#resources

1 messages · Page 15 of 1

topaz gulch
#

We noticed 😆

#

-undelete -a

odd sinewBOT
#

Up to 10 last deleted messages (last hour or 12 hours for premium):

5 minutes ago (Sat Dec 11 01:18:04 2021) Wandering Fool#0782 (ID 754136896409567233): 😆 Looks like the weekend is ruined

topaz gulch
#

True

fathom plank
broken burrow
#

Well there goes my room idea.kekw

odd quest
hushed estuary
#

thanks

#

looks like ldap is still the primary vector

hushed estuary
#

upgrading Java 8 past u191 will remedy the remote injection path

#

and java 17 also appears to be immune to both remote and local injection

sterile frost
glacial gazelle
#

cve-2015

median ore
odd sinewBOT
#

Gave +1 Rep to @sterile frost

median ore
#

this is gonna save me tons of time i already know it haha

shut ferry
#

Pretty neat run down ^

hushed estuary
shut ferry
#

Now wth is a reverse proxy?

#

It can be a performance booster for your web server

#

no kidding

hushed estuary
#

sounds like a googlable question

shut ferry
#

yup just came from it lol

#

it's pretty cool

#

sits behind the firewall

glacial gazelle
#

although I'd imagine you'd have more than enough

hushed estuary
#

I've got a few pocs

glacial gazelle
#

as in

#

live demonstrations

#

actual bug bounties

hushed estuary
#

demos

waxen creek
#

Hi guys.

I am looking for some stats regarding the cybersecurity incidents (like how many times happened, how much money it costs the attacked company, etc) from a trustworthy website that is worth mentioning in my thesis.

I found this website: https://purplesec.us/resources/cyber-security-statistics/ and it has some interesting insights:

The total malware infections have been on the rise for the last ten years
7 out of every 10 malware payloads were ransomware.
Ransomware attacks worldwide rose 350% in 2018.

Do you have any other recommendations for me?

Thank youu

broken burrow
indigo forum
#

Hey guys, any good resources to PrivEscalation on Windows?

broken burrow
indigo forum
odd quest
indigo forum
odd sinewBOT
#

Gave +1 Rep to @odd quest

upper pelican
upper pelican
shut ferry
#

What's the name of the security plus book that everyone recommends?

pure heath
# shut ferry What's the name of the security plus book that everyone recommends?

I mostly used professor messer's 601 videos to pass the exam, but you could take a look at this two https://www.amazon.com/CompTIA-Security-Study-Guide-SY0-601/dp/1119736250/ref=sr_1_13?crid=1XDHQIMK0TKYE&keywords=security+%2B+601&qid=1639569915&sprefix=security+%2B%2Caps%2C193&sr=8-13 & https://www.amazon.com/CompTIA-Security-Certification-Guide-SY0-601/dp/1260464008/ref=sr_1_7?crid=1XDHQIMK0TKYE&keywords=security+%2B+601&qid=1639569915&sprefix=security+%2B%2Caps%2C193&sr=8-7

CompTIA Security+ Study Guide: Exam SY0-601

CompTIA Security+ Study Guide: Exam SY0-601

CompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601))

CompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601))

#

Also my local library offers Linkedin learning for free. I used some of the videos from the 601 course as reference. You could check with your local library in case they offer something similar.

shut ferry
#

Oh I haven't heard of that

#

How long ago did you take security+?

shut ferry
pure heath
#

@shut ferry I took my exam Oct 28 of this year. As for the interactive labs I got four on my exam and they were on firewalls/authentication. I didn't really prepare for the interactive part of the test and mostly studied the objective content.

shut ferry
#

Oh OK. Good to know

pure heath
polar fjord
#

anyone know good resources for eJPT?

shut ferry
#

INE Starter Pass itself

#

more than enough to pass eJPT actually

amber folio
#

@sturdy shell hey can I get the files that you used in the ios forensics room ?

#

It would be of great help to me in performing forensics for my assignment

broken burrow
gleaming wind
tepid patio
left gyro
#

Log4js technical aspects and practical demo

shut ferry
#

@arctic mist A humble request for AD part 2 please 🙂

arctic mist
#

I suppose I might be able to do that

gentle saffron
odd quest
sage gate
#

@shut ferry This is where you can check out resources to begin your InfoSec learning journey :) Some sources provide free trials like this one here: https://www.itpro.tv/courses/security-skills/

You can also look at what others above posted for more info. Enjoy, friend! Feel free to reach out if you need anything happyCat

pine kindle
#

Anyone got a checklist or process they work through when approaching a new challenge/box/target?

odd quest
shut ferry
#

Anyone got any good resource for learning about Link layer in TCP/IP suite? Searched YouTube but couldn't get a structured format.. everything scattered

sage gate
visual zephyr
shut ferry
pine kindle
pure heath
left summit
broken burrow
restive oasis
wheat canopy
onyx vapor
gray vigil
rapid urchin
#

Does anyone have a free alternative for something like AttackForge? Perhaps something self-hosting from Github

dawn oak
#

Anyone aware of some free resources to learn blockchain as a complete beginner?

broken burrow
#

Maybe not as extensive but broad.

dawn oak
#

what other sub categories are there?

broken burrow
dawn oak
#

I don't have much interest and knowledge myself

broken burrow
dawn oak
broken burrow
# dawn oak He said he don't have any idea too 😅😂 He just want to learn and see what scope...

Ah well this was where I started.
https://youtu.be/M576WGiDBdQ

YouTube
freeCodeCamp.org
Solidity, Blockchain, and Smart Contract Course – Beginner to Exper...

This course will give you a full introduction into all of the core concepts in blockchain, smart contracts, solidity, NFTs/ERC721s, ERC20s, Coding Decentralized Finance (DeFi), python and solidity, Chainlink, Ethereum, upgradable smart contracts, and full stack blockchain development.

Follow along with the videos and you'll be a blockchain wiz...

▶ Play video
dawn oak
odd sinewBOT
#

Gave +1 Rep to @broken burrow

fast wraith
#

really interesting study on phishing training within orgs (for those who don't want to click the title is "Phishing in Organizations: Findings from a
Large-Scale and Long-Term Study")

https://arxiv.org/pdf/2112.07498.pdf

broken burrow
tepid patio
static grail
#

hey, is anyone here following web3, crypto or DAOs? would love to be part of some infosec DAOs, existing ones or anyone interested in learning more & creating a new one. i'm learning smart contract security right now & curious to know how else i can contribute in web3. hope someone point to the right circles please. thanks!

jagged tiger
static grail
devout glen
#

Is there a list anywhere of well regarded textbooks/documents for cyber security?

dawn oak
broken burrow
tepid patio
#

Some of the courses are no code 😅

broken burrow
tepid patio
#

But there’s also no code courses

broken burrow
broken burrow
#

Seems like a weird topic for resources but I get them too.

broken burrow
hybrid wadi
#

Does anyone know a good and simple network scanner I could use on my home network?

broken burrow
tepid patio
#

i'll check it out!!!

broken burrow
#

Awesome!

tepid patio
#

@broken burrow some people were complaining that the rewards for AoC were unfair, am I right in thinking that blockchain fixes this?

  1. you can create a ticket lottery system on the blockchain
  2. you can execute it on the blockchain and anyone can see the results for themselves
  3. the code that produced that result is open source & you can verify those results came from that code

I don't think you can do this off-chain and still have (3), you can open source code but you can't prove the results of code came from the open source program everyone saw, without immense effort to create a quasi-blockchain, right?

broken burrow
# tepid patio <@!502932851143213067> some people were complaining that the rewards for AoC wer...

Would it fix it? I'm not sure. Not many people can read solidity code so they might claim it's still rigged even if the code and results are open source.

Some people also erroneously believe that miners can influence randomness and that's true but only when it isn't implemented correctly.(Which is a security risk) Using Chainlink's oracles for randomness fixes this.

What you're proposing is very possible though. It would be extra work for the devs though that's for sure.😂 A lot of "DApps" rn aren't fully decentralised so it's not that hard to integrate the two in theory.

#

Creating a quasi blockchain is a bad idea though. Deploying a smart contract to polygon and integrating it with tryhackme is much easier.

tepid patio
#

I could build it for the subreddit, however

#

actually I'll just do that

#

seems like a fun side project

#

given a list of usernames and a number of "prizes:, verifiably pick random choices

broken burrow
tepid patio
broken burrow
#

Awesome. Chainlink is honestly a life saver. Wish I'd made it first.

#

Too complicated for one kid though XD

tepid patio
#

ehh there is always stuff to build

broken burrow
#

Yep. Got a side project in the works. It'll probably flop considering my lack of talent with front ends. Might consider outsourcing that bit.

Atleast I'll have something to show until a great idea hits me.

broken burrow
tepid patio
broken burrow
#

And polygon is cheap enough to make it less painful to deploy

tepid patio
#

React app

  1. Insert Reddit link
  2. React app client-side grabs all usernames of commentors and makes it into an array
  3. React app calls smart contract with this array

Smart contract

  1. Uses chainlink's VRF to randomly select X lottery winners
  2. Profit????
#

@broken burrow is there any automated fuzzing security tools for smart contracts? I.E. one that I can run over a solidity project and it picks up the most obvious things?

#

or do u want to build one 😉

broken burrow
#

That works too. Makes it so they don't have to hurriedly make a wallet with no clue how.

broken burrow
tepid patio
#

@broken burrow Okay another project idea for you, a github action anyone can use which:

  1. runs that fuzzing tool
  2. runs pywhat to search for API keys / wallet private keys etc

Basically a "dont PR anything stupid" automated step?

broken burrow
odd sinewBOT
#

Gave +1 Rep to @tepid patio

tepid patio
#

npnp, you may want to look into pre-commit hooks which are checks that run before you commit stuff. that way you don't upload anything to github at all (although it's harder to use then a github action) 😄

broken burrow
#

Right right.🤔

#

I've got googling to do XD

tepid patio
#

Npnp!!

#

thats the exact framework I use to come up with ideas + publish them + get some cheeky lil github stars!

#

imo there are loads of things you can build in blockchain / web3

broken burrow
broken burrow
odd sinewBOT
#

Gave +1 Rep to @tepid patio

tepid patio
tepid patio
broken burrow
#

Young hacker measures up against the big boss Brandon -circa 2021

tepid patio
#

i remember when i was #2 on tryhackme 🥲

broken burrow
broken burrow
tepid patio
#

learning react rn

#

poaps at the end of every room

#

lets chat in thread 2 stop annoying ppl

broken burrow
sterile frost
odd sinewBOT
#

Gave +1 Rep to @tepid patio

tepid patio
odd sinewBOT
#

Gave +1 Rep to @sterile frost

fast wraith
faint sandal
#

Is self-promotion of free content allowed here? 😅

topaz gulch
#

That is not a resource bee smh
Pin it in #general for a bit

tepid patio
#

I genuinely forgot

topaz gulch
#

Your subreddit prediction thingy

faint sandal
#

👀 On the off chance that self-promotion of free content is allowed, here's a little C2 framework I made this year. Any feedback or just checking it out is greatly appreciated! https://github.com/CyberSecurityN00b/star

GitHub
GitHub - CyberSecurityN00b/star: [S]imple [T]actical [A]gent [R]ela...

[S]imple [T]actical [A]gent [R]elay: A peer-to-peer C2-ish framework for Ethical Hackers and Security Researchers. - GitHub - CyberSecurityN00b/star: [S]imple [T]actical [A]gent [R]elay: A peer-to-...

topaz gulch
#

Nice one!

odd quest
topaz gulch
#

😁

faint sandal
broken burrow
upper pelican
light crystal
#

any gud red teaming courses aimed towards beginers? lab setup would be appreciated thx

dreamy holly
#

get sub

shadow hound
#

Is there any interest in additions to the note-taking tools list in pins? I would point to Logseq (web/local outliner with backlinking, graph view, PDF annotation, etc. that can sync to github) and Dendron (VSCode plugin with a similar feature set that augments the backlinked format with hierarchical "parent.child.subchild-note" designators for nodes)

simple creek
#

Hey! I wish to learn python for pentesting and ctfs... Anyone has any resouces?
Preferably any resource that lists projects that can be done so as to learn by doing
If not, any good videos/blogs would also be worksmile

shut ferry
broken burrow
simple creek
odd sinewBOT
#

Gave +1 Rep to @rotund moat

simple creek
humble dome
#

https://www.netsecfocus.com/oscp/2021/05/06/The_Journey_to_Try_Harder-_TJnull-s_Preparation_Guide_for_PEN-200_PWK_OSCP_2.0.html is it a good/latest prep guide for oscp?

NetSec Focus
The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 P...

Table of Contents: Overview Dedication A Word of Warning! Section 1: General Course Information Section 2: Getting Comfortable with Kali Linux Section 3: Linux Command Line Kung-Fu Section 4: Essential Tools in Kali Section 5: Getting Started with Bash Scripting Section 6: Passive Reconnaissance Section 7: Active Reconnaissance Section 8: Vulner...

faint sandal
#

Some of the challenges trend a little math heavy for my tastes, but 🤷🏻‍♂️

simple creek
odd sinewBOT
#

Gave +1 Rep to @faint sandal

fast wraith
#

great piece of threat intel research
https://victorymedium.com/godaddy-global-issues-canadian-pharmacy-injections/

Victory Medium
Zach Edwards
Compromised Godaddy Infrastructure Attacking Numerous U.S. Governme...

If you’ve come here to read a clean description of a deeply technical data supply chain problem, impacting untold numbers of websites across the globe, including dozens if not hundreds of U.S. Government domains, and hoping to see all the answers about how it's happening, then you are going to be disappointed. These problems are very complicated...

small night
#

Heath Adams aka TheCyberMentor (TCM) just released the first 12 hours of his best-selling course on YouTube. Learn Linux, Python, and Hacking all with no strings attached.
Arguably the best course to get started. Enjoy
https://www.youtube.com/watch?v=fNzpcB7ODxQ

YouTube
The Cyber Mentor
Ethical Hacking in 12 Hours - Full Course - Learn to Hack!

Full Course: https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course
All Course Resources/Links: https://github.com/Gr1mmie/Practical-Ethical-Hacking-Resources

A shout out to all those involved with helping out on this course:

Alek - Creating "Academy", "Dev", and "Black Pearl" Capstone machines and a Discord Admin.
Dewalt ...

▶ Play video
quasi sluice
#

Learn Assembly Language

#

This looks like a great resource for anyone that is interested in Assembly Language

sterile frost
vale sage
#

can responder run in a pivoting situation? or does it have to sit on the interfaces it is attached to?

odd quest
night holly
craggy olive
#

My poor programming skills are becoming evident

Like zero skills at all😕

placid marsh
#

free ( as far as i know) industrial control systems training from CISA. you get a piece of paper at the end!

odd quest
broken burrow
craggy olive
odd sinewBOT
#

Gave +1 Rep to @broken burrow

shut ferry
#

where you guys aware of this?

#

I'm so hyped. I'm gonna start planning to deploy the deceive part at my job.

summer prawn
#

where can I learn more about anonymity?

crimson fossil
#

Its someone who know a site to download a good template for my blog where i will post Write Ups

#

tag me pls

warped delta
#

anyone have any good resources to learn more about IDORs? I am doing the jr pentester path and dont fully understand the concept fully.

lucid edge
#

Just google the following:- site:medium.com idor

broken burrow
#

It's made by the creators of burp suite and free

topaz gulch
lucid edge
#

Ofcourse we must choose what to read according to who the author is.. And several other factors

topaz gulch
#

Not saying that it's necessarily bad to use a medium article, but cutting everything else out and restricting yourself to a single (potentially incorrect) source of information is definitely not the best way to research a topic.

#

Especially when you then tell others to do the same thing

lucid edge
topaz gulch
#

You just did tell them to limit themselves to one source kekw

lucid edge
topaz gulch
#

The google dork site:medium.com only returns articles from medium, thereby limiting what you find purely to medium articles

#

It's the same as going to Medium and using their own search feature rather than using Google at all

lucid edge
topaz gulch
#

That's all well and good, but maybe teach them to use Google, rather than giving them a search term that does limit them (with no explanation of what it does), and telling them to just use that :)

lucid edge
#

Thanks for correcting my mistake

topaz gulch
#

Not a mistake so much as something that could be potentially misleading -- it's all a learning process, for all of us :)

cloud lintel
#

does anyone know of any blue-team lab resources? similar to hackthebox (for pentesting) or the cyber defense learning path on THM?

night ether
shut ferry
placid marsh
#

https://www.netsecfocus.com/oscp/2021/05/06/The_Journey_to_Try_Harder-_TJnull-s_Preparation_Guide_for_PEN-200_PWK_OSCP_2.0.html#section-12-handling-public-exploits

NetSec Focus
The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 P...

Table of Contents: Overview Dedication A Word of Warning! Section 1: General Course Information Section 2: Getting Comfortable with Kali Linux Section 3: Linux Command Line Kung-Fu Section 4: Essential Tools in Kali Section 5: Getting Started with Bash Scripting Section 6: Passive Reconnaissance Section 7: Active Reconnaissance Section 8: Vulner...

#

anybody mess with this? i'm finnin to do the whole shabang

night ether
#

not sure how relevant that list is going to be now the exam has changed

placid marsh
#

sure it has changed but i'm sure getting comfy with kali is still a thing, bash scripting, passive recon

#

it's not suddenly the GRE right?

night ether
#

nevermind ignore me, that list goes over the new included topics

faint sluice
hexed crypt
tough wagon
#

hi guys, i dont know if this belongs here, but what are u using for notetaking?

tranquil grove
elfin turret
#

Onenote, Evernote have good mobile support, Obsidian will be easier for you if you have some coding background and it's really flexible.

#

Trilium and Notion I didn't use it at all so I can't comment on those

prime mantle
cyan ingot
#

Hi All,
Any good books to buy/read for pentest and secure coding?

full vapor
wet yoke
#

This is the first half (4.5 hours) of The Cyber Mentor's OSINT course, officially released for free by TCM on his YouTube channel. The link to the full course (9 hours, cost of $36.89) is included in the video description

https://www.youtube.com/watch?v=qwA6MmbeGNo

YouTube
The Cyber Mentor
Open-Source Intelligence (OSINT) in 5 Hours - Full Course - Learn O...

Hi everyone! I hope you enjoyed this video. Please do consider subscribing so we can continue making awesome hacking content! Below is all of the course info:

Full Course: https://academy.tcm-sec.com/p/osint-fundamentals
All Course Resources/Links: https://github.com/TCM-Course-Resources/Open-Source-Intellingence-Resources
The Creepiest OSINT...

▶ Play video
fast wraith
azure widget
summer prawn
#

any room that explains better port forwarding and how it works here on thm? I'm stuck in a free box on hackthebox, found on the walkthrough that port forwarding is required for the last step, but have no idea how it works

topaz gulch
#

:)

summer prawn
odd sinewBOT
#

Gave +1 Rep to @topaz gulch

simple creek
#

Hey! What book/resource would one suggest to learn about Windows and its working?
I've completed the Windows fundamentals module on thm but felt that was pretty much an overview

drowsy kestrel
golden gyro
#

Oh good someone already got it

shut ferry
simple creek
odd sinewBOT
#

Gave +1 Rep to @drowsy kestrel

gaunt rain
#

Does anyone know or can tell me how THM manages to make the cloud VMs for AttackBox so silky smooth in response, since I still have some minor lag xrdp'ing into my kali machine on the local network. I see they/you use vnc, can you possibly give me some hints on the setup?

odd quest
#

Someone said it plays nicer with certain DEs - XFCE here

topaz gulch
odd quest
#

Ah, NoVNC is an alternative

topaz gulch
#

Don't think so?

#

Yeah

#

NoVNC is basically VNC but with websockets 🤷‍♂️

gaunt rain
#

will check that out, thanks!

astral maple
south marlin
#

https://samy.pl/poisontap/

https://www.youtube.com/watch?v=Aatp5gCskvk

YouTube
Samy Kamkar
PoisonTap - exploiting locked machines w/Raspberry Pi Zero

PoisonTap - siphons cookies, exposes internal router & installs web backdoor (reverse tunnel) on locked/password protected computers with a $5 Raspberry Pi Zero and Node.js. https://samy.pl/poisontap/

By Samy Kamkar

Full details and source code at https://samy.pl/poisontap/

Buy a Raspberry Pi Zero here: https://amzn.to/2eMr2WY
Buy cement for ...

▶ Play video
sterile frost
barren vault
#

@velvet kernel

halcyon palm
#

Hey guys, hope you’re doing well, I’m excited as I finally set up an appointment for my Security+ From CompTia. For resources I did buy Mike Meyers from Udemy and proffessor Messer from youtube. Can’t buy the book of amazon cause they don’t deliver where I’m from, any other resources you guys have to spare?

rapid pumice
halcyon palm
#

@rapid pumice Hey , good luck with it! Yeah , without doubt Tryhackme helped me with it, hell I learnt more than half of the material from this platform, but I know they require more technicalities, terms and theory too… was wondering if anyone had the pdf book or some practice tests too

gentle saffron
odd sinewBOT
#

Gave +1 Rep to @full vapor

indigo crow
#

i need a book for nmap , can anyone suggest ?

night ether
#

the official nmap book

shut ferry
#

" Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning "

#

Gordon Fyodor Lyon

late comet
fast wraith
#

nice interpretation of atomic habits for devs
https://bruno-oliveira.github.io/techblog/Atomic-habits-in-coding/

Atomic habits & Programming

I’ve just recently finished reading the book “Atomic Habits” by James Clear, and, it’s a very fascinating book that touches upon the power of making tiny changes to achieve remarkable results. The main takeaway can be boiled down, in simple terms, to a simple idea: what could you achieve if you focused on getting 1% better than yesterday, every ...

grave coral
broken burrow
nova current
chilly bobcat
lucid edge
#

Where can i access the tryhackme bot for verifying myself?

fiery bear
fervent summitBOT
lucid edge
odd sinewBOT
#

Gave +1 Rep to @fiery bear

fast wraith
stiff kraken
#

Can anyone give me resources on json jwt tokens

shrewd maple
subtle dirge
#

-ban @shut ferry -ddays 1 Discord scam.

odd sinewBOT
#

🔨 Banned saaal#0306 indefinitely

kindred marlin
fast wraith
hoary ridge
lucid edge
#

Hope this helps @stiff kraken

kindred marlin
stiff kraken
#

@lucid edge
Thanks man I appreciate it!

odd sinewBOT
#

Gave +1 Rep to @lucid edge

lucid edge
#

I shared my Notion notes and lab walkthroughs for Access Controls module on Portswigger. Please review and do tell if any mistakes

turbid peak
#

Hello,
Can anyone suggest Or share me some resources for cyber forensics

crimson thunder
turbid peak
#

Ok

twilit lion
swift whale
#

hey there can any body recommend any resources for the kismet interface

dreamy holly
proven cosmos
buoyant fox
#

I’ve got an interesting question for yall. What do you use for a personal knowledge base? I’m trying to figure out an effective way to take notes to remember certain reverse shells, cheat sheets and little things I’ve picked up here and there.

I’ve been using OneNote but I wonder if there’s something more purpose-built for offensive/defensive security

surreal dome
lucid edge
crimson thunder
topaz gulch
# buoyant fox I’ve got an interesting question for yall. What do you use for a personal knowle...

Trilium would be my recommendation.

Other common ones:
Obsidian -- very good but stores files in plaintext on disk (either a bonus or a disadvantage, depending on your perspective, but it ain't great for storing payloads). Also apparently a bit weird with images.

Cherrytree -- very good, but gets unstable with bigger notebooks. Starts crashing at around 40Mb.

Joplin -- haven't used in ages but supposedly still very good.

Notion -- absolutely gorgeous, but storing your notes entirely on someone else's platform isn't a great idea (if they go down or decide that you're breaking ToS, you're screwed). Also, don't try to store log4j notes in Notion... it doesn't end well.

faint sluice
#

I've tried all of them, Typora is what I use, most people won't like that its paid ($15 for 3 licenses) but I'm able to type markdown and have it render in the same page and I just use github to save it. The nice thing I like is I can view it in github because its markdown.

topaz gulch
#

Knew I forgot one of the ones people use in here.

regal mason
remote wind
glad hazel
topaz gulch
#

Ask @glossy blaze -- it happened to him

glad hazel
#

I mean then it would do the same with any cve payload right?

glossy blaze
#

Nope

#

it just did that because of the way they had to make a WAF for the log4j payloads during the big log4j crisis

#

didn't have any other issues with any other payloads before that

#

it's because of the way the log4j vulnerability works and how it just needs that payload on any input that gets logged

glad hazel
#

👍

glossy blaze
#

and my guess is that they were building the "notes history" with it

#

I haven't tested in a while... so dunno if that's still common behaviour

#

And this is from me, I really deeply enjoyed working with notion more than most other apps. I still miss it most of the time.

#

seems like they fixed the log4j thing now .. just tested

#

at least on a first glance I don't seem to be waf banned and it saved the payload just fine

#

but I know I can't really rely on it for state of the art payloads because if they freak out and need to block a payload, I can't take decent notes.. so trilium it is

fast wraith
buoyant fox
buoyant fox
buoyant fox
odd sinewBOT
#

Gave +1 Rep to @topaz gulch

buoyant fox
faint sluice
lucid edge
lucid edge
twilit lion
#

So far been using Joplin and it's been pretty damn useful so far.

buoyant fox
odd sinewBOT
#

Gave +1 Rep to @remote wind

buoyant fox
kindred marlin
hidden furnace
vital crown
lone cairn
#

Hey everybody!!! I am just a newbie in this field and want to make a career out in ethical hacking or cyber security but don't know where to start. Can anybody help me out what steps should I take and what resources should I use to study???

shut ferry
simple creek
simple creek
# lone cairn Hey everybody!!! I am just a newbie in this field and want to make a career out ...

You could also check out this
https://m.youtube.com/watch?v=u4VWQZ8KLmI

YouTube
The Cyber Mentor
Become an Ethical Hacker for $0

Code: GIVETHANKS
50% off courses and bundles at https://academy.tcm-sec.com
20% off PNPT at https://certifications.tcm-sec.com

Video Links:

Basic IT Skills:
https://www.professormesser.com/free-a-plus-training/220-1001/220-1000-training-course/
https://www.youtube.com/watch?v=IhX0fOUYd8Q

Networking Skills:
https://www.professormesser.com/net...

▶ Play video
lucid edge
#

Are there any prerequisites/topics i must learn before hand to study buffer overflow?

tranquil lintel
shut ferry
lucid edge
shut ferry
# lucid edge I am good at C.. It's not a problem.. the problem is assembly programming.. Any ...

https://www.youtube.com/watch?v=wLXIWKUWpSs&list=PLmxT2pVYo5LB5EzTPZGfFN0c2GDiSXgQe

YouTube
Davy Wybiral
Intro to x86 Assembly Language (Part 1)

Covers the basics of what assembly language is and gives an overview of the x86 architecture along with some code examples.

Example code: https://github.com/code-tutorials/assembly-intro

Davy Wybiral
https://wybiral.github.io/
https://twitter.com/davywtf

▶ Play video
#

Going through the buffer overflow room, though, I didnt need to know assembly. It was well explained.

odd quest
lucid edge
odd quest
#

How it's loaded is less relevant

jagged tiger
lucid edge
odd sinewBOT
#

Gave +1 Rep to @odd quest

lucid edge
jagged tiger
shut ferry
odd quest
#

-ban @shut ferry Posting VMWare License keys, directly endorsing software piracy. Ban appeals are bans@tryhackme.com

odd sinewBOT
#

🔨 Banned Dubstix#2748 indefinitely

minor frigate
#

Hello and good morning everyone. Can I post the link of my blog here which I wrote on medium? Just asking before posting to avoid causing mess. Please let me know.

pseudo bear
lucid edge
icy marsh
chilly bobcat
gritty barn
tulip rapids
#

hello every one i just want to get my hand into cyper security ( Bug Bounty )

#

i have 0 knowledge of programming soo i started to learn full web developer front end and back end is this right path to start or i dont need to waste time in full stack

#

HTML, CSS & JavaScript

#

NodeJS

#

SQL / NoSQL with NodeJS & Express

#

am i in right path or tryhackme cover all of this soo i should start directly in tryhackme

night ether
minor frigate
tulip rapids
odd sinewBOT
#

Gave +1 Rep to @night ether

tulip rapids
#

Or i need some extremal resources

icy marsh
minor frigate
#

Okay so, hello people, I truly hope you and your family are healthy and safe. So we have people who love solving CTF challenges, right? And you always love breaking those things, but have you ever given a thought that I should also build something? Well, for that, I wrote a blog, not long ago, on How to make your own CTF challenge with ease., where this blog is specifically based on creation process of box and mentality behind it. I believe, you should start building things before you break them.
https://infosecwriteups.com/how-to-make-our-own-ctf-challenge-with-ease-6b15f76865b5

Medium
How to make our own CTF Challenge with ease.

Hi infosec people, hope you’re healthy! I just got enough time to write a blog on the topic which I really wanted to write, “You can also…

icy marsh
odd sinewBOT
#

Gave +1 Rep to @minor frigate

icy marsh
#

I legitimately was going to start looking for this today

#

I guess the stars aligned haha

minor frigate
#

Wuahahha, I hope you get some insights from it. Good luck. (:

tulip rapids
minor frigate
#

Hello and good morning @spark hedge Sir. I hope you are doing well. I have sent you DM, so please check when you have time. Good day.

vestal locust
#

Have you ever feeled queeeeezy whilst looking at assembly? 🥴
Do you want to get into the binary exploitation world, but don't know where to start?
Let me help you with that by starting at the very beginning: Assembly

In this video, we cover

  • Compiling
  • The stack
  • Words
  • Registers
  • Flags
  • Instructions
    And more!

Check it out here 👇
https://youtu.be/WG7QtpRPArg

YouTube
PinkDraconian
Assembly - Pwn Zero To Hero 0x00

▶️ YouTube: https://www.youtube.com/c/PinkDraconian
🎁 Patreon: https://www.patreon.com/PinkDraconian
🐦 Twitter: https://twitter.com/PinkDraconian
🎵 TikTok: https://www.tiktok.com/@pinkdraconian
ℹ️ LinkedIn: https://www.linkedin.com/in/robbe-van-roey-365666195/
📞 Discord: PinkDraconian#9907
📷 Instagram: https://www.instagram.com/robbevanroey/
🕸️ ...

▶ Play video
short valley
#

https://www.youtube.com/channel/UC7hgvxOCLAFZRhDRbUSjAsw

YouTube
Daniel Lowrie

Cybersecurity, hacking, certifications, mentoring, programming, red teaming, etc. All these things require you to be constantly learning, but how does one do that effectively? This channel is dedicated to an 'organic' learning style where I will be experimenting with and learning interesting things related to cybersecurity. My hope is that by sh...

tropic trellis
#

hey i have these books from humblebundle and they have no DRM so i can share them (and if its allowed)

jagged tiger
#

That is not allowed - each of those books has a publisher that sells those books in ebook and physical formats; just because the PDF does not have DRM on it does not mean sharing those books is legal.

tropic trellis
#

got it ThumbsUpp

#

thanks for the info

sterile frost
fast wraith
bleak sage
odd sinewBOT
#

Gave +1 Rep to @sterile frost

next hollow
rigid aurora
#

I am quite curious to learn more about hardware security, and IoT security especially intrigues me the most! Can someone please recommend some resources I could use to learn about IoT security and related topics? I am still a beginner in the field 😅
Thanks!

crimson thunder
# rigid aurora I am quite curious to learn more about hardware security, and IoT security espec...

https://www.wiley.com/en-us/Internet+of+Things%3A+Architectures%2C+Protocols+and+Standards-p-9781119359678 this is a book about IoT in general in case you want to look into something like this first before diving into security. Then there's https://nostarch.com/practical-iot-hacking which came out last year and is really an amazing book. You could also look into this https://www.apress.com/us/demystifying-internet-of-things-security/17097958, still security focused but very different from the previous one. This one is also available for download (legally).

Wiley.com
Internet of Things: Architectures, Protocols and Standards

This book addresses researchers and graduate students at the forefront of study/research on the Internet of Things (IoT) by presenting state-of-the-art research together with the current and future challenges in building new smart applications (e.g., Smart Cities, Smart Buildings, and Industrial IoT) in an efficient, scalable, and sustainable wa...

Practical IoT Hacking

Written by all-star security experts, Practical IoT Hacking is a quick-start conceptual guide to testing and exploiting IoT systems and devices.

haughty pewter
broken burrow
icy marsh
#

Does anyone have good intermediate/ advanced malware analysis resources? Thanks!

karmic cradle
orchid basin
graceful mountain
runic geyser
#

h'

solemn bough
tepid patio
devout minnow
#

Does anyone have resources about buffer overflow and window hacking?

prisma prairie
#

Does anyone know the automated tool for LFI scanner?

devout minnow
vestal locust
#

🤓➡🦸‍ Pwn Zero To Hero is back!

📑 What will we be learning?

  • Reversing assembly ✅
  • Step-by-step walkthrough ✅
  • Setup and breakdown of functions ✅

Check out NOW! 👇
https://youtu.be/UF1vIqhmogo

YouTube
PinkDraconian
Reversing Assembly - Pwn Zero To Hero 0x01

Full Pwn Zero To Hero playlist: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
Nightmare: https://guyinatuxedo.github.io/01-intro_assembly/reversing_assembly/index.html
Binaries used in the video: https://github.com/kablaa/CTF-Workshop/tree/master/Reversing/Challenges

▶️ YouTube: https://www.youtube.com/c/PinkDraconian...

▶ Play video
gentle shuttle
remote wind
coral elm
#

Anyone have any resources for developing my site on github pages? I want to add subdirectories to put all the work i have done/will do but i cant seem to find much to answer my questions. Or if anyone is available to help pls dm me.Thanks!

orchid basin
#

The GitHub Docs have some good information, especially if you’re using Jekyll. I just copied off of someone else (spooky) until I fully understood the bits and pieces

coral elm
#

Thanks for the response, i tried following the github docs this weekend when i got started but it didnt get me far besides getting the site going. Did you find the jekyll docs useful?

orchid basin
#

Since I started my own, they've changed the system to work with GitHub Actions instead of you having to build it locally, so I'd have to check again

#

At the time, they were pretty much all I used along with GitHub's docs

#

But my workflow is pretty much "write blog in markdown, git add, git commit, git push, repeat", since I used a template

#

If you're looking for more than that, then I'm not the right person to be asking

fiery bear
coral elm
odd sinewBOT
#

Gave +1 Rep to @orchid basin

coral elm
fiery bear
#

I have similar setup with obsidian, what i do is convert the md to html and copy <p> and stuff to html template

#

I included those link because you said subdirectories on GitHub pages

coral elm
#

Haha it seems like I should make a template before I upload my work. But thank you for sending that, I’ll try it out with a test folder

fiery bear
#

Glhf

remote wind
coral elm
odd sinewBOT
#

Gave +1 Rep to @remote wind

fast wraith
remote wind
lucid edge
#

Hey has anyone here solved pentester recon badge exercises? I am stuck at recon 02..

shut ferry
#

This helped me install Windows 11 on VirtualBox

sterile frost
cinder slate
willow aspen
remote wind
topaz gulch
#

The ETBD PDF

#

As in, the PEN-300 learning materials

#

You ain't getting better than that for exam study 🤷‍♂️

shut ferry
#

@shut ferry look for something here mate

topaz gulch
#

Those wouldn't be pirated now, would they? chceyes

shut ferry
#

Noo

#

Dw

#

They are fine lmao

topaz gulch
#

I would be astounded if that was true considering many of the books there usually cost

jagged tiger
#

What kind of licensing covers distribution of those books? Sure seems sus....

shut ferry
#

Ahm... well it was just a resource I found. Just wanted to help since I too use them. Very helpful ngl

#

But I can delete it

#

No worries

#

Sorry for the inconvenience

topaz gulch
#

That would probably be sensible 🙂
Just in the interests of making sure

All good 😄

#

As a general rule, if something like a book or a film is free on the internet, it's usually not legitimate -- exceptions being if the author has explicitly released it for free redistribution or if it's in the public domain 🙂

shut ferry
#

Sorry mate

topaz gulch
#

AFAIK PDF Drive basically just grabs PDF copies of everything it can find and displays them 🤷‍♂️

shut ferry
#

U r right

topaz gulch
shut ferry
#

I removed it anyways

#

Won't happen again

#

Ty

odd sinewBOT
#

Gave +1 Rep to @topaz gulch

lucid edge
#

Does anyone have any good resource for learning about containers? Someone posted a link for this topic here as well but lost it somehow

crimson thunder
marble sun
#

Do you have the activation key for Win11 Professional

odd quest
marble sun
#

It's okay. I'm used to using pirated software

#

I won't pay if I can get paid for it

odd quest
#

-ban @marble sun Asking for pirated software. Was told it was piracy, continued to ask. Ban appeals are bans@tryhackme.com

odd sinewBOT
#

🔨 Banned NTMD#5226 indefinitely

teal grove
shut ferry
#

Balls

lucid edge
shut ferry
spring wren
#

https://m.youtube.com/watch?v=zl5NdvoWHX4

YouTube
John Hammond
Introducing PurplePanda: AUTOMATED Privilege Escalation IN THE CLOUD

From the creator of LinPEAS, WinPEAS and HackTricks, check out PurplePanda! https://github.com/carlospolop/PurplePanda
Follow Carlos to see what he is up to! https://twitter.com/carlospolopm https://www.linkedin.com/in/carlos-polop-martin/ https://www.instagram.com/carlospolop/
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Suppor...

▶ Play video
lucid edge
#

Hey i was wondering if anyone can tell the difference between subdomain and a virtual host?

I googled and searched about it but i am confused between two of them

topaz gulch
#

Actually put it this way:

Say you have a domain: example.com
You create a subdomain: sub1.example.com and set an A record (basically a forward lookup address) of 1.2.3.4 -- which is an IP address that is assigned to a webserver that you own.

#

Any traffic directed at sub1.example.com will now go to the server at 1.2.3.4

That is a subdomain.

#

But what happens with the webserver?
It's fine if there's only one site on the server -- it just serves the default one to anyone who connects, and all good, but what happens if you have two sites?
Say you have another domain: exampletwo.org that also points at 1.2.3.4 -- how does the server know to serve the site for exampletwo.org when people connect using that domain, and the site for sub1.example.com when people connect using that?

#

That is VHosting -- when the webserver is set up to serve different content depending on the "host" (in this case, domain/subdomain) that it is accessed using

lucid edge
#

Thanks for explaining it so thoroughly.. sorry for the last question..
So if i serve my web content for a subdomain through /var/www/html directory, then should i use the same directory for the virtual host? Or is there some other directory involved for hosting that virtual host?

night ether
lucid edge
night ether
#

when looking at each site's configuration, it will compare the requested domain against the entries in each ServerName directive of the enabled sites

unknown.png
lucid edge
#

Ah okay! Understood!! :) 😇
Thanks for explaining! I should've understood ay first

remote wind
storm ether
ebon kernel
night ether
vital grove
#

Some months back i was using an alternative to nmap that was allowed to use in OSCP. it used to output into different folders. anyone knows what the tool is called?

#

please tag me if u know it

crimson thunder
lucid edge
vital grove
odd sinewBOT
#

Gave +1 Rep to @lucid edge

ruby canyon
nova pulsar
odd sinewBOT
#

Gave +1 Rep to @ruby canyon

granite flame
#

Hey I have recently made reveng_rtkit, public. It  is a Linux Kernel mode (aka LKM) based rootkit targeting Linux Kernel: 5.11.0-49-generic as it was only tested on it till now. This project is heavily inspired by Heroin and Diamorphine LKM rootkit projects. Especially, the Syscall interception mechanism section was totally taken from Diamorphine by @m0nadlabs repo. It is a post exp/ persistence/ stealth based framework. It can hide itself as well other processes/implants, also make itself rmmodable proof via IOCTL and syscall interception techniques. Some techniques are differently implemented in order to bypass signature based detection of antirootkit like rkhunter.
https://github.com/reveng007/reveng_rtkit

GitHub
GitHub - reveng007/reveng_rtkit: Linux Kernel Mode(LKM) rootkit cap...

Linux Kernel Mode(LKM) rootkit capable of hiding itself, processes/implants, protecting itself from being rmmod'ed, has ability to bypass infamous rkhunter antirootkit. - GitHub - reveng00...

icy marsh
granite flame
#

Hey, thanks alot....❤️
If you want to contribute, you make a pull request, you are highly welcomed...

icy marsh
granite flame
#

Okay, actually I am writing a detailed blog on this...of how I created this rtkit....
I would then share that in here, once it is done....

granite flame
icy marsh
odd sinewBOT
#

Gave +1 Rep to @granite flame

crisp ridge
ebon kernel
odd sinewBOT
#

Gave +1 Rep to @crisp ridge

lucid edge
night holly
#

👀

placid marsh
#

you guys collecting them all? HACKEMON!

fast wraith
orchid basin
#

Does anyone have any recommendations for what course to buy from ^? My eyes are on Malware Dev Essentials, but I don't know Sektor7 very well.

vestal locust
#

🤓➡🦸‍ Pwn Zero To Hero is back!

📑 What will we be learning?

  • Setting up Ghidra ✅
  • Using the Ghidra decompiler ✅
  • Reversing a crackme ✅

Check out NOW! 👇
https://youtu.be/m6NbJkGA3XY

YouTube
PinkDraconian
Ghidra - Pwn Zero To Hero 0x02

Full Pwn Zero To Hero playlist: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
Crackmes: https://crackmes.one/

▶️ YouTube: https://www.youtube.com/c/PinkDraconian
🎁 Patreon: https://www.patreon.com/PinkDraconian
🐦 Twitter: https://twitter.com/PinkDraconian
🎵 TikTok: https://www.tiktok.com/@pinkdraconian
ℹ️ LinkedIn: ht...

▶ Play video
crimson moon
slender narwhal
#

What guides or rooms can you recommend for setting up your "operations environment" inside home network + secure those two?

tranquil grove
#

Do you guys use ebook readers? If yes what would you recommend?

prime mantle
tranquil grove
odd sinewBOT
#

Gave +1 Rep to @prime mantle

prime mantle
tranquil grove
odd sinewBOT
#

Gave +1 Rep to @prime mantle

prime mantle
#

bot going crazi

sick nexus
placid marsh
#

" But why fomori would you suggest an old version of burp suite ?" " well well , my brother in arms, because this version still has the automatic spidering of the site map, if you right click !"

plush lily
graceful mountain
plush lily
#

It's actually a great opportunity for those who have yet to enroll in the course to get a taste of what the pwk lab machines are like 👀

iron bay
#

Hi everyone I’m new to this discord so please forgive me if I’m asking my question in the wrong section of the discord group lol .

#

I just wanted to know do you guys have any tips on how to memorise/study key terms and acronyms ?

#

There’s a lot of networking / cyber security key terms and acronyms I’m trying to revise is there a list I can download from the internet with all the key terms etc

odd quest
#

Keep notes, refer to them, try to understand how things work as best as possible.
This makes the connections in your brain with the key terms. Makes it easier to remember.

iron bay
#

@NinjaJc01#7746 thanks, that’s helpful .

lucid edge
autumn dust
#

Hi , I wanted some resources/techniques on finding the actual IP addresses behind a proxy/VPN IP address. Its for a project Im working for, not getting much info regarding this.

onyx laurel
#

What's the username and password of @ebon valve volatility vm from the website resources?

atomic yoke
#

Can anyone suggest a vulnerable web application apart from DVWA and Owasp Juice Shop?

icy marsh
night ether
#

or grep mysql /etc/services 👀

graceful mountain
icy marsh
icy marsh
# night ether or `grep mysql /etc/services` 👀 
ssh        22/tcp                # SSH Remote Login Protocol
xmpp-client    5222/tcp    jabber-client    # Jabber Client Connection
dcap        22125/tcp            # dCache Access Protocol
gsidcap        22128/tcp            # GSI dCache Access Protocol
wnn6        22273/tcp            # wnn6
#

another problem haha

graceful mountain
icy marsh
#

and it has regex search

#

and json output

#

Mr. can't read docs.

graceful mountain
icy marsh
odd quest
icy marsh
# odd quest

compared to whatportis 22 it's somewhat worse.

odd quest
icy marsh
odd quest
#

Still seems like massive overkill for a trivial problem. You'll have /etc/services on your own machine.

icy marsh
#

if you have the options to either use pure nc or rlwrap nc which do you use?

odd quest
icy marsh
odd quest
#

It's very different to searching for a string in a text file?

icy marsh
hollow moss
weary pumice
#

I figured there's some THM room creators here, so just out of curiosity - how do you add the mock terminal to tasks when you create a room?

topaz gulch
#

-arole @weary pumice Creators-Lounge

odd sinewBOT
#

➕ Gave the role Creators-Lounge to Agnes#8772

topaz gulch
#

Check the pinned messages in the channel I just added you to 🙂

weary pumice
odd sinewBOT
#

Gave +1 Rep to @topaz gulch

topaz gulch
#

Np 👍

mortal briar
#

Hi, I need help. I am not able to download the PowerUp.ps1 file from github. How do I complete Steel Mountain?

shadow hound
fast wraith
icy marsh
odd sinewBOT
#

Gave +1 Rep to @fast wraith

odd quest
#

@hazy bear ^ not so much discussion but that's the only place I've seen it mentioned so far

odd sinewBOT
#

Gave +1 Rep to @odd quest

icy marsh
#

How did go?

graceful mountain
icy marsh
fast wraith
icy marsh
hasty sage
#

Hello everyone, I’d really like to improve my white box skills but as far as I know THM is mainly black box. Do you have any suggestion for trying something white-box? Any recommended ctf or maybe even thm rooms or other resources? Thank you 😄

tribal gull
#

Not a guide but a white box challenge

topaz gulch
#

Trying to think if there are others. Symfonos 6 was removed, or that would be another one where you get the source code and have to review it

mortal briar
odd sinewBOT
#

Gave +1 Rep to @shadow hound

fast wraith
remote wind
#

Released v0.3.0

  • Added Filter support and boundaryless regexes
  • Minor improvements

lemmeknow is pyWhat but in Rust, making it fast af.

( Will add benchmarks soon™ but it was like 20x faster for files on v0.2.0)

https://github.com/swanandx/lemmeknow

GitHub
GitHub - swanandx/lemmeknow: Want to know about any mysterious text...

Want to know about any mysterious text or analyze strings from a file? just ask lemmeknow ! - GitHub - swanandx/lemmeknow: Want to know about any mysterious text or analyze strings from a file? j...

somber cosmos
gleaming wind
lucid edge
#

Anyone in need of a Practical ethical hacking course by Heath Adams? If you're unable to afford it, please DM me.. I can gift you one from Udemy as it have it there as an extra.

#

No strings attached.. If you need it, i would be happy to give it to you

faint sluice
lucid edge
#

Sorry for the confusion. I was trying to help but wasn't aware of the gifting process as it was new for me

faint sluice
hexed sable
shut ferry
#

anyone have any brute force software?

vapid hound
odd sinewBOT
#

Gave +1 Rep to @hexed sable

vapid hound
shut ferry
odd sinewBOT
#

Gave +1 Rep to @vapid hound

shut ferry
#

People who have Raspberry pi's, do you subscribe to "Hello World" ?

This months issue has Cyber Security in it, (I've had a skim through, I haven't had a chance to read it fully.

unknown.png
#

Sorry, I forgot to add the important bit,

This is an issue that can be subscribed to for:

£6 a month.

You get it free if you meet certain posts, (UK related)

The PFD is free to download.

#

Also so are all the back issues, some of them are good.

icy marsh
vapid hound
dusty chasm
odd sinewBOT
#

Gave +1 Rep to @rotund moat

shut ferry
shut ferry
graceful mountain
shut ferry
graceful mountain
dusty chasm
#

I set up a raspberry pi with kali linux recently. I'm looking forward to trying it out.

shut ferry
#

Does anyone has a cheat sheet about the rooms that has been listed on THM? More specific a reminder about the most commands you use in linux? I know i can find all these with just the command man ls. But it would nice to have a cheat sheet that u can just open and check when you are stuck

#

Take notes, on anything you think you'll forget.

The rooms have tags also, on some of the stuff you'll encounter on the room.

unknown.png
icy marsh
#

@fast wraith I’m waiting for new cool writeups xD

faint sluice
meager zealot
#

Did I post this in the right area?

#

Oops

#

Thanks :3

odd sinewBOT
#

Gave +1 Rep to @modest bison

thick hare
shut ferry
thick hare
#

Well, things get updated and are slightly different than what the 'directions' may say. It just requires some research and is actually good for the real world

odd quest
thick hare
#

I never said it means they are broken, I said it means things might be different

#

And in my experience with THM, any room I have an 'issue' with, it tends to be an older room

hexed sable
balmy sun
#

Does anyone know any resources for revenge hacking into C2 servers? listened to a podcast from the dutch intelligence agency about it today, and it kinda peeked my interest

#

^not saying I want to hack into C2 servers. I'm just interested in the TTPs and what makes the C2 servers weak considering they usually make use of sneaky endpoints and double encryption

orchid basin
#

I know ippsec made a box not too long ago inspired by the bugs in C2's
https://www.youtube.com/watch?v=pc-_tK6CWnA

YouTube
IppSec
UHC - Spooktrol

00:00 - Intro Hacking a Command and Control Server
01:07 - Running nmap and discovering two different SSH Instances, guessing one is Docker
03:30 - Looking at robots.txt which includes a link to the implant, looking at the error message and discovering its a cpp binary
05:30 - Using Wireshark to discover it makes a DNS Request to Spooktrol.htb, ...

▶ Play video
vapid hound
odd quest
#

If that's the new linux privesc room, some aren't meant to work - they're provided to teach you

karmic mural
rotund socket
topaz gulch
# rotund socket Hey guys I made a CTF walkthough for Blueprint CTF challenge. If anyone is inter...

Nice work!
One thing I would say is, believe it or not, Metasploit isn't actually unrealistic 🙂
It's a tool designed for pentesters to rely on in irl situations. It's arguably less good for CTFs and examinations because of the whole "You don't learn by watching it say 'pwned'", but it's very commonly used in the real world because it speeds things up considerably.
Good to learn different ways of doing things though! Not least given Metasploit really does remove the need to learn how things work if you use it as a crutch, which... isn't hacking.

torpid oak
#

I was wondering what people usually use to organize their notes, I used keepnotes for a while but there may be something better psyDuck

torpid oak
#

lets try cherrytree notsure

torpid oak
#

me too since 2012

dusty chasm
#

I write my notes down. On paper, not wet clay tablets. Writing down anagrams, definitions, modelling paths, make it easier for my brain to remember. I am very fussy about writing implements. I love mechanical pencils and all the different leads (live forever, 2B leads!), nicer notebooks (especially dotted paper), and gel pens and highlighters for colour. Coding, I like Atom and VS Code. My terminal is gaudy with ohmyzsh (all the shades of pink and teal). Good times.

icy marsh
dusty chasm
#

Pilots were my first non BIC stick pens in uni! I love the purple.

icy marsh
#

Are you an 0.5 or 0.7 gal?

dusty chasm
#

0.5 for typical notes, 0.7 for words/phrases I want to stand out

jagged tiger
#

R0tring mech drafting pencils are awesome. 2nd best is the pentel.
As far as pens, I love the R0tring technical drawing pens. 0.05mm line width is the best

icy marsh
#

My nan gave me a gold covered fountain pen I hadn’t used yet, can’t find the ink tank for it haha

jagged tiger
#

For paper note taking, I use a rocketbook when I'm not at home, or I prefer to use scientific lab notebooks or engineering calc pads.

dusty chasm
#

Micron pens for flash cards when I don't need colour. I adore my rotring 600 but tend to lean on my uni kuru toga. Muji makes surprisingly good and affordable gel pens in a dozen different colours. But I like the gelly roll gel pens for their stand out colour.

icy marsh
dusty chasm
#

now I must go explore rocketbook

icy marsh
#

It like sticks to the paper

#

It feels yucky

dusty chasm
#

they do, especially when they get gunky and leak.

jagged tiger
#

rocketbook is a little different. the pages are plastic, so the pens tend to slide more than roll

icy marsh
#

The Pilot leaks are a meme at this points.

icy marsh
#

Or is it the self erasable one?

jagged tiger
#

i order the smaller frixion pens from JETpens because I prefer finer points. O.7mm is too unwieldy for me.

jagged tiger
#

they make one that is self-cleaning inthe microwave, too

#

but i prefer the 'wipe with damp microfiber towel to clean' ones

icy marsh
hexed sable
#

Anyone have any asset management system/framework recommendations ?

fast wraith
#

i've heard good things about ITGlue

hexed sable
#

A bit pricy but worth having a look at it, open source framework would be preferred, but thanks will look into this!

hexed sable
odd sinewBOT
#

Gave +1 Rep to @fast wraith

brittle grove
#

Anyone recommend a resource on Powershell obfuscation, common techniques of obfuscation and how to deobfuscate? (not the -ge stuff)

hearty forge
#

https://youtu.be/c7H1W4BmZ6g Learn about linux fuzzing, finding 0day vulnerabilities in applications and exploit-dev! great course for beginners looking to start a path in exploit-dev 🙂

YouTube
Florian Bogner
Exploit Development for Dummies

Have you ever asked yourself how vulnerabilities are discovered and how exploits are written? Well, then this is the perfect talk for you. We will begin by discussing how so called Fuzzers can be used to find previously unknown bugs in applications. Then we will analyse the generated crash dumps to find out if the underlying issue is exploitable...

▶ Play video
tepid bane
#

Hey. Can anyone recommend a good news outlet for Cyber updates? (Sorry if this is the wrong channel to ask in)

lucid edge
ivory canyon
#

Hey. I try the Buffer Overflow room i do every reverse engineering room on THM to understand assembly and RE. But even with these new skills I can't figure out how to make the room. Do you have any resources about RE or Buffer Overflow to help me ?

zinc wraith
ivory canyon
ivory canyon
zinc wraith
#

oh im not there yet 🥲

vestal locust
#

🤓➡🦸‍ Pwn Zero To Hero is back!

📑 What will we be learning?

  • Setting up GDB and Pwndbg✅
  • Dynamic analysis of a binary✅
  • Cheatsheets and more ✅

Check it out NOW!
https://youtu.be/-pKu42v_opk

YouTube
PinkDraconian
GDB - Pwn Zero To Hero 0x03

Full Pwn Zero To Hero playlist: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
Crackmes: https://crackmes.one/

Cheatsheets:
https://cheatography.com/cactuarnation/cheat-sheets/gdb-and-pwndbg/
https://darkdust.net/files/GDB Cheat Sheet.pdf
https://gist.github.com/rkubik/b96c23bd8ed58333de37f2b8cd052c30
https://cs.br...

▶ Play video
vast pine
#

Not exactly sure what this is, but seems to be useful for some fellas here
https://youtu.be/2eLe7uz-7CM

YouTube
PowerCert Animated Videos
CompTIA A+ Certification Video Course

TIP JAR: https://www.paypal.me/PowerCert

My CompTIA A+ eBook http://powercert.com

This is the Animated CompTIA A+ Certification Video Course 220-901.

GET 30% off with this link ►►http://Trygodaddy.com/powercert and get your Domain Name, Build a Website, or use any of their other services at GoDaddy (affiliate).

50% off System Mechanic ►►htt...

▶ Play video
shut ferry
supple coyote
odd quest
#

@topaz gulch ^

topaz gulch
#

Yeah, I saw it. That may actually work chceyes

#

Oh, no it won't

#

Oh, maybe actually

hearty forge
hearty forge
#

Not doing a+ currently, revising for my net+

simple creek
wispy condor
#

this is my collection of websites to learn cybersecurity
https://tryhackme.com/
https://www.hacksplaining.com/
https://portswigger.net/web-security
https://blueteamlabs.online/
https://overthewire.org/wargames/bandit/
https://www.hackthebox.com/
https://www.hackasat.com/
https://picoctf.org/

TryHackMe
TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

Hacksplaining
Hacksplaining: Web Security for Developers

The best protection against being hacked is well-informed developers. Make your development team into security experts today.

Web Security Academy: Free Online Training from PortSwigger

The Web Security Academy is a free online training center for web application security, brought to you by PortSwigger. Create an account to get started.

Blue Team Labs Online

A gamified platform for cyber defenders to test and showcase their skills

tulip shoal
#

happy weekend everyone

topaz gulch
tulip shoal
#

😂

#

I'm afraid no one will care about me. Hahaha

topaz gulch
#

They'll care about you for the wrong reasons if you piss 'em off by spamming it everywhere 😄

tulip shoal
#

hahaha ,ok

#

I am a silent person

odd quest
rotund socket
#

wooww sorry

fast wraith
glad barn
#

how do you get roles on the server? I don't see a role channel

stuck abyss
#

!docs verify

fervent summitBOT
stuck abyss
#

You'll get the verified role Subscriber role too if you've subscribed.

Mods can give you other roles too based on Certs you may hold (CCNA, eJPT etc)

You can also get special roles from events, the last event was for "Pentester"

You can also get the Bug Hunter role if you submit 3 bugs in the THM Bug Bounty.

topaz gulch
#

Mod is the best role though 😁

finite patio
stable wolf
#

Hi everyone, little video I found very useful to understand the logic in the sysmon module. Hope it will also help you.

fast wraith
topaz gulch
#

No thank you. I already have one to deal with rn kekw

fast wraith
odd quest
#

Please don't ask the same question over multiple channels

#

You got an answer in General

stuck abyss
#

No.

boreal thicket
#

sry wrong channel

stuck abyss
#

I wouldn't advise asking that in any channel.

boreal thicket
#

What do you mean?

stuck abyss
#

What you're asking isn't ethical in any sense, and any conversations will be shut down by mods, (quite right too)

boreal thicket
#

ok sry i had no intentions of using it for "evil" but it is understandable that it is not allowed and i will make sure that i don't address something like that again vent

jade plume
#

the architecture you are using is not the same as the software you are trying to install. You are using arm64, so you should look for software versions compatible with that architecture.

turbid badge
#

I’d like to learn about the Linux system and look for ways to set it up without investing hefty $
My mentor recommended CYBRARY saying that it will allow me to set up a virtual Linux server for learning and practice purposes. Any suggestions?

still quarry
jagged tiger
urban void
#

yea i often get old laptops when customers want upgraded (got tow linix installs on latops over 10 years old) Linux will run on almost anything x) and honestly (this is just my experience+,opinion) but I generally see people struggle more trying to vm linux thsn doing an actially install (unless your dual booting and have a dedicated Nvidia gpu) now don't get me wrong cybrary had good contents, expensive af though, but if your just wanting to learn Linux theres much better options . and hardwares wise (depending on what country your in and their fair use/fair dealing copyright laws ) you can even install full distros on phone's **that said pleas check your local law before attemping :)

glacial gazelle
#

and install Linux and use as a daily OS if possible

#

then just force yourself to use cli

#

and research everything

#

THM has free vms

#

And you can get quite a lot of free credit for VPSs on linode etc.

stuck abyss
graceful mountain
stuck abyss
graceful mountain
stuck abyss
graceful mountain
stuck abyss
graceful mountain
#

yeh, I made a bootable usb and recovered some files but pretty scraped most of the stuff

stuck abyss
#

And did a fresh version?

graceful mountain
#

Yeh, dual-boot for life TryFlagMe

stuck abyss
#

Have we learned form our mistakes before? and backed up everything? xD

graceful mountain
urban void
#

@graceful mountain I went from windows to arch linux dualboot with a dedicated nvidia gpu :) i facerolled my system for 4months before i gotna working GUI and by then i prefered the command line so i feel that think i formatted and started over at least 8 times x)

graceful mountain
urban void
#

also learned more in those 4 month than 25 years ob windows

#

as much as i love linux i know for the time being ill be dealing witb windows and need solutions that span the x) that and my scool coursesbwere 90% windows x) lol i broke server 2019 couple times Durning that course too x) i got to self learn things like manually restoring window bootloader and rebuilding raid 1-0 arrays because they have your project which is due in two days stressfull course that's done but still being sorted out x)

graceful mountain
#

Yeh, the software that we use for our labs in uni only runs on windows, but I daily drive linux and only switch to windows when I have school stuff to deal or write reports/assignments cuz need office...

urban void
#

ahh x) yea though ive found some solutions to make windows more likely linux (other than learn PowerShell and use wsl)

stuck abyss
urban void
#

so gnu32utils found this year

graceful mountain
urban void
#

(which gives you gawk on Windows as an exe)

stuck abyss
graceful mountain
urban void
#

PowerShell has some nice features but very differet

graceful mountain
#

I recently tried the "windows terminal", that combined powershell and some oter stuff I think, and it was very linux like and comfy

urban void
#

but msys32 is a cross compiling platform for windows if you copy the bin it makes in root theu contain the DLL and exe of about 400 gnu linux commands

turbid badge
odd sinewBOT
#

Gave +1 Rep to @glacial gazelle

urban void
#

yea terminals nice full graphical background with gif support cool, launching 4 window pwsh cmd kali blackarchnwas neat but was more just tonsee if i could x)

turbid badge
fast wraith
grizzled ore
urban void
#

thanks @OxStarlight l

also i wanted to share this with everone because these have served me well in the past id i made use of one today due to a dispute im having with my school theyre called canary tokens, these files look like jucy little tidbits of low hanging fruit but are really a form of honeypot, given inticing names and placed where the generally wont get snagged by staff where and what is up to you, eg. a broken unlinked page with an admin.php or in my case my school inbox marked school name inportant evidenced dont lose. if said file is opened it triggers an email to you to let you know youve had a breach and fast tracks singing out which ip are snooping your network potentially before an actual attack occurse or at least giving you a starting place in your post investigations. they come in many different file formats. https://canarytokens.org/generate#

Canarytokens
Know. Before it matters

Canarytokens is a free tool that helps you discover you’ve been breached by having attackers announce themselves. The tokens allow you to implant traps around your network and notifies you as soon as they are triggered.

hasty fox
# urban void thanks @OxStarlight l also i wanted to share this with everone because these ha...

one note, if they are using a "modern" email system, the IP shown may just be one of the email providers like google or outlook, not the ip of the user opening the email, and even more aggressive systems might pre-download all images and open all links and scan them for malware/phishing/whatever so a notification might actually mean nothing other than the email server received the email

#

but regardless, canarytokens is great

urban void
#

oh no you dont send ot

#

thats what tracking pixels are for

#

you name it something juicy that wants to be read and its a warning if someone's poking around (like your inbox)

#

or unlinked pages where they shouldnt be x)

#

they see what they think is a passwords.txt

#

or other and the opening of it trigerrs the toke

willow aspen
#

For OSINT folks, a guide on creating custom Maltego transforms: https://www.youtube.com/watch?v=k5oikWy0OLc

YouTube
OSINT Dojo
How to Create Local Transforms in Maltego for OSINT Investigations

𝐓𝐨𝐨𝐥𝐬 𝐮𝐬𝐞𝐝 𝐢𝐧 𝐭𝐡𝐞 𝐯𝐢𝐝𝐞𝐨
Interpol Custom Entities: https://github.com/OsintDojo/public/blob/main/Maltego/Interpol.mtz
Interpol Red Notice Local Transform: https://github.com/OsintDojo/public/blob/main/Maltego/RedNotice.py
Interpol Public Red Notices: https://www.interpol.int/en/How-we-work/Notices/View-Red-Notices
Maltego: https://www.maltego.com...

▶ Play video
urban void
#

ohhh

shut ferry
#

Where can i find ELI5 for blockchain storage ?

grizzled ore
hearty forge
lucid edge
#

Does anyone have any good resource or blogs for learning amass extensively? I know there's help options in amass but i'd like to learn it with examples with performing and executing different commands

urban void
#

@lucid edge https://www.dionach.com/blog/how-to-use-owasp-amass-an-extensive-tutorial/ https://blog.intigriti.com/2021/06/08/hacker-tools-amass-hunting-for-subdomains/ https://hakluke.medium.com/haklukes-guide-to-amass-how-to-use-amass-more-effectively-for-bug-bounties-7c37570b83f7

Dionach
How to Use OWASP Amass: An Extensive Tutorial - Dionach

Our extensive blog post provides a tutorial on how to use OWASP Amass to discover an organisation's externally exposed assets.

Intigriti
Hacker tools: Amass - hunting for subdomains - Intigriti

Welcome to our hacker tools series. In the past weeks, we discussed some useful tools to help you with your bug bounty career. This week we will discuss Amass, the well-known subdomain discovery tool. Amass is a tool that uses passive and active information gathering techniques to compile a nice list of an organization’s externally […]

Medium
Hakluke’s Guide to Amass — How to Use Amass More Effectively for Bu...

Amass has a lot of features. It’s a bit of a weird tool because despite being synonymous with bug bounty recon, and despite being…

grizzled ore
urban void
#

oh its not my repo X) i just selfishly use it 🙂 i actually should have checked prior to that statement if tits open colab, either way i collect resources and your blog seems to have quite a few things i need to pour over 🙂 so thanks for the write up

grizzled ore
#

Np man, im glad you found the articles helpful 😊

urban void
#

yea wish i had this ad post months ago when i was doing w740-742 in college X)

#

ohh reminds me if you don't know there's an amazing powershell script get-newview just excellent creates a data dump running pretty much every network command you could ever need and outputs to a directory on your desktop (not fast) in organized folders and text files but very inclusive 🙂

grizzled ore
urban void
#

yea its availabile in the psgallery

unknown.png
grizzled ore
#

Oh damn, that's nice

#

Ill check it out

urban void
#

yea it pretty much runs every network command you have and logs it as json so you can examin your network

#

took about 4.5 min but should contain everything you need to have a comprehensive understanding of the network

#

the files are named after the command run to get that specific data set

#

also pulls logs drivers and vm configuration

untold nebula
#

Hey all 👋 I am looking for recommendations for good free python course or video that is cybersecurity oriented. I have some experience in c# programming so not necessarily a beginner level.

cyan lagoon
#

You could consider looking into BlackHatPython and/or GrayHatPython

vocal magnet
#

Are there any labs or platform to practice the Information Systems/Security audit besides books and slides?

vocal shore
turbid badge
#

How popular is Kali Linux as an OS? What pen test tools are widely used in that environment?

urban void
#

well @turbid badge thats a loaded question X) it depends who you ask 🙂 its one of the more popular one but every linux user has a favorite and theyre all sure that theirs is the best X)

#

and theres a couple thousand tools in kali (multiple tools for the same job and a lot of the times it comes down to what you know whats preinstalled and ease of use {which is also subjective based on what you know})

#

as a day to day os? no i would not recommend 90% of the pen testing distros (though parrot is a sideline exception as it is more security os focused than pen testing though also has a host of pen testing tools and is debian based so in theory any tool available on kali should work on parrot). 95% of python program can run on windows and linux (though you may have to set up virtual environments to sort your dependencies out) rust and go are also generally universal assuming you sort deps and compile for your specific architecture. and a lot of pen-testing tools are built on those three languages.

turbid badge
#

@urban void Thanks!

odd sinewBOT
#

Gave +1 Rep to @urban void

urban void
#

@vocal magnet do you mean just hacking labs or specifically audit specific, or just challenges in general,? im about to drop a list of labs and challenges some of these links are dead and i need to refind them if you find a dead link please try to go to the main site and see if you can relocate the resource if you have to do this if you could msg me with the updated link or just a MSG that you found a broken one. commented lines are dead links ive yet to fix. again enjoy and sorry for the incoming massive labs/challenges drop

#

oh yes i can just shows as a txt file and thats not even that bad

#

also if you see im missing something pm me as well 🙂 challenges labs vm's vunlerable web apps ctf cyber ranges, belong on that list 🙂

grizzled ore
turbid badge
#

Just received a message that the trial version of NetLimiter expired. It was installed as part of my cybersecurity project. Not quite sure if I have to renew or uninstall. Your thoughts?
https://www.netlimiter.com/products/nl4

stuck abyss
turbid badge
urban void
#

hmmm pro version is 30.00 but doesnt seem to add functionary beyond a graphical interface for what you can do in powershell on pro/enterprise/server and at that price i image its just using those systems to populate the information. and theres always a possibility of malware (even if its very low) id be more suspicious of bloat/tag alongs that get installed along side it. but if your auspicious you can always have a look inside the exe file and see how the installer is configured

urban void
#

(found this out recently so thought id share, there is no real definitive standard for what an exe file is there are several ways to make them and are not always created during compiling, generally they are a packaged collection of files libraries registry edits and other function scripts to organize and distribute the program/resources) and you can only really tell by looking inside (how software gets bundled or malware/trojans can be added to legitimate installers) i use a program called universal extractor to upack the exe when turning programs into portable apps (i then repackage them using 7zip/winrar/inno/iexpress #iexpress comes with windows) using 7zip or winrar your making an sfx archive (self extracting) which contains the files necessary for extraction, so even of the system doesnt have a rar extractor a sfc archive will extract because it contains the components it needs to extract it self, most of these methods will extract to a tmp location and run the binary you choose and self clean on close. and that is one way to make portable exe apps x)

#

its also a convenient trick if you want to bundle install a bunch of apps that you use all the time into a single launcher (though not using the sfx method youd use inno which is more scriptable ans generates a gui that allows much more customization and builds the user interface for you and allows for adding licences and tos)

odd quest
urban void
#

@odd quest yes it is "a standard" though when i say standard i mean every exe being the same having multipule standards and methods lacks consistency you cant look at the extension and make assumptions about its configuration based on the extension, in fact there are several "standards" for exe files which nullifies the concept of standard since it could be one of many 🙂 https://en.wikipedia.org/wiki/Comparison_of_executable_file_formats

Comparison of executable file formats

This is a comparison of binary executable file formats which, once loaded by a suitable executable loader, can be directly executed by the CPU rather than being interpreted by software. In addition to the binary application code, the executables may contain headers and tables with relocation and fixup information as well as various kinds of meta...

odd quest
#

The fact you can't just look at the extension is way more important.

#

File type on Linux is determined by magic bytes, not extension. Windows is just weird.

urban void
#

yes thats what i was trying to emphasize that you need to actually examine them 🙂

odd quest
#

Pretty much all of the exe ones you linked there are deprecated/no longer relevant

urban void
#

well technically exe's them selvs are deprecated and being moved towards msix (replacing msi) according to microsoft but theyre still around as vendors still produce them so we deal with them as we find them.

odd quest
urban void
#

yes but if you read the original post i was discussing installers and packaging and not the binary and the whole purpose of the post was to highlight that there is a distinction (which i did not know until recently)

#

that and the point that an exe file isn't necessarily a binary or necessarily an installer or self-extracting archive but that you need to examine it, and highlight a few low level implication (such as bundling malware with original executable (binary)) 🙂

odd quest
urban void
#

kk so you have program.exe which may be the actually launcher for the program named program or it could be and installer that relocates files to where they should be and then launches internally the program/program.exe so i guess launcher would be a more correct term because the exe does preform an action though not necessarily launch the program.

odd quest
#

It's still a Windows binary, and it's going to be a PE format one

urban void
#

it may contain i windows binary, but itself may be a self extracting archive, a script, or a collection of windows "binaries" in installation format

odd quest
#

The exe won't be. An MSI might be.

urban void
#

i disagree becuase creating a sfx archive creates an exe, though in reality its an sfx

unknown.png
#

which was my original point 🙂

odd quest
# urban void i disagree becuase creating a sfx archive creates an exe, though in reality its ...

https://en.wikipedia.org/wiki/Self-extracting_archive#:~:text=A self-extracting archive (SFX,be%20already%20installed%20on%20the - it's an executable program, a binary.

Self-extracting archive

A self-extracting archive (SFX or SEA) is a computer executable program which contains compressed data in an archive file combined with machine-executable program instructions to extract this information on a compatible operating system and without the necessity for a suitable extractor to be already installed on the target computer. The executa...

urban void
#

yes thats what i had previously said in my original post,

odd quest
urban void
#

yes but not the binary i had origonally thought it was my origonal assumption had been that lets go with ccleaner.exe, i had thought that ccleaner.exe was the binary for ccleaner however it may be the binary (that which gets loaded into memory and launched) but in fact it can also be a sfx binary (thought it shares the same name and extension) and it self extracts and installs then launches the ccleaner.exe (the one that gets loaded into memory and run as a program)

odd quest
#

Ok so the name and extension for a binary might be lying to you and programs might do different things to what you thought? That's a trojan.

urban void
#

yes and not, it may not be a trojan if its origonal intent is to install the program. my confusion lay in the assumption that the exe file denoted a program binary (launcher or installer) where the equivalent of each other and singular in nature. and that all exe's were just launchers, (if the program was not installed the launcher first installed the program)

#

ty btw 🙂 this kind of discussion help me shape and form and better articulate my understanding of the subject 🙂

#

it may also just be bloat ware instead of a trojan too as ccleaner.exe may also install programb.exe silently 🙂

#

@odd quest do you mind if i dm you a couple additional questions on other similar topics? 🙂

odd quest
urban void
#

fair enought 🙂 thought they might be to narrow for that but wico 🙂

zenith spindle
inner delta
#

HI

#

does anyone have beginner to advance red team recon process methdology and tools list?

urban void
#

mostly tools but :)

grizzled ore
fast wraith
urban void
#

the ired team notes are not my notes its the description given x) wanted to clairfy that

south marlin
#

Interactive cheat sheet, containing a curated list of offensive security tools and their respective commands.
https://wadcoms.github.io/

sudden fern
#

@jagged tiger ⬆️

sturdy shell
#

on it

sudden fern
odd sinewBOT
#

Gave +1 Rep to @sturdy shell

urban void
#

@grizzled ore can i dm you a somewhat confidential question regarding your blog.

grizzled ore
craggy glade
#

Does anyone have any good recommendations on resources for learning binexp? I have been struggling with ret2libc and hoping to find some basic binaries to practice with

orchid basin
#

I have personally found CryptoCat's series to make the most sense for me, but it does assume a prerequisite understanding of assembler and C, which is the most important part of any RE/binex skillset.

craggy glade
#

Awesome thanks for that! CryptoCat does look like a nice series, see how I go, ive done high level programming but yeh getting into assembly has been a bit of a challenge (done most of the beginner THM rooms for the subject)

#

ir0nstone's notes also look awesome, clean and simple straight to the point, my kinda thing 😛

fast wraith
vestal locust
#

🤓➡🦸‍ Pwn Zero To Hero is back!

📑 What will we be learning?

  • Installing Pwntools ✅
  • Automating exploits ✅
  • Connecting Pwntools and GDB ✅

Check it out NOW!
https://youtu.be/9wepzpQhhio

YouTube
PinkDraconian
Pwntools - Pwn Zero To Hero 0x04

Full Pwn Zero To Hero playlist: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_

Homework: https://github.com/PinkDraconian/PwnZeroToHero-0x05-labs

Nightmare: https://guyinatuxedo.github.io/

▶️ YouTube: https://www.youtube.com/c/PinkDraconian
🎁 Patreon: https://www.patreon.com/PinkDraconian
🐦 Twitter: https://twitter.c...

▶ Play video
simple creek
urban void
#

thaks added to my lab list :)

vocal shore
#

setting up a new simple site to host fun and useful scripts, configs, files, etc ... always open to suggestions 😄
https://f11snipe.sh/

f11snipe.sh
f11snipe.sh

scripts and shit

urban void
#

its hosted on git hub but i didnt know you could do that from githubpages

urban void
#

just saw its gitlab not hub

turbid badge
#

Hi. Looking for recommendations for SEC+ cert prep resources. Thanks

south marlin
# turbid badge Hi. Looking for recommendations for SEC+ cert prep resources. Thanks

I have used these two resources:

https://youtube.com/playlist?list=PLG49S3nxzAnkL2ulFS3132mOVKuzzBxA8
https://www.udemy.com/course/security-601-exams/

YouTube
CompTIA Security+ SY0-601 Training Course

This is the official playlist of my SY0-601 Security+ Training Course. Every minute of every course video is available in this playlist.

Udemy
CompTIA Security+ (SY0-601) Practice Exams & Simulated PBQs

Full-length CompTIA Security+ (SY0-601) Practice Exams * Simulated PBQs * Timed * 480 Questions with feedback!

turbid badge
turbid badge
#

How long is the prep time? Like 2 weeks?

odd quest
vestal locust
#

🤓➡🦸‍ Pwn Zero To Hero is back!

📑 Last week I gave you some homework. Did you solve these?

  • A tour of x86 from CSAW ✅
  • Strings from picoctf ✅
  • Salty Spitoon by Helithumper ✅
  • Beleaf from CSAW ✅

Check it out NOW! 👇
https://youtu.be/7LTNdASGFgU

YouTube
PinkDraconian
Reversing Homework - Pwn Zero To Hero 0x05

Full Pwn Zero To Hero playlist: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_

Homework: https://github.com/PinkDraconian/PwnZeroToHero-0x05-labs
Nightmare: https://guyinatuxedo.github.io/

▶️ YouTube: https://www.youtube.com/c/PinkDraconian
🎁 Patreon: https://www.patreon.com/PinkDraconian
🐦 Twitter: https://twitter.co...

▶ Play video
wraith lichen
trail bramble
#

Curious if someone could talk to me about some networking stuff to help me better understand some things going on with subnetting

storm gyro
lucid edge
#

Then go to a video named Seven second subnetting to brush up on it

thorny nymph
#

witch platform would you recommend use GhostWriter or Pwndoc?

shadow hound
#

one approach to subnetting that clicked for me

simple juniper
kindred sequoia
shut ferry
rough abyss
#

Is there a room or can anyone suggest any resources out there covering environments and the PATH variable?

odd quest
nocturne lance
#

I am self promoting unpaid content

shadow hound
#

if you can reach the public net from whatever you're doing, nc stuff to termbin.com 9999 for ez pastebin

shut ferry
balmy sun
#

might be interesting for fuzzing

odd sinewBOT
#

Gave +1 Rep to @balmy sun

icy marsh
shut ferry
icy marsh
graceful mountain
icy marsh
main grove
stiff hemlock
#

hi

urban void
unique sluice
hoary canopy
#

Could someone tell me where i can find the ultimate wifi hacking guide, course or book?

mortal tinsel
#

Hello everyone! I'm on "Offensive Pentesting Path - Buffer Overflow Prep" Exploitation. It walks us through it step by step. But, I just don't understand what I'm doing & what this is supposed to do or good for? Any resources I can check out to help me understand?

steady valve
civic wedge
#

hey i just got interested in ethical hacking i wanted some sources so i can learn to start

#

especial deauthing for pranking a friends

odd quest
civic wedge
#

oh

#

...

#

ok

#

thx for the info

#

but why wouldn't take the website down tho that sells deauthing wrist bands

#

and boards

odd quest
civic wedge
#

ok

#

ill email a senator

#

or some thing like that

#

ok

#

but still were is a good start for ethical hacking

odd quest
#

Remember the word ethical, pranking your friends isn't ethical

civic wedge
#

yea i know it just one freind and he plays fortnite lol

odd quest
#

That's still unethical

civic wedge
#

yea

#

ok

#

thx for the info that inleagl

#

illegal*

#

really helps

rough fox
#

am newbiee

#

hope you guys are gonna me help me ou t

#

out*

carmine hedge
#

https://youtube.com/c/Nerdslesson

This professor looks really nice

YouTube
Nerd's lesson

This channel is about the art of computer science consist of educational contents from experts all around the world. We provide contents related to computer science field such as Mathematics, Machine Learning, IT security, System Administration, Deep learning, Data Science, Natural language processing and so on. All contents of this channel sole...

gleaming wind