What are
/r/netsecstudents'
favorite Products & Services?
From 3.5 billion Reddit comments
The most popular Products mentioned in /r/netsecstudents:
The most popular Services mentioned in /r/netsecstudents:
Cybrary
Kali Linux
Splunk
Burp Suite
Pastebin.com
DigitalOcean
SourceForge
Let's Encrypt
Hybrid-Analysis.com
Google Groups
VirtualBox
Any.Run
Professor Messer
elasticsearch
PrivacyTools.io
The most popular Android Apps mentioned in /r/netsecstudents:
Wifi Analyzer
ES File Explorer File Manager
The most popular VPNs mentioned in /r/netsecstudents:
The most popular reviews in /r/netsecstudents:
thezoo for samples, Youtube for learning. Hackaday started a series a couple days ago.
Cybrary has courses for it, but only through their subscription. There's a discount running to the end of the month with them.
http://www.professormesser.com/security-plus/sy0-401/sy0-401-course-index/
Watch Chapters 1.1 - 1.4 to get some basic information on Networks from a Security Standpoint. Other then that Google and read up on the OSI Model, HTTP Requests.
Yeah, anyone thinking about using NordVPN because they heard good things about it, beware. There's a good chance you only heard about them because they have insane marketing, not because they're actually any better than the competition.
There's a vpn-service that's quite popular here in Sweden called mullvad that promises that they don't store any log files and let's you by that surf "anonymously". Their first gateway was located in Amsterdam (now they have many more exit nodes in many countries) so maybe the jurisdiction regarding cyber crimes are more loose there? is the address. (And I am in no way associated with them, I just happened to know about their service.)
Hey guys.
So I set out to learn Golang, and I decided I'd start by rewriting eyes, a BASH script for doing domain/IP address reconnaissance.
I decided Go was perfect because:
- I only have to use the standard library (the previous version required Linux to be set up with certain tools)
- I can ship binaries across platforms
- I get the efficiency of Go (clean design, efficient, ergonomic, compiled, etc.)
Currently you can do:
- Whois lookup
- Zone transfer scan
- Port scan
- HTTP header grabbing
- Robots.txt scanning
- Link grabbing
- IP location finding
- Tracerouting
- Domain to IP address conversion
I'll be adding DNS Lookup + Cloudflare detection, as well as honeypot detecting soon.
The current release is `0.1beta`, and you can currently use it if you have Golang installed and set up. I'll be releasing binaries when I reach `0.1.0`, so you just can navigate to the `bin` directory and grab whichever executable you need.
Happy studying, and remember: hack responsibly.
Ediit: fix the broken links
I don't know much about node.js but if you're good at it, it should be fine.
A basic virtual bank consists of a html/css user interface (which can be very simple if you want), a backend programmed in nodejs, php or whatever, and a database. You don't care much about user friendliness and you already know some JS, so you can focus on databases: database design, SQL (MySQL/PostgreSQL/...), how to interact with the database using node.js and, since we're on a security subreddit, database security and web security.
Let www.owasp.org become your reference guide for anything related to web security. It's really good.
Basic features:
login and signup
withdrawal
deposit
interests
transfers.
All these features involve some interaction between the database and node.js and all of them must be secure. Don't start coding unsecure stuff, it's better to do everything the right way since the beginning (even if it's not a commercial product): for starters, you shouldn't allow SQLi, XSS, session hijacking. Again, OWASP is your best friend. In addition, look for nodeJS security issues.
It'd be nice if you could set up a TLS connection so to encrypt the traffic. You can download free TLS certificates here.
It's ok if you want to build everything (web server+database) on the same machine, but you could also set up two different machines (even virtual machines are fine), one to handle the web server, another one to manage the database. That's how most enterprise websites are handled, anyway. If you want to go this route, you should secure the connection between the two machines.
You can go anywhere from here. You can add intrusion detection systems and try to hack your own system using Burp/Nikto/..., you can create backups and use them to restore the system, and so on.
CV's are a bit different than a resume. Many people include both when applying for jobs. A CV goes into much more detail than a resume. https://zety.com/blog/cv-vs-resume-difference
First result on Googling "Basics of DNS." A lot of that can feel like a different language at times, though.
I learned the most about DNS by playing around with it at work. Going to second /u/tehWizard comment. Best of luck man.
https://www.linode.com/docs/guides/securing-your-lamp-stack/ you could say things like making sure apache is updated using a firewall and only allowing certain ports through that are required. also locking down mysql and referencing owasp since thats on the top ten
To be honest. Trying to maintain your OPSEC and privacy while learning is way more difficult than doing it after learning about security topics. I would suggest you learn as much as you can while not worrying so much about privacy for now.
Regardless, there are some things that I believe are absolutely necessary when surfing the net.
- Avoid the Google ecosystem. Use secure email providers and search engines.
- Use Firefox or Firefox like browsers and always install uBlock Origin and other privacy friendly extensions.
- Use a VPN if you can. A common recommendation is NordVPN.
- Never use your real name online. Stick with pseudonyms.
- Change your DNS provider to Cloudflare and/or OpenDNS.
- Keep a check on your registrations/subscriptions and get rid of services that you no longer need.
Well goodbye to the C:EH.
Between this and the OffSec Kali Linux Cert. Pro (launching in July) it looks like C|EH is done for.
https://www.kali.org/news/introducing-kali-linux-certified-professional/
Dang you must have done a lot of research before asking this. By googling "kali 2.0" I managed to find https://www.kali.org/news/kali-linux-2-release-day-scheduled/ (it was the first link)
On this page, we see 1 paragraph of text above a video. In this paragraph, there is the sentences "There’s a lot of new features and interesting new aspects to this updated version, however we’ll keep our mouths shut until we’re done with the release. We won’t leave you completely hanging though…here’s a small teaser of things to come!"
And then you can watch a video with some of the features.
There is malware that can maintain persistence across hard drive wipes. It can disguise itself and hide in a hard drive’s controller (on-board chip). I’m sure there are other malware strains that can accomplish similar techniques.
You could try using a VPN (ExpressVPN, Nord, Mullvad, etc.) to mask your IP address. They could be scanning the internet looking specifically for your IP or MAC address, depending on what info they got about your device.
Have you tried using the machine from a Starbucks or a different location, which will provide a new external IP address? If they can still find you from a new place, it’s probably your machine that’s compromised (think like Occam’s razor).
A good reference is the Privacy, Security, and OSINT Show podcast—information on becoming more anonymous.
You have TCP/IP knowledge, great! That’s a great first step to learn everything at packet level. I would recommend going through the RIT Cybersecurity course especially this one https://www.edx.org/course/network-security-ritx-cyber504x-0
You have some networking knowledge and getting more knowledge from Security perspective will be good start for you.
Once you’re done with Network, try to get some Sys admin knowledge. System admins have a good amount of Linux and Windows knowledge. If you really want to learn Linux, try to setup a server (LAMP stack) or something. Try to setup a bunch of stuff from Digital ocean https://www.digitalocean.com/community/tutorials
After you are done with these, follow what others suggested and you will be good.
Moreover, I have realized it’s just better to go in rather than looking for answers on how to get started. Trust me, it’s not that hard to get into Security. All the best!
Why is this in netsec and unfortunately you probably aren't going to find many video guides for machine learning on YouTube. Google has a Udacity course for TensorFlow their open source machine learning library.
Multilidae is one of my favorite intro apps since the creator has done a lot to create YouTube videos to go along with the app. https://sourceforge.net/projects/mutillidae/
I believe the YouTube channel is webpwnized
Get this, and either embrace it, or at least get confortable with the LiveCD:
You can't spend too much time with Wireshark. The packets usually contain all the answers - regardless of what the question is.
Metasploit all the things.
pfSense in a VM so you can fiddle with SNORT is a good exercise.
I use Xen Server with Xen Orchestra. The free version is enough to provide a web interface. It uses 2GB of RAM and 15GB of disk space, but it's pretty cool and the premium version is free for 30 days. I don't use the premium version at home, but I have at work and it was worth it for the backup features.
In my opinion, there can't be a better book when you have no exposure to pentesting than Georgia Weidman's Penetration Testing: A Hands-On Introduction to Hacking. I would also read Assembly Language Step-by-Step Programming with Linux, because it takes you from the ground up on how computers work. I wish I had read that before my CS degree.
For C++, I highly recommend reading the massive (but phenomenal) C++ Primer Plus, whichever is the most recent version. Try to read at least half that BEFORE STARTING YOUR C++ COURSE, and I promise you will be the best in your class, and have the strongest foundation of anyone in the school.
I was given a $1000 budget at work to build a library and this is what I got: The Art of Deception
Future Crimes
Spam Nation
Countdown to Zero Day
Blackhatonomics
Red Team
Kingpin
Hacker, Hoaxer, Whistleblower, Spy
The Art of Intrusion
Ghost in the Wires
Lights Out
Security Operations Center
We Are Anonymous
@War
Practice of Network Security Monitoring
The Cuckoo's Egg
The Dark Net
Cyber War (Clarke)
Automating Open Source Intelligence
Security Risk Management
Reamde
The Basics of Cyber Warfare
Left of Bang
The Art of War
The IDA Pro Book
Hackers
Practical Malware Analysis
Practical Packet Analysis
Fatal System Error
The Book of Five Rings
Dark Territory
Ninja Hacking
Violent Python
Black Hat Python
Gray Hat Python
The Web Application Hacker's Handbook
A Bug Hunter's Diary
The Shellcoder's Handbook
Advanced Persistent Threat Hacking
The Code Book
Social Engineering
Cyber Guerilla
Global Information Warfare
Red Team Field Manual
Open Source Intelligence
Blue Team Handbook
Hacker Playbook 2
That should get you going.
Consumer Reports themselves have started one
(and it's on GitHub!)
Awesome.
My idea was to just find some people to add on some instant messaging app, so we can catch up when we see each other online and socialize a bit, even if we don't have anything to ask. If we involve more people, it becomes harder to just jump in IMO.
There are a few possible communication methods: Skype, IRC, Google groups (as you said), Trello. Any other alternatives you can think of? Which one do you think would be best? I like Skype because you can chat in group as well as private, and everything is persistent (which is an advantage over IRC), but it's only useful for smaller groups. While it would be useful to have a place to post messages for a bigger audience, I think the OffSec forums already provide that.
In any case, I made a Google Group (web forum style): https://groups.google.com/forum/#!forum/pwk-study-group/new
EDIT: We could also consider creating a subreddit.
Do C. Python is pretty simple to pick up on its own once you have a good compsci base (and there's a great class on udacity on introductory python). In fact, a lot of python's base methods are thin C wrappers.
Bridged will use your hosts physical network adapter for your VM. It will essentially filter out traffic through it and give your vbox machine it's own address and interface to communicate with.
So like, if your host is 192.168.1.35, your vbox machine might be like 192.168.1.42. Hope that helps.
You can learn more technical jargon about it here.
My best advice would be to sign up for Amazon AWS and playing around with the free tier. You get to host up to 10 VM's (max 1 cpu, 4gb ram or something) for 750 hours per year totally free.
When you are comfortable with the platform you can add more CPU's/RAM etc if you need that, but then you will pay an hourly rate. These rates vary a lot, but it's really affordable unless you spec up your servers high and let them run 24/7.
I run 4 x Windows 2016 server and 1 x MySQL database.
I could elaborate further, but the guides inside the AWS platform and fast-setup options are much better. You can literally setup a Windows 2016 server with 3-4 clicks and have it online for 750 hours without paying anything at all.
Quick edit TL:DR:
Sign up for Amazon AWS. Only host free-tier servers in the beginning. Remember to turn them off if you are not going to use them. Don't be overwhelmed, spend 5-6 hours just playing around and read the tips & guides in there and then you will feel that you know enough to learn exponetially faster.
Also, this: https://aws.amazon.com/documentation/
In the beginning, you will probably spend 95% of the time in Amazon EC2
Check this out OP Link-https://about.gitlab.com/blog/2021/04/20/everyone-can-get-certified/
When u/greengobblin911 mentioned about GitHub,the link above just popped into my head.
It doesn't need a .edu mail I'd though
~~can you ping the guest adapter IP? did you add routes from host to your guest network?~~
Sorry I was pulling things out of my ass while I was typing that.
What VM are you using? I'm assuming it's Vbox since that's what everybody uses for things like this
If so, found something that'll probably help, and hopefully help you understand (not mine, but found on google)
https://www.slideshare.net/powerhan96/networking-between-host-and-guest-v-ms-in-virtual-box
You can try Flamory. We build this tool to help people track their research without too much hassle. It automatically organizes the bookmarks you make into topics and shows a screenshot thumbnail for each of them.
You don't even have to bookmark every interesting article you find, because Flamory will save a couple of pages before and after your bookmark.
Check out Cybrary for general knowledge. Find out the products your SOC supports. Many have online training available from the vendor. Also, master the communications tools and ticketing system your SOC uses. Get fast and responding and get good at managing tickets. That last one is often overlooked, and often what gets new analysts in trouble.
The best way to learn is to do it. Simply play around with it. Build a few VM's and play around with moving files from one machine to another, etc.
However, here are a couple of video series on Network + that I highly recommend.
As a precursor to security, I think it would be beneficial to build some experience in networks first. It shouldn't been too hard since you have experience in radio communications. Maybe you can work with one of the network administrators of the IS division, work on a networking certification such as the Network+, or maybe even play around with virtualized networks in GNS3. This will build a solid foundation in networks and would be a good segue into security.
From there you can work towards security certifications such as the Security+ or CISSP and possibly get a job with the DoD or government contractors. If you already have a security clearance that will put you ahead of the other candidates.
I used to see ArcSight wanted a lot in local adverts. Unfortunately no free trials exist. Need to reach out to HPE reseller, sigh.
As others said, Snort and Bro (included with security onion distro) are free, along with https://suricata-ids.org/.
Ultimately, you're learning SIEM logging, and implementing IPS. Im sure the firewall vendors have stuff they want to promote.
Suggest you start with basic firewalls, and centralised logging. You're halfway there now.
nb. i am not an expert =)
https://app.any.run/ - Interactive online malware analysis service for dynamic and static research of most types of threats using any environments. Replaces a set of tools for research.
Since it's a root CA certificate, normally there are no additional trust anchors to chain off of. However, since it usually takes some time to get those certs in the browsers' trust stores, root certs are frequently cross-signed when new, which is why you're in the situation of two roots, one self-signed, one cross-signed.
Let's Encrypt also has a similar setup.
I'd skip A+ as well unless you're going into a not too technical job where some basic deep understanding of computer systems wouldn't be the norm - like a help desk job. I took the Security+ and passed it on the first try five points shy of a perfect score without studying any more than an hour.
If you're not already familiar with information systems and basic security, I'd recommend watching some Professor Messer videos. He does a really good job with presenting the information and it's what I recommend to anyone taking a CompTIA or similar cert exam.
check out Hacker High School for great lessons on beginning security and hacking. Its meant for beginners but its a great starting place.
I would also recommend Professor Messer. Even though its geared mostly toward IT exams/certifications, the security+ exam is a good way to learn the basics of corporate/enterprise security. The other sections for A+ and Net+ would be helpful as well.
If you haven't done assembly before, I'd probably start with Paul Carter's <u>PC Assembly Language</u>, which is 32-bit x86.
Once you've gone at least some way through the book, I'd strongly recommend compiling and disassembling some simple functions, e.g. using Matt Godbolt's excellent compiler explorer (use -m32 as a compiler option to get 32-bit code), and seeing if you can step through the resulting assembly and understand at least some of it. You're not expected to know every last opcode (you can Google them) but you should at least have a sense of how to read assembly syntax (note that there are two popular syntaxes for x86; Carter's book and godbolt.org default to Intel syntax, but GNU defaults to AT&T syntax), recognize the common things like mov and ret and eax, and follow along enough to figure out the rest as needed.
As /u/0x414142424242 pointed out, OWASP ZAP is basically an open source alternative with similar core functionality. However, I think mitmproxy is also worth a look -- it has a command line and web interface and is very extensible in Python.
I honestly have no idea between the differences of the two without looking it up. I took my Net+ back in 2007. The new test and objectives should be fun because it covers all the new things out there to include SCADA. Pretty good stuff.
From my experience doing certs, I really love the "All-In-One" series books. Mike Myers has been authoring the Network+ (and other books) for a while now and he has a book on Amazon for the n10-006 version. I would highly recommend getting that!
https://www.amazon.com/CompTIA-Network-Guide-Sixth-N10-006/dp/0071848223
lol, i love the first line on their app store page for this app (https://play.google.com/store/apps/details?id=com.estrongs.android.pop&hl=en):
"Free, Safe, Simple, Manage your files efficiently and easily with ES File Explorer (File Manager)!"
"Safe"??? They start a webserver and serve all files unrestricted from SD card! I dont think they know what the word "safe" means.
Based on the PoC the webserver/API can be used to extract the following:
- List all the files in the sdcard in the victim device
- List all the pictures in the victim device
- List all the videos in the victim device
- List all the audio files in the victim device
- List all the apps installed in the victim device
- List all the system apps installed in the victim device
- List all the phone apps installed in the victim device
- List all the apk files stored in the sdcard of the victim device
- List all the apps installed in the victim device
- Get device info of the victim device
- Pull a file from the victim device
- Launch an app of your choice
- Get the icon of an app of your choice
And i ASSUME, that if the victim phone is on mobile network (4G) then he will get a public IP and this webserver/API will be available to the entire world. Great!
Use this app on your phone an use the signal strength to find the AP. It has an analogue guage and if you hit the sound button it starts beeping, the beeping will get faster the closer you get to the AP.
https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer
It should take you straight to it.
Mike Meyers has about the best all in one Network + book out right now, you can get that from Amazon. You can also check out Mike Meyers' channel on Youtube, he has a lot of Network+ videos: https://www.youtube.com/watch?v=TcIV_qc-eOU
For Linux, I'd highly recommend "Unix and Linux System Administration Handbook" by Evi Nemeth, et al. You can get a used copy of the fourth edition for about $15.00. The second edition got me through my first three jobs back in the day :) https://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0131480057/ref=sr_1_fkmrnull_1?keywords=evi+nemeth+4th+edition&qid=1551450119&s=gateway&sr=8-1-fkmrnull
1) No, so long as the https protocol in use is sufficiently strong (the site isn't using SSLv3 or something).
2) IIRC ProtonVPN requires a client. If you're installing something, then yes, that something could be malicious. As an example, look up the CCleaner supply chain attack. This goes for everything though though, not just VPN clients.
I strongly recommend the Comptia Network+ Exam Book. I've had it for a while now, and you will learn quite litterly everything there is to know about the backbone of networking and the internet. It's meant as a preparation for the CompTIA Network+ Certification, which certifies you are competent enough to work in a networking environment, and is very comprehensive (~ 600 pages). It was invaluable for my positions in cybersecurity.
There's no syllabus because everyone's path is different and you pick up most things as you go, not by reading a few books.
I do security research (but don't focus on vulnerabilities), here's what I used to get started:
The C Programming Language
C++ Primer
lena151 reverse engineering tutorials
Win32 API documentation
I've read a few books (or parts of them) on different topics (The Shellcoder's Handbook, Practical Reverse Engineering, Introduction to Modern Cryptography) and lots of blog posts, articles, papers etc. here and there, but there's no point in doing that before you get stuck, it's much more important to just start and get stuff done.
Java was my first language as well, and schools do that for good reason (you'll see). Still, if you have a summer vacation or winter break before taking the C++ course (which may be a data structures course), read C++ Primer Plus.
In my opinion the better ground up understanding you have of how things work, the better you'll be in the long run. Many people without technical backgrounds learn how to script in Python by memorizing rules. You can blow everyone away if you take your time now to learn things from the ground up.
If your school offers a networking course, or a Web-related course, take those. Data structures will likely be taught to you in your second or third computer science class in the curriculum you take. The C++ Primer Plus book will address those, especially after having read the assembly language book.
Take your time, do it right, you'll be the best by the time you're in your last year.
> accepts cash/anon gift card
ProtonVPN takes cash or Bitcoin.
I think all that accept "credit card" or "Visa" will accept a prepaid gift card in that option.
How anonymous is PayPal ? Does that qualify as an anonymous method ?
For Monero, see
> does not log
Trying to guess "trustworthiness" or "not logging" is a losing game. You never can be sure, about any product or service. Even an audit or court case just establishes one data point.
So, instead DON'T trust: compartmentalize, encrypt, use defense in depth, test, verify, don't post private stuff, maybe don't do illegal stuff. And give fake/anon info where possible: fake name, throwaway or unique email address, pay with gift card or virtual credit card or crypto or cash. They can't log or sell info they don't have.
You can use a VPN, ISP, bank, etc without having to trust them.
> increase the vulnerable surface area of your private data
Adding a VPN does increase attack surface. But only for a small subset of your data: your home IP address and the destination IP addresses you access (and the metadata: times of access and amounts of data sent). This is assuming you signed up for VPN without giving ID, which is easy to do.
In return for this small increase in attack surface, you have reduced the data known by your ISP, a company which already knows FAR too much about you. It's a win.
In a similar way, accessing banned content in countries with strict censorship laws in place is probably illegal, and that has nothing to do with whether these individuals need the extra layer of protection. That being said, NordVPN advertising on every single YouTube video is probably one of the worst things to happen to contemporary discourse on digital privacy.
There is 1 book available, but having taken the GCIH years ago, I wouldn't trust a single 3rd party book at all. The exam is very built around the exact course material you get at the time you take the course, and it's updated frequently with lots of questions about the specific labs in the course.
https://www.amazon.com/GCIH-Certified-Incident-Handler-Guide/dp/1260461629
Absolutely not worth the gamble of buying the exam to take it blind unless you're 100% confident in the material and then you probably don't even need the cert as you'd have significant experience already.
Traditional firewalls were based on packet filtering and state tables. However, the next-gen has multiple features integrated and therefore the packet flow and its processing varies across different vendors.
If you want to get an operational overview, check this book
Amazon is one of earth's largest corporations and gets scrutiny from name-brand newspapers -- if you embarrass Amazon, most newspapers will pick up the story. So Amazon spends money on security.
You want to find the cheapest knock-off IoT device you can, like a smart plug, and see if you can identify a failure mode like "I can make the lights flicker fast enough to short the bulb / blow the breaker". Then find a way to get control of the plug from within its own LAN.
Everything! I like retro games so I'm looking at a little emulator thats portable (look up mintypi if youve never seen it) Like I said in the above comment, a wifi jammer which is super fun, radio station, rc planes. I bought a domain off google for $12 a year and made a domain. If you want a good starter project, Retropie great little game emulator I have mine hooked up to my tv and use a PS4 controller I wasnt using. Super easy and you can play with your friends or whatever. Also highly recommend Plex, I "acquire" (legally of course ;) ) a lot of movies and have them stream to my families phones or our TVs, works just like your own Netflix.
Sorry I realize this is rambling but I love messing around with this stuff lol
The password is sent in plain text over the established encrypted channel. That happens before anything and doesn't have anything to do with the password. https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process
I'd be interested in seeing the output of this particular scan you're referring to
Just one thing. Jelle mentions using a pop, ret sequence to get back to the shellcode. This is my stack after the crash. It looks to me like ESP is 8 bytes away from the shellcode (just the "aaaa", in this example) and pop EBP; ret would only load the address right below ESP into EIP, right? So I'm not sure how that would actually execute the shellcode. I might be missing something and I haven't actually tried out any shellcode on it yet, but I suppose I could look for a pop, pop, ret if I ran into trouble for some reason. Also, what do you think of angr? Any good resources you like? A lot of the stuff I've seen about it is really dense reading, which isn't uncommon in this field, but still...
I heard of DoH (DNS over HTTPS) but not DNSSEC so I went to look it up. It seems the former does what you describe the latter to perform, and DNSSEC is mainly used to prevent spoofing of DNS servers (ie. malicious DNS servers pretending to be legit so they can redirect your traffic elsewhere to an IP they own)
Manufacturers have a standard oui number associated with the MAC address. You can use nmap or arp scan to dump all the Mac addresses then look them up in bulk.
https://www.wireshark.org/tools/oui-lookup.html
Raspberry pies typically have a MAC address that starts with 3A:35:41
A while back I gave presentations about PKI and certificates. The slides are up on SlideShare, over here.
Of course, slides will only get you so far without the actual talk, so YMMV.
I don't know the exact context of your program, but I can tell you this.
Mastering the contents in that book will bring you maybe 1% closer to being able to pentest a mobile application. Maybe.
Something like https://www.amazon.com/Mobile-Application-Hackers-Handbook/dp/1118958500 would get you at least 85% closer to being able to pentest a mobile app. Yeah the book is old and parts of it is out of date, but it would give you an idea of the steps involved and techniques used.
Now, I know there's more to cyber security than pentesting, I'm just pointing out that there are better ways to spend your time than learning descriptive logic.
Source: at least 1 or 2 mobile/web app pentests every month for the past 3+ years
>https://gumroad.com/l/the\_cyber\_plumbers\_handbook/netsecstudents2018
If you're purchasing it, just browse here and the discount is already taken off. Should be $14.99 USD. If you received a free voucher, the email should explain your options.
Yes. If you have an alternative Firmware such as TomatoUSB or dd-wrt, you can do this through iptables. I remember that I had to install some additional modules for iptables, because the slimmed down version in the router firmwares didn't accept the rules out of the box.
It's a fun experiment, especially when you try to saturate your connection, and see if the IDS can cope with the traffic on such a tiny device. Maybe try different IDS: Snort, Suricata, or look for lightweight systems.
Also vbox dhcp
For internal, as /u/Trolling_turd suggested, I would go with pfsense, it provides an actual network controller and makes it a bit closer to a "real" network. Its a hassle, and as a "from experience" tip, I'd setup a graphical machine on the virtual network for managing the pfsense box from the web UI, it will make your life a bit easier, you can enable outside access, but since your practicing, that would not be the best way imho.
But because you are just trying some boot2roots, I am guessing maybe you simply missed a step in the vboxmanage dhcp commands. If this does not help, maybe verify that the b2r is supposed to be IP accessible (which b2r are you attempting?) and if possible, provide more information about your setup, such as are they on the same internal only network, are they both set to internal only, and do they receive DHCP addresses in bridged mode?
While it is possible in AWS it would probably be more aggravation than it is worth. They have a request form that must be done before any pentesting can commence on their networks. You have to submit this in advance and wait for their approval, plus you have to specify a time frame (indefinitely is probably not an allowed time frame lol) that the testing will be taking place. They also have restrictions on the size of the EC2 instances that you can run pentest against. See here for more information.
Others have mentioned Sec+ as a good starting place and I think I'd disagree. Sec+ is a very high level introduction to security as a whole while you have specified you are teaching a class on NETWORK security which is a bit more specific. In that spirit, I would recommend a book (or books) that is specifically related to networks rather than include other infosec domains. Important concepts here include (but are not limited to)..
- Network devices (e.g. hub, switch, router, etc...)
- VLANs
- TCP/IP
- Network protocols and concepts (e.g. RIP, OSPF, etc...)
- Application Protocols (e.g. HTTP, SMB, SNMP, etc...)
- Firewalls
- Network topologies
- Security tools (e.g. IDS, IPS, SIEM, etc..)
Though I'm sure there are some books out there that would cover all these things, I'm not sure of one specifically I would recommend. One book that does cover quite a few of these things is https://www.amazon.com/Network-Warrior-Everything-Need-Wasnt/dp/1449387861. This book leans a little more towards straight networking than "security" specifically but I think the best way to become a good security pro is to understand the actual technologies as best you can. Supplementing this book with other books that dive deeper into other security specific topics listed above would also be good though.
I know I am late to the party, but just wanted to add my thoughts. There are a myriad of Linux distributions, these days, that are very user friendly. It is not just Ubuntu or Debian, but even some arch based distributions can provide easy usability and good security. But, I do agree Debian, stable branch, is the best way to go for your parents. It is hard to break, even if you have absolutely no idea what you are doing and has an update center so the command line doesn't have to be used. I would also look into "hardening" a bit as well.
Debian has a great security guide as well: https://www.debian.org/doc/manuals/securing-debian-howto/
Arch as well: https://wiki.archlinux.org/index.php/Security
As far as I recall, the actual Fundamentals 1 for the cert was always a paid offering and the free one was more of a quick overview to get yourself familiar with Splunk.
Like most people said learn infosec and coding. I would start with sec+ level stuff to get a fundamental understanding of infosec. Then pivot from there to whatever is of interest, forensics, pen testing, IR, engineering, etc.
While you are doing that pick a language and stick to it. Python, C#, GO, etc all work. The important thing is that you learn how to program well. You can switch languages down the road and it will be a breeze. You just need something you can script in every day. Personally, my preference is Python because it does everything I need it to. But I do use other languages when I need to. You can practice with sites like https://www.codewars.com/.
Yes > Putty is all you need to go Windows to Linux
Also, if you want to do a remote connection to a server using XDMCP, you can use Xming
It also helps in making a GUI based connection to the remote machine!
You may also want to get a USB wireless network dongle that supports Monitor Mode/Packet Injection, as most integrated chipsets don't support it, and that is essential if you want to do wireless pentesting.
https://www.wirelesshack.org/best-kali-linux-compatible-usb-adapter-dongles.html
Aa for OS, I can recommend Parrot.
It might not have the large community base as Kali, but it shares the same Debian base and comes as standard shipped with more tools than Kali and is in my experience leaner and faster by defaulting to Mate as desktop environment instead of Gnome.
It is my goto, and has improved a lot the couple of years I have been using it.
Preface in saying i'm a total noob and have never done such in a business environment. That said:
have you looked into Qubes OS? May not be very scalable on a business environment, but if you have a dedicated machine it'd fit the bill: https://www.qubes-os.org/
If doing option 1, I presume the system is to be disconnected from network up until tether, then I presume you'd be OK?
You mention that you can't isolate a machine from the network - seems your test machine would necessitate being isolated however, yes? Or do you mean you can't just yank one that's already connected?
Hey, I had this problem too with Kali rolling version (virtualbox image) on MacBook Pro.
You should try this instead: https://phoenixnap.com/kb/how-to-install-kali-linux-on-virtualbox
I guess the difference is that for rolling version it’s customized to whatever baremetal configurations it had while creating VDI image, whereas for the tutorial above you’re creating a new Linux guest OS based on your host OS and then installing Kali on the new guest OS. So the graphics settings etc will be better optimized for your machine.
After this, remember to install guest additions so you can resize resolution (otherwise you’d have to squint your eyes the whole time): https://www.kali.org/docs/virtualization/install-virtualbox-kali-guest/
hey rek2gnulinux I hear you, it was not so much that we discontinued support for ZAP but that we have to pick our battles.
It all came down to Rails 4 and their decision to stop supporting the previous architecture for plugins. ZAP's add-on was developed in the olden days, and around 4 years ago we started moving every add-on to their own repo to try to convert them all from "plugins" to "gems".
We've 20 connectors or so, and ideally we'd like to convert them all, but we had to start somewhere, and we started with those that would make a bigger impact to our users. The usual suspects took precedence (Nmap, Nessus, Qualys, Nexpose, etc.).
To this day, we never got around migrating the ZAP plugin, the main reason being, not a lot of people seem to be using Dradis and ZAP (although this may well be a catch-22 situation).
In any case, if you're interested in making this happen, let me know, we'll need so current sample results files to exercise the parser and the unit tests. And if you have Ruby chops, I'm happy to do an initial re-structuring of the repo's code to make sure it loads into the framework, and so you can contribute to the actual parser implementation.
Just drop me a line on GitHub (@etdsoft) or join the Slack channel, and we can work on this together if you're interested.
Dradis author here: what was the last version of Dradis you've used? We've recently revamped the UI and people are in general liking it a lot better than the previous one, some screenshots:
You can find training material on their website:
https://www.hhs.gov/hipaa/for-professionals/training/index.html
There is also a brief course from Cybrary to cover the basics:
Njrat is a RAT tool used back in like 2012 by a bunch of 12 years olds
Metasploit is a huge framework designed for pros.
Take this free course to learn in depth about metasploit https://www.cybrary.it/course/metasploit/
Personally, I wouldn't bother. The whole 99% off thing makes me a bit sketchy about it and I've never heard of the company either.
There are a lot of pretty trusted resources out there to give you a start for free, like:
https://www.cybrary.it/course/advanced-penetration-testing/
​
Excellent advice, thank you. I was definitely looking into Security+ as a starting point. Should I do this: https://www.cybrary.it/course/comptia-security-plus/ and then am I supposed to then take the exam over here: https://certification.comptia.org/certifications/security ?
This school may not have the merit as others, but you could get your Computer Science BA degree here for free. There are a few processing fees. There are also AA and MS options. Check it out! http://www.uopeople.edu
If you haven't checked out Cybrary you should. Its also free https://www.cybrary.it
For anyone watching this: Splunk offers their Fundamentals 1 training for free. Fundamentals 2 is also free for veterans.
https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html
I understand why companies seek to build dossiers on their customers to the fullest extent possible. I just don't understand why people agree this level of personal research is required for a product like this.
>We collect Information about you from other sources such as public databases, joint marketing partners, social media platforms, conference/event hosts, and partners when you interact with them.
No sure, but Rotdhizon may have been referring to the fundamentals 1. It's a free course, and you can test out and get your "splunk training wheels" cert with this and it's all free.
​
Then yes...everything after that will cost you as it should.
​
https://www.splunk.com/en_us/training.html
​
​
If they didn't give you a public IP, than you can't port forward, you wouldn't receive anything from internet.
Use free tool noip. It gives you a public IP and you can port forward. https://www.noip.com/free
There are other solutions as well. I have not used these though. Ex https://portmap.io
You could consider http://www.vbox.me/, which allows you to use the live boot within a VM. If you create the live usb using Lily (http://www.linuxliveusb.com/) you can just select this as an option. It works fine overhere.
You're right that the network level infrastructure will determine what you can can and can't see. It also depends on the hosts machine location on the network. That being said, there are ways to get around those restrictions too, but every case is going to be different.
Check out the wiki page on packet analyzers.
Also check out the documentation for tcpdump (which is used by Wireshark)
Linux has a VM manager built directly into the kernel called kvm. I use QEMU with it and GPU passthrough to play videogames using a windows vm with passthrough on my Fedora computer.
It might be easier to just do that instead of ESXi.
Chrome->Developer Tools->Network
Also check out ZAP(https://owasp.org/www-project-zap/), or BurpSuite(https://portswigger.net/burp) as both of those projects allow you to not only intercept and monitor the communications, but manipulate them in transit as well.
> Reports at https://www.hybrid-analysis.com/ sometimes contain the malicious attachments.
This is a good place to start to learn how to do static file analysis. I believe you have to be vetted to download the samples, though.
Here is an already-analyzed bit of malware that you can examine. It uses the same "dennis-pdf2.php" link.
Tracking, uses cookies to see how you are using a site. If you go to a news site and it says you have X amount of free articles remaining? But if you delete your stored cookies for that site, reload, it'll generally reset the counter?
Fingerprinting, they can get information about your use on a site without cookies. You ever use a site where it specifies that the browser you're using isn't compatible with their software, or when you go to a site's download page it automatically knows what OS you're using?
To see what information can be gotten from fingerprinting: https://amiunique.org/fp
Tracking: https://coveryourtracks.eff.org/
https://github.com/StevenBlack/hosts has been a pretty active source for me, plus it lets you 'tune' for different things. Not just blacklisted, but also ads, porn, fake news, gambling, etc.
Breaks the algorithms down into functional blocks so you can see how the data changes at each step. Also, has some legacy stuff the last time I used it. Easy way to start looking into how crypto standards work.
I'm not going to recommend you a book - but I will recommend you videos. Check out Professor Messer. His videos cover a lot of detail, and are very well done overall. Take notes when watching and I'm sure it will help you in your studies. I used his videos to pass Sec+
It is all answered in the official FAQ.
But yes, you can use it with every Cloudhosting service. You just create a container inside your drive, neat thing is, every file will be encrypted for itself, not as a large container that has to be synchronized every time you change something in it. Best thing, it is open source and free, just take a look.
I'd explore the OWASP ZAP documentation. https://www.zaproxy.org/docs/
There is literal checklists deep in the documentation or more high level tutorials on how to setup a scanner, launch automated scans, and generate reports. There are step by step instructions for how to test for each vulnerability type.
I second this approach. Metasploitable is also a good place to start along the same lines (intentionally vulnerable VM by the creators of Metasploit) https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
From there you might want to look at trying your hand at some of the free online CTF challenges - https://ringzer0team.com/ is a great one.
Good luck!
True, but the reason for the move is understandable.
With the number of users on the channels, the daily free message limit would often be hit in a few hours, locking message history behind a HUGE paywall. With something like 10k registered users, it would have been around £50000 a month to keep it going with a decent message history!!!
It was the choice of making people subscribe and pay to be in the chat, or move to a free platform.
I don't use it via an app. I always just hit it online...
Yeah I know exactly what you mean. Try this: https://office.live.com/start/Word.aspx . I dont work with docs much so I haven't explored it much, but it exists!
Im a big fan of using Markdown and one of the better editors I've been able to find is Notable (https://github.com/notable/notable)
Makes it so it is a basic text document, and it is simple to copy in results and commands. But then, notable will render it using the GitHub flavored render, which I personally prefer.
I am mostly using Typora. I usually have 2 documents open, one with the formal report and the other working as a buffer for my notes. The thing I like the most about it is that I can export it as a PDF using the theme I am. I also love that I can highlight code based on the language I'm using. The only con might be that it is an electron app (the ram usage, though not very high might bother you) Looks good and you can use it for anything really, that's if you enjoy markdown. Here's a link: https://typora.io/