Security and hacking
Check privacy of your browser by EFF foundation
UNIX commands
who loves me
finger
enforce Password for sudo commands
sudo vi /etc/sudoers.d/
Change
%sudo ALL=(ALL) NOPASSWD:ALL
To
%sudo ALL=(ALL:ALL) ALL
nmap basics
nmap -sn 192.168.0.0/24
Metasploit
docker run --rm -ti --network host -v $PWD/msf:/root/ parrotsec/metasploit
Nessus install
- https://www.tenable.com/downloads/nessus?loginAttemted=true&loginAtte
- David’s B pdf instriuctions
- register https://www.tenable.com/tenable-for-education/nessus-essentials
sudo systemctl start nessusd.service
- open page on localhost:8834
ssh -L 8834:localhost:8834 ssh.address
- activate / create acc
- update: settings ->
Flipper Zero
- https://lab.flipper.net/apps
- Game mode exit
- ```
- Press UP, UP, DOWN, DOWN, LEFT, CENTER, LEFT, CENTER in the clock
Press UP, UP, DOWN, DOWN, LEFT, CENTER, LEFT, CENTER in the clockWiFI hacking
- online pcap cracker https://github.com/InfoSecREDD/REDDs-PCAP-Uploader -uses under the hood https://www.onlinehashcrack.com/terms-conditions.php
- or just use hashcat
- convert pcap
-
dictionaries: https://github.com/praetorian-inc/Hob0Rules/tree/master/wordlists
# md5sum image validation
```zsh
curl https://some.com/TTTT44444-AAAAAAAAAAA-222222222222-444 \
--output - | md5sum
184aaakl46744073709551615
MacOS MAC address spoofing
ifconfig en0 | grep ether
sudo ifconfig en0 down
sudo ifconfig en0 ether aa:bb:cc:dd:ee:ff
# replace mac with your desired one or generate it:
openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'
sudo ifconfig en0 up
Subresource Integrity - SRI Hash
always Sign your CDN content https://www.srihash.org
Ruby on Rails:
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/you_content.cdn" integrity="your-sri-hash-here" crossorigin="anonymous">
Keep in mind that SRI hashes are specific to a version of a resource. If the CDN resource gets updated, you’ll need to generate a new SRI hash for the updated version and replace it in your HTML.
Learning Resources
Practice
- Hackabox
- Vilnhub
Books
- Book -> HACKING: THE ART OF EXPLOITATION
- hack like a ghost and series
Skills
- Kali Linux or similar or own built
- Networks: OSI model + Protocols
- Python/BASH/scripting - basics of coding
Hacking methodology5 steps
- Info gathering
- Scanning and innumerable
- Exploration
- Post exploitation
- Cleanup
Tools
- Burp suite
- Due Buster
- Metasploit
- Nessus
- End map scanning
Preferred skills
- Active directory
- Wireless attacks: Forward handshake + Air crack/air suite
OWASP top 10
Certifications
OSCP
- Most recognised and popular
- Absolutely hands on
- Hardest exam
- A bit dated material
- Junior oriented, won’t fully prepare you
- Areas not covered - Internal - Wireless - Wrbapp
ELearn security
- Very practical
- $$ 2k roughly
- Certifications ez, practical
Gpen sans
- Good knowledge
- Domain escalation
- Active directory used by top500 companies
- But 5 days
- No practical
- \(\)$$ 10k
CEH
- Not to practical
- But good certification paper for job/gov
Pentest+
- No practical and too new
notes FROM SEEK on required certs / AU specific
Industry Certifications such as OSCP, OSWP, S ANS, CREST will be highly regarded
Knowledge of
- OWASP, PTES and OSSTM
- Practical skills in assessing web applications for vulnerabilities (e.g. expert understanding in XSS, SQL injections, CSRF)
- Hands-on experience with tools such as Burpsuite, Nikto, Nmap, SQLmap, Metasploit, ExploitDB, Dirbuster etc.
pranks
printf '🍅%.0s' {1..300}; echo
Leave a comment