ANALYSIS COMPLETE!
I'm a professional CSS programmer with 8 decades of experience in HARCDORE PROGRAMMING
Here is what actually happened with the
#crowdstrike
cobalt strike cyber ATT&CK [REDACTED] thread of KNOWLEDGE THEY don't want you to know🧵🧵 🧵 🧵 :
(1/?)
There is a "new" persistence technique making the rounds that takes advantage of Linux udev rules. I spent some time last week going through it and making a tool to take advantage of it. Here are my thoughts: 🧵
🚨Free Stuff🚨
It's my 23rd birthday. Lets celebrate by giving away some free training. Two
@TCMSecurity
courses + a
@nostarch
book of your choice. I've been lucky enough to get most of my training paid for, the least I can do is give some away.
To enter retweet and/or comment!
I am once again asking why everyone is not freaking out that you can authenticate to a windows machine with the hash of the password that is sent to you if someone types in the wrong SMB fileshare name.
I spent entirely too long explaining every useful feature of SSH. This includes:
- Local,Reverse, and Dynamic Portforwards
- Jumphosts
- SSH config file
- SSH helper utilities
- The SSH ~C console
All with pictures to help you follow along. Enjoy :)
🚨 I'm super excited to announce the project I've been pouring all of my free time into this past month.
The Kubenomicon: An open source offensive security focused threat matrix for kubernetes with an emphasis on walking through how to exploit each attack. Get more info below!
Just posted a massive blog on my experience job hunting in these strange times that ended in me getting hired on Google's red team. It's basically a long list of "lessons learned" from my 5ish month long job search. Enjoy!
As promised, I just released my entire phishing course for free.
I'll also be uploading content more regularly to help people either get into security or advance in their security careers. Let me know if there is anything you want to see me cover! 🪝🐟
Lots of people talk about creating a blog if you're in this field, but I never quite new why it was so important until I started one. I decided to lay it all out in part 1 of "Why you should create an infosec blog"
You don't need to know how to code to get your first security job. But if you're looking to land a more technical job in the future or automate your current job it can be helpful. Here is some advice that has served me well: 🧵
Working in security is an endless battle between learning and forgetting information. I've recently realized on of the most important decisions I made early on to combat this was learning to take notes in markdown. A Thread🧵
Super excited to launch my course Practical Phishing Assessments. Huge shout out to
@thecybermentor
and
@TCMSecurity
for making this a super easy process! Full disclosure, if you use this link I get a little more money than if you buy from the store.
Buy my into to HTML/CSS/JS/ZIG/rust/htmlx course to ensure YOU can ensure that your company isn't cyber MITRE ATT&CK'd and make sure to use my CISSP discount code so you can FLEX on the haters on linkedin with SICK hot takes (2/2)
Why is a nice wooden plaque no longer an option considering each class is nearly $10,000?
Old certification on the left vs new certification on the right.
@SANSInstitute
One time I was doing a CTF and identified a hashed password in a configuration file. I spent the next couple hours trying to crack the password but never end up cracking it.
Come to find out the "hash" was the plaintext password...
This still haunts me to this day 😭
What are your 2022 security goals?
Here is mine:
- PNPT
- First two blocks of SANS masters
- GSEC
- GCIH Incident Handling
- GSTRT IT Security Leadership
- GDSA Security architecture
- SSAP Managing Risk
- GCIA Advanced net. Intrusion
- 12 (meaningful) Blogs
- OSCP
This is an incredibly interesting article on how an attacker can send a malicious payload only if the curl request is piped to (ba)sh
Example:
curl -> non malicious
curl | sh -> malicious
Gif from article:
Want to hack Kubernetes? Here is a cheatsheet on how to plunder the etcd database that stores the state of a Kubernetes Cluster as well as all the secrets your cluster uses.
The best part? By default it's not encrypted!
Pentesting in non-internet connected environments can have some challenges but one of the most frustratingly simple ones is running python tooling that requires installing dependencies from ✨ the internet ✨
Here is one of many ways you can ease this burden:
Had someone reach out and ask how to learn web app pentesting. This is all you need to be deadly in web app pentesting. If you learn everything that
@PortSwigger
has available (for free) you will know exponentially more than most webapp pentesters.
I'm starting my PNPT shortly. I'll be updating this 🧵 every hour or so. (Obviously very vague updates as to not spoil anything) Hopefully you can learn a little bit about my methodology:
Here is part two of my phishing course. If you haven't seen part 1, make sure you view it first for a quick into to why I'm releasing it on Youtube.
This is the same course that was on
@TCMSecurity
but is now free. Part two will be up tomorrow, enjoy :)
> Need to install Go tool on new machine
> go install -v
> Go version outdated
> Install new version of Go
> Go binary not in $PATH
> Add it to $PATH
> Install tool with Go install
> Run tool
> Tool not in $PATH
> Add tool to $PATH
> Run tool
> Tool broken
Here's the long awaited part two of "Why You Should Create an Infosec Blog" In this part I go into excruciating detail of 𝐡𝐨𝐰 to create a blog. Enjoy.
Now if you'll excuse me I need more coffee.🥱
Over the last year or so I have been working on some research into the world of punycode domains. These domains allow you to purchase a domain like ỵoutube[.]com. Here is what I learned, I hope you find it as interesting as I did. Excited about this one.
I made an open source tool called Spoofpoint, a domain monitoring tool that allows your to check a list of domains to see if they exist and if they have email MX records which would allow them to send email, the first indication of a
#phishing
attack.
🚨Giveaway Time!🚨
I'm happy to announce that
@nostarch
has offered to give away a copy of any NoStarchPress book to 4 people!
To enter:
1. Follow me and
@nostarch
2. Reply with the name of someone you admire in the infosec community and why + your shipping location (country)!
It's been a long week, what better way to turn that around than to give away Practical Phishing Assessments for free. Use ITSBEENALONGWEEK to get the course for FREE. If you like the course, consider funding my caffeine addiction :)
I'm so honored to have found my course on a pirate site. If you're going to steal my content at least make it free and don't charge the same price as udemy lmao
4/5 The over arching theme I heard when trying to get into security was to learn X. The best idea I ever had for my career was making a list of all the words I kept hearing but didn't understand. Then when I had free time I made a roadmap for learning that technology/tool/etc
5/5 For example: Don't really know what Active Directory is? Make a note called Active Directory and spend an hour learning the basics. The goal is not to become and expert, just familiarize yourself with what people are talking about. Find it interesting? Learn more, do a lab
Was just talking to someone very early in their security career about "bullet proofing" their career.
I don't claim to have all the answers to every situation, but looking back on what has worked for me (and what didn't), here is the advice I gave:
I've been putting a ton of time into my upcoming
@bsidesatl
talk on how to build an actually useful note taking system
I'm also going to be releasing an insanely detailed blog post detailing everything I do to make the most out of my notes. Should be released in the next 2 weeks
Reminder I'm giving my talk "WTF is a Kubernete and how do I attack it" with
@Antisy_Training
Wednesday 8/21 at noon EST.
If you've ever been interested in what you need to know to get started doing a Kubernetes pentests, that's what I'll be covering.
4. I3wm (window manager): A window manager that automatically tiles your windows and has a very easy config file that defines everything you need. When I use I3 I very rarely have to use a mouse.
2/5 The reason OSCP or eCPPT or PNPT or eJPT or whatever certification is valuable to an employer is not because the cert teaches you some profound knowledge you can't get elsewhere... It's because it shows that you're willing to sit down and work through difficult material.
1/5 I'm convinced that capacity to sit down and follow a checklist to learn a topic or technology is the only differentiator between people who are good at security and people who are not. Yes, lots of thing are complex but you don't need to be an expert in every tool/technology.
🚨 New tool 🚨
I wanted a secret searching tool that made identifying potentially sensitive information on a Linux system easier so I wrote Dredge.
Dredge is a tool for finding and logging secrets on a filesystem for manual inspection...
The other day I went down the rabbithole trying to figure out what SSH-Agent does and how you can abuse it to move laterally across a network (and bypass private key passwords). Enjoy.
🚨 New Blog Post 🚨
Part of being a a good red teamer is avoiding showing up in logs. In this blog I share what I learned after investigating how logs are generated in Kubernetes.
Turns out there are some detection mistakes that are very easy to make... Check it out 👇
Thanks to everyone who listened to me rant for an hour about how to take effective notes in this strange field
@bsidesatl
My entire talk (and much more) can be found here:
I made a quick tool to catch attackers hacking into your cloud applications called IMDSpoof. Its a cyber deception tool that spoofs the AWS IMDS service to return AWS HoneyTokens (such as from
@ThinkstCanary
) that can be alerted on
You can see more here:
As I'm re-reading Hacking APIs by
@hAPI_hacker
(Which everyone should read)
Here are some quick summaries of the 10 common vulnerabilities you will find in API pentesting. A Thread 🧵
Agreed -- with data from last year when I was hunting for my current role:
This is WITH a bachelors degree, an inhumane amount of certs, public speaking, course teaching, doing contract work on the side, blog posts, volunteering, ctf experience, and programming experience
Can we PLEASE stop with the "there's 750,000 unfilled cybersecurity jobs in the US?"
I don't care what the "official" numbers are because it's certainly not reflective of the job market.
If you're a cybersecurity company and you're not making branded electric toothbrushes to put into conference swag bags, you're missing a golden opportunity.
RE: New GSE requirements.
I am no longer eligible for the GSE even though I have 8 SANS certs.
This is a reminder that you can step off the certification hedonic treadmill at anytime.
Use the time and money you save doing cool stuff in your homelab and blogging about it.
I've just published my blog on Vagrant. This blog attempts to reign in all the disparate knowledge I've acquired over my time working with Vagrant into once concise place.
Vagrant has made a lot of work I do much more efficient, I hope you find it useful!
I passed GXPN this morning with previous 0 experience in exploit dev and assembly.
Most proud of myself for not letting the studying consume my life for the past few months.
The look on my face when I clicked submit and it said "certification passed":
I have a secret... I started a side company called Low Orbit Security fairly quietly a few months ago to do security work through.
The goal is to take on work when I want for clients I want. So far I've succeeded in both of those goals and have already done ~300 hrs of work :)
Check out my blog on how to use Spotify from the terminal like a true Linux elitist. I spent a while tinkering with this and found a lot of the documentation out there was lacking so I made my own.
You can get certifications and experience at the same time. Certifications are simply a formalized way of learning.
Do you need them to learn something new? No. Are they a bad way to learn something new? Also no.
Never discourage someone from learning something new.