#resources
cerulean viper
shut ferry
Hey! Here is a giveaway of BTL1 certs. Course is great, and imo it is worth the shot ๐
https://securityblue.team/btl1-100-giveaway/
shut ferry
Hey! Here is a giveaway of BTL1 certs. Course is great, and imo it is worth the ...
Thanks 
odd sinewBOT
Gave +1 Rep to @halcyon rose
sinful fern
If anyone is interested in learning about the mathematics behind asymmetric cryptography/number theory...this guy guys channel is great! Just going to leave it here ๐
fast wraith
MITRE's released the defensive counterpart to the ATT&CK framework
https://d3fend.mitre.org/
ebon tide
MSI-Nvidia RTX 3090 24gb ddr6x only for 350$ (only in india)!!!
odd quest
That sounds like a scam, and also doesn't sound like a resource
fast wraith
Namecheap apparently doing takedowns via Twitter now? Might be able to automate this in my workflow if so
huh, TIL about the hxxp/hxxps URI scheme as well
https://tools.ietf.org/id/draft-salgado-hxxp-01.xml
gentle shuttle
I reported a domain to name cheap yesterday. Wasnโt even a good phishing attempt - came from a mobile number and claimed to be a bank. Then their page was prevent-payment.com/bank-name
cobalt turtle
Hey,
I have done a lot of windows priv esc, but it still feels weaker than my linux skills. I thought about filling some gaps with the tiberius course (1,5 h) on udemy, but I just found the course from tcm which is almost 7h. Don't want to buy both, anybody here who has done both or can recommend one?
Thanks in advance.
P.S.: I hope this is the right channel.
Edit: I just buy both, f**k it, good education is worth every penny ๐
crimson thunder
Hey,
I have done a lot of windows priv esc, but it still feels weaker than my l...
I've seen both get recommended a lot. I can only vouch for tcm as an instructor, but I'm sure both are good.
cobalt turtle
I've seen both get recommended a lot. I can only vouch for tcm as an instructor,...
Thanks for the reply! ๐ I'll finish both, even though there will be a lot of repetition I guess.
odd sinewBOT
Gave +1 Rep to @crimson thunder
crimson thunder
Thanks for the reply! ๐ I'll finish both, even though there will be a lot of re...
repetition doesn't hurt, it's how you learn ๐
lean citrus
repetition doesn't hurt, it's how you learn ๐
Yeah I want to learn
lyric mirage
normal saddle
ty
barren vault
fast wraith
new course offering looks good
https://academy.tcm-sec.com/p/movement-pivoting-and-persistence-for-pentesters-and-ethical-hackers
prisma bison
Oooooh
sonic abyss
o
spiral zodiac
shut ferry
https://www.miamiherald.com/news/local/community/miami-dade/article252389933.html
this article has a list of people we can try to look for and see btw these are "missing" not dead so there's still a chance.
for this on 0day's twitter
prisma bison
Evan @shut ferry Post it in #858782760356544542 and I'll pin it :)
shut ferry
thanks
abstract plaza
Hey guys I just found some public lecture notes and exercises on cryptography by Edoardo Persichetti if anyone's interested. https://persichetti.webs.com/resources
Crypto Cafรฉ - Cryptography Seminar Series at FAU
glacial gazelle
In addition to John Strands Pay-What-You-Can Trainings we have a great line-up of four to 16 hour Pay-What-You Can courses to consume within the next few months! Password Cracking 101 + 1 with Will Hunt and Owen Shearing; Regular Expressions, Your New Lifestyle with Joff Thyer; SELinux โ Necessary and Not Evil! with Hal Pomeranz and Getting Started with Packet Decoding with Chris Brenton. Check out our website for more information on all of our training options! https://wildwesthackinfest.com/training-schedule/
fast wraith
holy shit hal pomeranz has a pay-what-you-can for SELinux
warped pulsar
It is time my dudes
Here's the script i was talking about last month (sorry it took so long)
fast wraith
https://github.com/anna21234/pythonWebScanner
looks really cool but no documentation 
warped pulsar
I mean did you check the script itself? I added a bunch of comments there. But yeah i should Probably write a small doc how to use it
i have the document i submitted for the project but thats more the project management document thing of the project
wont be of any use to you
Thanks tho
glacial gazelle
I mean did you check the script itself? I added a bunch of comments there. But ...
the script only works for the DVWA service run locally right?
warped pulsar
I tried it for some of the tryhackme boxes and it worked
glacial gazelle
ahh right, but you had to change the target url etc.?
warped pulsar
I used the dvwa because i needed a test environment since college demands testing
but yeah just grab whatever target you want and modify to your needs
there might be some tweaks here and there for different targets
but it should still work
Its not a be all end all solution, but i can say it works in some of the tryhackme boxes (altho i only tried the simple ones)
glacial gazelle
yeah, it looks good
the GUI module looks fun to play around with as well
@shut ferry found this one a decent resource
warped pulsar
Lmao
topaz gulch
I'm a girl btw
Well that's insulting
fast wraith
really informative post
https://www.elastic.co/de/blog/introduction-to-windows-tokens-for-security-practitioners
cobalt turtle
really informative post
https://www.elastic.co/de/blog/introduction-to-windows-t...
Thanks, this closed some gaps for me โบ๏ธ๐
odd sinewBOT
Gave +1 Rep to @fast wraith
remote wind
๐ฆ
light crystal
gg @remote wind
summer mirage
LoL
sonic abyss
Very cool swanandx!
remote wind
Very cool swanandx!
Thank you so much 
odd sinewBOT
Gave +1 Rep to @sonic abyss
sturdy shell
This looks frikin cool. I wanna play with it and make a room on it https://github.com/DarthTon/Blackbone
blazing magnet
Was asked to put this here, it's my reverse engineering course. I'm currently in the process of moving it and remaking it.
https://github.com/0xZ0F/Z0FCourse_ReverseEngineering
topaz gulch
Niceeee!
Why not put it on TryHackMe @blazing magnet?
God only knows we need more RE content, and that looks awesome
blazing magnet
Niceeee!
Why not put it on TryHackMe <@!186594149959467008>?
Didn't know I could :o. I'll look into it!
topaz gulch
Yep!
Just a suggestion obviously, but I reckon that would be really cool, both for us and in terms of you being able to provide machines containing the binaries / software / etc for easy deployment, hosted by TryHackMe, so nice and easy
A lot of the content on the site is exactly like this: stuff provided by the community just for the sake of learning, teaching and transferring knowledge
Feel free to give us a shout if it interests you -- happy to talk more about it if you want ๐
(Obviously no pressure there though ๐)
blazing magnet
Feel free to give us a shout if it interests you -- happy to talk more about it ...
I'll look into it, might DM you ๐
topaz gulch
Sounds good to me! ๐
flint bison
@blazing magnet if you verify with the bot, one of the mods can add you to the room creator's channel
!docs verify
fervent summitBOT
TryHackMe
topaz gulch
Oh, that's a good shout actually. Don't even need to verify for that though ๐คทโโ๏ธ
Added
flint bison
My mistake, thought you had to verify first. Thanks, Muiri ๐
fast badger
clear
topaz gulch
Np ๐
fast badger
whoops
sour cobalt
Does any one has completed Windows Fundamentals 2 I am stuck on one question can anyone help me
I didn't find any writeup so
light crystal
@sour cobalt #859514456107515904
There's a tool tab in System Config panel. Click on that. Then look for the first tool there. Try launching that?
sour cobalt
I have tried that. It is not working @light crystal
odd quest
I have tried that. It is not working <@!735453165629079562>
This is not a room help channel, please use #room-hints, #room-help, or #859514456107515904
azure widget
frank plover
Tldr; uses Vim to take notes and pushes to gitlab for study as well as ease of writing report. Reports are made through a script and exported to PDF
Also has a script that zips everything for OSCP exam submission into a 7zip format
prisma bison
Imagine not being able to exit your text editor without turning your computer off!
spiral zodiac
imagine using nano
noble tangle
For those familiar with MITRE's ATT&CK framework, and those in blue teaming, MITTRE has published a new framework for defenders called D3FEND, which could prove fruitful for all of you: https://d3fend.mitre.org/
noble tangle
imagine using nano <:blobknife:689626579600801822>
but I love nano โค๏ธ
crimson thunder
nano is great. you have to use something until you learn how to use vim
spiral zodiac
eww ๐คฎ
crimson thunder
good to see you ma1 ๐
spiral zodiac
Hi.
frank plover
imagine getting stuck in vi the first time using Linux and having to reboot the machine to get out of it
unreal hollow
vi man - how to exit, turn off machine or just try :q
flint bison
Imagine not being able to exit your text editor without turning your computer of...
Exchange your vim! Save yourselves before it's too late!
light crystal
*imagine getting stuck in vi the first time using Linux and having to reboot the...
i closed my terminal.....i was root.....
glacial gazelle
:! kill -9 $(ps aux | grep "vim " | grep -v "grep" | awk '{print $2}')```is my go-to
dark mortar
20 GB of free cloud storage ๐ Enjoy ๐
vast mountain
The Russian roulette one 
upper field
Can someone delete this message? ^ It's a scam link
sturdy shell
got it (:
fast wraith
new nostarch release by Vickie Li on BB just came to early access
https://nostarch.com/bug-bounty-bootcamp
gleaming sapphire
where can i learn about more about the process of setting up a p2p application
flint bison
https://github.com/hakluke/how-to-exit-vim <:blobfingerguns:658062473617866753>
Abstinence method seems reasonable
proud quest
Any Good Resources For Learning Privilege Escalation for beginners?
flint bison
Any Good Resources For Learning Privilege Escalation for beginners?
There are a number of rooms in the beginner path that touch on different aspects of this
proud quest
Apart from that?
flint bison
I've seen some udemy courses on it as well, but haven't personally used them
night ether
thecybermentor and tib3rius both have courses on privesc but they are paid
proud quest
Any good blogs?
spiral zodiac
Abstinence method seems reasonable
nano will never be/never has been greater than vim, besides Pars isn't active anymore. ๐
He was the greatest follower of nano, with him gone, there can be no resistance.
night holly
wait pars is gone?
unreal hollow
nano will never be/never has been greater than vim, besides Pars isn't active an...
nano to rule them all, the one editor
fickle mulch
nano to rule them all, the one editor
fast wraith
Ali Hadi published his exploitation course he teaches at Champlain College
https://exploitation.ashemery.com/
sand parcel
any recs on ctf/htb streamers that are live on some kind of regular basis?
shut ferry
hi somebody has a COVID-19 test samples
prisma bison
hi somebody has a COVID-19 test samples
Hey! Iโm not sure youโre in the right place :)
sonic abyss
hi somebody has a COVID-19 test samples
If your from the UK, you can normally get it from the NHS ๐
tepid patio
hi somebody has a COVID-19 test samples
If you mean a dataset of covid stuff you can find, like infections rate etc the UK government published that
fast wraith
had a bit of an "aha" moment recently when reading up on the difference between exporting variables and direct assignment in bash, i.e., export ip=10.10.10.10 vs ip=10.10.10.10
exporting a variable applies to sub-shells spawned from the current one, so for tmux users, just export the machine IP before you start tmux, and then you don't have to constantly retype it
glad hazel
What is the difference?
night ether
What is the difference?
export allows the variabl to be accessed via sub proscesses, whereas a=b doesnt
indigo pike
Makes sense.
short sleet
lavish rune
There are a variety of courses here and some are 'Pay What You Can' :https://wildwesthackinfest.com/training-schedule/
fast wraith
Windows Forensics Bsides workshop by Ali Hadi is going on rn
https://youtu.be/9DafPi5fFUQ
upper cloud
Giveaway By David Bombal:
spiral zodiac
sonic abyss
oh lordy
fast wraith
well this is pretty cool
https://docs.microsoft.com/en-us/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-worldwide
spiral zodiac
Did someone delete my message? ๐ง don't remember what I posted
I'd really like to know why it was deleted
and who deleted it
next time pls tell me why you deleted my message, so I can protest properly.
Ooh think it was the blueteams thing I posted
did you remove because its competition? 
peak leaf
BTLO? 
shut ferry
I had the time to save it anyway 
proven agate
fringe spire
Ooh think it was the blueteams thing I posted <:blobknife:689626579600801822>
What was that? DM if it was something useful ๐
shut ferry
Ooh think it was the blueteams thing I posted <:blobknife:689626579600801822>
What was that...if you can DM ๐ ๐
gentle shuttle
Python based brute force tool. Currently implements SSH, but other network services are coming soon. This works faster than hydra (through thorough testing). Highly modular so only new service classes must be added to extend. https://github.com/Cerbrutus-BruteForcer/cerbrutus
calm ermine
@shut ferry
balmy sun
Python based brute force tool. Currently implements SSH, but other network servi...
wait what how
how is it faster than hydra considering python is one of the slowest langs out there
gentle shuttle
๐
Unsure. Hydra may not be written the most efficiently for SSH but on the same number of threads as hydra this runs far quicker.
balmy sun
oh that's pretty weird ig
celest widget
had a bit of an "aha" moment recently when reading up on the difference between ...
Why you use the i3 ?why not use awesome which is more practical?
jagged haven
hmmm, ik it wasnt for me but :v as I use i3 I am quite interested in that awesome :v. Thx for the indirect tip
faint sluice
since people were asking about CISSP https://www.freecodecamp.org/news/get-ready-to-pass-cissp-exam/
peak leaf
Why you use the i3 ?why not use awesome which is more practical?
Wait, how can you tell he's using i3?
spiral zodiac
That's neither i3 or dvwm it's tmux.
peak leaf
Yeah, you can't tell what WM/DE he's using with just cropped screenshot
shut ferry
hi. just asking around if someone has an shodan premium account to borrow
shut ferry
hi does anyone have js resources?
clear hollow
fast wraith
this was the only "focus" app/extension I could find that does exactly what I need and works like a charm
https://www.proginosko.com/leechblock/
odd sinewBOT
Gave +1 Rep to @clear hollow
tepid patio
New tool, something I've been working on for a while. Port Scanner that runs in 0.02 seconds max ๐ https://twitter.com/bee_sec_san/status/1413943153732816902
topaz gulch
New tool, something I've been working on for a while. Port Scanner that runs in ...
Did you just... deprecate your own port scanner?
Oh, I read the tweets. Something tells me this ain't meant for resources ๐
It ain't April Bee smh
tepid patio
Oh, I read the tweets. Something tells me this ain't meant for resources ๐
Yes sadly I was debating whether or not this would be allowed
I don't think it should be
cause uh
what rule was it
only non-serious discussions in #general
shut ferry
heyyy! I was not aware that 'The Linux Command Line' by William Shotts is available for free in pdf format on CC license. It is an excellent intro to linux, enjoy! http://linuxcommand.org/tlcl.php
shut ferry
New tool, something I've been working on for a while. Port Scanner that runs in ...
this seems like a port scanner with some spicy outputs on every scan ๐
tepid patio
You can ama me super technical questions about the security infra if ya want https://twitter.com/bee_sec_san/status/1414542661252419588?s=20
lavish rune
SANS GIAC Python 3 Cheat Sheet
haughty kernel
Does anyone have some good C resources?
haughty kernel
<@!273490268916023297>
Thank you :)
odd sinewBOT
Gave +1 Rep to @light crystal
languid parcel
anyone got any good resources that teach Bash Scripting effectively and detailed?
light crystal
The bash Guide: A good guide to get you into the bash scripting
https://guide.bash.academy/
Resources to learn more about Bash Scripting:
Tutorials Point: https://www.tutorialspoint.com/unix/shell_scripting.htm
CodeAcademy: https://www.codecademy.com/learn/bash-scripting/modules/bash-scripting
Example Templates for writing your own Bash Scripts:
https://betterdev.blog/minimal-safe-bash-script-template/
https://github.com/ralish/bash-script-template
languid parcel
you sir
are aamazing
*amazing
thank you
because I'm great with utilizing Linux but when it comes to scripting in sh, i'm just baffled lol
light crystal
because I'm great with utilizing Linux but when it comes to scripting in sh, i'm...
linux+ right ๐
languid parcel
idk what it is, coding intimidates me lol
light crystal
lol
sonic abyss
Hi everyone, I've updated my osint challenges & aded a few more - checkout pins to see the list 
light crystal
@sonic abyss thanks for tellin that, now amma edit my reosurces link ๐
odd sinewBOT
Gave +1 Rep to @sonic abyss
small bramble
If anyone is stuck on how to copy text to clipboard in tmux , feel free to follow this link. Works perfectly.
https://spektro.xyz/2021/03/17/tmux-how-to-copy-to-clipboard/
brave elk
Any good tips or programs that help you document your steps when hacking?
night ether
Any good tips or programs that help you document your steps when hacking?
ippsec has recently started documenting his hacking live on video, if you check some of his recent videos
fast wraith
Any good tips or programs that help you document your steps when hacking?
the script command; it logs stdin and stdout for the terminal session - if you specify a timing log file you can also replay your session later
brave elk
the `script` command; it logs stdin and stdout for the terminal session - if you...
Oh nice. I did not know that. Will definitely have to utilize that. Appreciate it
brave elk
ippsec has recently started documenting his hacking live on video, if you check ...
Thanks I will check it out. He is on YouTube?
odd sinewBOT
Gave +1 Rep to @night ether
light crystal
Thanks I will check it out. He is on YouTube?
yea, ippsec on youtube
light crystal
the `script` command; it logs stdin and stdout for the terminal session - if you...
WOOW, THANKS A LOT, i didnt know that1
odd sinewBOT
Gave +1 Rep to @fast wraith
remote wind
Thnx for sharing, looks very nice
shadow zenith
Good morning people! I'm developing a new tool to automate pentesting through a visual interface, which allows to create "recipes". It is still a bit green but its development is active. I encourage you to leave a star if you like it and any comments on what to improve or what to implement in the near future.
The tool in question is this: https://github.com/cosasdepuma/Masterchef
In the cookbook directory you have some recipes already created to play with. Best regards and keep on being hack!
tepid patio
Good morning people! I'm developing a new tool to automate pentesting through a ...
this is super cool, shared on twitter ๐
oblique forge
Not sure if this has been posted before but: https://samsclass.info/
This man is brilliant and has free lectures out the wazoo
placid wadi
sonic abyss
shadow zenith
this is super cool, shared on twitter ๐
Thank u so much ๐
odd sinewBOT
Gave +1 Rep to @tepid patio
kind matrix
any room or any online resources for learning aws pentesting?
kind matrix
thanks buddy : )
light crystal
+rep @remote wind
odd sinewBOT
Gave +1 Rep to @remote wind
zealous void
Any free courses for python with penetration testing?
craggy onyx
Yo Jake! ๐
zealous void
https://samsclass.info/124/VP2020.htm
Thank you!
odd sinewBOT
Gave +1 Rep to @fast wraith
gray sparrow
Good day everyone. Any resource of Application testing, reviews of the tested application, and solution to the tested application
bitter ember
what is the correct path after pre learning
tired bison
After beginner pathway, you can aim for offensive security if that's what you're interested in. It's not really a stepping stone of 1,2,3. I prefer blue team a bit more so I'm pursuing the defense pathway after beginner (or rather at the same time now)
There's also "web fundamentals" if that interests you
flint bison
The pentest+ is also a good one to do after the beginner path. It has a lot of overlap with beginner path, so you can finish the pen+ path fairly quickly/easily (it's like 10 extra rooms).
shrewd ginkgo
I made a little script that helps moving from Notion to Trilium. It tidies up the filenames after exporting from Notion
https://github.com/TuxTheXplorer/Notion2Trilium
shrewd ginkgo
Also, this plugin is awesome for Trilium. It can kind of be used to replicate databases from notion: https://github.com/mabeyj/trilium-collection-views
ancient gale
Hi all, can anyone please donate me a subscription/one month voucher for me to learn in THM.
Thanks in advance!!
prisma bison
Hey!
This isn't the right chat to ask.
I would recommend waiting for a giveaway to happen because you've asked a couple of times now:)
tepid inlet
can anyone provide resources for powershell scripting which can be used to automate certain tasks?
balmy merlin
tepid inlet
thanks
uncut ether
Wrote a little something to hijack your webcam feeds and replace it with a pre-recorded video. Happy Meetings people xD
https://twitter.com/whokilleddb/status/1417144636787675139?s=19
sonic abyss
Haha that's pretty cool
uncut ether
Things I do to get off classes 
tardy kindle
Does anyone know good youtube channels that cover mostly red teaming?
tepid inlet
if you're given to write an assembly program which takes 2 command line arguement,then calculate the sum of these arguments and print the result,how would you write this code?
uncut ether
if you're given to write an assembly program which takes 2 command line arguemen...
https://stackoverflow.com/questions/52859172/how-to-read-command-line-arguments-in-assembly-language
tepid inlet
https://stackoverflow.com/questions/52859172/how-to-read-command-line-arguments-...
i have one more question,what does this 'h' represents after the number,i have seen this many times, like 1h,2h or 21h
uncut ether
It means hexadecimal
tepid inlet
suppose in assembly language,we are writing
mov bl,[rsi]
where rsi register contains a string,then what will be stored in bl
pine blade
suppose in assembly language,we are writing
mov bl,[rsi]
where rsi register con...
This just takes the byte that rsi points to and stores it in the lower byte of the ebx register
Suppose rsi contains the value 0xdeadbeef it will treat that value as an address, dereference it and store that byte in the lower portion of ebx
tepid inlet
thanks
str_to_int:
xor rax,rax
mov rcx,10
next:
cmp [rsi],byte 0
je return_str
mov bl,[rsi]
sub bl,48
mul rcx
add rax,rbx
inc rsi
jmp next
return_str:
ret
can somebody explain me this,the main problem I'm facing is from the line 'mul rcx'
pine blade
str_to_int:
xor rax,rax
mov rcx,10
next:
...
mul just multiplies the operand by the value in ax and stores it in ax since rax is 0 and doesn't change this will always result in ax being 0
In short that mul is negligible
Oh wait sorry I read that too fast and forgot the add rax, rbx
This looks okay at first glance what error are you getting?
tepid inlet
no no,this is from a blog post i was reading,the writer must have written it correctly so i guess it will return no error
tepid inlet
`mul` just multiplies the operand by the value in `ax` and stores it in `ax` sin...
here my question is why the mul is multiplying rcx with the rax register,and not with any other register
pine blade
here my question is why the mul is multiplying rcx with the rax register,and not...
Are you asking why it's multiplying rcx specifically and not any other register or are you asking why mul multiplies the operand by ax and not any other register?
tepid inlet
Are you asking why it's multiplying `rcx` specifically and not any other registe...
latter one
pine blade
Oh that's just the way x86 works
tepid inlet
thanks for clearing my doubt
pine blade
Yeah it was originally designed with 32 bit registers in mind so that if you multiply 2 32 bit values you can get the resulting 64 bit value from eax and edx now that 64 bit is a thing and SIMD extensions exist it's something that stuck around for backwards compatibility https://www.aldeid.com/wiki/X86-assembly/Instructions/mul
tepid inlet
this is of great help,thanks again
narrow prairie
x86* has a lot of backwards compatibility built in, it's very easy to get confused on what's going on. Boot in Legacy BIOS mode and the system starts in 16 bit real mode, then has to be told to enter 32 bit or even 64 bit modes, low level stuff is a lot of fun, even if it can be a headache.
magic shale
This might prove helpful to some folks struggling to start the sql rooms. https://sqlbolt.com/
tepid inlet
this is a part of an assembly program where r12 contains the number of digits in the string(eg. "123" ,r12=3) and the string is in stack,and we have to output the string,can somebody explain it
print:
;;;; calculate number length
mov rax, 1
mul r12
mov r12, 8
mul r12
mov rdx, rax
;;;; print sum
mov rax, SYS_WRITE
mov rdi, STD_IN
mov rsi, rsp
;; call sys_write
syscall
jmp exit
@tepid inlet #programming is probably the better room for you to be asking these assembly questions
Somewhere in the program, something along the lines of
.data
some_string: db "Hello world!", 0 ; Just some_string
some_string_len equ $-some_string ; Calculate the length of the string
.code
some_function_we_called_somewhere_in_the_program:
mov r12, [some_string_len] ; Move the strings length into r12
push some_string ; Push the memory location of some_string to the stack
jmp print ; goto our print method, it doesn't perform any sort of return itself so assumed a jmp
will be running and that is going to jump into the print function, not 100% as I am not overly familiar with the syscall instruction.
Within this print code;
print:
mov rax, 1 ; Set the rax register to 1
mul r12 ; Multiplies the value of rax by r12, this is 64bit so the result is stored in rax
mov r12, 8 ; r12 is reused for the value 8
mul r12 ; We're now doing rax * 8, this suggests to me that the values on the stack are stored as 64bit values so we have 8 times as many bytes and we reflect this
mov rdx, rax ; We're now storing the result of the multiplication in rdx which is used by the syscall as the length parameter
Hope this sort of helps, just worth noting I'm not 100% on what's actually happening, describing what I see as I can't find any examples online that work in the same way.
fallow tiger
light crystal
light crystal
https://github.com/Aksheet10/Cyber-security-resources added a ton of more resources
tepid inlet
<@!749888005770051634> <#785620917073608704> is probably the better room for yo...
thanks,i have some more doubts though,which I'll ask in the programming room
craggy onyx
tepid inlet
can someone provide the resources for learning assembly lang for cybersecurity
shut ferry
These books are pretty good, and they are all free ๐
shut ferry
can someone provide the resources for learning assembly lang for cybersecurity
IntroX86 :- https://www.opensecuritytraining.info/IntroX86.html
ARM Assembly :- https://azeria-labs.com/writing-arm-assembly-part-1/
Art of Assembly (Book) :- https://nostarch.com/assembly2.htm
idk if any of these are good enough, but I hope this will be some help at least.
glacial ferry
any good mind maps for enumeration part? like a checklist thing
There is one which is owasp checklist iirc u can get is somewere in peh course
fast wraith
@night ether I remember you mentioned you had some exp with OSSIM -- currently playing around with a deployment because the ELK stack in SO is constantly dying on me, got any good resources for OSSIM besides what AT&T has out already?
light crystal
remote wind
Nice
night ether
<@!180392440945967104> I remember you mentioned you had some exp with OSSIM -- c...
i donโt iโm afraid ๐ฅบ we only had internal videos which i no longer have access to
open knoll
Guy anyone have good resources for learning phishing ?
odd quest
Why do you want to learn phishing?
storm ether
Guy anyone have good resources for learning phishing ?
You'll be hard pushed to find resources on it as it's the type of thing you only learn once you are in a position to learn it on the job
open knoll
Why do you want to learn phishing?
Why not it's a big topic in cybersecurity , and what make me think about it ,yesterday i did see cybermentor put a new course about phishing
odd quest
It's generally unethical
open knoll
You'll be hard pushed to find resources on it as it's the type of thing you only...
Yes
open knoll
It's generally unethical
True
odd quest
So we ask that you avoid discussing it here, under rule 9
young jacinth
https://skillsforall.com/
Awesome! Thanks for sharing!
odd sinewBOT
Gave +1 Rep to @glacial gazelle
fickle mulch
I have read that, some company asks for phishing campaign to increase awareness among employees. So learning about phishing, social engineering is a good skill for job, I think
shut ferry
Great examples to help with sed. I used one right now to filter a huge wordlist. 10/10
bronze flint
Great examples to help with sed. I used one right now to filter a huge wordlist....
I used awk today to filter rock you. Iโm not sure how it works but it worked great haha
burnt knot
Any tips on longer in depth articles/reports on ransomware? Maybe something that covers various strains and how they differ
fading edge
I'm just getting started with hacking and wanted to know if I should dual boot my system with parrot, since I mainly work on win. Also is there a better alternative to parrot or it works fine?
fossil vector
Dual boot was fun in the 90's but today you should just use virtual machines.
And it doesn't really matter which distro you pick as long as you're comfortable using it. Whether it's plain Ubuntu or Parrot or Kali etc.
You can even do most things on Windows using WSL
fading edge
Thanks @fossil vector
odd sinewBOT
Gave +1 Rep to @fossil vector
fading edge
Will do that.
fast iron
prisma bison
Want to explain the link you dropped? :) @fast iron
fast iron
Cool Threat Intel Company website. Shows you a solution call "CleanINTERNET"
sandbox it if you want to check it out or dont trust it
unborn badger
prisma bison
sandbox it if you want to check it out or dont trust it
You seem to be throwing this โSandboxโ term around.
I was more hinting towards that fact that you dropped a resource without an explanation. Usually people tell what theyโre linking, e.g. โCheck out this awesome website where you can watch videos online https://youtube.com โ:)
Wut
There we go
fast iron
You seem to be throwing this โSandboxโ term around.
I was more hinting towards ...
๐
night holly
@night ether ^^for nerds like you
light crystal
https://www.youtube.com/watch?v=nwbQE4mvJRo 2 mroe courses in the video
vast mountain
Oh, sorry. It was showing free for me with that link, but I guess it's because I accessed through a different link
craggy onyx
Udemy, 100% off. What could go wrong. ๐
lavish rune
This is a very useful blog: https://jhalon.github.io/becoming-a-pentester/
glacial ferry
^_^
shut ferry
it's free for now at least ๐
Thx man you doing gods work I can know finally hack the NSA (National Shitty Assholes)
odd sinewBOT
Gave +1 Rep to @frigid perch
fossil vector
https://www.virustotal.com/wargame/ for anybody that wants to brush up their VT (Enterprise) skills
shut ferry
https://www.linkedin.com/posts/mrooppss_security-career-training-activity-6825399853309317120-_uUp
another bug bounty guide for beginners ๐ถ
I've read countless beginner guides and still can't stop.
I'm tired of reading them. they are just like tutorial hell ๐
all of these guides talk so heavily about prerequisites. basically, reading too many beginner guides sucks
sonic abyss
so...are you recommending it or not?
craggy onyx
all of these guides talk so heavily about prerequisites. basically, reading too ...
Prerequisites are fundamental and when trying to skip (or skim) them it leaves skill and knowledge gaps that will impact the skillset required to be successful. It's perfectly normal to be eager to start Bug Hunting straight away, but that will be very hard without understanding the fundamentals. ๐
shut ferry
I understand that. It's just that I am a type of person who wants to apply whatever I learnt right away.
For example, when you learn to program, you code along with the book. Applying things right away helps to keep you motivated and you remember more.
On the other side, fundamentals like OSI model is theory, you can't apply it immediately anywhere.
I'm not saying that theory is bad. Infact, it comes before practical, but consuming lot of theory frustrates me a bit.
Honestly, I was burnt out at that time
I'll take a day off and then get back to track
Thank you @craggy onyx ๐
odd sinewBOT
Gave +1 Rep to @craggy onyx
jagged tiger
Computers are one of the most complex things humans have invented; getting frustrated is a normal part of the educational experience, whether that education is practical or theoretical. A large part of learning to be successful is getting used to your own sense of failure of frustration and not allowing that to be the ultimate stopping point.
shut ferry
Computers are one of the most complex things humans have invented; getting frust...
It took me 15 mins to really understand your last line ๐
.
I wouldn't give up this easily anyways.
Thank you ๐
Sometimes, lectures help ๐
odd sinewBOT
Gave +1 Rep to @jagged tiger
craggy onyx
I understand that. It's just that I am a type of person who wants to apply whate...
Applied learning is a great way to go. ๐ With fundamentals I mean learning networking, security principles (and how they are implemented), foundational technology stacks. TryHackMe tries to do this learn+apply (hands-on exercises) through learning paths, which are made of multiple modules, which in turn include multiple rooms. ๐
fossil vector
doing bug bounties without the fundamentals is like being a surgeon without having taken med school
you can still cut people up, but it won't be nearly as effective
and its much more rewarding if you know what you're doing
hoary ridge
@odd quest
topaz gulch
Computers are one of the most complex things humans have invented; getting frust...
One of?
My CHAOS lecturer in first year of uni told us that the computer was the most complex thing we have ever created -- closely followed by operating systems.
I'm inclined to agree
odd quest
<@!252418040388517888>
I am indeed a wonderful resource, thank you for the nomination.
night holly
James fr why can I not add reactions to your messages ๐
hybrid oyster
Hey guys is there anyway to download Wordlist.zip from the attack bot ?
flint bison
One of? <:kekw:658061932577816606>
My CHAOS lecturer in first year of uni told ...
I've heard it said that the power grid is one of the most complex machines ever built
azure widget
light crystal
mind if i dm?
uncut ether
To anyone from India who's under 25 and could use a grant of 50k, do check this out:
https://twitter.com/paraschopra/status/1419655988500566019?s=20
Twitter
limber oak
Hello ๐. Which cybersecurity framework is best for study. ???
rotund summit
Hello ๐. Which cybersecurity framework is best for study. ???
Cybersecurity framework for what?
Kinda like saying you want to be good in a sport, but not specifying which one.
fossil vector
security frameworks arent made for being study-able, what is your real question?
shut ferry
Twitter
uncut ether
If anybody is from US and can use a grant, check this out
http://justinmares.com/apply-for-an-trajectory-change-grant/
lavish rune
This looks like an interesting Course: Enterprise Attacker Emulation and C2 Implant Development w/ Joff Thyer โ (16 Hours) : https://wildwesthackinfest.com/antisyphon//enterprise-attacker-emulation-and-c2-implant-development-w-joff-thyer/
upper field
50% off of https://academy.tcm-sec.com/ with code 50OFFSITEWIDE
lavish rune
Soo tempting! I have Windows escalation and PEH. I must resist and maximise THM instead.
upper field
Soo tempting! I have Windows escalation and PEH. I must resist and maximise THM ...
๐
glacial ferry
hey visit this site https://leanpub.com/ and search PowerShell 101 Mike F Robbins if someone want to learn about powershell and also this site have tons of ebooks u can buy em at what ever price u want 0$ or 1$ u can choose among them
velvet thicket
guys i'm creating a github repo with reviews on tryhackme rooms to help beginners decide what rooms to do
hope this may be useful
fast wraith
good write-up from CISA on the most exploited vulns in the past year
https://us-cert.cisa.gov/ncas/alerts/aa21-209a
shut ferry
hi guys I was wondering what your thoughts or experiences are from The Cyber mentor. I just read his vlog on how he started and it inspired me. I was curious if one of you tried some of his courses. and my final question is what are the best tips/resources for beginners to keep learning, aside from THM and books? thanks for reading!
unreal hollow
I think some of the community have used some of his videos to help study for Comptia exams and seen positive results
shut ferry
I think some of the community have used some of his videos to help study for Com...
yeah I've seen only good comments from his courses. I also saw he worked on like a X-mas theme room from THM if I'm correct
unreal hollow
Advent of Cyber 2
fast wraith
hi guys I was wondering what your thoughts or experiences are from The Cyber men...
Tried his courses and have personally interacted with him a few times; always have had a positive experience with him - his courses are great, really competitive pricing
as far as tips to keep learning, just consume infosec things 24/7; blogs, podcasts, talks, workshops
a good litmus test for a base level of knowledge is a solid understanding of everything here https://github.com/DFIRmadness/5pillars/blob/master/5-Pillars.md
shut ferry
Tried his courses and have personally interacted with him a few times; always ha...
thanks for the reply. I'll check out the article later thanks for that. I really like the Darknet Diaries Podcast one of my favorites. other suggestions are welcome. just trying to keep consuming and learning got it. Did you do some of his exam programs as well? yeah and he often offers discount so you can't go wrong with that. Are there some similar communities like this you would recommend?
odd sinewBOT
Gave +1 Rep to @fast wraith
fast wraith
my regular infosec podcast listens are;
cyberwire daily
SANS internet storm center stormcast
smashing security
recorded future
hacker valley studio
naked security
unsupervised learning
Im due to take TCM's PNPT exam sometime in the next 3 months, it's not a very beginner-friendly exam though
as for other communities; HackTheBox, John Hammond and TCM are probably the most active -- you can also meet some good folk if you regularly do CTFs and join those temp servers, you'll see the same people around a lot
shut ferry
as far as tips to keep learning, just consume infosec things 24/7; blogs, podcas...
I am stealing you this, thank you for sharing 
odd sinewBOT
Gave +1 Rep to @fast wraith
shut ferry
my regular infosec podcast listens are;
```
cyberwire daily
SANS internet stor...
thanks for the podcasts gonna check that out! ๐ . Yeah I'm at the very beginning fase so TCM's are probably not for now I guess. it's cool to know that there's like a community vibe that's really awesome. Goodluck with your exams though wish you all the best! and thanks again for the responses! ๐
odd sinewBOT
Gave +1 Rep to @fast wraith
fossil vector
Completely beginner
Have you found some with google? It's not that hard to find ;)
light crystal
Any resource rec for Android pentesting?
https://hackerstop.org/mobilepentesting have a check here
fickle mulch
Have you found some with google? It's not that hard to find ;)
Google helps. But sometime, expert suggestion from a community, helps better.
(I have suffered a lot . Just sharing my experience)
uncut ether
Free CCNA training :
https://www.udemy.com/course/complete-ccna-master-class/?couponCode=FREECCNA
light crystal
@uncut ether
uncut ether
Aah it expired :(
light crystal
dayum
light crystal
Aah it expired :(
np lol thanks for sharin ghto
odd sinewBOT
Gave +1 Rep to @uncut ether
uncut ether
I'll keep sharing resources :D
light crystal
:)
light crystal
weird
wet willow
Free CCNA training :
https://www.udemy.com/course/complete-ccna-master-class/?co...
Enrolled, thank you very much.
odd sinewBOT
Gave +1 Rep to @uncut ether
light crystal
Enrolled, thank you very much.
how all of u are able to access but not me ๐ค
light crystal
yea :((
shut ferry
||give me a blank account I'll get it for you 
||
light crystal
dont hav
shut ferry
Install a free one like Windscribe or ProtonVPN just one time to buy the course, I think it'll work
wet willow
I accessed from the UK, and had no trouble enrolling.
dawn oak
Have you found some with google? It's not that hard to find ;)
Yeah i tried
I got courses and stuff
But what i meant while asking was a Platform like tryhackme or something
dawn oak
https://hackerstop.org/mobilepentesting have a check here
Thank you, appreciate it
odd sinewBOT
Gave +1 Rep to @light crystal
fossil vector
Yeah i tried
I got courses and stuff
But what i meant while asking was a Platfor...
https://github.com/xtiankisutsa/awesome-mobile-CTF could be a good start
definitely not all beginner ones, but I'm sure it also has those listed there
dawn oak
definitely not all beginner ones, but I'm sure it also has those listed there
Thanks โ๐ป๐๐ฟ
fossil vector
shut ferry
Has anyone got some useful resources concerning JS in a CTF's perspective ? I need to sharpen my web skill and when it comes to js I'm getting stuck easily, thanks 
azure widget
I wouldnt focus on it in a CTF perspective
just focus on JS in general
Its generally not recommended to learn something for a specific purpose if you do not know the underlying basics first
shut ferry
Yes I'm aware but the thing is I don't very know where to start exactly because when some JS "tricks" needed appear I'm like " What am I supposed to do / search for ? " so I'm kinda lost
My general web skills are still good but JS is one of my biggest knowledge gap
odd quest
Why would you want that?
brisk flare
My team needs a UI/UX designer to join us in a competition project by IBM #callforcode. Private chat me if you are in
odd quest
If you're having to use proxies for web scraping, you're not scraping ethically
azure widget
Yes I'm aware but the thing is I don't very know where to start exactly because ...
start from the very beginning
Codecademy offers some good solutions
also teamtreehouse
sololearn
freecodecamp
etc
shut ferry
start from the very beginning
Alright I will do it that way and look for additional stuff, thank you
odd sinewBOT
Gave +1 Rep to @azure widget
wet willow
Yes I'm aware but the thing is I don't very know where to start exactly because ...
I duplicate the suggestion of FreeCodeCamp.
I'd suggest: CodeCademy JS course for beginning fundamentals and syntax > FreeCodeCamp.org JS pathway for improving those skills and learning to understand data structures, algorithms and approaching solutions for your problems in JS, and once you've finished that, if you've still got the bite, publications like "HeadFirst Javascript" or sites like "Eloquent Javascript" or "Modern Javascript" to continue learning.
From there, if it's something you enjoy, you can branch out into things like Udemy Courses, Pluralsight, and always be supplementing with youtube videos, lectures, white papers, blogs etc as with all other learning.
Hope that helps. Feel free to fire any questions you have my way if you like (JS is my domain lol).
wet spruce
https://www.w3schools.com/ create place to learn how to code .
shut ferry
I duplicate the suggestion of FreeCodeCamp.
I'd suggest: CodeCademy JS cours...
Thank you a lot for your recommendations, I will look for CodeAcademy and the others, I think Cry and you gave me enough to start my journey with Js, thanks again 
odd sinewBOT
Gave +1 Rep to @wet willow
shut ferry
<@456226577798135808>
Oh thank you too, I'm saving that aswell
odd sinewBOT
Gave +1 Rep to @sonic abyss
sonic abyss
Can highly recommend the former
tall vale
wet willow
Thank you a lot for your recommendations, I will look for CodeAcademy and the ot...
Awesome, very glad to help!
shut ferry
zinc cipher
fossil vector
In case anybody wants some movie tips: https://hackermovie.club/
wet willow
I've seen quite a few of those, but got some more to add to the list now, thank you!
full vapor
In case anybody wants some movie tips: https://hackermovie.club/
That's the best thing you've ever said
Thank you highly for that, always wanted a list like that
shut ferry
Hi guys I feel like I could use some extra resources for networking. I'm quite struggling on the THM networking fundamentals and need more information to understand it. Saw a course from David Bombal about it. Has anyone tried his course out? If so what's your thoughts about it? Thanks in advance!
unreal hollow
Hi guys I feel like I could use some extra resources for networking. I'm quite s...
look for resources around the Comptia Net+ exam, it teaches basic networking
shut ferry
look for resources around the Comptia Net+ exam, it teaches basic networking
thanks for the tip! gonna look at it!
odd sinewBOT
Gave +1 Rep to @unreal hollow
shut ferry
Hello guys, is there any who knows any free means to install kali on m1 appl?
autumn schooner
autumn schooner
Yeah @shut ferry it's prob not in a mature state yet
craggy onyx
VMware is in beta for M1. Has been looking promising since May 2021. It will run Kali with no problem.
hoary ridge
A nice recent podcast with a couple of episodes available. https://securitycryptographywhatever.buzzsprout.com
shut ferry
A nice recent podcast with a couple of episodes available. https://securitycrypt...
Thank you for that
odd sinewBOT
Gave +1 Rep to @hoary ridge
shut ferry
A very good website about Active Directory Security, Attack/Defense, Resources and so on, check it out
glacial ferry
ngl its a good site
shut ferry
For anyone interested in computer history, maybe a bit old but still valuable
young jacinth
For anyone interested in computer history, maybe a bit old but still valuable
...
Great collection, thanks for sharing!
odd sinewBOT
Gave +1 Rep to @spare finch
shut ferry
Great collection, thanks for sharing!
You're welcome 
north ginkgo
Iโm discovering my understanding of windows is not what it used to be and powershell is basically a foreign language. Does anyone have a preferred resource to brush up on powershell and windows internals? I plan on doing the one powershell room I see on THM, but I could use some more resources. Thanks!
wet willow
Iโm discovering my understanding of windows is not what it used to be and powers...
This was a resource provided further up by another member:
https://discordapp.com/channels/521382216299839518/554713196804440101/870263495797657610
north ginkgo
This was a resource provided further up by another member:
https://discordapp....
Thanks! Idk how I missed that when I was searching earlier
odd sinewBOT
Gave +1 Rep to @wet willow
wet willow
Thanks! Idk how I missed that when I was searching earlier
Quite alright, I only know as powershell is something I needed to pick up too, so was happy to see it ๐ .
young jacinth
Iโm discovering my understanding of windows is not what it used to be and powers...
A few more resources courtesy of Microsoft:
https://github.com/PowerShell/PowerShell/tree/master/docs/learning-powershell
north ginkgo
A few more resources courtesy of Microsoft:
https://github.com/PowerShell/Powe...
Fantastic! Thanks so much.
odd sinewBOT
Gave +1 Rep to @young jacinth
glacial gazelle
Iโm discovering my understanding of windows is not what it used to be and powers...
Grimmie's intro and UnderTheWire are a good place to learn it I found
let me get you the link for Grimmie's guide
glacial ferry
This is an awesome one to get started
serene fossil
I'm working on Pentest+, anyone have any tips on how I can learn the basics of Ruby and Powershell in a short amount of time? I don't need to be an expert just that I can read it a bit. And recognize the differences between Python, powershell, Ruby and bash.
wet willow
Try CodeCademy for beginners Ruby syntax, IIRC.
jagged tiger
The syntax among those languages is very, very different. It should be really clear at a glance which is which.
serene fossil
@jagged tiger I've already heard/read from a number of people that they failed the exam because they didn't pay much attention to this topic. That's why I ask this. @wet willow Thx ๐
odd sinewBOT
Gave +1 Rep to @jagged tiger
jagged tiger
<@!447041536807403545> I've already heard/read from a number of people that they...
Implement a script that does the same thing in each of the languages. The differences will be very apparent very quickly.
wet willow
@serene fossil , do you have experience in another language?
flint bison
I'm working on Pentest+, anyone have any tips on how I can learn the basics of R...
When I took the exam, there wasn't any ruby on it, that I can recall. You don't need a ton of knowledge about the different languages. The questions were like "here is a snippet of code, what is it doing?", and the answers were fairly obvious. The snippets of code were small- no more than say 10-20 lines or so
if you're comfortable in at least 1 programming language, you should be able to make a pretty good guess at the syntax and what is happening
wet willow
I ask, as this could be useful, if you have a bit of prior experience.
https://dev.to/christinegaraudy/an-introduction-to-ruby-on-rails-for-javascript-devs-481
serene fossil
@wet willow I have a little experience with python and bash. But I'm no expert in this either.
@flint bison ow ok thx for the info. I think i'm almost ready for the exam. But i lack on the coding part.
odd sinewBOT
Gave +1 Rep to @flint bison
flint bison
basically- know basic syntax, like loops and if/then type blocks
the code snippets I saw were simple things, like port scanners. So it might be something like (I'm oversimplifying here, but you get the idea I hope):
for x in range (1, 255):
ping 127.0.0.x
And the question is something like "what does this code do?" with options being "scan the entire internet", "scan all ports on 127.0.0.1", "ping 255 machines". It wasn't too difficult to throw out the garbage answers
serene fossil
@flint bison Thank you, this gives me some confidence again ๐
odd sinewBOT
Gave +1 Rep to @flint bison
fast wraith
I'm working on Pentest+, anyone have any tips on how I can learn the basics of R...
took the Beta recently, there was only Bash and Python on there and they were very, very simple questions
serene fossil
@fast wraith OK thanks. I'm going to take an exam in a few weeks then (see how it goes)
odd sinewBOT
Gave +1 Rep to @fast wraith
cloud sphinx
Hello everyone!
I'm looking for a cyber war game scenario with vm images. So basically a scenario where the IT staff of a company can divide in blue and red team and then fight over a vulnerable web application. Any recommendation on sites where I could find that?
So basically King of the hill but to download and set up yourself.
glacial gazelle
Hello everyone!
I'm looking for a cyber war game scenario with vm images. So bas...
I've not heard about that before
is it needed to be done locally?
cloud sphinx
I would probably spin up the environment in Azure
fickle mulch
So basically King of the hill but to download and set up yourself.
maybe there is no Download option from THM
glacial gazelle
maybe there is no Download option from THM
there isn't, I believe
hushed estuary
I've not heard about that before
Adversarial CTFs do exist
though it's mostly two opposing systems that both teams must attack and defend simultaneously
glacial gazelle
yeah sorry, I meant freely downloadable VMs for those
I figured people would create their own, but it figures that they'd outsource it to someone
jagged tiger
CTFd might have something you can configure like that? I haven't dived too deep into that rabbit hole yet
autumn schooner
Anyone have a good video that demonstrates what a typical CTF might look like ?
I know john hammond exists but im not a fan of his style
fast wraith
Just tested and it works, very cool!
dark mortar
https://github.com/7Ragnarok7/Wordlist-Duplicates-Remover
Hey guys, Check out my new tool. Advantages of using my tool over sort -u ?? My tool will randomize the output every single time thus increasing the probability to find a match quicker if the original wordlist was sorted. In addition to that, it can also sort the output in ascending or descending order if required just like sort command
dark mortar
Just tested and it works, very cool!
This is crazy!!๐ฅ๐ฅ
bronze flint
anyone have recommendations for best security+ 601 books?
light crystal
what i have heard is darril gibson book and jason dion udemy course or/and proff messor sec+
cobalt canyon
@bronze flint I passed the SY0-501 using the Gibson book. Pretty straightforward style, which was nice.
bronze flint
<@!225280924986638336> I passed the SY0-501 using the Gibson book. Pretty straig...
ah yea ive heard that's really good but i heard it's not that great for 601. i meant to say 601 in my original question haha
cobalt canyon
Oh, I see. Yeah, I mean, the 601 just came out, so it'll probably take some time for people to recommend a "tried and true" book. However, maybe you'll catch some people on here who've already taken it. You're definitely asking in the right place. Good luck :). ๐
bronze flint
thank you! i hope so :)
serene fossil
@bronze flint If you go for the 601, I have another tip for you: p.
Study Professor Messerโs course notes very well.
When I was doing the exam I thought I should have put a little more time into those notes. Those notes are really very useful.
shut ferry
https://github.com/V0ldemrt/Flask-RP-Load-Balancer A flask load balancer I made
analog patio
Can someone point me to good BOF practice resources?
Thanks.
topaz gulch
https://github.com/V0ldemrt/Flask-RP-Load-Balancer A flask load balancer I made
Questions:
- Why does it ignore requests for a favicon?
- Why on earth is it all in a 404 error handler..?
- What's wrong with Nginx..?
- Why is it using a debug WSGI server?
As a general rule you stick WSGI servers behind a reverse proxy anyway, not least for efficiency, so there's no point in making another proxy with a WSGI app
Nice project though ๐
shut ferry
New giveaway from David Bombal
https://www.udemy.com/course/complete-ccnp-enarsi-300-410-master-class/?couponCode=ENARSIFREE8
light crystal
@arctic mist here ^
shut ferry
ARM Assembly, Stack Overflows, Glibc Heap / Heap Exploit tutorials and more ( + Trainings Labs )
shut ferry
Questions:
- Why does it ignore requests for a favicon?
- Why on earth is it a...
Answers:
-
I made it to ignore favicon requests for now only, As I was testing the load balancing with 2 servers and it was sending favicon requests as well, I will be adding favicon functionality
-
Its in a 404 handler so every path and every method is accounted for
-
Nothing wrong really, I just wanted to build a one day build, also nginx is "bloat" as in too many features
-
Its using a debug WSGI server because I will be developing this program more
also I know nginx will perform better in every use case, this project is just a one day build, I switched back to nginx realizing this
topaz gulch
Answers:
- I made it to ignore favicon requests for now only, As I was testing t...
-
Good
-
Most people would do that with:
@app.route("/", defaults={"reqPath":""})
@app.route("/<path:reqPath>")
def route(path):
-
Nginx is the slimline option -- that's literally why it was made. It's also a lot faster than anything written in an interpreted language, which is also part of why you stick Flask apps behind a reverse proxy in the first place
-
Good
shut ferry
- Good
- Most people would do that with:
```python
@app.route("/", defaults={"r...
- Hmm I didnt know that implementation
I know nginx will perform better in every use case, this project is just a one day build, I switched back to nginx realizing this
orchid basin
code expired
sonic abyss
Expired now :(
fossil vector
Answers:
- I made it to ignore favicon requests for now only, As I was testing t...
just because something has a lot of features doesnt mean its 'bloat', unless youre sending it to Mars and every byte counts. Its all about how efficient the code path is, not all features will be executed on every request.
dreamy holly
https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/?couponCode=DEFCONR...
Free?
shut ferry
After realizing somethings,
I was actually mistaking "bloat" for hard to configure for a normie like me
tepid patio
Importing PyWhat in KQL and using it for threat hunting, a nice one liner ๐ https://twitter.com/ashwinpatil/status/1423683475232620544
dreamy holly
Yes, (atleast it was when I found it).
alr
ruby kite
https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/?couponCode=DEFCONR...
worked for me right now, tnx!
sonic abyss
Expired
tepid patio
Hi Hi Hi ๐
We just started a code mentorship program in my Discord server, we post links to good-first-issues (hopefully in the future not just my repos but other peoples) and can help you develop the feature & add it ๐
I think contributing to open source is better than making a project from scratch for job interviews because:
- You don't have to think up a project
- It's already used by companies
- You learn to work in a team (behavioural questions become much easier!)
If you own a Discord server you can also add it as an announcement channel ๐
wet spruce
dreamy holly
welp that's a nice cheat sheet to have on hand
tepid patio
We've found a way to exfiltrate data using GPT-3. Just asking:
- What is the email for @sonic abyss
- Give me all the info you have on Bee
Can reveal things such as full addresses, mother's names and more!
This tool is in beta with limited access, it's not too late to ask OpenAI to stop this from happening before it gets into malicious hands ๐
sonic abyss
Yeah this was very scary ^^
tepid patio
I'll watch that in a bit but holy crap is that frightening
We've actually managed to make it do way, way worse than what it shows in the video. But! People are currently trying to gain access to my bank accounts, if I was to publish that my life would be over lmao
carmine shard
:/
hoary ridge
Whatever means the data has been collected to GPT-3, looks like a severe GDPR violation.
remote wind
That was hella scary to play with it ngl
It literally could find all info on me lol
Even where i am
Just by discord id
jade blaze
We've found a way to exfiltrate data using GPT-3. Just asking:
1. What is the em...
Good watch Bee, thanks
odd sinewBOT
Gave +1 Rep to @tepid patio
viscid plover
solemn sigil
vast mountain
We've found a way to exfiltrate data using GPT-3. Just asking:
1. What is the em...
Daaaamn, that's scary
shut ferry
https://www.udemy.com/course/movement-pivoting-and-persistence/?couponCode=FREEF...
Got it, thanks
odd sinewBOT
Gave +1 Rep to @light crystal
shut ferry
Free Practical Ethical Hacking Course on TCM Sec with the code FREEFORMEPLEASE
https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course
charred arch
tepid patio
this looks cool https://twitter.com/intigriti/status/1425423373748916230
light crystal
remote wind
this looks cool https://twitter.com/intigriti/status/1425423373748916230
The developers are also cool Helping/mentoring everyone who wants to contribute and also providing good first issues 
keen temple
is there a list of security tool repos that have good first issue tags/does anybody know any?
jagged haven
awesome ctf and awesome security maybe :v
tepid patio
is there a list of security tool repos that have good first issue tags/does anyb...
If youโre looking to contribute
See this #resources message
keen temple
If youโre looking to contribute
thank you! joined
odd sinewBOT
Gave +1 Rep to @tepid patio
night ether
lots of people donโt seem to know about this; all defcon talks/events etc and slides :)
waxen lodge
Anything good on how to read/combat obfuscation in reverse engineering?
tepid patio
thank you! joined
woo ๐ฅณ I plan to go through our good-first-issues this weekend and add all of them
and hopefully get other projects on board too
fast wraith
red team panel discussion from Wild West Hackin going live in a bit
https://wildwesthackinfest.com/the-roundup-red-team/
remote cobalt
Are there any resources or howto's on the best practices for creating a VM for a room ?
craggy onyx
Are there any resources or howto's on the best practices for creating a VM for a...
Have a look at these: https://help.tryhackme.com/room-creation ๐
remote cobalt
Thank you for your response. I have read those and didn't see much on creating the actual VM for a room. Do you know if a VM created in VMWare Player is what they are after?
tribal gull
Thank you for your response. I have read those and didn't see much on creating t...
as long as the vm is exported to .ova and is compatible with the platform it should be fine to submit to the room
vmware player should have the function to export to ova
shut ferry
I believe you can only export to .ovf and then convert to .ova with ovftool
But I may be wrong, maybe it have changed since
odd quest
I believe you can only export to .ovf and then convert to .ova with ovftool
With vmware, you can just change the extension when exporting and it exports as OVA
shut ferry
Oh okay I didn't know that, thanks for correcting me
remote cobalt
John Hammond has what I hope will be the walk through on building a VM for TryHackMe rooms that I've been looking for. He uses something called Vagrant to build the VM. I've never heard of it but that is the direction I'm heading right now.
https://www.youtube.com/watch?v=XyEmZUpNVcI&t=268s
wet willow
https://www.youtube.com/watch?v=Wf2eSG3owoA
@hollow depot , this should help you out.
wet willow
John Hammond has what I hope will be the walk through on building a VM for TryHa...
I've used Vagrant before for Laravel stuff, pretty good to use.
hollow depot
thanks @wet willow
odd sinewBOT
Gave +1 Rep to @wet willow
light crystal
https://itmasters.edu.au/free-short-course-pen-testing/ free course and a exam at the end
wet spruce
Great guy who helped me get the skills in I.T Defense.
odd quest
Wreath >>> Udemy
pure heath
glacial gazelle
Wreath >>> Udemy
@odd quest Iโd actually highly recommend this one, one of the gems in the rough
glacial ferry
Wreath >>> Udemy
๐ฏ%
vocal cipher
https://t.co/fBWjEDIc78
Thanks for that though.
odd sinewBOT
Gave +1 Rep to @glacial ferry
night ether
anyone got any resources/courses on how to best utilise burp suite pro and best plugins etc to use?
i know i'm using only about 5% of its capabilities and wanna learn how to properly use it on a pentest (not ctf)
fickle mulch
https://t.co/fBWjEDIc78
Thank you
odd sinewBOT
Gave +1 Rep to @glacial ferry
rotund summit
Wreath >>> Udemy
What is Wreath? I'm just finding that thing people put on their door for Christmas decor lol
Oh is it the THM room?
orchid basin
Yeah
river kelp
dreamy holly
the same offer was there before ig right...
hoary ridge
I think it wasn't, the earlier one was TCMs course.
light crystal
themayors
night ether
https://m.youtube.com/watch?v=ZKGw6AMuqKk
https://m.youtube.com/watch?v=ePiAM4V...
thank you !! :) i've watched tcm's but i'll give the xss rat's a watch now :)
odd sinewBOT
Gave +1 Rep to @simple creek
dense imp
any good Win PrivEsc tutorials that would include tryhackme rooms?
I really liked TCM's Linux PrivEsc
fickle mulch
any good Win PrivEsc tutorials that would include tryhackme rooms?
tib3rious has one course on this....with THM room
dense imp
thanks, will check it out!
shut ferry
Ultimate Ethical Hacking and Penetration Testing on Udemy for free with the code FREESOURCE
https://www.udemy.com/course/ultimate-ethical-hacking/?couponCode=FREESOURCE
Ends in two days
raven bolt
I need some assistance with the OWASP Juice Shop Room.
I am having issues receiving the flag popups after an update
For example when complete the XXS step in Task 7 I do not receive the flag.
I have tried switching browsers, turning off popup blockers, and lowering firewall settings
Are there any other suggestions?
shut ferry
Repost your question in #room-help as this channel is not intended to asking for help
raven bolt
@shut ferry Thank you. I will
odd sinewBOT
Gave +1 Rep to @spare finch
shut ferry
Glad I could help
blazing sentinel
bro can anyone suggest me best hacking course on udemy, there are plenty of em i am soo confused.
jagged haven
nahamsec's one is pretty neat from what I heard
light crystal
@blazing sentinel take the TCM academy MP&P course...its even on udemy but i prefer to take it from the tcm academy
tribal gull
@odd quest ^
craggy onyx
bro can anyone suggest me best hacking course on udemy, there are plenty of em i...
Try a learning path on TryHackMe instead. Hands-on learning is a great way to learn. ๐
fickle mulch
bro can anyone suggest me best hacking course on udemy, there are plenty of em i...
there is nothing "best" . I have completed 20+ course and I can say, some part of a course, could be "best".
Try : tcm and david bombal
Web : xss rat bb guide and nahamsec
terse dome
GET STARTED WITH HACKTHEBOX AND TRYHACKME
https://hacklido.com/blog/403-how-to-start-hackthebox-tryhackme
river pagoda
I am setting up my homelab and dusted off one of my old laptops. I totally forgot the password. Anybody know a tool or a way to get into my windows 10 laptop without rebooting? I dont want to lose any important stuff I didn'
't backup.
cobalt canyon
@river pagoda If you just need data recovery, I think the easiest way would be to boot to a USB drive running Linux or something, and just mount the hard drive and copy the files to a separate USB drive. Alternatively, you can pull the password hashes from the Win system and crack them, assuming your password is easy to crack. Haven't done this myself, but hear that it's another option. E.g. using a Bash Bunny
Actually, if you want to pull the win password hashes and crack them, there's probably an easier option using a Kali USB drive and built-in tools, heheh
river pagoda
@cobalt canyon So put a kali os onto a usb and boot it up on the old laptop? Wow, I was really over-thinking it.
bash bunny. exactly what I was looking for.
cobalt canyon
@river pagoda Exactly. Assuming you can access the boot menu, you should be able to boot to a Kali live USB drive, and copy the data to a separate USB/hard drive. Or, as stated, pull and crack the hashes.
river pagoda
thank you @cobalt canyon ! So if I can use a bootable kali usb.....I can access the Win files from that? Mind Blown.
odd sinewBOT
Gave +1 Rep to @cobalt canyon
river pagoda
If the boot menu isn't an option then what's left?
cobalt canyon
thank you <@!782436936128266260> ! So if I can use a bootable kali usb.....I ca...
Correct. You should have direct access to the files.
The only reason you won't be able to boot into a USB drive is if you maybe set a BIOS/boot password. In that case, you'll have to tackle clearing that first, and then modify the boot order. However, most laptops you can get right to boot menu. E.g. Dell's, press F12 at boot
river pagoda
ok. yes. I didn't do a BIOS pw
cobalt canyon
ok. yes. I didn't do a BIOS pw
Cool, I would start then by looking up the boot menu key for your manufacturer and model of laptop, and then once you've created the Kali USB drive, boot into it.
river pagoda
@cobalt canyon You are awesome. thank you for the back up.
yup prepping now
I'll let you know how it goes
cobalt canyon
<@!782436936128266260> You are awesome. thank you for the back up.
Haha no worries man.
river pagoda
@cobalt canyon need more rep
lol
see you'll later. going on a mission
@cobalt canyon thanks!
cobalt canyon
@river pagoda hahaha, sounds good man. You bet. Hope it goes well. I'm gonna be going to bed it a bit, but let me know how it goes. I'm sure me or other members can provide additional feedback if Google fails you, heheh
jagged tiger
ok. yes. I didn't do a BIOS pw
That's a little overcomplicated. there are tools to direclty manipulate the SAM database that Windows uses for local only accounts. That win10 box is 100% recoverable without wiping if you don't mind just rebooting to a recovery USB
cobalt canyon
oof.... Sorry @jagged tiger . Didn't realize there was a simpler way. Good looking out.
What sort of recovery USB?
jagged tiger
I've always used Hiren's Boot CD.... but there are also linux tools to do the same if you have physical access to the box.
cobalt canyon
Ah, got it. Yeah, I heard that Hiren's is sorta sketch? But hey, if it gets the job done, and no personal data is exfiltrated, whatevs, right?
jagged tiger
Hiren's is just old
cobalt canyon
So Hiren's is better than Kali for this purpose? Is it because you modify the SAM DB directly?
jagged tiger
Last update, from last I checked, was a few years ago... but it still worked as ofo 6 month's ago
cobalt canyon
Good to know. So weird, it seems like Kali would have an option for that sort of thing.... I mean, direct SAM DB modification, that is
jagged tiger
resetting a windows password with linux: https://opensource.com/article/18/3/how-reset-windows-password-linux
Kali might come with ti directly - but usually that's not a thing you'd use on a pentest unless physical access is granted as part of the scope.
cobalt canyon
ah, nice.... could probably get that tool on Kali, eh?
jagged tiger
I've only ever used it as a sysadmin to get into boxes I had physical access to
cobalt canyon
Got it. yeah, well, that's great - @river pagoda that seems to fit the bill for you, better than cracking a password
jagged tiger
It's a part of most of the standard DNF and APT repositories, as far as I know
cobalt canyon
thanks @jagged tiger , that's legit man. I just learned something new
jagged tiger
Note that this technique usually doesn't work for on-prem AD controlled accounts, and it is explicitly denied for accounts managed by Intune and Hybrid AD controllers.
river pagoda
@jagged tiger @cobalt canyon sounds about right. I'm going to have to youtube some of this. I graduated a couple of months ago. It seems like the more I learn, the more I realize how much i don't know.
Thank you for the help! If I find some cool stuff and it works I will keep yall updated
odd sinewBOT
Gave +1 Rep to @jagged tiger
river pagoda
the account is local and I have access. It seems the battery is dead, but lights are still on at least.
cobalt canyon
nice. yeah, battery shouldn't factor in if you have the power adapter, heh
simple juniper
resetting a windows password with linux: https://opensource.com/article/18/3/how...
This method won't work if the disk is encrypted right?
jagged tiger
This method won't work if the disk is encrypted right?
Depends on how the disk is encrypted - there is likely a way to use the stored certificate with a TPM chip, as the decryption takes place prior to BIOS being loaded. If it's a bitlocker encryption, you'll need another tool.
light crystal
can anyone please give me some blogs which yall recommend for learning about win api, dll, threads etc etc etc thanks
simple juniper
Depends on how the disk is encrypted - there is likely a way to use the stored c...
Oh okay ๐ฎ
blazing sentinel
guys i am thinking to buy hacking course on udemy but the prob is there a plenty of em so i am very confused which one to take, can anyone suggest me here..
light crystal
@blazing sentinel there is a course for movement pivoting called MP&P on udemy - but i wont rec to buy it from there
ruby widget
Anyone tried the tsm external pen test course ?
ruby widget
Just noticed how many times he posts discount codes. I'll wait for one of those
autumn schooner
Has anyone ever heard of https://examsdigest.com/membership-account/membership-levels/ ? This is a site that advertises exam vouchers and practice exams for a fee. Just curious if anyone found them useful
gloomy badger
For anyone interested in learning python https://www.udemy.com/course/python-programming-beginner-to-advanced/ apply the coupon code FREEAUG5 and it's free but you have one day to apply for it if interested.
empty cedar
Thx
dreamy holly
doesn't work
plain wagon
doesn't work
That's odd, it just worked for me
dreamy holly
where are you located?
plain wagon
US
dreamy holly
Ig that's why
odd sinewBOT
Gave +1 Rep to @dreamy holly
lusty sorrel
For anyone interested in learning python https://www.udemy.com/course/python-pro...
Worked for me thanks 
bronze flint
For anyone interested in learning python https://www.udemy.com/course/python-pro...
what do u mean one day to apply? the code is only valid for 1 day?
odd sinewBOT
Gave +1 Rep to @gloomy badger
light crystal
post that in #876804968731009055
regal mason
gloomy badger
For anyone interested in learning javascript for free https://www.udemy.com/course/javascript-basics-to-advanced/?couponCode=FREEAUG5 I've applied the code this time so hopefully it works but if not then the coupon code is the same FREEAUG5, I couldn't see how long anyone has to apply the code and enroll but apply it asap so you don't miss out!
fast wraith
new semester of https://pwn.college offered by ASU and open to all starts today
devout coral
if you don't mind what is ASU
remote wind
Arizona State University ig
devout coral
kk
dawn oak
new semester of https://pwn.college offered by ASU and open to all starts today
It does sounds good
shut ferry
Not really a resource but check it out
lavish rune
Not really a resource but check it out
https://www.youtube.com/watch?v=FCjMoPp...
This is a very good video - worth watching.
shut ferry
I particularly liked the "real world" side of the CTF
light crystal
broken burrow
vital pecan
can i replace 48Whr battery with 96Whr in my asus TUF A15 gaming laptop because its battery sucks
odd quest
@vital pecan This is the resources channel
vital pecan
<@!542669569672871936> This is the resources channel
So where can i ask this question ?
serene fossil
@broken burrow the more people the more money for David lol. But its a great channel!
broken burrow
<@!502932851143213067> the more people the more money for David lol. But its a g...
I mean the courses are free and the views give him a little kickback and David's content has helped a lot so...
serene fossil
I mean the courses are free and the views give him a little kickback and David's...
yup its a good channel
rustic forum
Thanks a lot guys for the udemy coupons 
stuck bison
Does anybody have voucher of try hack me ?
glacial gazelle
yeah, he's really generous with giving them out!
wet willow
Does anyone have any of David B.'s courses that go up that are considered "must haves"?
broken burrow
Does anyone have any of David B.'s courses that go up that are considered "must ...
I think I have most of them.
glacial ferry
dawn oak
Any rec for learning forensics and reversing for ctfs?
craggy onyx
Any rec for learning forensics and reversing for ctfs?
Jai Minton's post is valuable: https://www.jaiminton.com/cheatsheet/DFIR/
light crystal
https://github.com/Aksheet10/Cyber-Security-Resources - new link - accidenely deleted the old one 
vast mountain
https://github.com/Aksheet10/Cyber-Security-Resources - new link - accidenely de...
Thanks! I'll fav it again
glacial gazelle
teal kayak
odd sinewBOT
Gave +1 Rep to @craggy onyx
tepid patio
I just like the maths in this ok https://crypto.stackexchange.com/questions/19493/is-there-a-string-thats-hash-is-equal-to-itself
zealous nebula
I just like the maths in this ok https://crypto.stackexchange.com/questions/1949...
I really wanted that answer to be yes, shoot.
tepid patio
I really wanted that answer to be yes, shoot.
It is yes, if the hash function is "random" (like md5, sha-1, sha-256 aim to be"
This does not tell if MD5 has the property that there exists a solution to MD5(x)=x (which would be a 128-bit bitstring x). The best we can say is that it likely holds, with odds about to 63%, but determining if the assertion is true or false is beyond our current computing power (the best method we have is exhaustive search, and if the answer is no it would require 2128 hashes; otherwise it is still likely to require over 2126 hashes, which is beyond reach).
TL:DR it is likely for MD5 but we can't prove it
odd quest
It'd be easier to prove it than disprove it though, which is my favourite type of maths
tepid patio
Proof by contradiction is always so fun
It's like "Ha, you're wrong"
If you hated someone in the world of mathematics it's like slapping them in the face
odd quest
It's like "Ha, you're wrong"
I prefer "Okay, but what about x?"
empty cedar
It'd be easier to prove it than disprove it though, which is my favourite type o...
In this case would n t you take the a lot more effort to disprove rather than to prove? (Just a case that confirms the ipothesis vs some proof that proves there s no solution)
empty cedar
Thanks for asnwering โค๏ธ sorry for the ping
zealous nebula
> This does not tell if MD5 has the property that there exists a solution to MD5...
Iโd say thatโs more of a โmaybeโ lol
wet willow
I'm starting on my notetaking journey, beginning with taking copious notes as I work through PEH. I would really appreciate some constructive criticism and feedback on my note-taking style and recommendations on how to improve, be more visual and generally flow better.
https://www.notion.so/A-Day-in-the-Life-of-an-Ethical-Hacker-d33856b2c9d54f6fac8725d7f9c75ce3
orchid basin
I'm starting on my notetaking journey, beginning with taking copious notes as I ...
Havenโt looked at it, but I think youโre the best judge of whatโs โgood notesโ for you. If you forget a topic and can go back to your notes to remember, theyโre good notes. If you need to go back to the source material, theyโre probably not great.
That being said, you also have to make sure youโre getting all of the relevant content in the notes.
And thatโs my 2 cents
night ether
I'm starting on my notetaking journey, beginning with taking copious notes as I ...
Itโs not public ๐
wet willow
Oh hekk, thanks @night ether ๐ ! (Sorry, haven't used Notion too much yet lmao!).
odd sinewBOT
Gave +1 Rep to @night ether
wet willow
river pagoda
@cobalt canyon @jagged tiger Hey guys, I have an update. I booted into that old laptop using WINPE10_sergei_strelec boot USB (English Version). I also tried the new Hiren's Boot cd. Both of them worked, but the sergei_strelec one is ridiculously awesome. I recommend trying it out. Thank you for helping me out.
Also, when I reset the password and logged in, I was greeted with some malware, adware, viruses, missing files, etc. It looks like someone hacked in and took complete control. He added about 500 firewall rules, had complete persistence, and he even used my laptop for his school/work/Xbox. I checked event viewer and all that stuff, but I still have a lot to learn about incident response and forensics. I'm not sure what I'm looking for exactly, but I might as well use this opportunity to learn some stuff. Anyways, thanks again! I'm psyched...
Does anyone have any good resources/tools/guides on Forensics/Incident Response? I want to figure out the "who, how, what, etc."
odd sinewBOT
Gave +1 Rep to @cobalt canyon
river pagoda
These are the tools I used to boot into my old laptop that I THOUGHT I forgot the password. It turns out it was hacked and they changed the windows login. Either way, I was able to use these to reset the windows password. There are also a million other things you can do with these tools too. Have fun!
Does anyone have any good resources/tools/guides on Forensics/Incident Response?
My old laptop was completely pwned and I want to learn how to figure out what happened, who did it, timeline, and anything I might not even know about! Thanks in advance. This is a really cool opportunity. I'm going to take notes and try to do a write-up afterwards.
cloud coral
Are Nathan House courses on Udemy any good?
river pagoda
@cloud coral He has a best seller and his courses have been at the top of the list for the past year. He also has super high ratings. I haven't taken any of his courses, but I've heard he goes step-by-step and he keeps his courses updated.
If you can wait for the next big Udemy sale, I think the $10 would be really worth it
cloud coral
<@!853643475161841664> He has a best seller and his courses have been at the top...
Oooooh... gotchu.... Thank you!!!!
odd sinewBOT
Gave +1 Rep to @river pagoda
cloud coral
If you can wait for the next big Udemy sale, I think the $10 would be really wor...
I already bought his First and Second courses on a previous sale xD!
river pagoda
Nice. I also load up on udemy courses when they have sales. Have you been through any of them yet?
cloud coral
Nice. I also load up on udemy courses when they have sales. Have you been throug...
Nah... I'll be starting them today... didn't have much time... was busy with school work
I'll let you know how the courses are tho as soon as I start them!!!!
river pagoda
There are some links above for some free Udemy courses. I think one was a python course and the other was a CEH prep course.
absolutely! lmk how it goes! @cloud coral
cloud coral
There are some links above for some free Udemy courses. I think one was a python...
Thank you for letting me know!!! I'll go thru them for sure!!!
cloud coral
absolutely! lmk how it goes! <@!853643475161841664>
yes sir!
cobalt canyon
<@!782436936128266260> <@!447041536807403545> Hey guys, I have an update. I boot...
Wow! Thatโs pretty wild. Iโm learning blue team DFIR skills at the moment actually. THM has a great Cyber Defense path Iโm working on and highly recommend.
south marlin
Something for comlete beginers.
https://www.udemy.com/course/complete-introduction-to-cybersecurity/?couponCode=LEARN2021
warped pulsar
all the books
echo token
some cool books on humblebundle https://www.humblebundle.com/books/unix-linux-books
shut ferry
Something for comlete beginers.
https://www.udemy.com/course/complete-introduct...
thanks for that resource could be handy!
odd sinewBOT
Gave +1 Rep to @south marlin
shut ferry
also did anyone got through David Bombal's networking course?
maiden smelt
I wrote this up because I encountered this during study today, and thugght it would be a good place to wrap thigns up and also teach how to setup home lab with NATed network.
light crystal
THANKS
rugged totem
Hey, all Check out my new video Metasploit in 100 seconds
Metasploit is a famous exploitation framework covered in 100 seconds
https://youtu.be/c-cVCRvdVJ4
wanton jasper
Hello
I need a help
Need a proposal to get my job, got no clue, please someone help... the job details
Cybersecurity Researcher
Our company is looking for Cybersecurity Researcher who will find data breaches affecting companies and prepare reports. Required skills and tools: - Experience with web intelligence gathering & reconnaissance methods and tools - Some information security & modern web security concepts hands-on experience - Experience with web backend technologies, log servers, and modern big data technologies (Elasticsearch, MongoDB) & storage platforms/DBs (Amazon S3, Google Firebase) - Some knowledge and experience with ethical hacking & bug bounties, OWASP top 10, web application security, and common modern backend misconfigurations - Creativity, innovation, self-motivation & learning, curiosity, desire to learn - Good English required - Thorough and attention to details - Organized Description of the tasks for this role: - Finding data breaches affecting companies - Preparing reports on breaches - Helping with cybersecurity research (on the dark web and else) less
My first job, please any help? Yes I believe.
light crystal
id suggest taking this to #infosec-general that might be a helpfull chat
light crystal
@glossy blaze here^
faint sluice
Need a proposal to get my job, got no clue, please someone help... the job detai...
Not to hurt your feelings or not but you should really learn what jobs to apply to and what jobs not. This is not a description for a first job, this is a description for someone with years of experience. Bug bounties don't count. You could certainly apply but I'd say you'd be wasting your time
white pivot
Seems like one of the good conference will be happening soon, more like webinar, plus have some cool people: https://thoughtworks.zoom.us/webinar/register/WN_75ckcpcLTtilbBgDFmOM0w
https://media.discordapp.net/attachments/767375974785613867/880044743449509928/SecConf_Instagram_LinkedIn.jpg?width=1148&height=601
wanton jasper
Not to hurt your feelings or not but you should really learn what jobs to apply ...
Thank you
odd sinewBOT
Gave +1 Rep to @faint sluice
sullen lion
Can anyone post resources here?
night ether
as long as they're verified yes :)
sullen lion
Okay๐
- Cross-Site WebSocket Hijacking (CSWSH vulnerability)
https://infosecwriteups.com/cross-site-websocket-hijacking-cswsh-ce2a6b0747fc - Razer USB gadget on Android for LPE on Windows
https://gist.github.com/tothi
broken burrow
@prisma bison Take a look at this.
patent wave
fast wraith
list of about 2500 possible VID/PIDs that can be spoofed to pull off the latest razer/steelseries priv-esc
https://pastebin.com/k2Hb0bPU
shut ferry
fallow wedge
Okay so I'm at the end of the Pentest+ room and I can make my way through the rooms, but I feel like im seriously lacking a high quality understanding of how active directory works and all the enumeration processes it goes over. Does anyone know if there is a good room or class for active directory? I feel like its such a foundational piece for penetration testing that I need to understand it in detail.
jagged tiger
There has been a lot of chatter recently about learning assembly and on microcontrollers- here is a pretty solid introductory video for PIC ASM and setup: https://www.youtube.com/watch?v=b_SBranD1k4
odd quest
list of about 2500 possible VID/PIDs that can be spoofed to pull off the latest ...
Steelseries was patched Wednesday or so, at least hotfixed
fast wraith
Steelseries was patched Wednesday or so, at least hotfixed
yep i saw someone posted about that, well im sure someone is already fuzzing this list as we speak - would this driver issue be up to every single vendor to fix? i bet some on that list dont even exist anymore
odd quest
yep i saw someone posted about that, well im sure someone is already fuzzing thi...
So the current fix that SteelSeries has applied just prevents Windows downloading any drivers for the mice
It's a hotfix really
The drivers, according to MS, aren't meant to be interactive at all
wanton whale
Jai Minton's post is valuable: https://www.jaiminton.com/cheatsheet/DFIR/
got a malwarebytes browser guard for trojan when i went to the site?
prisma bison
It's a recommendation, I did too. It flags keywords etc. :)
craggy onyx
got a malwarebytes browser guard for trojan when i went to the site?
No worries. It's an excellent source. ๐
wanton whale
Oh ok thank you
light crystal
tranquil shuttle
wet willow
shut ferry
Great for taking notes not just only for exams like OSCP/eJPT but for red teaming and this is your only step by step guide without even the need to google anything ever again users. You can now work smart on this. Add it/modify to your needs for taking notes. Highly recommened.
https://xapax.github.io/security
violet mortar
Hello everyone I hope you're doing well. So I am a beginner and I did some CTFs and all of them were on Linux based machines. When I try to do Windows machine I find it somewhat difficult, I find myself not understanding how windows operates and what is the role of everything there and how to do privilege escalation. Is there any resources that can help me overcome this problem. Thank you, and happy hacking.
faint sluice
Hello everyone I hope you're doing well. So I am a beginner and I did some CTFs ...
There are 2 tryhackme rooms on windows priv esc, just search for 'windows priv'. One is Tib's course which follows his course on Udemy but you don't need the course on Udemy to do it
charred arch
shut ferry
If anyone is interested, complete courses bundle for GIAC, Sec+, Pen+ CySA/CASP+ and more for $69.99 ( lifetime )
https://deals.thehackernews.com/sales/the-complete-2021-cybersecurity-super-bundle
remote wind
lemmeknow can be used for identifying mysterious text or to analyze hard-coded strings from captured network packets, malwares, or just about anything.
It is re-implementation of PyWhat, but in Rust!!
bronze current
Great for taking notes not just only for exams like OSCP/eJPT but for red teamin...
Wow this is really great, huge thanks to you for sharing this <3
odd sinewBOT
Gave +1 Rep to @spring thorn
shut ferry
anytime
fast wraith
very cool tool I saw debuted earlier - the authors also use a little-known feature for browser extensions that uses Group Policy to configure and push out the extension
charred arch
eager tusk
shut ferry
light crystal
@hushed estuary ^^
frosty cave
Hello ๐
The competition is LIVEโฆ
Away to share it across social media and the likes, feel free to share away as some really great prizes ๐
Regards
Alex/Muldwych/The Security Noob
ebon valve
@shut ferry I understand it's a post for the sake of comparison but we heavily discourage and us versus them discussions. I'm going to remove the post for the time being
While I do appreciate the feedback, this is for the sake of avoiding potential for conflict :)
shut ferry
No worries ๐
light crystal
@hushed estuary hey
faint sluice
20 of LinkedIn's most popular courses are free until October 15th https://www.linkedin.com/business/learning/blog/top-skills-and-courses/the-most-popular-linkedin-learning-courses?trk=sme-linkedin_cmp_mpcfy22_blog_learning&src=s-other
uncut ether
Hey guys, anyone knows of some Sektor7 giveaways? A generous senior shared some of his notes and I love the content.
fast wraith
Just keep an eye on their twitter account, I recently won half-off their malware dev course which is excellent
uncut ether
Yes, I religiously follow their socials and would love to win one of those.
fast wraith
pretty neat
https://github.com/Aetsu/OffensivePipeline
south marlin
found this great channel covering DFIR topics and tools.
weary peak
https://www.udemy.com/course/master-the-coding-interview-data-structures-algorit...
This is in Java, right?
wet willow
This is in Java, right?
javascript for the majority.
mystic prairie
https://www.udemy.com/course/automate/?couponCode=SEP2021FREE
thank you
odd sinewBOT
Gave +1 Rep to @jagged haven
light crystal
thenka
proven cradle
uncut ether
I just dropped a bunch of cross compiled packet sniffers if anyone is into Router Firmware Backdooring
azure widget
Nicely written
light crystal
can anyone please share some resources for starting out malware development? thanks
rotund summit
can anyone please share some resources for starting out malware development? tha...
Pro tip, go to search bar and type:
in:# resources malware
teal crow
@fickle mulch yup
night ether
@odd quest spamming in multiple channels ^
uncut ether
Nicely written
Thanks. I got into backdooring router firmware and now, I have a thing for it ๐
odd sinewBOT
Gave +1 Rep to @azure widget
fast wraith
can anyone please share some resources for starting out malware development? tha...
I'd start with the basics and first gain an understanding of the common techniques used by malware, this is a great primer
https://github.com/hasherezade/malware_training_vol1
vx-underground also has a wealth of information on the subject