Using MindMap application when doing pentest or ctf! Up for you to decide. #MindMaps #freesoftware #kali #linux4hackers #linux #infosec #hacking #pentest #pentesting #redteam @kalilinux #ctf #bugbountytips @insilmaril

I was thinking about a nice and easy way to save a penetration test and come up with this.Use a MindMap application.There is a alot of MindMap application out there. I am running Linux on my machine so I ended up with VYM. ( https://www.insilmaril.de/vym/ )The nice thing about VYM is that it is free […]

Installing Crowdsec on my hacking rig. How to block unwanted connections. Like bruteforce attacks on ssh. @Crowd_Security @DanielMiessler #hacker #bruteforce #ssh #cybersecurity #Security

I was reading on Daniel Miessler website and got really excited about his article about replacement to fail2ban. https://danielmiessler.com/study/crowdsec/?mc_cid=970356fcef&mc_eid=fa6207cba8 ). Please subscribe to his newsletter, really nice reading. Daniel explains this application in detail and I want to show how I did the installation on my machines. Some difference are there. I wont say it […]

Install LogonTracer in my hacking rig. #blueteam @jpcert_en #LogonTracer #ubuntu #linux #infosec #logging #hacking @Docker #logontracer @neo4j

It is time to test LogonTracer from @jpcert_en you can get your copy from https://github.com/JPCERTCC/LogonTracer From the website:LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows active directory event logs. We start with a new installation of ubuntu. The servername for this is Logon. The installation is not in this post. […]

Installing Security Onion 2.3 in my hacking rig. @securityonion #opensource @Elasticsearch #zeek #grafana #qsquery #wazuh #thehive #playbook #kibana #squert #snort #cortex #fleet #suricata #logstash @BHinfoSecurity @elastic @TheHive_Project @grafana

I must thank @BHinfoSecurity to get my interest in this. There webinars is great, especially 30 minutes before the real webinar begins.Now lets get started. As you have seen I did installation of 16.04 version before. My mistake, to tired! No I have to do this again with the new version. Like 16.04 version this […]

Installing Security Onion 16.04 in my hacking rig. @securityonion #opensource @Elasticsearch #zeek #kibana #squert #snort @BHinfoSecurity @debthedeb

Hi, now after some other installations in my “lab” it is time to look at logging. I got really inspired by webinars from BlackHills, so a big shout out to them. They are doing great work to spread there knowledge to others!And soon I WILL get my backdoor and breaches card game! I do not […]

Hachcat benchmark numbers with a VM with Tesla M60 card PCI passthru. #ubuntu #linux4hackers #hashcat #linux #infosec #hacking #pentest #pentesting #redteam #invida #teslam60

I am running hashcat in a VM (ubuntu 20.04) with a PCI passthru NVIDIA TeslaM60 card. This is my first rig with a graphics card so I have no referense to the numbers below. But here is my benchmark test so you can compare. Running Cuda so I can access all memory on the card. […]

How to access internal machines with ssh tunneling. Tunnel rdp thru a jumpstation with ssh. #infosec #hacking #pentest #pentesting #redteam #linux4hackers #kali #parrotos #linux #linux4hackers #ssh

This is follow up of the previous post regarding my rig. How do I access this where ever I am? I use SSH tunneling for that. If I loose connection for some reason I always use tmux on the target so I can reconnect to the same session as before. We start with a picture, […]

How did I create hacking rig for ethical hacking. Based on VMware with Tesla M60. #infosec #hacking #pentest #pentesting #redteam #hackthebox #tryhackme #linux4hackers #ctf #kali #parrotos #linux #godaddy #linux4hackers

My goal with this project was to create a hacking rig that I can use when doing hackthebox, tryhackme and other ctf:s. I was lucky to get my hands on a server with Tesla M60 card. My other goal was also to have a server that I can use in phishing tests, and show others […]

How to get IPv6 and IPv4 support with proxychain4 running kali. #hack #kali #linux #infosec #hacking #pentest #pentesting #redteam #proxychain4

I wanted to use proxychain with IPv6, ended up with this configuration. If you have not install proxychain4 do that now! Tor configuration file add below /etc/tor/torrc Proxychain4 configuration file. Add the information below in the file under [ProxyList] /etc/proxychain.conf Restart tor with Check if you have IPv6 support with proxychain. Then surf to site […]

Spam-test. Test if your email adress / domain are on any blacklist or if anything is wrongly configured. Check for spf,dkim and other stuff. #pentesting #blueteam #cybersecurity #spam #tester

This is a simple way to test if your email security is ok. Open a web browser and access https://mail-tester.com and copy the destination email on the page. Then send a email to that address that you got from the page Then go back to the web page and press Then check your score. (wait […]

Buffer Overflow, how do I prepare for Penetration Testing Professional V5 buffer overflow part. @eLearnSecurity #bufferoverflow #infosec #hacking #pentest #pentesting #redteam #hackthebox #INVIDGruppen #INVID

I am  not a programmer from the beginning so I struggle a lot with buffer overflow part of the PTP course. I can not turn back  time 25 years and start study programming so how do a old dog learn buffer overflow? This is what I do. Watch Videos, I learn faster if someone tells […]

How to set up juice-shop @ heroku for free. Then begin hacking your own web application. @heroku @owasp #infosec #hacking #pentest #cybersecurity #webhacking

I was watching a YouTube video from https://twitter.com/thecybermentor  and wanted to spread the word to my 2 followers. This is a great way to get started with web application hacking. You will set up your own environment in seconds. After the deployment go to https://pwning.owasp-juice.shop/  and do the 95 challenges. Step1 Create a free account […]

Create file with hostnames from website with cewl, then scan the webserver for vhosts with Metasploit vhost_scanner to find hidden virtual hosts on webserver. #infosec #hacking #pentest #pentesting #redteam #hackthebox #ctf #linux4hackers

We start to collect possible hostnames from websites with Cewl cewl http://10.10.10.1 -w cewl.txt You can also use some other switches like -d = deph to look on the website for words -m = minimum wordlengh -w = outputfiel So that the final command can look like this: cewl http://10.10.10.1 -d 5 -w cewl.txt When […]

CORE-IT is a FREE virtual conference hosted by Chappell University. The online event begins March 24th at 9 am Pacific Time. #wireshark #nmap #darknet @torproject #kismet #tcp #dns @LauraChappell https://www.engagez.net/coreit1#lct=entrance

I got an email regarding a  free Virtual Conference 2020! Could be something real nice! https://www.engagez.net/coreit1#lct=entrance Agenda here: https://coreit.s3.amazonaws.com/CORE-IT_Agenda-v1f.pdf Click to access CORE-IT_Agenda-v1f.pdf Click to access CORE-IT_Agenda-v1f.pdf Click to access CORE-IT_Agenda-v1f.pdf Click to access CORE-IT_Agenda-v1f.pdf

Fishing with Raspberry Pi, Kali, Auto connect to VPN, Auto register domain with GoDaddy, Automatic SSL cert with Letsencrypt, Run Golang, Run Gophish @letsencrypt @golang @kalilinux @GoDaddy #kali #raspberrypie #linux #infosec #hacking #pentest #pentesting #redteam #gophish

This is just for demo, I used root as user, you should perhaps consider other user to do this. Installation of Kali Download Kali Image https://www.offensive-security.com/kali-linux-arm-images/ Flash the SDCARD with etcher on you Kali box or any other burning program. Put the sdcard in the PI and boot OpenVPN Autostart Download opvpn conf file from […]

How to exploit Active Directory ACL based privilege escalation path with Bloodhound and aclpwn.py. Then collect the hashes, if you are lucky to get that level of access with secretdump.py #kali #kalilinux #hacking #pentest #pentesting #redteam

This was done from Kali box. Of course the Sharphound was ran on a compromised computer. Used application Bloodhound and Sharphound ( https://github.com/BloodHoundAD/SharpHound ) aclpwn ( https://github.com/fox-it/aclpwn.py ) Steps to do it Get output with sharphound and put that on our kali box use -all when run the Sharphound. Start neo4j and bloodhound import the […]

How to turn of power management on the wifi in kali 2010.1 (or any other distro using NetworkManager). @kalilinux #kali #kalilinux #linux #NetworkManager

Sometimes there are issues with speed, performance, lost of connection to access points. This can be helpful in some configurations. Before: iwconfig wlan0 wlan0 IEEE 802.11 ESSID: Mode:Managed Frequency:5.26 GHz Bit Rate=6 Mb/s Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:on Link Quality=56/70 Signal level=-54 dBm Rx invalid nwid:0 Rx invalid crypt:0 […]

Compile an exploit on ParrotOS for Windows 32bit. @ParrotSec #infosec #hacking #pentest #pentesting #redteam

I needed to compile an exploit in ParrotOS. Did not have a Windows machine at the moment. In this case it was MS03-26 for 32 bit. Before we begin we need to install some applications in ParrotOS sudo apt install mingw-w64 searchsploit ms03-026 searchsploit -m exploits/windows/remote/100.c x86_64-w64-mingw32-gcc 100.c -o shell.exe -lws2_32

How did my journey to Licensed Penetration Tester (Master) Certification begins and ends. My own thoughts. #LPTMaster #penetrationtesting #infosec #eccouncil @ReadynezSocial @ECCOUNCIL

My journey began 2018-07-09 at Readynez ( Örenäs Slott) a rely warm summer week for Sweden anyway, almost 30 degrees Celsius. Here is what I think about about the journey that I choose to take. CEH Course There is a lot talk about this course on social media. But for a beginner like me this […]