I'm confused from where to start
#resources
full vapor
https://portswigger.net/web-security/sql-injection Probably the best resource to get your head around SQLi
mystic jetty
Thanks @full vapor
weary sluice
https://www.udemy.com/course/automate/
thanks ❤️
fast wraith
neat little tool https://privnote.com/#
gritty barn
neat little tool https://privnote.com/#
there's this one too: https://onetimesecret.com/
tepid patio
You'll love Nill's take on DNS too!
magic idol
Yet another bof resource. This one was well explained https://github.com/johnjhacking/Buffer-Overflow-Guide
thin dagger
https://www.youtube.com/watch?v=zyud11pz40s
I actually found that channel super interesting, thanks for sharing
remote wind
crimson thunder
https://www.freecodecamp.org/news/the-docker-handbook/
updated for 2021
tepid patio
Does anyone have UTF-8 RockYou? 🙂
Not the multiple-encoded weird ucky wucky file that Kali comes with 😄
tribal gull
@tepid patio you should be able to convert it with iconv -f ISO-8859-1 -t UTF-8 /opt/wordlists/rockyou.txt > /opt/wordlists/rockyou_utf8.txt
obv with changed paths if
tepid patio
@sonic abyss did u try that
hushed estuary
same file size makes sense, as you're going from an 8-bit to an 8-bit encoding
sonic abyss
same file size makes sense, as you're going from an 8-bit to an 8-bit encoding
yes, its good because when I tried it before it gave me a wayyy smaller file size 😛
hushed estuary
that would indicate a problem
fast wraith
really cool project/talk I just saw at CactusCon about managing Vulnhub VMs with Vagrant and Virtualbox - makes it dead simple to boot up any box from VulnHub
https://www.youtube.com/watch?v=7hHA3zHEnDE&feature=youtu.be
tepid patio
Are you sure Lockheed has PrivEsc? Whenever I've done defence company CTFs they've always been web-based or stupid stego challenges 😛
Are you in a team too?
try this room
it combines a bit of everything
but not super in depth
tepid patio
fwiw I don't think you can do everything in Muirs list, especially with not much prior cybersec experience. I would advise doing the first few tasks of each, and then whatever you find hardest do the complete room on that. That's literally how I did my degree hahahaha
faint sluice
I don't know what you are reading but this says a list of things that would be good to know including "Tools included in Kali Linux" https://www.lockheedmartin.com/en-us/who-we-are/communities/cyber-quest/cyber-quest-official-rules.html
frosty knoll
anyone know any web apps for download which are specifically for testing XXE vulnerabilities?
glacial gazelle
you could work through portswigger's lab @frosty knoll
frosty knoll
Yeah that's the best resource on the web for it but sadly I need to be able to look at the source code to further analyse it and they dont allow this 😦 @glacial gazelle
so Ive been searching around to see if anyone has implemented XXE vulnerabilities into a downloadable web app such as DVWA or bWAPP
gritty barn
Yeah that's the best resource on the web for it but sadly I need to be able to l...
you could look at barker but that is a paid service
honest dock
https://github.com/Swafox/tryhackme-gui
TryHackMe GUI app just got updated! It now supports all platforms including Windows, Linux and MacOS. Fast performance and clear interface included :)
I am open to any suggestions/ideas
gritty barn
i am not entirely sure to be fair, you might want to drop him a message and ask?
https://www.bugbountyhunter.com/membership/
glacial gazelle
ahh right
there's a lab I saw
I can't remember if that included the source code for the labs
frosty knoll
thank you very much I'll check this out
white pivot
If anyone ever had a curiosity of diving deep on why gets is vulnerable: https://github.com/D4mianWayne/PwnLand/blob/master/BufferOverflows/gets.md
sonic abyss
So apparently pentesting monkey is down
https://alamot.github.io/reverse_shells/
Alright alternative
gritty barn
So apparently pentesting monkey is down
https://alamot.github.io/reverse_shell...
i think this one is better: https://www.kitploit.com/2021/01/hack-tools-v030-all-in-one-red-team.html?utm_source=dlvr.it&utm_medium=twitter
light crystal
So apparently pentesting monkey is down
https://alamot.github.io/reverse_shell...
pentest monkey is down a lot of times
balmy merlin
there is something for google drive?
What do you mean?
halcyon narwhal
What do you mean?
github
balmy merlin
What? You haven’t gave any context on what you mean or what you’re trying to do
halcyon narwhal
to know if my google drive is vulnerable
magic idol
https://github.com/Swafox/tryhackme-gui
TryHackMe GUI app just got updated! It ...
What is this sourcery? :)
honest dock
My sourcery 😄
scarlet schooner
https://www.cybrary.it/course/advanced-malware-analysis-redux
Is free for this month. Seems good so far.
sonic abyss
Cybary is great
faint sluice
people seem to have very mixed reviews of Cybrary, I've never used it
unreal hollow
they have good resources, a good variety too but not much of it is free
craggy idol
rustic coral
tepid patio
One of my friends works on Amplify, looks absolutely amazing tech 😄 https://townhall.hashnode.com/announcing-aws-amplify-hackathon-on-hashnode
tepid patio
Name-That-Hash hit 1.0.0 and as such is considered stable 😄 I also added Base64 decoding for encoded hashes, fixed some file input stuff and more 😄 🥳
pastel pier
gritty barn
https://youtu.be/xmeO2wQzfbY explanation of hashing from a Napier University teacher
keen field
fast wraith
SANS OSINT summit is going on rn https://www.sans.org/account/summits/65185
fast wraith
slide deck from "OSINT Google and Social Networks Hacks"
chrome geyser
SANS OSINT summit is going on rn https://www.sans.org/account/summits/65185
I see we get a cert today when done....do they email to all zoom participants do you know ?
unreal hollow
I see we get a cert today when done....do they email to all zoom participants do...
usually you have to sign up for the "event" and they track it that way
chrome geyser
ok great Iv done that 🙂
fast wraith
I see we get a cert today when done....do they email to all zoom participants do...
hmm, I'm not sure. can you show me where you see that we get a cert?
chrome geyser
ok found the bonus hour from yesterday on my profile
I think the complete one will come in 10-14 days I see
CPEs & Certificate of Completion
You will receive 12 CPEs for attending the Open-Source Intelligence Summit live. Your Certificate of Completion and CPEs will be issued within 10 to 14 days of the Summit's conclusion. Currently, we are not able to issue CPEs to those that view the Summit recording.
Summit Program Details
on portal
fast wraith
aha okay, so it looks like SANS issues CEU certificates for these webcasts on your SANS profile
btw todays talks look so good!
sage sphinx
I must be stupid, but even after registering to the event and joining their slack, I failed to find the webinar link. ^^
fast wraith
Click on your name after signing in to SANS website (top right of screen) -> under 'My Online Training' select 'Summit Access' -> Join Summit
doesn't start for another 30 minutes
tepid patio
mild viper
https://medium.com/bugbountywriteup/evade-avs-edr-with-shellcode-injection-159dd...
😎 👍
cursive cloud
A curated list of CTF frameworks, libraries, resources and softwares:https://github.com/apsdehal/awesome-ctf
tepid patio
@cursive cloud posted to the sub 😄
cursive cloud
Hm?
tepid patio
that github repo
they don't take new PRs tho
I submitted Ciphey back in August hahaha
cosmic sinew
Free with code: FEB2021
David Bombal CCNA
https://www.udemy.com/course/cisco-ccent-icnd1-100-105-complete-course-sims-and-gns3/
scarlet schooner
@cosmic sinew ayyyyy thanks! I was just looking at getting that
humble kelp
Free with code: FEB2021
David Bombal CCNA
https://www.udemy.com/course/cisco-cce...
U watch that guy to? Nice
full vapor
fringe spire
full vapor
For more advanced stuff I play with PacketTracer and WireShark
fringe spire
example of a udemy course def would be a udemy course 🤷♂️
fringe spire
Free with code: FEB2021
David Bombal CCNA
https://www.udemy.com/course/cisco-cce...
This one isn't anymore.
full vapor
I used it earlier, like ugghh 9 hrs ago? Has it gone now?
fringe spire
coupon expired
full vapor
I was lucky then xD
fringe spire
south marlin
coupon expired
It was valid for 1000 people.
fathom bear
Hi what do you guys think on this web: https://www.hackerrank.com/dashboard, If I want to learn more about C and I have a basic knowledge?
tepid patio
Hi what do you guys think on this web: https://www.hackerrank.com/dashboard, If ...
its good!
we have more resources in #programming
i personally do not like HackerRank
I use BinarySearch
but its all the same 🤷
fathom bear
Thx
keen field
finite lichen
http://thechallenge-aks.hopto.org/whatisdis
A basic js challenge I just wrote
(There are easier challenge if you leave out the /whatisdis)
glacial gazelle
@finite lichen ill try speedrun it :>
gritty barn
Hosted in Scotland but available to everyone as this year we are going virtual. Over 100 events available to suit a wide range of audiences and we would welcome virtual attendees from across the UK and why not its the benefit of the internet.
Https://cyberscotlandweek.com/events (https://cyberscotlandweek.com/events)
Cyber Scotland Week is going live a week today! Our mission is to educate, support and enable businesses, organisations and individuals to protect themselves online. Starting on Monday 22nd Feb and running to Friday 28th, there are a series of virtual events designed to ensure you are cyber aware and secure online. With £190,000 a day in the UK being lost through cyber crime we need everyone to play their part in helping us tackle cyber crime.
A great way to do that is to sign up to one of the +100 events available during Cyber Scotland Week. Come along and educate yourself, then take action to protect yourself and your organisation.
We have some fantastic events including those for novices so there is an event for everyone. You can also find a range of industry related events:
Business (https://cyberscotlandweek.com/event-database?category=Business)
Individuals (https://cyberscotlandweek.com/event-database?category=Individual)
College/ University (https://cyberscotlandweek.com/event-database?category=College+%2F+University)
Schools (https://cyberscotlandweek.com/event-database?category=Schools)
Community learning (https://cyberscotlandweek.com/event-database?category=Community+Learning)
Industry (https://cyberscotlandweek.com/event-database?category=Industry)
Public Sector (https://cyberscotlandweek.com/event-database?category=Public+Sector)
Third Sector (https://cyberscotlandweek.com/event-database?category=Third+Sector)
Help us tackle Cyber Crime by learning how you can protect yourself online and stay secure.
https://cyberscotlandweek.com/events!
topaz gulch
(May or may not be building some TryHackMe stuff for that ^^)
sonic abyss
tepid patio
verbal siren
Is there a website where you can signup and receive vulnerability email notifications, but only specific to software/hardware you use? For example I just want to received vulnerability notifications for just MySQL and PHP.
fast wraith
idk about getting notifs for specific things, but sounds like you'd want to be in a CVE newsletter or subscribe to some threat intel feeds
jagged tiger
I'm sure there is a way to configure an RSS feed for that, if that's still a thing
Otherwise, NVD and other databases probably have a mailing list
south marlin
Is there a website where you can signup and receive vulnerability email notifica...
Check out Script 3 <CVE List Generator> and try to modify it.
dark mortar
light crystal
edgy plank
night ether
for people implementing active directory :)
https://activedirectorypro.com/best-practices/
azure widget
tepid patio
TCM Course Giveaway on the subreddit 😄 https://www.reddit.com/r/tryhackme/comments/lmsatg/giveaway_thecybermentors_super_bundle_practical/
limber solar
where i can learn pwn & reverse from scratch
gritty barn
where i can learn pwn & reverse from scratch
read the pins. there is definitely something there
balmy prawn
where i can learn pwn & reverse from scratch
Check this out "pwn.college" it's pretty awsm
light crystal
limber solar
Thanks @balmy prawn @light crystal
lethal shuttle
Hi
Any one has documents or resources on how to analyse the incidents of different types like malware, phishing etc
fast wraith
some good cheatsheets in here, specifically the "Digital Forensics and Incident Response" section may be of interest
tepid patio
Weekly CyberSec News Recap!
https://www.reddit.com/r/tryhackme/comments/lngm4v/weekly_news_recap_from_cyberspace/
night ether
for people who wanna learn dns in depth (which i highly suggest), here are the best resources i've found and used
ivory knoll
hi , every time i run apt-get update the deb http://ftp.harukasan.org/kali fail is it important or can i just remove it
prisma bison
Not related to resources ^ ask in #infosec-general or #general
fast wraith
small QoL change in Kali https://twitter.com/kalilinux/status/1362815232553476103
tepid patio
I'm being interviewed! 😄 https://www.twitch.tv/cyber_v1s3rion
stoic sun
shut ferry
Hey! On my journey through networking I found pretty cool IPv6 blog. They have other categories too. I think it is worth to take a look: https://blogs.infoblox.com/category/ipv6-coe/
patent shard
the website works on ipv4
patent shard
What is that?
restive ferry
guys, noob cs student here, can someone recommend begginer resources on pentesting? like a book or smth
prisma bison
What are you looking for exactly? Any particular area?
restive ferry
i really don't know
something to understand the basics, tools etc
i don't have previous experience on pentesting, but i'm a cs student and know programming and computer basics
prisma bison
Programming isn't the same as hacking
prisma bison
TryHackMe
This site is packed with resources and machines for you to interact with and learn about 
storm ether
If you want more structure TheCyberMentor has a good, somewhat recent YouTube series for pentesting zero to hero
prisma bison
TryHackMe is free and here is the Cyber Mentor course introduciton: https://www.youtube.com/watch?v=qlK174d_uu8
restive ferry
ok, thanks alot!
waxen lodge
any good resources on OSs in general?
fast wraith
John Strand is doing "pay what you can" training (usually $500)
https://register.gotowebinar.com/register/3559987064714262542
light crystal
https://www.udemy.com/course/project-development-using-java-for-beginners-2020/?couponCode=FOR_TECH_STUDENTS if anyone interested
prime sable
azure widget
https://github.com/oldkingcone/slopShell
I was going to compliment your shell and contribution to the community but the read me is extremely disrespectful and in some sections confrontational. I wouldn’t recommend anyone use this tool for that alone
glacial gazelle
prime sable
so youre talking about the 1 singular line that says:
WIN: install the php msi, and make sure you have an active postgresql server that you can connect to running somewhere. figure it out.
if thats the case, thats a real weak reason to condemn a well developed tool. I am sorry that you feel words are that impactful from faceless devs on github.
azure widget
you seem arrogant so I’m just going to drive you through the floor where as I wasn’t going to before
Do not abuse this shell, and get a signature attached to it, this is quite stealthy right now since its brand new.
prime sable
it has a signature, because i submitted it to vt
azure widget
If you have enjoyed this script, its is obligatory that you follow me and throw a star on this repo... because future editions will have more features(or bugs) depending on how you look at it.
azure widget
The entire tone of the read me was disrespectful, condescending, and confrontational. I again would not recommend anyone use it for that fact alone
prime sable
kind of what you were doing when you felt the need to condemn my tool?
rather elitist of you.
and rather bold to assume i would care what you think.
fast wraith
nice little list I need to work through
https://twitter.com/securibee/status/1364603065261826048
dusky lodge
Nice tool @prime sable
We've all started off as noobs sometime (Whether it be at grammar or coding)
tough glade
try this guys
patent shard
👍
sonic abyss
@sturdy shell I heard you were making a room on phone forensics (correct me if im wrong 😅 ) - https://infosecwriteups.com/automated-mobile-application-security-testing-5b104d88b26
fast wraith
powerful Task Manager alternative for Windows
https://processhacker.sourceforge.io/downloads.php
azure widget
ProcMon over Process hacker
process hacker is really just nice because you don’t need special privs but most of the functionality is dead without privs
tawny stone
I made a reverse shell spawner for koth with a few tricks:
* Randomized process names.
* Forks into `n` processes, all detached from your pts
* Written into RAM by a dropper script, doesn't use a temp file.
* Forks on SIGTERMs.
glacial gazelle
it's a pretty cheeky script let me tell you that, as long as Naughty or Holmes don't look in this channel we should be good ^^
prisma bison
it's a pretty cheeky script let me tell you that, as long as Naughty or Holmes d...
Hm?
dusky lodge
I made a reverse shell spawner for koth with a few tricks:
```
* Randomized proc...
Damn. This is very crafty
light crystal
Please let me know if i shd add/remove anything else
spiral zodiac
I made a reverse shell spawner for koth with a few tricks:
```
* Randomized proc...
@fringe spire @prime mantle 😇
prime mantle
Interesting
Gave it a rough read, I can think of few lines that will break your script
sonic abyss
Good job kid 🙂
light crystal
Good job kid 🙂
thanks Jayy
sonic abyss
Some great resources on there
light crystal
light crystal
i shd add any more?
sonic abyss
hearty pecan
Hey all i`m going through the rooms in THM in a view to getting into Bug Bountys I am finding though once I have completed a room I dont really retain what I have learned do you make notes regarding stuff you may have learned or figured along the way
tepid patio
This week in cyber security https://www.reddit.com/r/tryhackme/comments/lsye78/its_friday_its_time_for_a_weekly_cyberworld_news/?utm_medium=android_app&utm_source=share
PS: we also have InsiderPHD AMA!!! https://www.reddit.com/r/tryhackme/comments/lt64zh/ama_katieinsiderphd_parttime_educational/
regal mason
https://github.com/Aksheet10/Cyber-security-resources
👍
shut ferry
Can someone suggest some resources for sql injection.
simple juniper
Can someone suggest some resources for sql injection.
shut ferry
https://portswigger.net/web-security/sql-injection
Thank you 👍
tepid patio
Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Added 3.9 support & fixed a bunch of bugs in preparation for the big 6.0.0 release 🙂
jade sable
Can someone suggest some learning resources about Active Directory (and abusing it) besides of what there is on THM?
fringe spire
Check TCM's udemy course?
velvet maple
Black Hat USA 2020 is published on YouTube.
https://www.youtube.com/playlist?list=PLH15HpR5qRsXE_4kOSy_SXwFkFQre4AV_
night ether
Can someone suggest some learning resources about Active Directory (and abusing ...
lots and lots of active directory here: https://adsecurity.org/
jade sable
Thanks @night ether @fringe spire , I'll check it out
light crystal
lots and lots of active directory here: https://adsecurity.org/
and thats going in my resources thanks
fast wraith
Can someone suggest some learning resources about Active Directory (and abusing ...
Two free tools for AD testing:
Ping Castle: https://www.pingcastle.com/download/
Bloodhound: https://github.com/BloodHoundAD/BloodHound
sonic abyss
@honest dock
honest dock
<3
sonic abyss
tepid patio
Announcing Search-That-Hash, search Hash Lookup APIs before attempting to automatically crack in HashCat. Speedruns TryHackMe's Crack the Hash room in 2.13 seconds 😉 https://github.com/HashPals/search-that-hash
real time btw
leaden lynx
Announcing Search-That-Hash, search Hash Lookup APIs before attempting to automa...
is it in kali repos?
leaden lynx
yeah the site it makes request to is down
or something else is running
@tepid patio another database for you
leaden lynx
i made a list of all urls that the old script uses
some of them are down
some of them still works
sonic abyss
leaden lynx
md5.my-add.com is also there
sonic abyss
Feel free to make a PR if any of them fit the requirements 🙂
leaden lynx
🙂
tepid patio
put this into docs pls
tepid patio
but mostly all of them are broken
ours cant break until i go bankrupt
sonic abyss
~~ours cant break until i go bankrupt~~
yes cough buy bee a burrito so he dont go bankrupt cough
leaden lynx
👀
tepid patio
~~yes cough buy bee a burrito so he dont go bankrupt cough~~
my contract at my job says you cant do that lol
leaden lynx
leaden lynx
some of them still works
only 5 of them works
http://hashcrack.com
http://md5.gromweb.com
http://md5.my-addr.com
http://password-decrypt.com
http://www.cmd5.org
Hashcrack doesn't and the rest of them we have 😆
tepid patio
@leaden lynx this is exactly why we run out own hahaha
tepid patio
should ask kali to remove that one and update yours in tools?
good idea!!!
leaden lynx
👍
but i think kali uses gitlab
🙂
feroxbuster got added to kali repos
tbh i want your tools in kali 2021.2
tranquil shuttle
Found this resource its basically notes for almost all languages should help out to make scripts and so on: https://books.goalkicker.com/
dusky lodge
Found this resource its basically notes for almost all languages should help out...
Good stuff. Taking React and CSS Notes for later 😄
tranquil shuttle
yess they are preety good indeed
full vapor
https://csc.docs.microsoft.com/ignite/registration/March2021
Got a 1 free token(~£120) for taking a cert when you complete a course.
twin hollow
https://www.youtube.com/watch?v=1Fn_mhBzMkQ A good case study of hacking by seytonic .
shut ferry
waxen lodge
anyone got a book on mobile pentesting? can't seem to find much
craggy onyx
anyone got a book on mobile pentesting? can't seem to find much
Check the Bookclub channel:
#bookclub message
lime gorge
any resources for malware dev???
fervent summitBOT
TryHackMe
lime gorge
@tepid patio thank you 🙂
torn ice
hello, any resources for IPhone / iOS security research?
spiral zodiac
scarlet schooner
@full vapor Nice! I was just looking at Security Ops Analyst.
[] Sign me up for content updates, personalized recommendations, helpful tips, and more! Privacy Statement.
Please agree to the privacy statement.
That's an interesting privacy statement.
fast wraith
nmap script to check for new Exchange vulns
https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange.nse
gentle shuttle
https://github.com/watchdog2000/lxd-group-auto-exploit - auto exploit script with all dependencies for LXD group
sonic abyss
We have officially released!!
Introducing Search-That-Hash, Tired of going to every website to crack your hash? Search-That-Hash automates this process in less than 2 seconds. No need to know the hash type, Search-That-Hash uses NTH to get accurate results on the hash type! 🔥
torn frost
Hello everyone, if anyone need some networking resources for ccna/ccnp or you just want to better understand how networks work, feel free to ask me or pm me
(network admin here)
maiden smelt
hey guys just wanna ask what's the INE experience, and do you recommend it?
maiden smelt
so I am a full -time student who also works
and i think before INE was like 2000 dollars but now I think it dropped to 800?
and I wanted to learn all the cyerb security courses and some of the networking and clouds courses on there
2000dollars was way too much
but 800 dollars is def more of a acceptable price
torn frost
yeah, currently is at 749 p/year
maiden smelt
yeah have you used it?
torn frost
i have a subscription with them, and from what i can say, i am pretty happy with it, if you gonna give them that amount of money, be sure to focus on the topic that you're learning
maiden smelt
I see
torn frost
i can recommend the following:
CBTNuggets
INE
Udemy - just for a specific topic as for new begginers
And books obv
torn frost
are you planning to take a cert?
torn frost
which one?
maiden smelt
rn I wanna take
torn frost
do INE have those? or are they just lectures
i've never downloaded anything, just watched the videos and tried to mirror everything myself on packet tracer e.g. since i was taking my ccna course
torn frost
regarding eCPPT i cannot speak personally, try to find if they have something related to that
maiden smelt
I see, I also wanted to take some of the cloud courses
torn frost
I see, I also wanted to take some of the cloud courses
this, i'm almost 100% sure that they have something with this
aws?
maiden smelt
more of azure rn
sorry for one more question, so with premieum I will have access to all contents riht?
from all topics/
?
honeslty this is way more tempting than OSCP for me....
maiden smelt
i see
thanks!
I think i will go ahead to buy mine
any more suggestions/tips? plz
torn frost
well, try to find a good book if you are like me who always need books
since i have a background in networking, make sure to understand how the internet works, it helps a lot when learning something
otherwise, just have fun! 😄
maiden smelt
sounds good thanks
I am still reading the books bundle I got from hunble bundle months ago
it was like 10 dollars for 10 books or something
fast wraith
I vouch for INE, lots of content there but make sure you get full labs access, that makes it worth it imo
south marlin
I would love to see a month subscription option with access to everything from INE. If somebody wants to do just one cert, i don't think the annual is worth.
south marlin
labs are included only in the premium (year) subscription.
night ether
ah that is sad
maiden smelt
yeah I just went ahead and purchased the premium.
monthly sub is just not worth
plus I see a lot of interesting contents in there for me.. And I am telling myself
750 with all that contents or 1400 for OSCP
fast wraith
nice, maybe we could make a study group if there's anyone else, I'm working through THP at the moment but finished most of the stuff from PTP
hexed sable
Anyone have any good resource for "beginner-ctfs" ?
gritty barn
picoctf?
faint sluice
are you looking for on TryHackMe? timed ctfs? or just ctfs in general?
for CTFs in general, I think https://picoctf.org/ is good and also OverTheWire https://overthewire.org/wargames/
for CTFs of all levels (you'd have to dig a little) but these are real time, there is this: https://ctftime.org/
hexed sable
Just CTFs in general, ive been a developer for years, but struggle with the CTFs i've entered, like the Aero & zer0pts ctf, should probably do a few old ones and get comfortable, spending 10+ hours and not progressing much isnt very efficient even though i learn by that way too
The pico ctf archive seems interesting, but im not enrolled in any US school, perhaps i can register anyway 🙂
gritty barn
just because you're not making doesn't make you good or bad, probably you picked some ctfs that you were not skilled enough to do in topics that you may not be familiar with
hexed sable
It says: "Eligibility" = "Be enrolled in a US middle or high school"
remote wind
Not for pico gym
hexed sable
ah, 👍
remote wind
Pico gym is for everyone
Anyway, here are some more
List of wargames and some practice ctfs
All tha best
hexed sable
Nice, thanks man
hexed sable
just because you're not making doesn't make you good or bad, probably you picked...
Well i focused on web challenges and i am a web developer but apparently a bad one haha
practice makes perfect i guess 🙂
gritty barn
Well i focused on web challenges and i am a web developer but apparently a bad o...
i honestly don't think that's how it works, challenges are challenges and supposed to be 'challenging' right? so probably you haven't came across those type of exploits/vulnerabilities yet. but once you get the understanding future ctfs should be easier
also not all CTFs are the same , and sometimes they develop the same challenge slightly different and there are some well known hard CTFs based on the rating so worth looking at lower rated CTFs to start with 🙂
faint sluice
maybe look at port swigger academy to get ready for those web challenges https://portswigger.net/web-security
and in regards to picoctf, anyone can sign up but you can't 'win' unless you are a middle school/high school senior in the US but you can learn a bunch and try the various challenges
hexed sable
also not all CTFs are the same , and sometimes they develop the same challenge s...
yeah i guess so, but i'll keep entering the real challenges each weekend anyway, just too fun to pass up on those, just might not spend 14+ hours as i did this weekend 🙂 need to learn when to stop and switch challenge.
gritty barn
yup, what i usually do is spend 50m to 1:15 on one thing, if i don't get anywhere try something else
hexed sable
That sounds like a good idea,.
Spent like 5 straight hours trying to get that damn prototype pollution to work with no success 🙂
faint sluice
you don't even want to know how much time I spent on the Google CTF... I think sometimes you realize some are going to be more challenging than others or maybe you need to up your skills a bit more
hexed sable
I can imagine a few hours 😛 the writeup just got published on the task i tried to solve, damn i had that idea in mind but i but went another way. Need to up my skills i think )
sonic abyss
https://sourcing.games/game-1/ Not a resource of sorts but OSINT challenges
shut ferry
Guys any good recommendations on sites about hacking /security to add to my RSS feed?
fast wraith
Guys any good recommendations on sites about hacking /security to add to my RSS ...
here's my list, just save as opml and import to whatever RSS reader you use
shut ferry
here's my list, just save as opml and import to whatever RSS reader you use
nice! thanks
shut ferry
here's my list, just save as opml and import to whatever RSS reader you use
thanks a lot
signal prawn
Any good recommendations on magazines about hacking /programming?
south marlin
Any good recommendations on magazines about hacking /programming?
do you mean like news sites?
signal prawn
more like subscription based.
sonic abyss
What do you think about having a "resource of the month" like book of the month #bookclub, would be pretty cool? @craggy onyx
shut ferry
Any good recommendations on magazines about hacking /programming?
I don't know about magazines but you can probably find some good books
I preferring searching online for an answer or a helpful video, but books are a very good choice for the principles behind a subject because they pretty much remain the same for a good amount of time
faint sluice
don't make me watch a video...
signal prawn
thanks
wet yoke
shut ferry
Guys what YouTubers do you watch? regarding Security / Hacking, hack the box challenges etc
odd quest
Defcon talks
shut ferry
I forgot about that, usually i only watch lectures about foss projects
jagged hinge
Guys what YouTubers do you watch? regarding Security / Hacking, hack the box cha...
I got a list I can dm you if you want
lapis herald
In case u don't know TCM is offering PEH free (for next 24hr) https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course COUPON : PAYITFORWARD
jagged hinge
I already bought it a month ago 😢
jagged hinge
In case u don't know TCM is offering PEH free (for next 24hr) https://academy.tc...
thanks tho!
sage crescent
In case u don't know TCM is offering PEH free (for next 24hr) https://academy.tc...
ty drago
cerulean viper
tranquil shuttle
for sure drago
shut ferry
In case u don't know TCM is offering PEH free (for next 24hr) https://academy.tc...
Thanks a lot Drago
crimson thunder
In case u don't know TCM is offering PEH free (for next 24hr) https://academy.tc...
it's also on discount with a bunch of other codes.
PAYITFORWARD - free
PAY5 - $5
PAY10 - $10
PAY15 - $15
PAY20 - $20
PAY25 - $25
If someone wants to support but felt something like "if it was just 10$ off, I'd be all for it", this is the perfect chance.
crimson thunder
This is the way
shut ferry
I got a list I can dm you if you want
Ok mate
dull apex
https://twitter.com/thecybermentor/status/1369894174779138055?s=20
Nice 👌
full vapor
This looks seriously cool
https://www.youtube.com/watch?v=8IGsQoL1AgQ&ab_channel=Freethink
Being able to add "I once hacked a satellite" to your CV is probably quite a good thing.
leaden lynx
this same thing was on my yt feed
i did not watched it though i will check it out now
tepid patio
from our very own Hollie :) https://twitter.com/HollieRoseSec/status/1370352949768155141
Twitter
fresh dragon
Hello every body .
I wanna ask , if there's anyone could help me by sharing a good article to explain Social engineering in details or a good book
balmy merlin
Social Engineering: The Art of Human Hacking
Is a good book, haven't read it but it's recommended
fresh dragon
okay good , thx
fringe spire
By cybrary.it CISSP free training material(videos+labs+demo test) if someone wants to check that out:
https://www.cybrary.it/course/cissp/
coarse atlas
Hello all, could anybody suggest where i can find practical courses for secure SDLC and Threat Modelling?😄
prime mantle
@past cosmos https://github.com/r3curs1v3-pr0xy/vajra
FWIW, the framework is amazing to automate boring stuff in bug bounty, I don't do much myself, but even the code base is worth looking :)
past cosmos
<@630817217369342001> https://github.com/r3curs1v3-pr0xy/vajra
FWIW, the framewo...
Thanks for sharing ❤️ @prime mantle
tepid patio
Weekly Cyber News Recap https://www.reddit.com/r/tryhackme/comments/m3i8un/news_from_cyber_world_weekly_recap/
topaz gulch
@sonic abyss a bunch of the files shared there are pirated, so, please don't post them
faint sluice
My guess is this will have a very very SANS spin on it but SANS is having a free online summit on April 21 for those that are interested in entering the Cyber workforce https://www.sans.org/event/newtocyber-summit-2021
sonic abyss
<@!302122762858921984> a bunch of the files shared there are pirated, so, please...
Oh my, really sorry. It was posted on a pretty popular cyber-sec discord (~10k members~) in the official resource channel by an admin so I thought it would have been verified and all, Ill be more careful next time, really sorry once again. 😩
arctic mist
gritty barn
https://addons.mozilla.org/en-US/firefox/addon/hacktools/
been using this for the last 2 months, it's good
cinder slate
been using this for the last 2 months, it's good
Foreal very cool extension, had to share.
sick patrol
https://addons.mozilla.org/en-US/firefox/addon/hacktools/
Nice! Thanks for sharing!
sinful fern
Anyone have any podcasts they listen to about Cyber Security? 🙂 TY
odd quest
Darknet Diaries is the classic
verbal siren
There is also Black Hills Information Security podcast Talkin' About Infosec News
light crystal
any resource which teaches how to use scapy module
modest hedge
any resource which teaches how to use scapy module
light crystal
ty!
modest hedge
https://github.com/secdev/scapy
The notebooks in this were also helpful
tepid patio
Meet the new version of search-that-hash better than colabcat ,,faster hash cracking , https://github.com/vaishnavpardhi/colabsth/
From @lapis herald 🙂
dusky lodge
leaden lynx
that is same alias i used to use
dusky lodge
TIL
leaden lynx
for http.server
night ether
what windows scripts are you guys running? i'm severely lacking windows privesc ability
at the moment i just have winpeas so if you guys have other resouces lmk xx
powersploit is outdated too so if anyone knows of a project that continues this that'd be great
thin dagger
best kitty
Tru
fringe spire
why i cant join vocale <,
!docs verify
fervent summitBOT
TryHackMe
fringe spire
Read through that, you need to verify with the discord bot ^
karmic wind
https://www.youtube.com/watch?v=zqSlKQSJTFo
wow finally a good titktock
well I gues its the end of the world
!docs verify
fervent summitBOT
TryHackMe
karmic wind
Thanks Ok il check
inland fjord
Hi everyone, I'm looking for a book/good video/any resource about EscPriv in Linux. What shoud I do?
topaz gulch
Hi everyone, I'm looking for a book/good video/any resource about EscPriv in Lin...
The heck is EscPriv?
inland fjord
privilege escalation
topaz gulch
Yeah, that would usually be "PrivEsc" if you're shortening it 😆
There are a bunch of privesc rooms on the site (plus more coming 👀)
I'd also highly recommend Tib3rius' courses on Udemy -- one for Windows, one for Linux
Very cheap, and well worth the money that you do pay
inland fjord
I'd also highly recommend Tib3rius' courses on Udemy -- one for Windows, one for...
Thanks! I was looking for something like that.
topaz gulch
Np!
wispy saffron
Reverse engineering course?
odd quest
https://imagepayload.jc01.ninja/
So inspired by @barren vault's reverse shell generator, I made a PHP image payload generator.
It's all clientside, has a built in dark theme, and it's fully open source.
barren vault
https://imagepayload.jc01.ninja/
So inspired by <@!291298445048676353>'s reverse...
Soooo dope 🙂
sonic abyss
https://imagepayload.jc01.ninja/
So inspired by <@!291298445048676353>'s reverse...
Quick question, how do you activate dark mode? Should it be automatically dark?
odd quest
It's css prefers-color-scheme so if your OS is dark then it'll be dark https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme
sonic abyss
Ahh that makes sense, cheers! :)
crimson thunder
you had me at built-in dark theme
patent swan
barren vault
that is same alias i used to use
I made it, so someone must have shared it with you 🤣
Unless you have your own version of it.
leaden lynx
I made it, so someone must have shared it with you 🤣
nah i just used python -m http.server 8080
i also had listen = nc -lvnp 9001
barren vault
nah i just used python -m http.server 8080
Oh I gotcha
leaden lynx
🤣
barren vault
So it's a different alias 
leaden lynx
yeah
leaden lynx
kinda different but same idea
gritty barn
alias up="l && ip a s tun0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}' && sudo python3 -m http.server 80"
more secure
gritty barn
that's what i use depending on the lab environment
that's for thm, other labs use other other interfaces like ppp0 in certain instances
azure widget
imagine not using updog
flint bison
@inland fjord I can't speak to the quality, but there are two udemy courses (one for linux, one for windows) from TheCyberMentor, on sale for $10 ea with the right coupon
I think until tomorrow, not sure
sturdy shell
imagine not using updog
highkey considering changing it to that haha
updog is sooooooooooooooooooo goood
quasi scarab
updog is sooooooooooooooooooo goood
What is it?
edgy plank
spiral zodiac
What is it?
fast wraith
Grimmcon is going on right now, Sam Bowne has a Windows Internals CTF
https://www.grimm-co.com/grimmcon-0x4
night ether
i made a file download generator :)
https://file-downloads.com/
like revshells.com but for when you want to download a file from your machine onto a target :)
(it's not as pretty as it can be but that's just because of a love-hate relationship between me and css)
and i'm aware there are basically no methods yet but you can contribute your own methods to the github repo https://github.com/Jake-Ruston/File-Download-Generator
prisma bison
Would this work for TryHackMe as the boxes don’t have internet?
night ether
yeah it's just something you'd use in your browser
instead of looking online, or looking at your notes, you can just put in your ip,port and file and it will generate the command to copy and paste
gritty barn
i made a file download generator :)
https://file-downloads.com/
like revshells....
have you seen the hacktools extension? 🙂
it's like literally combining a whole lot of payloads and functions including enumeration into 1 single browser extension
tepid patio
shame they don't respond to GitHub issues
night ether
have you seen the hacktools extension? 🙂
looool no i havenb't but that seems very useful
gritty barn
it is
shrewd minnow
shell hound
Considering building a hash cracking server rig (that will obviously act as my home server).
I've looked into a few options, but it seems like almost all the big Hashcat WebUIs are at least a year old. Anyone know of a slicker solution for a Hashcat UI?
odd quest
I asked in the other channel. Why a web ui? Why not SSH?
shell hound
I asked in the other channel. Why a web ui? Why not SSH?
Thx, didn't see that somehow.
Personally have nothing against SSH (commandline on my personal machine) but it would be nice to have a simple WebUI for hashcat that could be checked from multiple devices (mobile also).
SSH is good, but I think it would get a bit annoying when dealing with different tty's, cracking jobs and checking status' on different computers/phones
odd quest
It sounds like a cool project
But you could just have a tmux session etc
Or look into GoTTY potentially?
shell hound
For sure. I'll take a look into it. Idk why, but I think that having a WebUI would be a simplistic and nice way to manage multiple running sessions on a server
odd quest
Multiple cracking sessions at once? I'd run them in series...
Hashcat can handle multiple GPUs for parallelism
shell hound
Probably smart, but it would be cool to run some analysis and pause longer jobs to insert shorter, quicker cracking jobs
Honestly, at this point, kinda sounds like it'll need to become a personal project
light crystal
i made a file download generator :)
https://file-downloads.com/
like revshells....
u made my thing be4 me but ill make python scipt first 🤣
night ether
u made my thing be4 me but ill make python scipt first 🤣
i told you to make this lol, but you said you didn’t want to do it so i did it instead hehe
light crystal
remote wind
Something pretty handy for getting books and other resources for free and legally in multiple languages.
https://github.com/EbookFoundation/free-programming-books
cinder slate
https://addons.mozilla.org/en-US/firefox/addon/hacktools/
🔥 extension
jagged hinge
Something pretty handy for getting books and other resources for free and legall...
this is insane, thanks a lot man
fast wraith
SANS DIary always coming thru with the cool scripts - Python Keylogger by Xavier Mertens
https://isc.sans.edu/diary/rss/27216
fast wraith
I made a basic Blue Team tool to help out with KoTH/Battlegrounds and make defense a little bit easier
https://github.com/Droogy/Mentat
marble jacinth
For anybody having issues loading a VM on their older macbook i found this video incredibly helpful. Now have Kali on VMware fusion because it's free if you register! seems to be running properly too =]
stoic field
Thought I would share this here: Preparing for OSCP right now and during my search on reporting I cam accross TJ Null's joplin template and noraj's markdown report template and really loved both of them, so I just combined the best of both worlds. Now you can just clone the repo, export the joplin template to a new folder and make it a git repo itself for all your notes and the markdown report template. Then just generate the PDF from it. Will also be adding my own cheatsheets and stuff the the Joplin template so everything is in one place.
tepid patio
lapis herald
Meet the project dragonkey, a complete crypto suite even better than penglab ,all ur favourite tool in a single suit https://github.com/vaishnavpardhi/dragonkey
sonic abyss
edgy plank
sonic abyss
Hey all! I'm making a massive db of code snippets (hosted on gists) to help programmers save time + give examples - discordbot included to quickly search them. I dont care what language there in, if you know any good sources of have any please send them! 😄
An example would be:
import time
import functools
def timer(f):
@functools.wraps(f)
def wrapper_timer(*args, **kwargs):
start = time.time()
result = f(*args, **kwargs)
print(f'Time taken: {time.time() - start}')
return result
return wrapper_timer
@timer
def get_result():
time.sleep(10)
print("Done")
get_result()
This snippet gets a wrapper which records how long a func takes to run - They dont have to be complicated or advanced, anything simple will do to)
tepid patio
Hey all! I'm making a massive db of code snippets (hosted on gists) to help prog...
There's a Python library which detects Python errors and puts the first stack overflow link to the error iirc
sonic abyss
There's a Python library which detects Python errors and puts the first stack ov...
thank youuuuuuu
last sierra
i need some good networking CCNA books can anyone help me?
night ether
i need some good networking CCNA books can anyone help me?
the official study guides are the best :)
the one's by wendell odom
jagged tiger
i need some good networking CCNA books can anyone help me?
CCNA official cert guide is dirt cheap. Cisco subsidizes the cost
azure widget
gritty barn
fast wraith
pancakescon is going on right now https://pancakescon.com/attend/
barren vault
odd quest
👀 pipe into bash
fast wraith
pretty handy regex generator
https://twitter.com/stefanjudis/status/1373633611254104068
azure widget
azure widget
azure widget
glacial gazelle
cross-posting this one as well, probably the best foundations for linux I've seen
arctic mist
vestal stag
TryHackMe Free Guide
These are free guide of TryHackMe
BUT PLEASE CONSIDER SUPPORT TRYHACKME BY SUBSCRIBING IF YOU HAVE THE MONEY TO DO SO!
remote wind
@vestal stag appreciate that u shared links but u can just share the link of the blog lol
!docs free-path
fervent summitBOT
TryHackMe
remote wind
Instead of this many links
vestal stag
<@763939633868308500> appreciate that u shared links but u can just share the li...
oh I got it from reddit lol I didn't know it exist
Sorry for me dumb dumb
remote wind
No problem lol, was just saying haha
trail lodge
Does anybody know of any good book for learning how to write python scripts for pentesting?
jagged hinge
Does anybody know of any good book for learning how to write python scripts for ...
black hat python
trail lodge
Thanks, I will definitely check that out.
fast wraith
Malware analysis challenge from SANS https://github.com/brad-duncan/2021-03-traffic-analysis-quiz
sinful fern
Anyone know of any youtubers that explain security/pentest concepts like your 5? Besides TCM?
flint bison
John Hammond and IPSEC perhaps?
unreal hollow
NetworkChuck has a few
sinful fern
oh nice ty ty
jaunty raven
Liveoverflow too
devout coral
john hammond is the perfect guy for THM
azure widget
Cry's guide to going insane over AMSI:
https://offensivedefence.co.uk/posts/making-amsi-jump/
https://i.blackhat.com/briefings/asia/2018/asia-18-Tal-Liberman-Documenting-the-Undocumented-The-Rise-and-Fall-of-AMSI.pdf
https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell
https://github.com/byt3bl33d3r/OffensiveNim/blob/master/src/amsi_patch_bin.nim
https://blog.f-secure.com/hunting-for-amsi-bypasses/
https://www.contextis.com/us/blog/amsi-bypass
https://www.redteam.cafe/red-team/powershell/using-reflection-for-amsi-bypass
https://amsi.fail/
https://rastamouse.me/blog/asb-bypass-pt2/
https://0x00-0x00.github.io/research/2018/10/28/How-to-bypass-AMSI-and-Execute-ANY-malicious-powershell-code.html
https://www.youtube.com/watch?v=F_BvtXzH4a4
https://www.youtube.com/watch?v=lP2KF7_Kwxk
oh god the embeds
sonic abyss
fast wraith
free windows triage tool, works on dead and live systems
https://securityaffairs.co/wordpress/115719/security/wintriage-triage-tool-windows-dfirers.html?utm_source=rss&utm_medium=rss&utm_campaign=wintriage-triage-tool-windows-dfirers
jagged tiger
@sonic abyss are there sample reports for nuclei? and is there a mechanism for repeated and scheduled scans?
sonic abyss
<@!302122762858921984> are there sample reports for nuclei? and is there a mecha...
Not sure, heres the site
jagged tiger
Yeah, I saw that. Reporting talks about auto-opening tickets in github, gitlab and jira. Some orgs still need a bloated 400MB PDF as a post-scan report.
light crystal
any good AD stuff?
light crystal
https://www.ired.team/offensive-security-experiments/active-directory-kerberos-a...
ty
tranquil shuttle
any good AD stuff?
Would reocmmend this one
Helped me out a lot with Offshore
also iredteam as blackout mentioned and http://www.harmj0y.net/blog/ are great resources
shut ferry
https://www.ired.team/offensive-security-experiments/active-directory-kerberos-a...
Ty !
sturdy shell
I lived off this website during my University days (man that makes me sound so old. I'm 21 I promise...)
Has the HEX headers (and some trailers depending on the extension) for essentially any file you could want (and is much better then the wikipedia article alternative): https://www.garykessler.net/library/file_sigs.html
I.e.:
etc
absolute goldmine if you're doing file carving & the sorts
always remember: never take the file extension as 100% true. This is how you identify what it actually is &/or manually carve data or start to repair files (depending on how they're broken) from image dumps
Which reminds me I got an OSS for this sort of thing that I've been working on here & there out soon™️
light crystal
Would reocmmend this one
ty
azure widget
devout coral
i need a resource where i can learn and practice the binary exploitation and rc
remote wind
@devout coral check pins
devout coral
what man
devout coral
<@813804756383694909> check pins
i don't know about this
cosmic sinew
Hey guys, what do you use to keep track of your notes? I've done tons of stuff on THM but haven't taken any notes and It's definitely biting me in the butt.
south marlin
Hey guys, what do you use to keep track of your notes? I've done tons of stuff o...
Hi, I started with KeepNote but then migrated to Obsidian with git backups + publishing writeups on my page. If you want just setup a simple page with Jekyll or Hugo and host it with github pages.
sonic abyss
Hey guys, what do you use to keep track of your notes? I've done tons of stuff o...
notionn
topaz gulch
Hey guys, what do you use to keep track of your notes? I've done tons of stuff o...
Cherrytree > *
fast wraith
released two new modules for my little KoTH script, this one watches for outbound connections 🙂
https://github.com/Droogy/Mentat
azure widget
@fast wraith IMO the framework is a lot louder and less stealthy than it has to be. Your dropping files directly on to the disk where as you can really just store them in memory in an array as they arent large. To add to network connections you can utilize /dev/tcp/ to look for open connections and monitor traffic flowing through interfaces. You could also look for outbound ports open without using tcpdump for hunting for reverse shells etc. IMO if I were building the script I would use a lot more LOL utilities and focus more on hiding and being discrete. Just my opinion, its your tool and I think youve done a great job getting it to this point
frank plover
Anyone dealt with Oracle Exadata racks in the wild before?
I'm trying to figure out if they accept standard measurements or if they are proprietary
fast wraith
<@!320305132321505284> IMO the framework is a lot louder and less stealthy than ...
all good points and duly noted 🙂 definitely a work-in-progress thing here
flint bison
all good points and duly noted 🙂 definitely a work-in-progress thing here
I'm a noob hacker, but have done a lot of software dev. Would be willing to help
fast wraith
I welcome any and all PRs, the framework has a live-off-the-land philosophy so as long as its within those guidelines you're good 😄 the code is pretty modular so it's pretty easy to just write a one-off function and add another menu entry
regal mason
Found this on how to started with quantum computing
sonic abyss
light crystal
site not found
unreal hollow
SANS has a free track on their DFIR Summit & Training 2021, coming up as well
light crystal
ty meow
faint sluice
site not found
yes I posted that 4 months ago but still took you to a site that even included a search bar...
cursive cloud
fast wraith
new GNOME looks pretty sweet https://forty.gnome.org/
sonic abyss
that looks very cool
shut ferry
Hey guys, I have completed intro networking room and now want to learn more about networking . Is there any free resource?
shut ferry
is it enough for hacking? or I need to do more>
oook thanks bro you are a professional?
ohhhkkk ohkkk i will research about them
I want to become a pentester and like the offensive side more than defensive
I send you frnd request accept it if you can i need someone to help
if you want to help
shut ferry
I'm looking to follow some more people on twitter that are active in advocating for privacy and post current vulnerabilities.
Does anyone have recommendations of people to follow?
azure widget
any one from EFF and EFF as a whole
gritty barn
https://twitter.com/BHinfoSecurity/status/1375564537546608646?s=20 grab it while it's hot
tepid patio
Weekly news recap 😄 https://www.reddit.com/r/tryhackme/comments/mdpn57/weekly_cybernews_recap/
nova pulsar
Guys which languages and sources should I use for ethical hacking ?
I am already learning C#, Java, HTML/CSS and Javascript
prisma bison
PHP is used on a lot of sites.
And according to this 2021 post, they are extremely popular -> https://kinsta.com/blog/is-php-dead/
topaz gulch
PHP is old, but it's not going to die any time soon
Especially given it powers things like Wordpress and Joomla, which combined make up a massive percentage of sites
prisma bison
shut ferry
There was a tool i used to run that would automate nmap, gobuster, wfuzz and a few others. I forgot the name of this tool
glad hazel
Python/bash is a big one for scripting
What about PoweShell?
odd quest
It's a language. It's used for Windows stuff. What about it?
glad hazel
isn't is used in ethical hacking? and for scripting?
glad hazel
Okie Thanks
slim kayak
PowerShell is a Windows counterpart of Linux bash
Just a Windows shell
Apart from batch
glacial gazelle
Engineer Man back at it again demonstrating threading in python in a pretty neat scenario
odd quest
Just a Windows shell
Powershell is not just a windows shell
slim kayak
Its more
odd quest
PowerShell is a whole object oriented scripting language, as well as a shell
You said just a shell, which is patently false.
slim kayak
Yes, but in short it is also a shell
odd quest
if you're learning powershell, then it's not.
slim kayak
Maybe just was too much
odd quest
Context matters.
slim kayak
Hec, sorry for I frequently don't always say what I want to state. For this I am really discouraged to give answers. Sorry
topaz gulch
It's a learning experience. Don't worry about giving answers -- especially for things you know 🙂
Also don't worry about being corrected. It's all about learning
slim kayak
The problem is that I frequently give misleading? (Incomplete) answers
And the fear of being bad
That's why I rarely interact
topaz gulch
Well, you know more than you did five minutes ago, right?
Next time someone asks, you'll know the answer for them
Keep learning from folks around you and you'll find your knowledge grows very fast
slim kayak
Thanks
still folio
Any resources on Javascript de-obfuscation? I'm not too fluent in Javascript and I've been poking around with this room's code for about 2 days and not making any progress :/
spiral zodiac
@prisma bison here too
peak leaf
glacial gazelle
@still folio https://jsnice.org is good for formatting, but I’d recommend working through HTB’s academy module on JS deobsfucation if you want a better grasp of it which is free iirc
azure widget
crimson thunder
The authors of https://nostarch.com/practical-iot-hacking did a AMA on reddit 2 days ago.
https://www.reddit.com/r/IAmA/comments/mef89g/we_are_cybersecurity_researchers_who_wrote_a_book/
some great discussions in here and a lot of resources are being posted.
modest cliff
anyone have the Comptia network+ resources?
odd quest
anyone have the Comptia network+ resources?
What do you mean?
sonic abyss
You want resources on networking?
https://www.youtube.com/playlist?list=PLG49S3nxzAnmpdmX7RoTOyuNJQAb-r-gd
https://my.ine.com/
https://www.cybrary.it/
https://www.netacad.com/
get more insight into how you use DNS, while maintaining more control and privacy by setting up Pi-Hole in your network :)
https://work.jake-ruston.com/setup-guides/pi-hole
topaz gulch
@night ether I would suggest setting the static address on the pi, rather than in the router
night ether
<@!180392440945967104> I would suggest setting the static address on the pi, rat...
the pi-hole installation sets the static ip for you :)
topaz gulch
I'm aware -- why are you setting it in the router settings?
I'd suggest telling them to set a static IP outwith the DHCP range and just ignoring the router
night ether
just best practise really, in an enterprise you'd wanna set it static on the dhcp server
topaz gulch
Other than to change DNS servers
Speaking of, why not set the DNS server on the router rather than individually on every device?
topaz gulch
What's this for then? 🤔
night ether
i should probably make it clearer that if you do the first one then those are not needed
topaz gulch
Ah, yeah
night ether
that's just if you want it on specific devices
topaz gulch
I see the line now
night ether
i'll add that now thanks :D
topaz gulch
Np 🙂
fast wraith
short write-up on a OSINT technique I used during the TraceLabs CTF a while back
https://droogy.tech/?p=125
devout rivet
hi
modest cliff
What do you mean?
I'm going to take the Comptia network+ exam, so looking for some resources to study
modest cliff
You want resources on networking?
Yes, thank you
balmy merlin
If you're studying for Net+ have you looked at professors messer content? That will help a lot with Network+
quasi pulsar
does anyone know of a good free overview resource for IR ?
slim kayak
IR?
spiral zodiac
Incident response
faint sluice
gentle shuttle
https://github.com/watchdog2000/php-shell-handler
This is my php shell handler - written in python. Essentially, this is a pseudo shell to let you interact with a php web shell you have uploaded to a web server. Im building in some command and control like features (upload and download files easily, some Linux recon for rsa keys or interesting files from user home directories. It’s designed to make your life easier when using a web shell, rather than struggling to get commands running (due to special characters in use meaning you have to base64 encode your payload and pipe - no no no). Also saves you going into burp or interacting through URL’s - it’s all done in a pseudo shell. Hopefully easy to use (I need to document it with a readme file but it has help built into the program).
I have this in progress right now. The proof of concept is there, and it’s working, but I want to do more to it!
fast wraith
Red Canary just released their threat report, good stuff in here https://redcanary.com/threat-detection-report/?utm_source=twitter&utm_medium=social
barren vault
little parcel
Does anyone have good resources on Ransomware written in python?
Most of what I’m finding is outdated
craggy onyx
Does anyone have good resources on Ransomware written in python?
Most of what I’...
And what are you trying to accomplish?
little parcel
I would like to learn about a python implementation of Ransomware. Since this is the only programming language I know, my choice is rather limited
topaz gulch
Why @little parcel?
light crystal
And what are you trying to accomplish?
tim may i dm u regarding my room there - which had a 404 page not found 😄
for walkthrough
craggy onyx
tim may i dm u regarding my room there - which had a 404 page not found 😄
Go ahead. 🙂
little parcel
Why <@!619839614860918797>?
For the same reason I would sign up for something like try hack me in the first place, cause I think it’s interesting and would like to learn more about it.
It’s less about the „ransom“ part, and more about the encryption
odd quest
There are better and more ethical projects you can use to learn crypto.
jagged haven
If you want crypto give Cryptohack a try
azure widget
little parcel
Again, I’m not trying to code the next WannaCry or anything similar, I was just fascinated by its working and wanted to know and analyze how it works 😄
little parcel
If you want crypto give Cryptohack a try
Thanks for that reference, I’ll give it a try
fast wraith
Black Kingdom is python ransomware thats been going around, its horribly coded but you'll get the point
azure widget
Jesus don’t use black kingdom as inspiration
little parcel
Black Kingdom is python ransomware thats been going around, its horribly coded b...
Do you have a link to the code? Although there are many pages talking about it, I couldn’t find the actual code
little parcel
Jesus don’t use black kingdom as inspiration
Why not?
glacial gazelle
Not really a resource as such:
But I've seen there's a lot of people in here that don't speak English as their first language, so I'm offering my (free) services as a proof-reader for any letters, profiles, blogs etc. If you're curious, feel free to shoot me a DM, and I'll see how I can help.
Note: I'm by no means qualified in any, way, shape or form. This is not an official service, I just want to give back to the community in some way, and I'm lucky enough to speak fluent English (which is about all I am good for)
faint sluice
Not a trick, Pluralsight is free for the month of April https://www.pluralsight.com/offer/2021/free-april-individual
sinful fern
Anyone know of a good video that explains stored procedures ? I'm having issues with finding a good one.
jagged tiger
You are talking about SQL stored procedures? Which RBD are you working with. There are differences between the SQL flavors.
fast wraith
fun little DF case to work through
https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/
devout coral
guys is there any THM machine where a beginner starts practicing and clear the cocepts also
light matrix
sonic abyss
guys is there any THM machine where a beginner starts practicing and clear the...
!docs free-path
fervent summitBOT
TryHackMe
sonic abyss
Checkout these :)
glacial gazelle
warm seal
so I was reading through PayloadsAllTheThings and found this
https://github.com/byt3bl33d3r/CrackMapExec
seems very interesting. I have yet to dig into it, but was able to install, even though python-venv is deprecated and no longer available (used virtualenv and some shell scripting to automatically load that and run cme with the supplied arguments)
mkdir wherever/you/want/cme/
cd wherever/you/want/cme/
virtualenv env
source env/bin/activate
python -m pip install crackmapexec
the script to run the show. I put it in ~/.local/bin/cme.sh
#!/bin/bash
# turn list of arguments into string to pass them as is to pwncat
ARGS=$(echo "$@")
WD='/home/paul/repositories/crackmapexec/'
# activate virtualenv
CMD='source '"$WD"'env/bin/activate'
# append pwncat command
CMD="$CMD"' && cme '"$ARGS"
# execute in own bash instance
# this prevents the virtualenv
echo running \""$CMD"\" in $(pwd)
echo ---------------start---------------
/bin/bash -c "$CMD"
echo ----------------end----------------
shut ferry
Does anyone have some good networking resources? I have one github im using but it would be cool to know what everyone else likes to use.
sonic abyss
https://www.youtube.com/playlist?list=PLG49S3nxzAnmpdmX7RoTOyuNJQAb-r-gd
https://my.ine.com/
https://www.cybrary.it/
https://www.netacad.com/
shut ferry
@everyone
sonic abyss
@odd quest
odd quest
-ban @shut ferry Immediately posting scam links
odd sinewBOT
🔨 Banned Raghu#7747 indefinitely
odd quest
Yeah, it's a pain to do manually
sonic abyss
Shouldn't the ban delete all msgs?
odd quest
Shouldn't the ban delete all msgs?
No. It's an option for manual bans, but you don't get to choose for bot bans.
sonic abyss
Ah thats a shame
gritty barn
Free udemy courses
Microsoft365 configuration auditor: https://microsoft365dsc.com/
jagged haven
https://www.linkedin.com/posts/adam-mcmurchie-83863177_udemy-are-giving-out-free...
thank you kind person
gritty barn
thank you kind person
nay worries
tepid patio
Not really a resource, but I came across this a few months ago. Deep faked Charli (200+ million followers across all socials, largest influencer on TikTok) advertising a product for financial gain. It's the first deepfake I've seen to do that 😄 (PS: yes the 12 year olds on TIkTok brought the product and showed it off in duets, thinking it was the real Charli) https://www.youtube.com/watch?v=Mo44rsM1ivE
vapid kite
hey everyone sorry for the weird question.. I was wondering if any one had a resource for extracting a file sent through cryptcat from wireshark ?
I found the transmissions and only two packets had a data section to them so I figured that's them ? Sorry if this is the wrong place for the question though !
sonic abyss
shrewd ginkgo
This is my notion template for OSCP like machines. Now it can be saved by clicking the "Duplicate" button on the top right corner. After saving it, you can change it however you want, add write-ups, track progress and filter by linux/windows/difficulty etc.
cold totem
hi i'm a beginner , i'm looking for friends bug bounty hunters to work together
cold totem
where i can find this group ? the problem is here
odd quest
where i can find this group ? the problem is here
#689615473620287603 is the appropriate channel for looking for people to work together with.
cold totem
ok
jagged haven
https://www.notion.so/tuxthexplorer/bffecf1308964136a02ec38df8745cc3?v=4e524e327...
you, you are not the hero I deserved but the one I needed, excellent job :v
fast wraith
TJNull updated his OSCP VM prep list
https://twitter.com/TJ_Null/status/1380574306976026628
shrewd ginkgo
👀 Sweet! I'll add those to my notes
faint sluice
Registration for The Diana Initiative virtual conference is open https://hopin.com/events/2021-diana-initative
fast wraith
Unicon21 is going on live rn
https://www.youtube.com/watch?v=4WUauzWKa9M
tepid patio
weekly cyber news update https://www.reddit.com/r/tryhackme/comments/mngp83/your_weekly_cybernews_recap_is_here/?utm_medium=android_app&utm_source=share
vernal kiln
any resource about someone entering cybersec from zero to be able to go like oscp? 🙂 has found some on google but maybe you guys have interesting story to share
fringe spire
any resource about someone entering cybersec from zero to be able to go like o...
Check pinned messages there are quite a lot of them
glacial gazelle
any resource about someone entering cybersec from zero to be able to go like o...
https://github.com/ED-209-MK7/5pillars/blob/master/5-Pillars.md is great as well
I couldn't see that in the pins
hexed sable
Anyone know of a nice security themed Google slides template? 🙂
woeful haven
Is there any tool which tries approximately all (if not all, major decoding funcs) against a provided string?
Cyberchef does that, but you've to select, what to use, (there's one option for Magic, that ain't helpful) either.
Let's say, I've a string and don't know what type of encoding was performed on it, I'd just pass it to all, and see what which one comes back with a good result 😅
Why tho?
Recently, was doing a vulnhub machine and one string in it was ROT47 encoded, wasn't able to guess/know it.
odd quest
Try ciphey!
woeful haven
Try ciphey!
Thanks, installed and started it on the file, still going on ..
Reran with -v it did try rot47 but didn't return anything, sheet.
It seems it won't be of much help even if my file gets decoded, it won't return it since it won't have any flag format.
prisma bison
What's the string @woeful haven ?
woeful haven
';u22>'v$)='2a#B&>`c'=+C(?5(|)q**bAv2=+E5s'+|u&I'vDI(uAt&=+(|`yx')Av#>'v%?}:#=+)';y@%'5(2vA!'<y$&u"H!"ll
prisma bison
That's from the box, right?
woeful haven
That's from the box, right?
yes.
Cyberchef link to decode the string above^: https://gchq.github.io/CyberChef/#recipe=ROT47(47)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)&input=Jzt1MjI%2BJ3YkKT0nMmEjQiY%2BYGMnPStDKD81KHwpcSoqYkF2Mj0rRTVzJyt8dSZJJ3ZESSh1QXQmPSsofGB5eCcpQXYjPid2JT99OiM9KyknO3lAJSc1KDJ2QSEnPHkkJnUiSCEibGw
spiral zodiac
Ciphey has never worked for me as well, just stick to cyberchef in my opinion 🤷
besides it's written by GCHQ 
woeful haven
😅
tepid patio
```';u22>'v$)='2a#B&>`c'=+C(?5(|)q**bAv2=+E5s'+|u&I'vDI(uAt&=+(|`yx')Av#>'v%?}:#...
What's that string?
woeful haven
I've created an issue on ciphey, cyberchef is cool, the only issue is identifying the encoding 😅
woeful haven
What's that string?
Rot47
tepid patio
your plaintext is rot47?
woeful haven
your plaintext is rot47?
ya
woeful haven
oh, using ciphey?
tepid patio
no using anything
woeful haven
🤔
tepid patio
Your plaintext is in rot47, you can't auto-decode rot47 if the plaintext is rot47
woeful haven
I'm thinking of writing a simple script:
- Take input
- Run all decoding funcs on it
- Print output (let the user go through it and see which one fits and decoded successfully)
tepid patio
I'm thinking of writing a simple script:
- Take input
- Run all decoding funcs...
that won't work if your plaintext is rot 47
woeful haven
what's happening here?
tepid patio
it's like saying "Can you translate this? 'ich bin ein mann'? translate it to German"
"This text is in rot47, and when you decode it it's rot47" means you can't decode it 😁
woeful haven
I think I might have told you wrong, when I was saying plaintext is rot47 or stuff. Not sure, what's happneing anymore, confused. 🤔
Can you look at cyberchef?
How is it doing it
👀
spiral zodiac
Check the bsides discord Umar 🙂
tepid patio
oh your plaintext isn't encoded at all, your encoded text is rot47 but your plaintext is a username:password pair haha
my bas
bad
tepid patio
but yeah, Ciphey is literally made for that job -- username:password pairings is not English but the next version of Ciphey uses a much more general checker
this is because Ciphey does more than CyberChef (hashes, esolangs, encryptions) and there isn't a perfect 1:1 of encoded text to plaintext see https://github.com/Ciphey/Ciphey/wiki/Common-Issues-&-Their-Solutions#ciphey-runs-forever--cant-decrypt-this-input
woeful haven
but yeah, Ciphey is literally made for that job -- username:password pairings is...
Could be the reason, since there are checkers implemented after decoding a string, it isn't detecting it as a valid string.
That's why:
tepid patio
ah it detects it as a string, Ciphey goes through about 30k strings / second so asking the user to manually check 30k strings is a bit extreme haha
woeful haven
ah it detects it as a string, Ciphey goes through about 30k strings / second so ...
Well, that's ciphey 😅
I'll be writing a simple single file to just go through an array of most used encoding funcs.
Have found one autodecoder script
tepid patio
I'll add username:password to the Regex so it'll get it next time, good about 😁🤠
prisma bison
Ree
topaz gulch
Done
prisma bison
I literally JUST gave them the warning
gritty barn
woeful haven
Wrote a simple script to generically just decode it! :3
Will prolly push this to github and add more decoding support in future.
flint bison
I'd be interested in the auto-decoding scripts/tools as well. I ran into a similar issue on a room a couple weeks ago. Without knowing the multiple encoding types, I never would have guessed it
surreal marsh
Wrote a simple script to generically **just decode it!** :3
This will decode with all types like base64, rot13 etc?
Coool
woeful haven
I'd be interested in the auto-decoding scripts/tools as well. I ran into a simil...
Here you guys go: https://github.com/Anon-Exploiter/decoder
I was tired at that time, writing github readme would have taken some time :3
sonic abyss
@quasi scarab
quasi scarab
<@170322863499247616>
Ty <3
glacial gazelle
https://github.com/Mercury-180/Cyber-Resources <- This is a resource in progress, I'll be updating this one with some key resources over the next couple of days. So please ping me if you have a great resource I've overlooked that you want to share ❤️
glacial gazelle
(to anyone who's cloned it, it's being updated as we speak so do git pull to retrieve the newest version)
fast wraith
Creality is having a sale on the Ender 3 3D printer, really good price and solid printer
https://www.creality3dofficial.com/products/official-creality-ender-3-3d-printer?variant=31222266921033
odd quest
Wow that's cheap
glad hazel
How much it goes for a normal price?
jagged tiger
I think normally its around 250~300?
lost oracle
shut ferry
Hey! Active Countermeasures gives a nice threat hunting free course today! Starts at 11 EST.
https://register.gotowebinar.com/register/3774364347131211021
Cyber Threat Hunting Level 1 | Chris Brenton | April 2021 | 6-Hours
light crystal
do they have recordin
fast wraith
i've taken this course before but had to miss the last hour - its really good
shut ferry
So, this is cyclic course! Here are slides, and labs! https://www.activecountermeasures.com/cyber-threat-hunting-training-course/
fast wraith
new darknet diaries c:
https://darknetdiaries.com/episode/90/
burnt knot
Great show!
reef peak
Hello guys me and my friend (Maksym Vatsyk) developed tool for AWS service enumeration
Can you try it ?
And give us feedback please ❤️🙏
https://github.com/shabarkin/aws-enumerator
https://twitter.com/shabarkin/status/1382314535562928129?s=21
balmy merlin
David Bombal's Wireshark and CCNA are free on Udemy for another 2 days recommend checking them out before they're no longer free
https://www.udemy.com/course/wireshark-packet-analysis-and-ethical-hacking-core-skills/?couponCode=2021APRIL14
https://www.udemy.com/course/cisco-ccent-icnd1-100-105-complete-course-sims-and-gns3/?couponCode=GIVEAWAY1404
remote geode
David Bombal's Wireshark and CCNA are free on Udemy for another 2 days recommend...
once enrolled u wont have to pay again?
balmy merlin
Nope, once you're enrolled you have all of it forever
remote geode
ah, Nice
flint bison
David Bombal's Wireshark and CCNA are free on Udemy for another 2 days recommend...
Thanks for sharing!
fast wraith
interesting, that seems pretty similar to JA3
fast wraith
The Linux Kernel can now be written in Rust
https://lkml.org/lkml/2021/4/14/1023
fast wraith
short blog post in what will be a series on tips for Network Threat Hunting without the use of Wireshark
https://droogy.tech/?p=136
neat vigil
Anyone recommend THM's Practical Ethical Hacking course?
sonic abyss
Yeah it's very very detailed
Has a lot of content
I got it for free tho from his Twitter giveaway thing
glacial gazelle
Yeah, it's worth watching out on his twitter as he regularly does very good giveaways/discounts
jagged hinge
I developped a simple GUI-Hashcracker, it's pretty fast, for anyone that's interested in using it or helping : https://github.com/peixetlift/GUI-HashCracker
glacial gazelle
jaunty goblet
Hi guys,
I am not sure where to ask this. I am giving CEH practical exam next month. Anyone has given this exam and anyone can share some resources?
I collected most of the online resources just wanted some advice who has already given this exam
brave cradle
do you mean that you are taking the exam
jaunty goblet
Yes
brave cradle
So it's version 11 I guess
jaunty goblet
Yes
brave cradle
I'm CEHv10 certified but I must admit that I've past mostly due to do practise exams
give me five min.
jaunty goblet
Practice exams? Are these for CEH(practical) also?
brave cradle
ow sorry
jaunty goblet
Cause I know for mcq CEH there are lots of practice exams
brave cradle
i didn't notice the practical so you are already a step further then me 😆
I'm sorry my mistake
jaunty goblet
Ah, no issue mate.
brave cradle
sorry that I couldn't be of more help but good luck with exam next month.
tepid patio
The most important cyber security news from the past week ✨ https://www.reddit.com/r/tryhackme/comments/ms2q7o/fridays_tradition_weekly_cybernews_recap/?utm_medium=android_app&utm_source=share
slim vessel
https://opensecuritytraining.info/Training.html
Some of its old(er), but gold. For those that wanted some intro x86, reversing, etc.
Looks like it has been linked before, but someone was asking :)
jaunty pulsar
I'm also CEH and i have to say, take every practice exam even the new version is easy if you spend a significant time taking all possible practice exam you find