#resources

1 messages · Page 10 of 1

remote wind
#

For those who are getting started

fast wraith
crimson thunder
#

it's top notch 😄

fast wraith
#

have you finished it?

crimson thunder
#

not this specific course, I'm halfway through the peh course (taking a pause due to other responsibilities)

#

I was talking about his material in general

fast wraith
#

ah okay gotcha, yeah I finished his udemy course when it first came out - didn't do the AD stuff yet though

#

and I currently have his Windows Escalation course I haven't gotten around to yet

#

I know he has a certification in the works too I'm excited for

magic idol
#

Thanks for that link James. Something I can do while at work and with nothing to do

dim marlin
#

If yall have any comprehensive resources on threat intelligence please lets me know

#

Needs to read all this before summer

proud pebble
craggy onyx
cloud sluice
#

Does elearn have a monthly subscription to the cyber pass pr is that a myth?

#

I saw themayor11 ask them and i think they said yes but if anyone who knows can confirm this

faint sluice
#

they do, its $200/month

magic idol
#

Ive heard you have to contact them to get the monthly plan

cloud sluice
#

Oh really, okay thats good to hear! Thnks for the heads up @faint sluice @magic idol

shut ferry
light crystal
#

i hope i can put this

crimson thunder
hazy trench
light crystal
#

idk i got this in another server

hazy trench
#

It's not real. It's training for the real CISSP

river ocean
cobalt trout
#

What is the best resource to get started with Reversing and actually with Vulnerability Research?

balmy arch
#

(You'll end up a better researching by starting today than you will waiting for that elusive 'best' resource 😉 )

azure widget
#

@cobalt trout ```md

Resources

These are the resources I have found while learning about the binary exploitation.

Blogs:-

Youtube:-

Wargames:-

Pwn Related Stuffs:-

Stuff Robin gave me:-

proud dome
#

Recently made an interactive cheat sheet website for Windows/AD hacking, think it could be really useful for people: https://wadcoms.github.io/

unborn gust
#

@topaz gulch Just read your OSCP blog post and wow that was amazing! Congratulations on passing! I am trying to also get the OSCP but currently feel like I do not know as much information to sign up. I have been doing a lot of tryhackme to prepare and get some more experience, but your post gave amazing advice also.

topaz gulch
#

Glad it was useful 🙂

sonic abyss
crimson thunder
#

Almost metallica

light crystal
odd quest
#

Oof udemy

tepid patio
dim marlin
prime sable
sonic abyss
glad hazel
#

LOL Why?

prime sable
#

fun tip

#

you can unzip excel docs to see what they have contained in them.

sonic abyss
#

Patched but quite interesting

cloud sluice
#

Anyone have a good article explaining port forwarding pls?

odd quest
#

Do you understand NAT?

#

Once you understand NAT and how it works, port forwarding becomes a lot easier to understand

cloud sluice
#

Yes I do, learned that through elearns course

odd quest
#

So, port forwarding is just mapping a port on the public side to an IP+port on the private side. Any traffic to that port on the public IP gets sent to whatever IP+port you set it to be sent to.

cloud sluice
#

Wow thats legit explaining NAT devices, thnks for the simple explanation!

light crystal
#

everyone scolds me 😦

quasi scarab
#

@spark hedge When you get the chance, could you DM me real quick? I'd love to get your opinion and thoughts on some write up stuff :)

sonic abyss
wooden vigil
#

Can someone recommend the Practical Ethical Hacking Course of TCM-Sec?

faint sluice
#

yes, it is really good

#

note you will want a HTB paid account to fully take advantage of the course

wooden vigil
#

nice thank you

distant gust
#

I've just accepted an offer for a junior incident response role, but I'm still pretty green to this side of cybersecurity. Can anyone recommend any good resources / certs to start working through?

#

Ideally something cheaper or my wife will murder me

faint sluice
#

I'd definitely look at DFIR Diva, she has a ton of resources

distant gust
#

Exactly what I was looking for, thanks! blobheart

modest hedge
faint sluice
sonic abyss
#

For the free resources / training)

topaz gulch
faint sluice
faint sluice
topaz gulch
#

Yeah, fair enough 😄

modest hedge
odd quest
#

Some people do and I don't think you should ignore that

sonic abyss
shrewd ginkgo
sonic abyss
#

oh shoot

#

lets go

shrewd ginkgo
#

lightsaberpepe it's working

hasty fox
#

"Never had nitro before" also includes the snowsgiving nitro a loooong time ago fyi

hasty fox
#

What's a good resource to learn docker and kubernetes?

unreal hollow
#

in what context

#

how to setup, use, or hack

hasty fox
#

setup and use

unreal hollow
#

Google has some good docs on Kubernetes

upbeat token
tepid patio
topaz gulch
#

Infosec resources Bee smh

tepid patio
#

Please avoid self-promotion of paid content here.

#

I checked!

topaz gulch
#

Infosec resources!

cloud brook
#

I’m honored that they made AI in my name @tepid patio

unreal hollow
#

I though blob was doing opera now

cloud brook
#

I am

azure widget
topaz gulch
#

I am specifying now

azure widget
#

Boooo

azure widget
magic idol
#

Any thoughts on rangeforce?

#

I did a few hands-on blue team type exercise in a complete virtual environment right in the browser.

verbal siren
#

$5 books and videos on Packt. any recommended books here?
packt.live/2q0AbGZ

faint sluice
night ether
magic idol
#

Saw someone mentioned them on linkedin. Looked them up, signed up and thats it

night ether
magic idol
#

Very cool practical training. Right from the browser

#

They are definitely not spamming my inbox. Maybe you are special :)

tepid patio
tepid patio
tepid patio
#

Wait TIL you can replace backend with server-less functions, effectively you can have a webapp without having a server which is a big plus for security (provided you trust the provider though)

agile pawn
#

I don't know if anyone has sent a list but what are the best books for OS Hacking?

azure widget
#

@agile pawn what do you mean by OS hacking?

#

that’s a very broad term

agile pawn
#

Do you recommend another like this?

sonic abyss
agile pawn
sonic abyss
#

No worries, it's a pretty knew company which is cool

ember gulch
#

Yay thanks for sharing @sonic abyss ! Someone just told me they saw a mention of it so wanted to drop by and offer my support / say hi

red blade
sturdy shell
tepid patio
#

AWS lightsail is managed EC2 like DO

#

it has a backend 😛

#

unless you meant lightsail container services?

shut ferry
tepid patio
#

This weeks cyber security news in a nutshell 😄

gritty barn
hollow crater
#

Hey y'all! Does anyone have cool resources or a blog post on a good Kali setup for THM? I have tried: WSL Kali on my main machine, Kali 2020.4 on an older laptop, and then the THM attackbox Kali. WSL Kali has issues with persmissions and I'm not loving win-kex or xrdp, "vanilla" Kali is cool and has all the 2020.4 features that WSL doesn't but it's on a slower machine, and the attackbox has significant delay for me. I'm fairly new to Linux and networking but have a programming background, so I'd like to stick to my main Win10 machine +WSL if possible.

odd quest
#

Just make a Kali VM. WSL is not a good solution due to how it works.

#

Mostly the networking setup

hollow crater
#

Cool, thank you. I have very little understanding of why networking would be better on one over another so I appreciate that.

sick berry
#

does anyone know of a good room to experiment with ROP?

summer iron
#

Which is better for 4gb ram laptop VM VIRTUAL BOX Or WSL

#

??

prisma bison
hushed estuary
#

Though it might get more interesting once Microsoft natively supports Wayland

azure widget
#

That’s not why James suggests against WSL2

azure widget
hushed estuary
#

Seems to work ok enough for me but it's a bit janky on some machines I guess

#

It uses a hyperv virtual switch

jagged tiger
#

I have also had really terrible experiences with the TCP/IP stack in WSL.

edgy plank
#

anyone have some good resources for network forensics? 👀

livid timber
edgy plank
#

thanks! blobheart

sick berry
#

CyberDefenders is pretty good

fast wraith
#

Install a mail-server on your Pi! I use this to forward various logs like my DD-WRT and PiHole logs to a local e-mail specifically meant for my home network administration. (it also has chat rooms!) https://www.citadel.org/easyinstall.html

odd quest
sage walrus
#

does this site requires subscriptions

azure widget
#

seems like something you could find out easily for yourself

sage walrus
#

yes/no would have been fine.

odd quest
#

Hacking is 90% research

sage walrus
#

Noted. skidy

fast wraith
jagged tiger
#

Droogy, if you are into self managed options check out bitwarden. You can do cloud, private cloud, and local only

#

Nvm, they changed the app version - used to have an option for a local db.

night ether
#

big fan of lastpass

fast wraith
#

I do like lastpass too, and for 99% of people it's totally acceptable but in the long term I want my data stored locally

faint sluice
#

I like lastpass because I can use it on my phone and computer

fast wraith
#

my android phone is so old autofill works maybe 5% of the time so it doesn't even matter to me lol

#

ideally I would like to just have a yubi-key/physical (non-biometric) solution for everything on my phone

shrewd ginkgo
#

What do people think of 1password in comparison to lastpass?

topaz gulch
#

I use it 🤷‍♂️

unreal hollow
#

I use Last Pass for personal and at work we use Keeper, they both are kinda similar, I just like the layout of Last Pass better

wind osprey
#

I've had problems setting up the most recent Kali as a virtual machine in vmware. Anyone have any luck with this?

subtle dirge
gritty barn
shrewd ginkgo
#

I haven't done this workshop yet, but it looks kinda cool

livid timber
#

Thanks, that does look interesting

ornate delta
#

ooh

calm ermine
#

Sm9l - I wouldn't have thought so. There very few (if any) ethical reasons for that sort of attack which is why we don't really talk about them here.

prisma bison
#

That and

#

We are teaching about security vulnerabilities and accessing boxes

gritty barn
#

i mean, stress testing is a type of testing as well @calm ermine @prisma bison , as long as it is agreed in the scope of engagement.

prisma bison
#

My point still stands haha

gritty barn
#

it is still a vulnerability. Certain CiscoOS versions are susceptible to a DoS vulnerability that can crash it or make it exclude the ACLs for following packets

#

i can provide you with loads of them if you are interested, i am just saying that DDoS is bad, but DoS seems like a quite unimportant topic, nonetheless you want to avoid them in client engagements

prisma bison
#

Mhm of course

livid timber
light crystal
languid parcel
sonic abyss
#

Udemy dark

unreal hollow
#

Nathan House has good resources on his StationX site as well

languid parcel
#

definitely

#

Nathan is top tier

faint sluice
#

I've seen those classes saw the logo and clicked off ... just its a bit much

sonic abyss
light crystal
#

it had 2 hrs left

#

after i posted

light crystal
#

ONLY 2 HRS LEFT

#

@sonic abyss

#

pinged u be4 its expired

sonic abyss
keen field
#

Amazing resource

cloud kite
#

Thanks for the Udemy links. Was able to nab a bunch of courses for free. Just need to find the time in between work and uni

shut ferry
vital trench
faint sluice
#

the logo

vital trench
azure widget
#

All of Udemy is meh for cybersec except for TCM and Tibs

faint sluice
#

yeah TCM is solid, there is a lot of good AWS stuff there,

#

Udemy does have a money back guarantee, I've totally bought a course and realized it wasn't for me

azure widget
#

I dislike the discount by 90% all the time system of Udemy and I dislike that because courses are community made some of them are just horrible

shut ferry
#

Those who put udemy courses with 100% off are amazing people

light crystal
light crystal
#

@shut ferry

jaunty raven
#

Overpass

tepid patio
odd quest
tepid patio
#

no but i think I can convince Tib to make autorecon accessible

#

i did bug John the other day too with one of his CTFs lol

odd quest
#

The first thing I noticed was the banners

tepid patio
#

is there a way to host mp3 files

#

somewhere

#

ok nice

tepid patio
#

Lex Fridman is an AI researcher, but he also has a podcast where he interviews some really big names. Unlike other podcasters, Lex actually studies the topics of the people he interviews so you end up with some really interesting discussions. Some of the big names hes interviewed:

  • Elon Musk
  • Dan Carlin
  • Joe Rogan
  • Jack Dorsey (I loved this one, Jack calls himself a hacker instead of a CEO which is cool)
  • Vitalik Buterin
  • George Hotz (GeoHotz)

I highly recommend this podcast. Also, all of Lex's MIT lectures on DeepLearning are fantastic.
https://www.youtube.com/c/lexfridman/videos?view=0&sort=p&flow=grid

YouTube
Lex Fridman

Videos exploring research topics in artificial intelligence, deep learning, autonomous vehicles, and beyond.

faint sluice
#

nice

solar socket
#

https://fieldraccoon.github.io/posts/How-to-make-Boot2Root-machines/ for people who want to make their own machine but arent sure where to start

fieldraccoon
How to make Boot2Root machines for hackthebox / tryhackme

Setup The idea of me making this machine was to learn how it works, the setup process. Making something vulnerable and eventually how to submit and export my image to the platforms. This box consists of: Nmap the box to find that port 21 is open connecting via FTP using get to grab a file that contains credentials Using those credentials to logi...

honest basin
#

anyone got more resources for pwn stuff?

odd quest
#

There's a bunch pinned

#

Like a LOT

honest basin
#

oh thank you I haven't check the pins sorry

shut ferry
crimson thunder
prime mantle
fast wraith
#

Anyone with a good RSS feed willing to share their OPML? Or any good blogs (with RSS) in general

tepid patio
#

its a lot of sources tho

#

feedly doesnt actually tell me because its too many

#

it just says "1k+"

fast wraith
#

thank you so much! I debated using feedly but I have a lot of privacy concerns with them, it was actually super annoying finding a good, open-source RSS reader for Windows

jaunty pulsar
#

AutoRecon is nice, but that output woould be really helpfull, i have to write the sentence for nmap

reef rampart
#

Came across this cyberchef like site yesterday - Universal Encoding Tool - UnEnc
https://www.unenc.com/

Universal Encoding Tool

The Universal Encoding Tool provides a huge collection of methods for en-/decoding, en-/decryption, conversions and hashing

tepid patio
tawny stone
#

Just released Stegseek v0.5 (The Official StegCracker Killer ™️ )
https://github.com/RickdeJager/stegseek
Changes:

* No longer eats all of your ram
* Scales better with cores. (Can try all of rockyou in under 1 second if you give it ~16 threads)
* Can take stupidly large wordlists as input. (15GB worked fine)
* Some bugfixes and whatnot
* 12 000 -ish times faster than StegCracker
GitHub
RickdeJager/stegseek

:zap: Worlds fastest steghide cracker, chewing through millions of passwords per second :zap: - RickdeJager/stegseek

tepid patio
languid parcel
#

o.o

#

not a bad offer

faint sluice
spiral zodiac
azure widget
#

That’s seems like a lot of work since macros are still a thing

spiral zodiac
#

^ same, but I posted it anyway 🤷‍♂️ 😄

#

but it might help in evading av I guess? but the Shell in the macro should get flagged by av anyway

fast wraith
tepid patio
fast wraith
#

👀
i got a smartscreen warning on install that I just clicked thru lol
looks like that triggered in Edge?

azure widget
fast wraith
#

somewhat decent article about the state of security architecture and best practices written way back in 2005.
Also has this really fun line

My prediction is that the "Hacking is Cool" dumb idea will be a dead idea in the next 10 years.

unborn heath
#

HAH

#

But we’re all still here buddy! Go do your blue team stuff and stop trying to discourage the red!

distant gust
#

Does anyone know of any good resources for learning how to use Autopsy?

azure widget
#

The free autopsy course if that is still free

distant gust
gritty barn
azure widget
shadow blade
#

Hi everyone I just made a python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
https://github.com/Anteste/WebMap
This project is free and Open Source so use it as you want

GitHub
Anteste/WebMap

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing - Anteste/WebMap

topaz gulch
#

@shadow blade bearing in mind that nmap doesn't work properly for more advanced scan types if not run as root, are you running that script with the SUID bit?

shadow blade
#

@topaz gulch No am just using os.sytem("nmap -T4 -A " . ip)

topaz gulch
#

Oh, I can see that

#

Hence asking -- because if that script is given any kind of extra privileges then it turns into the easiest privesc I've seen in a long time

light crystal
#

so u goota add sudo

#

and tell user to run it as root

topaz gulch
#

Which is a shame, because it needs SUID/sudo if you want nmap to use a SYN scan rather than a TCP scan

light crystal
#

i will keep in mind while making my own peoject

topaz gulch
light crystal
#

this will help

shadow blade
#

But we don't sudo if we just want to use an agressive scan.

topaz gulch
#

It's all in my nmap room 🤷‍♂️

shadow blade
#

@topaz gulch you're room is awesome

light crystal
#

or muirs gonna warn us

topaz gulch
#

Aggressive is just shorthand for -O -sV -s C + traceroute @shadow blade

#

It's still built on one of the other scan types

light crystal
#

all in 1

topaz gulch
#

-sT by default with no sudo, -sS with sudo

#

Ideally you want -sS

light crystal
#

muir for rustscan how do we say which port specify?

shadow blade
#

For example I have to run the script as root then run the nmap scan also as root.
But the script will be vulnerable to a SUID privesc

topaz gulch
light crystal
shadow blade
#

I can just run the nmap scan as root and when the user will start it will ask for his passwd and it will not be vulnerable

topaz gulch
#

Mhm. That's a better option

light crystal
shadow blade
#

But how can I add it to the sudoers ?

light crystal
#

use sudo in front of every command

#

i HOPE the person may have it

shadow blade
#

Thx guys I will add it

topaz gulch
night holly
#

If you’re using a VM just suid it , my vm has at least 4 ways to root kekw

fringe spire
night holly
#

Okay, won’t do much don’t have any ports forwarded or open 🤷‍♂️

#

And actually having a unintended privesc In your vm can save you a lot of time when manjaro removes your user from sudoers after a few failed login attempts festivekek

shadow blade
#

You can login as root like I do

night holly
#

I didn’t have a root pw set at the time

fallow knoll
#

someone was asking about setting up AD labs in general the other day, there's some interesting stuff in the replies to this tweet: https://twitter.com/netsecfocus/status/1344197765165887493

NetSec Focus (@netsecfocus)

Question on our Mattermost: anyone have any nice guides to setting up an build up/tear down AD environment to practice pentesting on your own lab?

@UK_Daniel_Card this sounds right up your straat.

Twitter ·
tepid patio
odd quest
icy marsh
# 
https://www.udemy.com/course/wireshark-packet-analysis-and-ethical-hacking-core-skills/?couponCode=GOODBYE

^ this is free for year end sale I guess.

keen field
magic idol
#

Nice little cheat sheet for anyone thats interested

odd quest
#

You can also fuzz it

hazy trench
#

Can I post Udemy courses here?

tepid patio
#

is it self promotion

#

and is it free (mostly)

#

then yes

#

generally

#

i mean

#

the rules are in the uh

#

that box

#

next to the channelk name

#

Please avoid self-promotion of paid content here.

hazy trench
#

Learn ethical hacking, Python, web development and more with these 9 FREE courses! Happy New Years!

https://www.udemy.com/course/ethical-hacking-kali-linux/?couponCode=HAPPYNEWYEAR

https://www.udemy.com/course/ethical-hacking-python/?couponCode=HAPPYNEWYEAR

https://www.udemy.com/course/python-complete/?couponCode=EE03C893BA5B7A8127D1

https://www.udemy.com/course/front-end-web-development/?couponCode=HAPPYNEWYEAR

https://www.udemy.com/course/full-stack-javascript/?couponCode=HAPPYNEWYEAR

https://www.udemy.com/course/linux-system-admin/?couponCode=HAPPYNEWYEAR

https://www.udemy.com/course/python3-for-beginners/?couponCode=HAPPYNEWYEAR

https://www.udemy.com/course/google-chrome-extension/?couponCode=HAPPYNEWYEAR

https://www.udemy.com/course/ethical-hacking-professional/?couponCode=HAPPYNEWYEAR

#udemy #couponcode
credit: ロックン | ばかユジン

Udemy
Learn Ethical Hacking: Beginner to Advanced!

Learn ethical hacking, penetration testing and network security skills with our comprehensive course!

Udemy
The Complete Python Hacking Course: Beginner to Advanced!

Learn ethical hacking, penetration testing and network security while working on Python coding projects!

Udemy
The Complete Python 3 Course: Beginner to Advanced!

Learn Python with projects covering game & web development, web scraping, MongoDB, Django, PyQt, and data visualization!

Udemy
The Complete Front-End Web Development Course!

Get started as a front-end web developer using HTML, CSS, JavaScript, jQuery, and Bootstrap!

Udemy
The Complete Full-Stack JavaScript Course!

Learn full-stack web development using JavaScript (ReactJS, NodeJS, LoopbackJS, Redux and Material-UI)!

hazy trench
hazy trench
tepid patio
hazy trench
#

U guys don't trust others

tepid patio
#

what?

#

i have no idea what you're talking about lol

violet fjord
#

man thank you very much for the free courses

hazy trench
violet fjord
# hazy trench Welcome

but is there a way to search for more free udemy courses? because i'm also interested in other things

sonic abyss
#

Hotukdeals

faint sluice
#

there is a reddit of udemy deals, forget whats its called but you can google

prisma bison
#

@paper bolt These were posted above by another user 🙂

paper bolt
#

I can’t see lol ive f my discord up

prisma bison
#

oof

odd quest
#

I'm deleting it because they are right there and it's a wall of embeds

hazy trench
violet fjord
hazy trench
#

Ohh...

gritty barn
#

@white pivot mind helping my pal out @remote wind with some resources? he is trying to follow your steps 😄

remote wind
#

Lol i already contacted him @gritty barn

#

😂

#

He once teached me about stack pivioting

stoic field
#

Hey! I am planning to take the Modern Binary Exploitation course by RPISEC soon but need some computer organization knowledge first. Are there any courses or resources you could recommend? The topics mentioned on their github are:
MIPS assembly, x86 assembly, Datapaths, CPU Pipelining, CPU Caching, Memory Mapping

white pivot
# 
# Resources

These are the resources I have found while learning about the binary exploitation.

### Blogs:-

* <https://syedfarazabrar.com/>
* <https://kileak.github.io>
* <https://d4mianwayne.github.io/>
* <https://ctf101.org/binary-exploitation/buffer-overflow/>
* <https://blog.skullsecurity.org/category/ctfs>

### Youtube:-

* <https://www.youtube.com/channel/UCi-IXmtQLrJjg5Ji78DqvAg/videos>
* <https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN>

### Wargames:-

* <http://pwnable.kr/>
* <http://pwnable.tw/>
* <http://pwn.eonew.cn>
* <https://www.root-me.org/?lang=en>
* <http://smashthestack.org/>
* <https://exploit.education/>


### Pwn Related Stuffs:-

* PwnTips - <https://github.com/Naetw/CTF-pwn-tips>
* Quick guide -<https://trailofbits.github.io/ctf/exploits/binary1.html>
* Pwn Challenge List - <https://pastebin.com/uyifxgPu>

### Stuff Robin gave me:-

* Course materials for Modern Binary Exploitation by RPISEC - <https://github.com/RPISEC/MBE>

* Learn ROP - <https://ropemporium.com/>

* For Linux binary Exploitation - <https://github.com/scwuaptx/HITCON-Training>

* Intro to binary exploitation / reverse engineering course - <https://guyinatuxedo.github.io/>

* A collection of pwn/CTF related utilities for Ghidra - <https://github.com/0xb0bb/pwndra>

* Some pwn challenges selected for training and education. - <https://github.com/BrieflyX/ctf-pwns>

* A set of Linux binary exploitation tasks for beginners on various architectures - <https://github.com/xairy/easy-linux-pwn>

* ASM Basics - <https://asmtutor.com/#lesson1>
#

@remote wind

remote wind
stoic field
#

Sure

glass mulch
lapis herald
full vapor
#

That looks pretty good! Come at the right time for me, wanna get back I to that! Thank you for the link L-Drago

odd quest
tepid patio
#

@topaz gulch can I share super nerdy maths videos here that I think people will like? I.E: https://www.youtube.com/watch?v=k7q0Y2W0Rn4

YouTube
Steve Mould
I predicted the exact time of my daughter's birth using science and...

This is an excerpt from Just For Graphs. Get it on DVD and download here:

https://shop.festivalofthespokennerd.com/

I analysed the data from my wife's contractions prior to the birth of our daughter and tried to guess when she would be born.

The android app I used is called Contractions Timer:

https://play.google.com/store/apps/details?id=co...

▶ Play video
karmic socket
#

Home lab suggestions for newb? Ive got a few lightweights machines..And Im sure there are several "best" routes..Got a quad core 16gb windows desktop, a quad core 16gb windows laptop, and older windows laptop ,1 core x 2-4 gb ram. ( install linux?) Would appreciate some professional opinions if someone has the time. TIA Looking to do network analysis, nmap, pentesting, wireshark, metasploit, CTF Tools.... I really don't know yet.

lapis herald
storm ether
prisma bison
#

Hi @cobalt oriole,

We only accept content that is English in this server (Please refer to rule 8), and try avoiding self-promoting.
Excessive advertisement is also against our rules (rule 3) :)

cobalt oriole
#

@prisma bison Ok

prisma bison
#

Thanks!

tepid patio
#

https://berthub.eu/articles/posts/reverse-engineering-source-code-of-the-biontech-pfizer-vaccine/

Articles
Reverse Engineering the source code of the BioNTech/Pfizer SARS-CoV...

Translations: ελληνικά / عربى / 中文 (Weixin video, Youtube video) / 粵文 / bahasa Indonesia / Català / Deutsch / Español / 2فارسی / فارسی / Français / עִברִית / עִברִית2 / Hrvatski / Italiano / Nederlands / 日本語 / 日本語 2 / नेपाली / Polskie / русский / Português / Română / Slovensky / Türk / український / Markdown for translating
Welcome! In this post...

#

Not infosec, but VERY cool

#

also

#

https://deepmind.com/blog/article/muzero-mastering-go-chess-shogi-and-atari-without-rules

Deepmind
MuZero: Mastering Go, chess, shogi and Atari without rules

In 2016, we introduced AlphaGo, the first artificial intelligence (AI) program to defeat humans at the ancient game of Go. Two years later, its successor - AlphaZero - learned from scratch to master Go, chess and shogi. Now, in a paper in the journal Nature, we describe MuZero, a significant step forward in the pursuit of general-purpose algorit...

#

DeepMind's AI has mastered Go, Chess, Shogi & Atari games without any rules or human input or domain knowledge

serene coyote
#

Really impressive !

azure widget
#

We don’t mess with mimikatz anymore all my homies use SharpHandler

light crystal
prisma bison
#

Is this an accepted writeup?

river ocean
#

I haven't submitted there

#

Should I submit there first?

prisma bison
#

Please only share accepted writeups

river ocean
#

okay

prisma bison
#

Thanks C:

fast wraith
#

Great SANS video on Threat Hunting/Detection, apparently SANS youtube is infosec's best kept secret as theres only a few thousand views on each video and they are all super high-quality https://www.youtube.com/watch?v=LVSwYyDN2Sk&list=PLtgaAEEmVe6DYtY3XggF8Z4AYJAIY97Rp

YouTube
SANS Institute
Build it Once, Build it Right: Architecting for Detection - SANS Ta...

SIEM Summit 2019 Agenda: http://www.sans.org/u/UIC

Presenter:
Eric Conrad, Fellow, SANS Institute

Defensible networks are designed to prevent and detect computer attacks, and are hardened at every layer. Per Richard Bejtlich, defensible networks “can be watched” and “limit an intruder’s freedom to maneuver.” For example: modern malware often a...

▶ Play video
gritty barn
keen field
craggy onyx
fast wraith
#

oh for sure, you can tell the guy is a Windows guru. love the fact that he almost exclusively recommends mitigations and techniques that are software-agnostic, lots of easy wins you can take away from that talk for blue-teamers. definitely starting to see why SANS is worth it!

keen field
shut ferry
#

@fast wraith sans yt algorithm ceases to exist on a platform like yt. Aint gonna see sans as a recommended video pop up. Sucks doe

#

But than u got Harvard lectures that just pop up randomly on my recommended like

cloud brook
#

Harvard 🤢

nova oyster
open magnet
#

hello

shut ferry
#

hi

fast wraith
livid timber
azure widget
#

Sans does a lot more for the community than just their courses

#

you can get a lot out of SANS for free

hasty fox
#

Kringlecon!

winter plover
#

Burp Customizer -- Because just a dark theme wasn't enough!

-Burp Suite 2020.12 replaced the old look and feel classes with FlatLaf, an open-source look and feel class that also supports 3rd party themes developed for the IntelliJ Platform.
-This extension allows you to use these themes in Burp Suite and includes a number of #bundled themes to try.

https://github.com/CoreyD97/BurpCustomizer

GitHub
CoreyD97/BurpCustomizer

Because just a dark theme wasn't enough! Contribute to CoreyD97/BurpCustomizer development by creating an account on GitHub.

cerulean viper
winter plover
cerulean viper
#

Haven't you tried Burp Suite's Dark theme yet ?! I'm afraid

keen field
#

Burp new UI is more than amazing
from a ZAP fan 😄

silent walrus
#

What version is it currently

#

I think I have to update

fast wraith
limber oak
#

Hello everyone can have an idea about RedTeam Manual Book new version?

craggy onyx
fast wraith
tribal gull
#

speaking of twitter tags, most sites also support opengraph which is more widespread and is an open standard 😄
https://ogp.me/

icy marsh
# 
https://www.udemy.com/course/android-penetration-testing-using-diva/?couponCode=FREE3DAYS

^ this is also free. 1 day remains i think. Don't know about the course quality though.

velvet maple
icy marsh
#

np ❤️

halcyon kernel
#

hey guys if someone here knows how to do it
Im trying to use grep that starts in letters and ends with digits can someone help?

faint sluice
#

look at grep -e

humble needle
#

life could be dream

fleet star
#

anyone know where i can get new updated password dictionary thats hashed already? Newer than the one john uses? or does john hashed them automatically?

#

a password list

glad hazel
fleet star
#

@glad hazel that was very helpful. thx bud

serene coyote
#

I picked the link, thanks :)

icy marsh
# 
https://www.udemy.com/course/complete-webapplication-penetration-testing-practical-cwapt/?couponCode=SESSION9

https://www.udemy.com/course/linux-unix-shell-scripting-certification-training/?couponCode=LINUX_SHELL_UPLATZ

Free ones ^

remote wind
icy marsh
#

i actually got this before. it's looked kinda beginner friendly to me. but didn't go through enough to give u concrete review. it's free so enroll first then check the reivews. lol

remote wind
#

Lol i enrolled and then asked kekw

cloud token
fringe spire
velvet maple
#

I also stack many videos on Udemy.... I should study.😤

keen field
keen field
jaunty raven
light crystal
#

and i did go through any

#

59*

fringe spire
dim marlin
#

very good talk

shut ferry
fringe spire
#

I'm proud of you

cerulean viper
#

I have 1500+ courses 👀

languid parcel
#

o.o

#

thats alot

cerulean viper
#

1644 to be precise xD

fleet star
#

anyone explain how vulnhub works exactly?

azure widget
#

they host ovas and you download them then run them

fleet star
#

ovas?

odd quest
#

https://en.wikipedia.org/wiki/Open_Virtualization_Format

Open Virtualization Format

Open Virtualization Format (OVF) is an open standard for packaging and distributing virtual appliances or, more generally, software to be run in virtual machines.
The standard describes an "open, secure, portable, efficient and extensible format for the packaging and distribution of software to be run in virtual machines". The OVF standard is no...

fast wraith
#

SELKS is a pretty cool Debian 10 based alternative to SO
https://www.stamus-networks.com/scirius-open-source

Stamus Networks | SELKS

Stamus Networks believes in the innovative power and flexibility of Open Source software. Our primary contributions to Open Source is SELKS, a live and installable ISO implementing a ready to use Suricata IDS/IPS managed by Scirius Community Edition, a web interface dedicated to Suricata ruleset management and basic network threat hunting.

icy marsh
# 
https://yofreesamples.com/courses/free-discounted-udemy-courses-list/

this gets updated every hour or so giving u all the free udemy courses. The site is awesome!

shut ferry
#

you... sniff you're a good person

simple juniper
fringe spire
#

Can't use mobile data 👀

icy marsh
#

lol isp blocking?

fringe spire
#

🤷‍♂️

#

Working on wifi

balmy arch
#

Does anyone recall a resource passing by here that interactively suggested ways to attack AD, depending on what you had (Eg: unauthenticated, authed but not privileged, ..) ?

shut ferry
#

some free resources in hacking please

balmy arch
shut ferry
#

ok

fringe spire
night holly
velvet maple
inland yacht
# icy marsh ``` https://yofreesamples.com/courses/free-discounted-udemy-courses-list/ ``` th...

https://www.freewebcart.com/udemy/

Freewebcart
Udemy Coupon

Courses Sort By: Release date (newest first) Release date (oldest first) Price high Price low Overall Rating Popular (most viewed) Development Convert your WordPress Website into a react native app Free Boostrand Training Convert your WordPress Website into a react native app React Native is an excellent tool for building both android and ios ap...

fast wraith
#

How do you guys track site analytics for a personal blog? I'm thinking about just parsing apache access logs but don't want to exactly re-invent the wheel here. I would setup Google Analytics but I don't want my visitors to be tracked or make people change their privacy extensions.

azure widget
#

Netlify / github analytics. I think @topaz gulch uses a .link for analytics

#

Canary

jagged tiger
#

are you self hosting somewhere? egress logs to ELK and Prometheus

fast wraith
#

ah I do have SO, seems like I could do something with grafana there

#

not just for threats!

tepid patio
#

Simple Analytics, Fathom, Plausible, Matomo are all privacy friendly analytics

#

netlify analytics is good too

faint sluice
#

remember the days when websites had little counters...

jagged tiger
#

oh geocities - at least we still have the wayback machine

tepid patio
keen field
fast wraith
glad hazel
#

What is that used for Bee?

tepid patio
#

What is what used for?

#

Cloudflare Analytics?

#

For my blog, I run it behind Cloudflare CDN as it's static content (90% is cached so it's super fast) so I use CF Analytics for it too 😄

unreal hollow
#

is it free with CF

tepid patio
#

Yes, with the tracking script

#

but I pay for CF and I get server-side analytics 😄

#

Also they're releasing a netlify competitor

#

I paid £29 / month for hosting and £15 / month for analytics before, now I only pay £14 / month for CF. The idea that I can do analytics + CDN + hosting all on CF is simply amazing! 😄

topaz gulch
#

How the heck was your hosting costing so much?

#

I'm on a fiver a month total

fast wraith
#

yeah luckily i probably have less than a couple visitors a week so i dont have to scale up my $5 droplet yet

tepid patio
#

A lot of views

topaz gulch
#

My analytics are also free. Albeit not particularly verbose

#

That fiver gives me unlimited traffic

tepid patio
#

and it wasn't static

#

so hosting sucked

topaz gulch
#

For a wordpress blog

tepid patio
#

ah, on a VPS?

topaz gulch
#

Nah, managed hosting for my blog, given I can't be bothered setting up bruteforce/DOS protection and it's inbuilt that way (plus I set it up before I got into server management)

tepid patio
topaz gulch
#

Oof

tepid patio
#

was deffo worth it, but they weren't static

topaz gulch
#

I just rent server space from Ionos. Comes with a tonne of perks

tepid patio
#

which meant CDN didn't work out so well

topaz gulch
#

Had to install the stuff myself obviously, but it works 🤷‍♂️

#

Although most of my other stuff is on VPSs now

tepid patio
#

Ghost is going down a really weird route rn too

#

Like a Substack competitor

#

for some reason

azure widget
topaz gulch
fast wraith
#

I did a droplet with a manually installed lamp stack to host wordpress which was a pain, 2nd time I migrated my site to the one-touch droplet configured for Wordpress which was super easy

topaz gulch
#

I also added in a fail2ban, just to catch anyone being sneaky

tepid patio
#

also I used Simple Analytics (cause I cared about privacy, and the creator is a mutual friend) which was £14 / month (it was rather nice, but far more expensive than literally any other competitor lol)

fast wraith
#

i recently got a vpn and forgot I set the wp-admin to only accept my certain IP address and had fun troubleshooting that one

tepid patio
#

wait i can show u my expensive month of my blog

#

that was because i got a lot of email subs and my email provider decided to automatically scale me

#

and i brought Ahrefs (£99)

fast wraith
#

lmfao thats mad

tepid patio
#

yeah i literally had a heart attack

#

i exported my email list and i havent even touched it since LMAO

#

I stopped caring much in 2020, my advertising platform started advertising crypto-scams which meant I couldn't justify the high pricetag (I removed them from my site) so I just stopped everything for the whole year, 2021 I'm tryna stay under £40 / month hopefully 😄

unreal hollow
#

Bee is just super popular

tepid patio
#

😅 I'm actually not, I just love writing a lot and I guess people want to read what I write haha 😄

#

That hasn't translated to social media fame, thankfully though

#

or unfortunately depending on how you see things

#

Actually, if you're interested in writing I have an article on it -- although I primarily ran my blog out of pocket so if you wanna make tons of cash don't look at me hahaha (but do look at IndieHackers, those peeps are experts) PS: this article is a giant mess as I just copied / pasted from Notion, it's primarily for my own use so sorry it's horrifically bad to read! https://skerritt.blog/blogging/

How to write a blog post

Everything I know about taking a blog from 0 views to 1 million views in 7 months.

fast wraith
#

bee just watching the analytics grow

glad hazel
tepid patio
#

tryhackme competitor

#

but for

#

universities

#

i think they're making it open to anyone though?

#

idk tbh

#

i applied for a job and they gave me that code

#

and its in their blog post too

glad hazel
#

I'm happy with THM 😄

tepid patio
#

Very great

#

Easily my fave place on the internet

rose stratus
#

Thansk bros :3

#

for what i need discord token :)?

ebon valve
rose stratus
#

Thanks @ebon valve ❤️

#

I come to suscribe to premium service ❤️

#

Good comunnity

ebon valve
rose stratus
#

@ebon valve ❤️

verbal siren
shut ferry
#

anyone have a tool that helps to identify and crack hashes? I tried hashcat and it dosent work for me for some reason ;-;

prisma bison
#

JohnTheRipper

shut ferry
#

I'll try that, thanks

tepid patio
#

Cool way to mass process data and get important details about it

azure widget
#

I just want something to mass process meta data and images for me

tepid patio
#

this does images 🤷

south marlin
# shut ferry anyone have a tool that helps to identify and crack hashes? I tried hashcat and ...

For identification use hashID : https://github.com/psypanda/hashID
(or outdated version hash-identifier : https://tools.kali.org/password-attacks/hash-identifier)
Based on the output find the # for your hash type in the hashcat manual and then use it with -m flag. (https://hashcat.net/wiki/doku.php?id=hashcat)
Or use JohnTheRipper and find the hash format here : http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats

GitHub
psypanda/hashID

Software to identify the different types of hashes - - psypanda/hashID

hash-identifier

Software to identify the different types of hashes used to encrypt data and especially passwords.

topaz gulch
#

Although bear in mind that they can only guess

azure widget
#

HashID low key sucks ngl

#

context

tepid patio
#

my implementation of Hash-Identifier is actually better

#

maybe I should release it

#

it still guesses

#

but at least it doesn't guess it's a Wattpad Hash before it guesses SHA-1 LMAOO

faint sluice
#

always a bubble bee never a bumble bee

balmy arch
shut ferry
fast wraith
#

cool service you can use to turn some old domains you have laying around into an e-mail forwarder
if someone ever asks for an e-mail its always fun to tell them its their name @yourdomain.com
https://forwardemail.net

The Best Free Email Forwarding Service for Custom Domains | Forward...

The best open-source and free email forwarding service for custom domains. We do not keep logs nor store emails. We don't track you. Unlimited aliases, catch-alls, wildcards, API access, and disposable addresses. Built-in support for DKIM, SRS, SPF, ARC, DMARC, and more. No credit card required.

sonic abyss
shut ferry
sonic abyss
#

Its a WIP but here is the github

shut ferry
#

thanks

tepid patio
#

The Ciphey of HashCracking™️

prisma bison
#

Bee

#

How much work have you done recently

tepid patio
#

on whatt?

prisma bison
#

HashSearch

tepid patio
#

oh

#

quite a lot

#

it actually runs

#

i just need to fix ur JTR func

#

and it'll be ready to ship 😄

prisma bison
#

Not my fault it's broken

#

JTR is stupid

tepid patio
#

i know it isn't

prisma bison
#

Stupid potfiles

tepid patio
#

ii might code my own hashcracker in rust or something that's accessible via an API

#

would be fun to explore GPU acceleration

prisma bison
#

I kinda want to start some projects once I'm finished

#

With coursework*

tepid patio
#

they are fun

prisma bison
#

I just need to improve my programming skillls

#

and give myself an objective.

tepid patio
#

only way to do that is to code!

#

you should try some competitive programming

#

gets the mind flowing

prisma bison
#

I was thinking about looking at outdated tools

#

Then picking the best programming language and bringing them back

tepid patio
#

oh

#

the username search thing

#

they suck

#

im 99% sure ii know how to fix their biggest bug

prisma bison
#

Haha

#

My base code worked

#

Calling John I mean

tepid patio
#

John

#

Hammond

#

👀

prisma bison
#

Yes

#

Call him

tepid patio
#

btw

#

interesting attack vector

#

would be solvable by implementing your own keyboard

sonic abyss
tepid patio
#

Ah, sure ❤️ I was doing it for Ciphey and because HashBuster was broken and uh, abused the ToS of companies 😅

#

DM me! 😄

sonic abyss
#

Yeah, I actually did it to because was fed up of hashbuster not working kekw

distant steeple
#

I finished a splunk room on the blue primer series and would love more. Are there any other resources on the net for hands on splunk?

sand mist
#

Splunk has free version that you can run at home and do all sorts of things with it. There are also docker images, and trial downloads that you can play with. They also have github repos with past Boss of the SOC (BOTS) competitions and data sets which is a jeopardy CTF. What kind of hands on are you looking for?

distant steeple
#

similar to the rooms i guess, a guided approach as im still learning about the splunk language etc. The answers you confirm are very helpful in guiding and making sure im on the right path etc

sand mist
#

Splunk Fundamentals 1 is a free training that is guided

#

They have a pretty robust community as well, keep an eye on Splunk Answers, there are lots of questions that get answered with sample data that is generated on the fly, and showcase various things that can be done with SPL

distant steeple
#

ok, many thanks for the help

balmy merlin
#

oh no

#

those pirated

#

@honest dock

honest dock
#

Done

glad hazel
sonic abyss
#

Canvas

glad hazel
#

How do I create my own? if you have link for tool or fro canvas?

tepid patio
#

Canva 🙂

#

you might like this

#

I make all my logos in Canva, but eventually I pay @quasi scarab to design me one 😄

glad hazel
#

Thanks Bee

fast wraith
#

Just got a new phone and wanted to get away from LastPass/cloud storage-based pw managers. Imported my .kdbx KeepassXC file and has been auto-filling/working really well on Android 10
https://github.com/PhilippC/keepass2android

GitHub
PhilippC/keepass2android

Password manager app for Android. Contribute to PhilippC/keepass2android development by creating an account on GitHub.

quasi scarab
unreal hollow
#

just your awesome skills

quasi scarab
tepid patio
#

I might have some more work to commission u for 👀

#

and i can afford it this time

#

with my fancy THM salary

quasi scarab
#

And I might have a bunch of time to gladly and willingly dedicate to you ❤️

azure widget
tranquil shuttle
azure widget
#

Hey awesome notes, just be careful you’re actually allowed to share everything in there... for example I aw an OSCP BoF which I know offsec doesn’t like and a few HTB machines which I think are all retired so that should be fine

tranquil shuttle
dusky lodge
#

Really awesome stuff @tranquil shuttle

#

These are yours ?

tranquil shuttle
#

Thanks a lott

tranquil shuttle
night ether
#

if offsec saw the bof prep room here i'm sure they'd ask for it to be taken down lol

tranquil shuttle
#

naah its a general Buffer Overflow room tbh but a very great herlp

night ether
tranquil shuttle
#

yup thats what i meant as well

#

its just basic bufferoverflows Offsec cant say that BoFs are to be taken down

night ether
#

well no but the program and the prompt are the same as the exam one

tranquil shuttle
#

i am not too sure i dont think so

fringe spire
topaz gulch
#

That's why it's no longer called "oscpbofprep"

tranquil shuttle
remote wind
tranquil shuttle
#

huh thats weird

#

updated the link check it out now @remote wind

remote wind
#

It just don't load

tranquil shuttle
#

hahahah thats soo weird

#

maybe try in a bit

#

as its working for me

sullen turtle
#

Damn, that's some pretty extensive notes

#

Cheers! @tranquil shuttle

tranquil shuttle
#

Thanks a tonn 😄

sonic abyss
#

👍 Awesome stuff

tranquil shuttle
#

Thaanks mahn

light crystal
#

@tranquil shuttle its amazing u spend a lot of time in it

remote wind
#

@light crystal is that opening for u?

light crystal
#

yes

remote wind
#

It's not opening for me 😭

dusky lodge
remote wind
#

Light10 and me

#

And i think @tranquil shuttle too

#

I visited his GitHub and go to the link from there

#

It's not same but anyway, notes are there lol

#

👍

unborn gust
light crystal
tranquil shuttle
tranquil shuttle
tranquil shuttle
craggy onyx
night ether
#

that's actually very very very useful ^ i currently work in a soc and see lots of alerts with those processes

#

so if you're looking for a soc role, familiarity with the processes in that document would help loads

craggy onyx
#

We'll have an upcoming room covering some of these processes thm 🥳

tepid patio
tepid patio
#

I found this

#

Quite cute to see a THM specific cheat sheet

sullen turtle
#

the timeless question

#

in pinned

#

uh

#

not off the top of my head

#

but I would try to install linux vm

#

so you get very fast at navigating the command line

#

one sec

#

there's a video on the file system

#

which is worth learning

#

ah nice, that's good

#

uh

#

I doubt you'll have to read the source

#

start looking into how programs are actually executed

odd quest
#

There are good books on Linux kernel programming

sullen turtle
#

then you could potentially progress to rootkits

#

and kernel level stuff

#

if you want to keep it hacking related

#

Yeah, you might need to build up to it

#

But try and get a deeper understanding of assembly etc.

#

it will provide a good grounding for linux and windows

odd quest
#

There are different architectures

#

Like ARM or x86

tepid patio
#

https://www.youtube.com/watch?v=-qsbORUW0jM&feature=youtu.be

YouTube
The XSS rat
How to “bee” an amazing hacker... picking the brain of THM staff an...

About Bee-san:

▶ Play video
#

👀

sullen turtle
#

👀

azure widget
#

What the heck

#

How did it go from 16 minutes to 15 hours

glad hazel
#

Bee you are amazing and always so helpful

#

Thanks

naive arrow
fast wraith
#

Someone who worked in hiring open-sourced a vulnerable web-app they used as part of a technical assessment in interviews
https://github.com/RamadhanAmizudin/lazyweb

GitHub
RamadhanAmizudin/lazyweb

This web application is a demonstration of common server-side application flaws. Each of the vulnerabilities has its own difficulty rating. - RamadhanAmizudin/lazyweb

glad hazel
#

Nice find 👆

light crystal
sonic abyss
topaz gulch
#

Nah, it's a resource

light crystal
#

jayy u always have some thing against me cri

sonic abyss
#

Can I post it in there anyway?

light crystal
#

sure

sonic abyss
#

Ty

gritty barn
dark mortar
haughty yarrow
#

can anybody recommend a guide for getting started with API testing, for somebody who already tests web? basically just want to get up to speed on any API-specific tools, bugs to look for, etc. that I should know

unreal hollow
#

postman has a lot on that

haughty yarrow
# unreal hollow postman has a lot on that

you mean the postman documentation has information on using it for security testing? I can't see that. or did you just mean I should look into postman as it's a commonly used tool for it?
edit - sorry, I maybe should have been clear in my question that I meant security/pentesting

lapis herald
shadow perch
unreal hollow
haughty yarrow
unreal hollow
#

If you know the structure of the api, you will want to research fuzzzing techniques then

haughty yarrow
# unreal hollow If you know the structure of the api, you will want to research fuzzzing techniq...

thanks. I assume there's more to it than just fuzzing though. that's why I'm asking if anybody knows any good guides which give a good, thorough overview of the tools/methodology, so that I have a plan for everything (or all the priorities anyway) of what I should research. rather than hearing about one thing here, another thing there.
like I say, I'm already comfortable with web testing. I assume there must be lots of people who've been in a similar situation and have shared info on what a web tester needs to get up to speed with to look at APIs

fast wraith
#

API testing - like most web testing - involves a fundamental understanding of the underlying technologies. I would begin with reading up on API frameworks like RESTful or SOAP and going from there.
Heck, look at what happened with Parler, all of that app data was exfiltrated via their API by simple fuzzing/IDOR techniques, nothing fancy at all.
https://swagger.io/docs/specification/2-0/what-is-swagger/
https://www.soapui.org/docs/soap-and-wsdl/

Get Started With SOAP and WSDL Testing in SoapUI | SoapUI

SoapUI, is the world leading Open Source Functional Testing tool for API Testing. It supports multiple protocols such as SOAP, REST, HTTP, JMS, AMF and JDBC. It supports functional tests, security tests, and virtualization.

haughty yarrow
glacial gazelle
#

just reposting this but

#

working on an install script for programs and services for ctfs/general hacking
and tools suggestions people have?
I've definitely missed tonnes

fast wraith
glacial gazelle
#

ah thank you, I haven't seen that from John before

#

what are the key differences between apt and apt-get, John switches between them at about halfway through the script

#

from what I can see online, it just looks like apt is the updated version and you only need to use apt-get for some features that haven't been implemented yet

fast wraith
#

eh no huge difference, some packages require backwards compatibility with apt-get while others use the preferred apt which will automatically grab newest packages

odd quest
#

apt and apt-get are the same

#

They do the same things

#

apt-get is the stable scripting interface

#

Apt is not

fast wraith
#

well according to the apt man page they are not exactly the same

odd quest
#

But your statement was not correct

#

They install packages the same way

#

There's no such thing as a package that installs with one and doesn't with the other, or installs differently

#

They both automatically grab the newest packages

tepid patio
#

Hey y'all! The free path was updated (thanks @balmy merlin @topaz gulch @hallow meadow @glossy blaze for help in choosing the rooms)

+ Shodan
+ RustScan Room
+ Hacker Methodology

https://blog.tryhackme.com/free_path/

PS: The Shodan room is updated 👀
https://tryhackme.com/room/shodan

TryHackMe Blog
What rooms should you do? A free guide for beginners

A free guided path for beginners on TryHackMe.com

TryHackMe
TryHackMe | Shodan.io

Learn about Shodan.io and how to use it for devices enumeration - is your coffee machine publicly accessible?

light crystal
jaunty raven
#

Yeah it's a good platform

tepid patio
#

Hey! I'm running a lil giveaway for THM vouchers.
https://twitter.com/bee_sec_san/status/1351594084633370637

It is self-promo, but not of paid content so idk if this channel is right?

Brandon (@bee_sec_san)

Let's run a little giveaway! 3x 1-month TryHackMe vouchers. To win, you must:

  • Follow me (so I can DM you) 😄
  • Retweet this 🐦
  • Reply with your favourite TryHackMe room! (I'll use this in a blog post, you'll get credit too ❤)

Winners will be selected on 20/01 at ~5pm UK! 💘

Twitter ·
glad hazel
#

Thanks bee I hope I win one lol

sonic abyss
copper cove
#

you forgot picoctf

remote wind
glacial gazelle
# 
The biggest CTF of 2021 so far, with over $5k in prizes, and random swag giveaways to teams (because let's be honest, who doesn't want free swag). 

Running from 23rd-30th of January at: https://ctf.offshift.io/```
light crystal
#

0/1771717177171

gaunt hollow
dusky lodge
#

@gaunt hollow That's your substack ?

gaunt hollow
prisma bison
glacial gazelle
#

sorry, it was my first published writeup so I didn't really know where to put it

prisma bison
#

Don't sweat it, no problem :)

glacial gazelle
#

how long do the admins normally take verifying the writeups?

prisma bison
#

It's not admins

#

It's room creators

#

And it's completely up to them whether they accept, deny or ignore it

glacial gazelle
#

Ahh right

#

Well Umair said it was great if I did one

#

so uh

#

my chances aren't too bad

topaz gulch
#

Which room @glacial gazelle?

glacial gazelle
#

Chocolate Factory

prisma bison
#

Has it been accepted or?

glacial gazelle
#

Not yet, Umair is going off on an adventure so his replies are pretty slow

topaz gulch
#

Soooo, the writeup you posted earlier as being approved is not approved?...

#

No, it isn't

#

Please don't release/promote writeups publicly until they have been accepted on the room @glacial gazelle

fast wraith
#

free training from the CISA

101 Coding for the Public
101 Critical Infrastructure Protection for the Public
Cryptocurrency for Law Enforcement for the Public
Cyber Supply Chain Risk Management for the Public
101 Reverse Engineering for the Public
Fundamentals of Cyber Risk Management
Don't Wake Up to a Ransomware Attack - 1 Hour
Introduction to Cyber Intelligence - 2 Hours
Don't Get Caught in the Storm - Protecting Your Cloud Assets - 1 Hour
Cyberessentials - 1 Hour
Cloud Computing Security  - 2.5 Hours
Foundations of Cybersecurity for Managers - 2 Hours
topaz gulch
#

For anyone interested in bored uni student coursework:
https://abertaycoursework.xyz
I may or may not have been bored enough to set up a site with mine 🤷‍♂️
Got some fun tools in there

#

You are most welcome @tepid patio ♥️

#

Don't know why the bot deleted your kind thank you message

jaunty raven
#

You got me :(

fast wraith
#

don't tell him it only emboldens his behaviour

glad hazel
#

What is this?

gaunt rain
#

does anyone of you know about a list or repo containing applications and the place and format they store credentials? I know that there are some metasploit post modules in post/<platform>/gather/credentials but I assume there are way more applications that store (user) credentials in an unsafe (reversible) way.

night ether
#

@gaunt rain i haven't looked at that module, but i assume that just gets all system passwords

#

however different applications such as apache will have for example .htaccess

#

but i'm not aware of any tool that has this functionality of searching all applications, i've been looking before

#

but if you run some enum script and gather all applications on the system you can manually go through each and google the location of creds

gaunt rain
keen field
#

is there any detailed resource available for metasploit's meterpreter commands
cuz i really can't understand what some of 'em means
write Writes data to a channel (what channel?)

fast wraith
fast wraith
velvet maple
fast wraith
#

85C according to the datasheet, i probably wouldn't rely on these things for production purposes but are perfect for prototyping stuff

velvet maple
#

also good for playing with as a digital toy.

keen field
odd quest
#

It's just a microcontroller?

#

Just get an ESP, they're super cheap and do micropython

#

And you can graduate to Arduino running on them if you want something better

#

Plus wifi and bluetooth

velvet maple
odd quest
#

8266 or 32

#

32 does bluetooth and is more powerful, 8266 is cheaper but only wifi

velvet maple
#

Interesting! Thanks, today I learn new knowledge.✨

topaz gulch
#

I really need to do more with my ESP. Haven't used it since first year of uni 😆

odd quest
#

Well, docs yes but 0 examples

topaz gulch
#

Ouch

#

Have fun

odd quest
#

Sans cheatsheet cheatsheet ftw

static veldt
#

Anyone got a wordlist of common linux commands that can be used for fuzzing a web cmd?

spark hedge
magic idol
#

Rangeforce has a special promotion going on right now for their Blue Team Battle Paths, $50 per path up to 3, usual price is $200/path. https://www.rangeforce.com If you are interested let me know I can put you in contact with the right person

Cybersecurity Training | Cybersecurity Skills | Cybersecurity

Build cyber resiliency with online, cybersecurity training programs including cybersecurity simulation modules and cybersecurity skills assessments.

fast wraith
#

@magic idol I think ill take you up on that offer, lmk

keen field
#

Here are some common ways to spawn a shell via installed Programming Languages:
Python:
import os; os.system("/bin/sh")
also
python -c 'import pty; pty.spawn("/bin/bash")'
&
python3 -c 'import pty; pty.spawn("/bin/bash")'
PHP:
exec("sh -i");
Perl:
exec "/bin/sh";
Ruby:
exec "/bin/sh"
Lua:
os.execute("/bin/sh")

If the awk command can be run, a shell can be spawned with the following:
awk 'BEGIN {system("/bin/sh")}'
The find command can attempt to spawn a shell with the following command:
find / -name foobar -exec /bin/sh \;

magic idol
#

Here is also a good one:

script -qc /bin/bash /dev/null

keen field
#

i've also forgot how text editors can run commands and scripts inside of them,
add 'em here too

cobalt thicket
untold valley
#

We all know how important it is to do enumeration on target machines so that we can choose our exploits wisely. So here is a small blog covering intro to enumeration with an example of SMB Enumeration. I'm learning and writing at the same time 🙂

Critiques are most welcome or even if you wanna collaborate

https://praddy2009.github.io/portfolio/blogs/Enumerate.html

Enumeration in Ethical Hacking

Let's learn about the importance of Enumeration in Cyber Security.

grim plume
#

Hi!
Does anybody know of some good resources to dive deeper into windows core processes?

craggy onyx
#

Did you complete the THM room on that topic? @grim plume

#

The definitive book on that is: Windows Internals Part 1: System architecture, processes, threads, memory management, and more, Seventh Edition by Yosifovich, Ionescu, Russinovich, Solomon.

fast wraith
#

Created a OSINT tool for Twitter! Needs API keys to work. Kronos is a simple bash script that will return a list of links containing people that your target is following, starting with the oldest first (history goes up to 1000).

https://github.com/Droogy/tools/tree/master/kronos

GitHub
Droogy/tools

Contribute to Droogy/tools development by creating an account on GitHub.

grim plume
#

@craggy onyx I’m working through it right now. Found it very interesting so that’s why I wanted to know if there are any resources to continue learning about it. Gonna have a look at the windows internals-book. Thanks!

light crystal
tepid patio
short sleet
#

@tepid patio Thankyou so much for keeping it updated 🙂

short sleet
#

ping?

night ether
#

pong

topaz gulch
#

@grim crown
A) Writeups go in #thm-community-media
B) please don't post writeups that haven't been approved by the creator. It's very disrespectful, and against our rules in here.

fast wraith
slender mirage
#

Join @shut ferry and I this Friday at 6 PM BST where we will be talking about how to harness your LinkedIn network to break into cyber!

Twitch link : https://lnkd.in/eCqNr7i

It will be recorded for YouTube as well if people can't make it.

Twitch
TechnicalCyberSolutions - Twitch

Infosec Recruiters working predominetly in the UK, EU, USA, Singapore and Australia

▶ Play video
topaz gulch
distant gust
#

Can anyone recommend a script similar to APTSimulator on GitHub? I'm trying to work on IR and forensic skills

#

I just need a somewhat realistic attack simulator to run against a VM

craggy onyx
distant gust
chrome zodiac
fast wraith
azure widget
#

virus tattle aint that right

#

bunch of snitches

magic idol
#

Nice script

fast wraith
#

thank you very much! (pls PR and make it better 😭 )

azure widget
#

dont use bash

#

thats how you make it better

#

bash good short term long term bweh

fast wraith
#

very true, been slacking in python - plan on re-writing my homebrew stuff with concurrency

pearl siren
magic idol
#

I was just using virus total a whole bunch doing the range force stuff. This could have been put to testing @fast wraith

#

Might actually redo it with your script, if you dont mind.

fast wraith
#

please go right ahead! just keep the api call limit in mind (4 per/min)

magic idol
#

I saw a good idea out there for a possible script. Potentially like a Yara rule generator :)

fast wraith
pearl siren
magic idol
#

Yara rules are simple in itself..but a script would be nice to plug and go

fast wraith
#

definitely, seeing lots of opportunity for scripting in blue team stuff

magic idol
#

I finished soc 1 capstone and things like iptables, fail2ban etc def could use some scripting

#

My brain is not big enough for that tho haha

azure widget
magic idol
#

Im the manual type of guy kekw

fast wraith
#

honestly just having a script that runs decent configs for all the usual suspects is more than enough, its easy to forget things when you're running through like 6 .conf files in a row lol

magic idol
#

I lack in that department, mainly due to not actually doing it

#

I feel like its faster to do stuff manually, especially when you are jammed for time

fast wraith
#

true, if you know what you're looking for a good one-liner is all you need which is why i've been leaning on bash so much lately

pearl siren
craggy onyx
glass mulch
night ether
fast wraith
prisma lodge
#

Does anyone know of a CTF or virtual labs for ICS (OT) environments?

hushed estuary
fast wraith
#

great video on tshark usage and monitoring - shame these SANS videos don't get more love

#

https://www.youtube.com/watch?v=ikhKUylOJCw

YouTube
SANS Blue Team Ops
Full Packet Capturing with TShark for Continuous Monitoring & Threa...

Living in a world in which you have to assume breach, makes the thought of detecting threats more antagonizing. Compounding this agony, is a world in which we have a global pandemic and the threat actors are looking to take advantage of one of humans' most recent calamities. Since threat actors do not take time off matters the season or pandemic...

▶ Play video
trim pier
#

hiya
has anyone found any active exploits or been able to exploit CVE-2021-3156 (the sudo cve for privesc)

odd quest
#

No PoCs yet.

trim pier
#

ok thank you for update
i was unable to find any also so just confirming

serene coyote
#

https://securityaffairs.co/wordpress/113900/hacking/sudo-vulnerability-cve-2021-3156.html

Security Affairs
Heap-based buffer overflow in Linux Sudo allows local users to gain...

CVE-2021-3156 Sudo vulnerability has allowed any local user to gain root privileges on Unix-like operating systems without authentication. Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system. sudo is a program for Unix-l...

#

There is a video of a poc.

azure widget
shut ferry
#

Yo

light crystal
fast wraith
#

good twitter thread for port-forwarding/tunneling tricks
https://twitter.com/infosec_scarlet/status/1354528499105636353
TLDR for those without Twitter

Local Port2Port
Open new Port in SSH Server --> Other port
    #Remote port 1521 accessible in port 10521 from everywhere
    ssh -R 0.0.0.0:10521:10.0.0.1:1521 user@10.0.0.1
    #Local port 1521 accessible in port 10521 from everywhere
    ssh -R 0.0.0.0:10521:127.0.0.1:1521 user@10.0.0.1

Port2hostnet (proxychains)
Local Port --> Compromised host(SSH) --> Wherever
    ssh -f -N -D <attacker_port> \   
        <username>@<ip_compromised>

SSHUTTLE
You can tunnel via ssh all the traffic to a subnetwork through a host.
Example, forwarding all the traffic going to 10.0.0.1/24
    pip install sshuttle
    sshuttle -r user@host 10.0.0.1/24
    
METERPRETER
    portfwd add -l 80 -r 172.16.0.0 -p 80

NCAT PORT FORWARD
    mknod pivot p
    nc -l -p < port to listen on> 0<pivot | nc 1>pivot
    
REMOTE PORT FORWARDING
    ssh -N -R 10.10.1.1:4455:127.0.0.1:445
    attacker@10.10.1.1
    
Socks5 with SSH
    ssh -N -D 127.0.0.1:8888 admin@10.1.1.1
    
DYNAMIC PORT FORWARD
    ssh -N -D 127.0.0.1:1337 user@remotehost -p 8888
    
NCAT HTTP PROXY
    ncat -vv --listen 3128 --proxy-type http
    
SSH GRAPHICAL CONNECTION (X)
    ssh -Y -C <user>@<ip> 
    #Y is less secure but faster than -X
Infosec Scarlett (@infosec_scarlet)

I have seen a lot of #pentesters struggle with tunneling and port-forwarding concepts. All #hackers should definitely understand these concepts for successful tests.

This thread is dedicated to Tunneling/PortForwarding tricks.

#infosec #pentest #tunneling #security #bugbounty

Retweets

584

Likes

2017

Twitter ·
odd quest
#

sshuttle > all

tepid patio
fast wraith
#

Is that a THM community newsletter? would be nice to contribute to something like that @tepid patio

fathom bear
#

Hey someone know good resources to learn socket with python?

tepid patio
tepid patio
fast wraith
#

gotcha, well if theres any interest in a THM newsletter count me in - ill reach out to her as well

tepid patio
#

So the cats out of the bag! I've released a new tool with help from @sonic abyss @night plinth !

🔥 Introducing Name That Hash - Modern Hash Identification system with popularity ratings, Hashcat, John, and descriptions.

GitHub: https://github.com/HashPals/Name-That-Hash
Web App: https://nth.skerritt.blog/
Twitter Announcement: https://twitter.com/bee_sec_san/status/1355500939881406464

GitHub
HashPals/Name-That-Hash

Don't know what type of hash it is? Name That Hash will name that hash type! - HashPals/Name-That-Hash

Name That Hash

Name That Hash

Brandon / Bee (@bee_sec_san)

🔥 Introducing Name That Hash - Modern Hash Identification system with popularity ratings, Hashcat, John, and descriptions.

The little secret project I've been working on for weeks with @q8fawazo @Jayy_2004 @OrielOrielOriel and more!

https://t.co/SWDr5Wu7DF https://t.co/Uyu4Mrmm4S

▶ Play video
Twitter ·
sonic abyss
#

👀

tepid patio
#

Special thanks to @sharp aspen @sand schooner @night ether @hushed estuary @fast onyx @hallow meadow @thin dagger for testing and feedback 😄 ❤️

hushed estuary
#

Gj

prisma bison
#

:<

tepid patio
# prisma bison :<

you're getting thanks in the next tool release which is probably a couple of days

sonic abyss
#

@prisma bison

thin dagger
glad hazel
#

Oh is it in python?

#

I thought bee will make something using rust LOL

#

Looking good though. Thanks bee and all the contributors

tepid patio
sonic abyss
vast moat
#

Hey everyone, I made a tool that generates reverse shells with supplied args. Never leave the browser again!

https://github.com/djjoa/genshell

GitHub
djjoa/genshell

Genshell: The atomatic copy-and-paste oneline reverse shell generator. Just add args! - djjoa/genshell

gritty barn
dim marlin
#

I remember there was a free path blog for tryhackme which recommended free room. Anybody have the link for it?

#

nvm I found it

prisma bison
#

!docs free-path

fast onyx
vast moat
vast moat
gritty barn
sonic abyss
magic idol
azure widget
dark mortar
#

DEDMAP Alpha Version 1.1 is out!!🔥🔥 Go check it out 👇🏻https://7Ragnarok7.github.io/DEDMAP
What's New in this Update :-
-Lots of Bug fixes
-Major Code and Performance optimization
-Great Improvement in port scanning speed.
-Drastically reduce Space and Time Complexity
-New slick seamless installer❤️
-Patched to Natively support all android devices🔥🔥
❤️
And guess what? With this new update it defeated Nmap in port scanning speed! (POC in the video below)

It beats Nmap even in its Infamous Stealth Scan mode with superuser privileges!!! All of these without even introducing multithreading in the tool yet🔥

Do use the tool and share me your feedback after using it. :) I will continue developing it. Also, it would be great if you can star the tool on GitHub and share it if you liked it 😊 ..as it has very low reach to people as of now. I will add awesome new features to this tool in near future 🙃

📎 VID_20210201_001345.mp4 📎 Screenshot_2021-01-31-23-27-57-881_com.termux.jpg
DEDMAP
DEDMAP

A Simple but Powerful cross-platform port & network scanning and automation tool made in python.

sonic abyss
#

Might be easier then recording with your phone 🙂

#

Other then that, looks great!

dark mortar
remote wind
#

Is it approved write up?

prisma bison
#

@next marlin Is that approved?

#

(If you do not respond within 5 minutes, I am going to delete it)

#

Submit it to the room in the writeups section

clear tree
#

Click on the Writeups tab in the room and then click Add Writeup

#

it will be reviewed by the room authors

remote wind
tepid patio
#

Rizin is a Radare2 fork by the creators of Cutter 🙂 https://rizin.re/

Rizin
Rizin

Rizin is a free and Open Source Reverse Engineering Framework

prisma bison
#

ooo

odd quest
#

@frigid jacinth Please only post actual resources

azure widget
untold herald
#

Any recommendations to learn basic stuff of os and windows os and linux(rgt now iam learning it from linuxjourney.com,any further recommends are welcome) in the perspective of cybersecurity.

frozen horizon
untold herald
frozen horizon
#

well that should be most of the basics, as you go on to do more cybersec rooms on THM it should further develop your understanding if you run into problems

#

for windows, not sure if there are similar rooms, maybe one on powershell

odd quest
#

OverTheWire for linux

untold herald
#

Like how to learn it from core.

untold herald
# odd quest OverTheWire for linux

Iam doing it rgt now...but before going to start powershell...i want to learn abt event logging,user management,sec. auditing and file system hierarchy in windows os...

odd quest
#

I listed two

untold herald
#

But before learning powershell..it's better to learn the basic stuff of windows os...rgt??..

odd quest
#

Powershell is a language

#

You can learn it

jagged tiger
#

Learning about the OS, you will have to interact with it in some way. On windows, one of the most common ways to interact with Windows is PowerShell. Skipping PowerShell, in my mind, is very similar to wanting to understand Linux without learning bash (or another shell). It's possible but increases the lift substantially.

odd quest
#

They're asking the opposite

jolly apex
#

Introduction to Windows is what you are looking for @untold herald

#

Its a room on THM

mystic jetty
#

Can anybody tell me the efficient way for learning the SQL injection?