choice aspect. Some questions will give you partial credit.
gritty barn
I don't mind haha, i usually skip a lot of them at the beginning and go for the easy ones at first
i got CySA+ in a week too, so yeah :/ we'll see how that goes
unborn gust
i got CySA+ in a week too, so yeah :/ we'll see how that goes
How was that exam? I am thinking of taking that but I want to really take the OSCP
gritty barn
the book seems quite good to be fair, i learned a few think, but i still have like half the book to finish
unborn gust
the book seems quite good to be fair, i learned a few think, but i still have li...
Which book did you use to study?
unborn gust
CySA+ Study Guide Exam CS0-002 Mike Chapple/david seidl
Nice I will check it out!
gritty barn
and for security + something similar
unborn gust
and for security + something similar
I used the "Get Certified, Get ahead" book that was on Amazon
gritty barn
i got mike meyners book for S+
modest hedge
I am know that there is a new version of the exam that is out now. I am not sure...
You can get the 501 until july next year
keen field
fast wraith
hasn't broken anything yet, but this script has actually removed ads from youtube videos for me via a pi-hole https://github.com/kboghdady/youTube_ads_4_pi-hole
azure widget
Twitter
fast wraith
Not sure if anyone else has problems using the side buttons on your mouse inside of VMware, but this fixed the issue for me https://askubuntu.com/questions/439836/extra-mouse-buttons-not-working-in-virtualization-vmware-virtualbox-ubuntu-hos
gritty barn
Not sure if anyone else has problems using the side buttons on your mouse inside...
Nice one. I never bother fixing my mouse buttons but this will help
fast wraith
yeah one minor tweak, you dont have to reconnect your mouse from guest-to-host as suggested in the article, just make the .vmx tweak in admin/sudo notepad then launch the config file directly to start the vm, should be good - had issues with non-admin changes to config not sticking
gritty barn
yeah one minor tweak, you dont have to reconnect your mouse from guest-to-host a...
i recall that, i had the problem with kali stuck in all capslock
desert fulcrum
i recall that, i had the problem with kali stuck in all capslock
I had that happen using x2go also.
faint prism
That's an .. innovative fix to be certain but the log spam on host
@fast wraith mouse.vusb.enable = "TRUE"
mouse.vusb.useBasicMouse = "FALSE"
I think you'll llike that one
"If all you have is a hammer, everything looks like a nail"
faint prism
@gritty barn With the caps lock, you just do the both ctrl keys together || both shift keys together || both alt keys together
blah
stupid markup
gritty barn
@faint prism it was due to a version of vmware https://communities.vmware.com/t5/VMware-Workstation-Pro/Caps-Lock-Issues-With-Upgrade/m-p/2285930
shut ferry
oh wow I can talk now
A website thats used to explain unix commands kinda useful for simple commands
crimson thunder
https://www.katacoda.com/ a bunch of free interactive courses
azure widget
pale dew
Hello people, i just finished an interview for an internship and the interviewer asked me to make a security plan for a windows network as a test for me, this wasn't even a internship for security but he liked to see tryhackme things in my resume and liked to know that i want to work in infosec, i said i don't know anything about planning network security, but he just want me to do some research and make a plan to see what i can do, so i wanted to know if anyone have some good resouces about planning network security for a complete noob like me. 
I would be super glad for anyone who can help me with nice resources โค๏ธ
stable arch
perhaps a safe bet would be to review the ISO standards, https://www.iso27001security.com/html/27033.html
craggy onyx
I would be super glad for anyone who can help me with nice resources โค๏ธ
This gives a decent introduction to network security methods:
https://www.csoonline.com/article/3285651/what-is-network-security-definition-methods-jobs-and-salaries.html
topaz gulch
You're very good at building vulnerable networks though
Just a shame it's accidental
faint sluice
just slap a firewall on it and call it good
faint sluice
Blasphemy
olive nebula
hey guys, anyone know any good books to study from for the security+ exam? i'm seeing multiple different ones on amazon & i'm not sure which one is best.
gritty barn
hey guys, anyone know any good books to study from for the security+ exam? i'm s...
I got the one from Mike Meyers for Security+ I will let you know if i pass with it on the 22nd ๐
olive nebula
Good luck! Hope you pass it ๐ I'll check that book out as well
unborn gust
hey guys, anyone know any good books to study from for the security+ exam? i'm s...
I used the Get Certified Get Ahead book from Amazon
cobalt canyon
@olive nebula I just finished reading the Darril Gibson book. I thought it was good. Haven't taken the exam yet, but the Gibson book is trusted by many it seems. Now I'm just taking the Jason Dion practice exams on Udemy before I purchase a voucher for the real thing. I heard that Dion's exams are tough, so would prepare me well. I hope that's accurate.
crimson thunder
can someone recommend me resources on databases and er diagrams? sites, books, whatever you've used that helped you
gritty barn
What databases what diagrams you talking about @crimson thunder
I used hackerrank and codecademy to learn SQL
crimson thunder
Not sql, I have enough resources for that. I meant database theory and entity relationship diagrams. There's typically a course on this in every CS curriculum
(the same course includes sql but that's not what I'm looking to brush up)
For sql, sqlzoo.net is a perfect resource
gritty barn
Hmm so you interested in the architecture of it?
crimson thunder
https://www.iee.ihu.gr/en/course/1401/ check out the course contents section
Basically I want more material on this
faint sluice
I mean, I'd just google each of those things or pick up a book on database management
that syllabus literally gives a list of books that could be helpful
W. Lemahieu, S. Van Den Broucke, B. Baesens, Principles of Database Management: The Practical Guide to Storing, Managing, and Analyzing Big and Small Data, Cambridge University Press, 2018
T. Connolly, C. Begg, Database Systems: A Practical Approach to design, Implementation, and Management, 5th Edition, Addison Wesley, 2010
R. Elmasri ฮบฮฑฮน S.B. Navathe, Fundamentals of Database Systems, 5th Edition, Addison-Wesley 2006
R. Ramakrishnan ฮบฮฑฮน J. Gehrke, Database Management Systems, 3rd Edition, Mc Graw-Hill, 2002
J.D. Ullman, J. Widom, A First Course in Database Systems, Prentice-Hall, 2007
crimson thunder
I do this either way but I also ask here :) I'm in a one month academy right now which is ridiculously fast paced, and if I spend too much time on this stuff i won't have enough time to focus on actual programming (the academy's subject)
Yeah I saw all that. Buying one is out of the question though sadly ๐
tepid patio
I contributed heavily to this, very good guide https://github.com/mgrimace/PiHole-with-PiVPN-and-Unbound-on-VPS-
reef epoch
HTTP Parameter Pollution (like & subscribe) (not monetized btw)
https://youtu.be/1IreGE8xnqQ
tepid patio
post it to the subredit if ya like
we celebrate that a lot
the number 2 post of all time on the subreddit is someones questions that week ๐
young hedge
bet
main sparrow
i like try hack me
young hedge
Than you are in the right place
ionic zenith
Nice
I don't have a fancy screenshot tho
cerulean viper
https://malicious.link/post/2020/2020-oscp-contest/
https://twitter.com/mubix/status/1332000223900610560
It's OSCP PWK Giveaway guys, don;t miss it
In case you're afraid of malicious.link , here we have original post on GitHub - https://gist.github.com/mubix/f14e3681df6aedd08394b71cfec6e49e
Fun Fact - I got to know about this from tonight's #general chat lol
#general message thanks @chrome crow
shut ferry
http://www.securitytube.net/groups?operation=view&groupId=9
while trying to play itโs saying - video does not exist.
odd quest
Is what public?
tepid patio
This is huge https://deepmind.com/blog/article/alphafold-a-solution-to-a-50-year-old-grand-challenge-in-biology
maiden smelt
im finding malwares interesting now.. any good resources for me to learn about malwares and how they are written and implemented?
what kind of programming languages are good with writing malwares
glass mulch
@maiden smelt most of the time malware is written in c/c++
hmm there are few paths i guess
take malware and reverse and read what it's doing, or just start programming it ๐
and there are a lot of poc (proof of concept) repositories of malware on github
and also leaked code
just google it
celest python
https://www.udemy.com/course/web-security-fundamentals-how-to-hack-and-secure-web-apps/?couponCode=EARLYBIRD free for two days
topaz gulch
<@!400109519864070144> most of the time malware is written in c/c++
C# a lot of the time these days
sonic abyss
https://github.com/Jayy001/HashHammer - Everything is in readme.md, just want some advice / reviews really :)
azure widget
what kind of programming languages are good with writing malwares
Hey mate, we donโt normally talk malware / malware dev / malware analysis in the public channels. Youโre 0xd I recommend hopping over to the #exploit-and-mal-studies channel and asking there
azure widget
https://github.com/Jayy001/HashHammer - Everything is in readme.md, just want so...
Youโre description is very false. I guarantee most of the hashes I have would take a while or not crack depending on the format specific on
tawny stone
https://github.com/Jayy001/HashHammer - Everything is in readme.md, just want so...
Looks cool, have some feedback ๐ :
- The project structure could use some cleanup. I'd sugest moving the different cracking methods into their own module. This both cleans up your main script, and also lets you import them in other projects.
- Similarly, I wouldn't use subprocess to call python scripts. Just import the "x2John.py" scripts and call the functions directly
- If you want, you could swap out the makefile for a
setup.pyscript that can be installed w/ pip - I saw you licenced your tool under MIT, but I don't think that's allowed if you want to ship those
x2Johnscripts. - Finally, I'd consider adding a "quiet" or "basic" mode. The colored / emoji output looks nice on terminals that support it, but it can be a bit spammy if your terminal does not
Hope those help ๐
azure widget
What hash types are there supported? It seems to actually be a decent list
sonic abyss
Youโre description is very false. I guarantee most of the hashes I have would ta...
Hiya, yeah I wasnt quite sure on what to put as it honestly depends on the hash type, how common it is etc.
sonic abyss
Looks cool, have some feedback ๐ :
* The project structure could use some clean...
Hiya,
- Defintley, Ill do that now.
- Unfortunatley, you cant import rar2john and zip2john as they are not a .py file but I could probably do that for everything else
- That sounds like a great idea!
- Ah okay, Im not really expirence with licenses, need a bit of advice on what I could licese it with
- Yeah, thats great.
sonic abyss
What hash types are there supported? It seems to actually be a decent list
All the hashes ** supported by hashcat** for offline cracking and for the online cracking;
DESCRYPT, MD5, SHA1, MD4, MD2, NTLM, LM, SHA256, SHA512, SHA224, SHA384, RIPEMD128, RIPEMD160, RIPEMD256, RIPEMD320, WRL0, WRL1, WRL, TIGER2, TIGER128-3, TIGER128-4, TIGER160-3, TIGER160-4, TIGER192-3, TIGER192-4, SNEFRU0, SNEFRU256, GOST-CRYPTO, GOST, HAVAL128-3, HAVAL128-4, HAVAL128-5, HAVAL160-3, HAVAL160-4, HAVAL160-5, HAVAL192-3, HAVAL192-4, HAVAL192-5, HAVAL224-3, HAVAL224-4, HAVAL224-5, HAVAL256-3, HAVAL256-4, HAVAL256-5, MYSQL5, RADMIN2, MYSQL3, KECCAK224, KECCAK256, KECCAK384, KECCAK512, KECCAK-SHAKE256, KECCAK-SHAKE512, HAS-160, TTH-HEX, TTH, EDON256, EDON512, BLAKE224, BLAKE256, BLAKE384, BLAKE512, BMW224, BMW256, BMW384, BMW512, CUBE224, CUBE256, CUBE384, CUBE512, ECHO224, ECHO256, ECHO384, ECHO512, FUGUE224, FUGUE256, FUGUE384, FUGUE512, GROESTL224, GROESTL256, GROESTL384, GROESTL512, HAMSI224, HAMSI256, HAMSI384, HAMSI512, JH224, JH256, JH384, JH512, LUFFA224, LUFFA256, LUFFA384, LUFFA512, SHA3-224, SHA3-256, SHA3-384, SHA3-512, PANAMA, RADIOGATUN32, RADIOGATUN64, SHABAL192, SHABAL224, SHABAL256, SHABAL384, SHABAL512, SHAVITE224, SHAVITE256, SHAVITE384, SHAVITE512, SIMD224, SIMD256, SIMD384, SIMD512, SKEIN224, SKEIN256, SKEIN384, SKEIN512
I tried it on the hash task on THM and it got all of them (except for 2 because they have salts)
tepid patio
To celebrate my new blog 
I released my personal notes (I think about ~30k words?) on everything I did to go from 0 views to 1 million in ~7 months ๐
If you wanna learn SEO, content creation, all that jive my messy notes are cool ๐ https://polymath.cloud/posts/blogging
tribal gull
If anyone has troubles with the captchas cloudflare gives them when going on THM right now I really recommend getting https://privacypass.github.io/ if you're able to.
It basically makes the amount of captchas you need to solve smaller which is a nice QoL thing especially if cloudflare gives you multiple captchas before letting you enter the site
cerulean viper
this saves our day!
odd quest
I tried it on the hash task on THM and it got all of them (except for 2 because...
Honestly if you're looking for something for unsalted hashes, try Crackstation first.
sonic abyss
Yeah crackstation is good, I made the tool so it wasnt all automated etc
clever dove
Anyone interested in CyberSec news can follow me on Twitter. I am posting it from today. Gonna be a great resource to read recent news/articles from.
Twitter
mental oracle
FREE Reverse Engineering Course https://github.com/mytechnotalent/Reverse-Engineering-Tutorial
proper linden
does anyone have any resource to learn Ghidra? thm room is way too simple
shrewd ginkgo
does anyone have any resource to learn Ghidra? thm room is way too simple
I stumbled upon this page a couple days ago. I've yet to start it so I don't have an opinion yet, but it seems good enough.
https://wrongbaud.github.io/posts/ghidra-training/
proper linden
thank you!
odd quest
does anyone have any resource to learn Ghidra? thm room is way too simple
Learn ghidra, or learn to read the assembly?
proper linden
learn ghidra specifically
https://www.youtube.com/watch?v=Sv8yu12y5zM watching this now. pretty cool
already had too much assembly reading in malware analysis class โ ๏ธ
azure widget
Ghidra is just a disassembler use it as such the room gives you the basics to use it and then you can analyze binaries from there no need to go super in depth @proper linden
mental oracle
I would suggest Radare2 as well.
tawny stone
https://github.com/RickdeJager/stegseek
Released a new version of my steghide cracker:
* Now 10 000 times faster wordlist cracking than stegcracker
* (all of rockyou.txt in sub 2 seconds :D )
* Can recover any unencrypted data, regardless of the password
* Can be used to detect steghide
* fixed the horrible CLI arguments
https://www.youtube.com/watch?v=gg7WjuFs8F4
Honestly this is so HUGE
azure widget
tepid patio
Ciphey 5.11.0 now supports:
+ Gzip
+ Braille (Grade 1)
And fixes many bugs ๐
tepid patio
Joe Rogan Show interview with Moxie Marlinspike (inventor of Open Whisper Systems, who made Signal) https://open.spotify.com/episode/2uVHiMqqJxy8iR2YB63aeP?si=-LVm3Z6mSme2ITWoGYryzg
ebon valve
steep elk
https://www.udemy.com/course/web-security-fundamentals-how-to-hack-and-secure-we...
I got this with 2 horus left. nice
shut ferry
https://www.udemy.com/course/web-security-fundamentals-how-to-hack-and-secure-we...
I havenโt started this course.
How is this? Any feedback?
sullen turtle
It's alright, more web focused
Heath's PEH is better in my opinion, but a free course is a free course ;)
topaz gulch
@near prairie please link a copy that doesn't have a referral link in it ๐
near prairie
@topaz gulch done๐๐ป
faint sluice
and you don't give credit to the original cybrary article
tepid patio
@near prairie Hey, can you not share paywalled articles here?
Perhaps you can share the "friend link" which allows us free access (but gives you money if people interact with it) https://help.medium.com/hc/en-us/articles/360006543813-About-Friend-Links
faint sluice
ahh I see it is your article on Cybrary, that is... confusing
near prairie
@faint sluice yup! I wrote it 3-4 yrs back....imported it to my medium for better reach
@tepid patio you can try reading in incognito it will work fine๐๐ป
spark hedge
~~https://www.udemy.com/course/automate/?couponCode=DEC2020FREE~~
edit: expired
unreal hollow
I have lots of boring stuff though
faint sluice
and now you can automate it
azure widget
https://academy.tcm-sec.com/
All TCM courses 50% off
Coupon: HALFOFF
crimson thunder
crimson thunder
modern abyss
Here is a simple python script updated for LFI if anyone interested to see ๐ It use python3 hehe
Credits : @serene leaf
Link : https://github.com/H0j3n/EazyPeazy/tree/master/My Tools/EzpzLFI
light crystal
one of the best resources come here
balmy arch
https://academy.tcm-sec.com/
All TCM courses 50% off
Coupon: `HALFOFF`
Got myself his hacker bundle for ~โฌ30, a steal. Thanks for pointing this out!!
full vapor
https://www.youtube.com/watch?v=d9PqVcgT1kQ
Very interesting chat, especially Grad student onwards
sonic abyss
https://www.youtube.com/watch?v=d9PqVcgT1kQ
Very interesting chat, especially G...
Yes, this video is amazing! Well worth a watch
sturdy shell
That's a wicked video, Magna!
full vapor
Glad ya'll enjoyed it! Learnt quite a bit
proper linden
https://www.amazon.co.uk/Ghidra-Book-Definitive-Chris-Eagle/dp/1718501021
thanks! i'll check it
crimson thunder
https://www.youtube.com/watch?v=uAto4Etl9nA&list=PLk4j0KzuiuYTdwvGmVEaosB4aV2Dmh7Bh
New video series on buffer overflows (work in progress)
crimson thunder
Can anyone recommend a docker front end on Linux?
sturdy shell
Portainer if you aren't exposing it outside of localhost @crimson thunder (:
crimson thunder
Portainer if you aren't exposing it outside of localhost <@!651500971880611870> ...
Nice, I'm aware of it. Do I need to download it and set it up in its own container?
sturdy shell
Yup (: it is it's own container, portainer/portainer you just need to mount the docker socket as a volume and expose port 8080 ๐
It's pretty good tbh
Just uh, exposes your docker socket xD
crimson thunder
Just uh, exposes your docker socket xD
Thanks for the feedback bro
hasty sage
List of cool books!
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/BOOKS.md
unborn gust
I watched Stok's video yesterday and saw that Project Discovery released a whole new tool called dnsx. I have not yet used it or played around with it, but it looks like it will be one amazing tool to keep in the arsenal. https://github.com/projectdiscovery/dnsx
jagged tiger
Can anyone recommend a docker front end on Linux?
Vagrant or minicube or CRC would be my choice - if you ever plan to deploy to k8s though, they are dropping support for Docker containers eventually
crimson thunder
Vagrant or minicube or CRC would be my choice - if you ever plan to deploy to k8...
I don't know what k8s are, I'm a newbie in containers. I just needed a mssql server for a project and I was just surprised that the desktop app doesn't have a linux version.
jagged tiger
k8s is shorthand for kubernetes
mssql is microsoft sql, are you looking for a linux alternative?
crimson thunder
k8s is shorthand for kubernetes
oh, thanks for the info. well, the windows native alternative is a docker container, and much preferable ๐
unfortunately I'm stuck with it for the duration of my current project (most people preferred mysql but we didn't have a choice ๐ )
twilit token
I hope this question is allowed. If not, please delete.
I have a LinuxAcademy annual subscription and am grandfathered in at an annual price of $299. It renews tomorrow and I am not sure if I want to renew it. I am a bit uncomfortable with the A Cloud Guru/Linux Academy merger.
My main training interests are Linux and security. Besides TryHackMe, are there better alternatives than Linux Academy for my learning interests?
jagged tiger
Red Hat annual training subscription is a lot more, and the RH catalog is a lot thinner on security
tepid patio
I was gonna say if you wanted cloud, Cloud Academy is very very good (I am also ex-Linux academy) but for security I'm unsure ๐
jagged tiger
FWIW I found the Linux foundation courses to actually prepare for the cert exam; their courses are a lot less gatekeeper-y than some alternatives
faint sluice
ACG/Linux Academy only have a few security courses, you can find better options elsewhere. If your goal isn't cloud and you can find other Linux options, I'd ditch it
gritty barn
https://copycookie.com/most-useful-zypper-commands-for-suse-linux-users/ that's the URL without the shortener
outer nimbus
~~https://www.udemy.com/course/automate/?couponCode=DEC2020FREE~~
~~~Automate th...
Has this offer expired
spark hedge
Has this offer expired
i think it did
crimson thunder
^ but don't forget the book is always available to read for free on the site
for anyone interested
reef epoch
Cross-site Request Forgery CSRF (like & subscribe) (not paid)
https://youtu.be/bLQ4tVRordM
shut ferry
hey guys what is stuff i should get for christmas that is cybersecurity related
stoic field
anonymous mask
shut ferry
too bad already got one, i haxxed into mainframe with it
stoic field
Do you have black hoodie as well? otherwise hackkit is not complete
shut ferry
i have a black hoodie too
i wore it and called myself pro haxorman project zorgo anonymous hackktivisdit blah blah
tribal gull
Do you have black hoodie as well? otherwise hackkit is not complete
*black tryhackme hoodie
unique quarry
ADCollector โ A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.
reef epoch
New Projectdiscovery tool Cloudlist for getting assets (ip adresses) from clouds.
azure widget
ADCollector โ A lightweight tool to quickly extract valuable information from th...
So Bloodhound?
icy marsh
I have made a very rough, maybe outright wrong sometimes code snippet to sort the THM challenge boxes by point.
const axios = require('axios');
(async () => {
const { data: allRooms } = await axios.default.get('https://tryhackme.com/api/hacktivities')
/** @type {[]} */
const challengeRoomCodes = allRooms.filter(room => room.type === 'challenge').map(room => room.code);
console.log(challengeRoomCodes);
// get all the room graphs
let allRoomGraphData = [];
const batchSize = 10;
console.log(`All rooms: ${challengeRoomCodes.length}`);
for (let i = 0; i < challengeRoomCodes.length; i += batchSize) {
const promises = challengeRoomCodes.slice(i, i + batchSize).map(roomcode => {
return axios.default.get(`https://tryhackme.com/api/getgraphdata/6/${roomcode}`).then(({ data }) => {
console.log(`${roomcode} done! score: ${data[4].totalScore}`);
return {roomcode, score:data[4].totalScore};
});
});
const batchRoomGraphData = await Promise.all(promises);
allRoomGraphData = allRoomGraphData.concat(batchRoomGraphData);
}
allRoomGraphData = allRoomGraphData.sort((a,b)=> b.score - a.score);
console.log(JSON.stringify(allRoomGraphData, null, 4));
})();
prisma bison
I have made a very rough, maybe outright wrong sometimes code snippet to sort th...
This is awesome
icy marsh
oh thanks jabba
pale agate
For some of the noobs like me, How can i run that script? ๐
icy marsh
i mean i made it for nodejs. but let me check if I can make it so that it can be run in browser console.
azure widget
you can easily write that in python or js
icy marsh
^ i know. i just need to replace it with fetch. but maybe it will not work now because of cloudflare
pale agate
I'll give nodejs a go, Thank you โค๏ธ
tepid patio
can you write it in rust please?
oh but dont release a binary
make us use the Rust Interpreter please https://github.com/rust-lang/miri
remote wind
I want to learn to pwn. Can someone suggeste resources for learning ๐
Like from beginning to advance
tepid patio
fast wraith
https://github.com/oskarsve/ms-teams-rce
interesting, have you been able to recreate?
tepid patio
i havent even tried lol
sonic abyss
Important, spoofing.
gentle shuttle
I updated LFI FUZZ this evening based on the โbook shopโ room on THM. https://github.com/watchdog2000/lfi-fuzz
Now it can fuzz URL parameters too, and increase your chances of finding LFI
cloud sluice
Is anyone familiar with a good practical malware analysis course?
reef epoch
can anyone explain what malware analysis good for I'm seeing it getting mentioned a lot but don't understand why
unborn gust
can anyone explain what malware analysis good for I'm seeing it getting mentione...
so from what I know and i could probably be wrong, so don't quote me on this haha. Malware analysis is getting a malware sample, throwing it onto a sandbox and doing some Reverse Engineering on it just to look at what it does. You can also get a hash of it and throw it to Virus Total to see if it belongs to a general malware family.
Here is an article that explains it better than me lol: https://www.crowdstrike.com/epp-101/malware-analysis/
reef epoch
so from what I know and i could probably be wrong, so don't quote me on this hah...
Thanks !
azure widget
faint sluice
anyone have a good resource of learning how domain infrastructures work? I'm guessing Pluralsight will be helpful but wonder about other options
light crystal
anyone suggest free courses which use free stuff for learning networking
jagged tiger
cisco packet tracer is a free download - they have an intro course to go along with it that's intended to be supplementary to CCNA
long bloom
Whats your current skill level? Beginner?
If you are just starting out then I really enjoyed the networking part of the SANS Cyber Aces
light crystal
yes
light crystal
Whats your current skill level? Beginner?
networking yea
long bloom
I just wrote down everything he said, word for word, went over it heaps of times and it really prepared me for the first few months of my course.
I know it says cyber security but he covers networking second.
light crystal
thanks
long bloom
That whole SANS Cyber Aces course is good btw.. If you are starting out I recommend working through the whole thing.
shut ferry
This one is good enough
https://onceupon.github.io/Bash-Oneliner/
split patio
I updated LFI FUZZ this evening based on the โbook shopโ room on THM. https://gi...
is this can do bruteforce lfi-payloads? may be with custom including payloads on a file
gentle shuttle
is this can do bruteforce lfi-payloads? may be with custom including payloads on...
Correct. It finds the path, as well as trying to bypass blacklists which may exist. It can then turn LFI into RCE for you too, and read files from the server so you can read page source code yourself.
split patio
Correct. It finds the path, as well as trying to bypass blacklists which may exi...
great, I will read the source, thank you for creating this
topaz gulch
For anyone interested, this is my post regarding my OSCP experience:
https://muirland.link/oscp
cloud brook
I am interested
topaz gulch
God I love that .link webapp
Totally worth the hours I spent on it last night when I should have been working on my interview slides
odd quest
@topaz gulch Where's the css?
topaz gulch
Didn't have time to style it smh
odd quest
boo
topaz gulch
That's the admin interface anyway
I made it secure, and added the basic functionality
I'll make it pretty when I get a few hours of free time
cloud sluice
@topaz gulch do u happen to know a link on how to create a website like yours(not the content ofc) but just in general and how I would go about securing it?
topaz gulch
That's Wordpress
jagged tiger
just write it in adoc or latex, style is unimportant ๐
magic idol
Can anyone tell me yay or nay when it comes to this book : The Web App. Hackers Handbook: Finding and Exploiting Sec. Flaws 2nd edition. If nay, whats a better resource?
By Stuttard published in 2011 
azure widget
looking at it first glance I wouldnt get it
I would stick to something more well known and not as potentially dry
like no starch
faint sluice
isn't that book basically Portswigger academy before Portswigger academy was a thing? I think the complaints I've heard is the labs are hard to find/not existent now
isn't that book basically Portswigger academy before Portswigger academy was a thing? I think the complaints I've heard is the labs are hard to find/not existent now
craggy onyx
isn't that book basically Portswigger academy before Portswigger academy was a t...
Yes it is. Instead of releasing a Third Edition, they made the Academy pages.
magic idol
Thats one thing I did read by someone in review section. Its based on BurpSuite and Pro version is almost a must for the labs.
Thanks for the input guys/gals.
I am most definitely not a fan of dry material. I easily loose interest
INE PTS coursework listed that as a resource while going through XSS slides
faint sluice
I don't think it is dry, but just doing Port Swigger academy may be a better bet, it is a pretty famous book
magic idol
I will check that out. Thank you!
The Academy is exactly what I might be looking for :)
magic idol
Thats a lot of labs. I better get started
dusk pawn
https://www.vulnhub.com/entry/devguru-1,620/
not really a resource
but hence it was removed from thm the owner decided to post it on vulnhub
crimson thunder
oh yeah, the academy is definitely not dry. there's theory and labs. everything you learn you then test hands-on.
magic idol
The labs look really good. Been going over some material thus far
odd quest
https://www.netacad.com/courses/os-it/ndg-linux-unhatched
https://www.netacad.com/courses/os-it/ndg-linux-essentials
IDK how good these are, but free
verbal siren
I took the NDG Linux Unhatched. It is pretty basic and really good for beginners.
tepid patio
We have received 12 Nord product bundles and want to share them with you guys! Participants will be able to win a NordVPN + NordPass + NordLocker 1-year, 6 months and 3 months FREE subscriptions. So, what needs to be done in order to win it?
From our pals over at r/NordVPN
remote wind
One of the best notes on Binary Exploitation
