#hack100days : Day 24 : Today was a grab bag. Pulled off today's #tryhackme advent of cyber challenge. It was not what I was expecting, but I expect the difficulty to ramp up as we go. Tuned into @Alh4zr3d@twitter's twitch stream. Target looked familiar. #ctf #infosec #cososec
#hack100days : Day 23 : Read more on Responsible Red Teaming. Two more sections down. Legality, ethics, responsiblity, and opsec. Good stuff to keep in mind. #sharpenthesaw #redteam #infosec #cososec
20+ Free Educational Resources for Cybersecurity, OSINT, and IT
https://www.osintme.com/index.php/2022/11/30/20-free-educational-resources-for-cybersecurity-osint-and-it/
#hack100days : Day 22 : Took a break from awkward. Poked around at Vortimo OSINT Tool (https://osint-tool.com/) and related integrations. Anyone w/search.censys.io accounts getting 500s after logging in? That's weird. Also played around with hashcat some more and tinkered with using masks. Next I want to play with combined masks and wordlists to see what that gets me. #sharpenthesaw #osint #infosec #cososec
#hack100days : Day 21 : More #hackthebox again. Still chipping away at awkward. I'm likely running around in a rabbit hole. Better here than on a job, I reckon. Time to look through the forums. #sharpenthesaw #htb #ctf #infosec
#hack100days : Day 20 : More #hackthebox. Worked on awkward and got user. Still working out root. Also worked on carpediem, but didn't get any further than last time. Then went down a password cracking rabbit hole. Trying out JtR and incremental filters. #sharpenthesaw #htb #ctf #infosec #cososec
Yes, this is The Onion’s brief to SCOTUS about parody. Yes, you should read it. And not just because Ricky Gervais liked my tweet on the bird site today. 😁
#hack100days : Day 19 : #hackthebox release day. Worked on Precious an "easy" linux box. Pretty straightforward. #getsmart #sharpenthesaw #htb #ctf #infosec
#hack100days : Day 18 : Started in on Responsible Red Teaming (https://taggartinstitute.org/p/responsible-red-teaming) Today was a busy day, so I need to read. #getsmart #redteam #infosec #cososec
#hack100days : Day 17 : Where I was going to go with the crypto challenge is not the path I took. @[email protected] gave me some advice and I managed to sort it out. Compared to other crypto challenges I've worked on, I'm happy to have gotten to a solution. I've not seen one like this before. #cryptography #getsmart #ctf #infosec #cososec
#hack100days : Day 16 : Still banging at the crypto challenge. I've gotten a big push, by the implementation is still escaping me. I've focusing on the decimal values of the ASCII char set. Maybe tomorrow I try with hex values and see if that leads to a breakthrough. #crypto #ctf #getsmart #infosec #cososec
#hack100days : Day 15 : Looks like matactf.com's Thanksgiving CTF is only the five challenges. I'm hit and miss with crypto. I've managed to work out part of the plaintext. Gonna keep noodling on it. #ctf #getsmart #infosec #cososec
#hack100days : Day 14 : Took a crack at metactf.com's Thanksgiving CTF. It's multiple days. Today there are six challenges. I've gotten 5. #ctf #getsmart #infosec #cososec
#hack100days : Day 13 : Today was a little weaksauce. Researched kit to bolt onto a Raspberry Pi 3 to make a wifi hacking rig. #getsmart #infosec #wifihacking #cososec
#hack100days : Day 11 : More JuiceShop. Explored business logic. Managed to break the server a couple of times. Error checking and handling is hard. #getsmart #infosec #WebAppPentesting #cososec
#hack100days : Day 10 : Watched a twitch stream of an attack on a #tryhackme box. Lots of malding, lol. Also poked at JuiceShop some more. #getsmart #infosec #cososec
#hack100days : Day 9 : Analysing main.js from juice shop. Finding endpoints on the server to explore and “endpoints” on the local app to explore. Router is a magic word. Need to do more poking and prodding to ascertain what kind of magic word “selector” is. #getsmart #infosec #webapplicationtesting #cososec
#hack100days: Day 8: Spun up Juice Shop and started in. Used ZAP to spider. Found an auth bypass. Found a dir from robots.txt with some goodies. Recalled a hint from PWST to reap the goodies. Need to look at hacking a Keepass file. I'm sure I've seen that in a CTF or three. Need to attack the business logic in the app. Look at API enumeration. Time to kick off a directory brute-force and go to bed. #infosec #webapplicationtesting #getsmart #cososec
Muddling through.