Leaderboard

The CIA Document of Human Manipulation: Kubark Counterintelligence Interrogation Manual https://www.google.ro/url?sa=t&source=web&rct=j&url=http://documents.theblackvault.com/documents/cia/HumanResourceExploitationManual-CIA.pdf&ved=2ahUKEwjNpt2bj7_eAhVHPFAKHXKGB94QFjABegQICBAB&usg=AOvVaw0YlkzUrA4m5JApq7a2dmbR

OSCP Certification by ciaranmcnally Given I have been working in information security for the past few years, I became well aware of the different certifications available as a means of professional development. The certification that stood out as gaining the most respect from the security community seemed to be the “(OSCP) Offensive Security Certified Professional” certificate, I witnessed this time and time again in conversations online. The reason often given is that it is a tough 24 hour practical exam vs a multiple choice questionnaire like many other security certificates. The OSCP is also listed regularly as a desirable requirement for many different kinds of infosec engineering jobs. I recently received confirmation that I have successfully achieved this certification. To anyone interested in pursuing the OSCP, I would completely encourage it. There is no way you can come away from this experience without adding a few new tricks or tools to your security skills arsenal and aside from all of that, it’s also very fun. This certificate will demonstrate to clients or to any potential employer that you have a good wide understanding of penetration testing with a practical skill-set to back up the knowledge. I wanted to get this as I’ve had clients in the past not follow up on using my services due to me not having any official security certificates (especially CREST craving UK based customers). Hopefully this opens up some doors to new customers. Before undertaking this course I already had a lot of experience performing vulnerability assessments and penetrations tests, I also had a few CVEs under my belt and have been quite active in the wider information security community by creating tools, taking part in bug bounties and being a fan of responsible disclosure in general. I found the challenge presented by this exam to be quite humbling and very much a worthwhile engagement. I would describe the hacking with kali course materials and videos as very entry-level friendly which is perfect for someone with a keen interest looking to learn the basics of penetration testing. The most valuable part of the course for those already familiar with the basics is the interactive lab environment, this is an amazing experience and it’s hard not to get excited thinking about it. There were moments of frustration and teeth-grinding but it was a very enjoyable way to sharpen skills and try out new techniques or tools. I signed up for the course initially a full year ago while working full time on contracts and found it extremely difficult to find the time to work on the labs as I had multiple ongoing projects and was doing bug bounties quite actively too. I burnt out fairly quick and didn’t concentrate on it at all. I did one or two of the “known to be hard” machines in the labs fairly easily which convinced me I was ready and sat the exam having compromised less than 10 of the lab hosts. This was of course silly and I only managed 2 roots and one local access shell which wasn’t near enough points to pass and very much dulled my arrogance at the time. I didn’t submit an exam report and decided to focus on my contracts and dedicate my time to the labs properly at a later date. Fast forward over a year later to the start of this month (September) and I had 2 weeks free that I couldn’t get contract work for. So I purchased a lab extension with the full intention of dedicating my time completely to obtaining this certificate. In the two weeks I got around 20 or so lab machines and set the date for my first real exam attempt. This went well but I didn’t quite make it over the line. I rooted 3 machines and fell short of privilege escalating on a 4th windows host. I was so close and possibly could have passed if I did the lab report and exercises, however this time around I wasn’t upset by the failure and became more determined than ever to keep trying. I booked another 2 weeks in the labs, focused on machines with manual windows privilege escalation and booked my next exam sitting, successfully nailing it. As I had learned a lot of penetration testing skills doing bug bounties, I found that it was very easy to identify and gain remote access to the lab machines, I usually gained remote shell access within the first 20 or 30 minutes for the large majority of the attempted targets. I very quickly found out that my weakest area was local privilege escalation. During my contract engagements, it is a regular occurrence that my clients request I don’t elevate any further with a remote code execution issue on a live production environment. This activity is also greatly discouraged in bug bounties so I can very much see why I didn’t have much skill in this area. The OSCP lab environment taught me a large amount of techniques and different ways of accomplishing this. I feel I have massively skilled up with regard to privilege escalation on Linux or Windows hosts. I’m very happy to join the ranks of the (OSCP) Offensive Security Certified Professionals and would like to thank anyone who helped me on this journey by providing me with links to quality material produced by the finest of hackers. Keeping the hacker knowledge sharing mantra in mind, below is a categorized list of very useful resources I have used during my journey to achieving certification. I hope these help you to overcome many obstacles by trying harder! Mixed https://www.nop.cat/nmapscans/ https://github.com/1N3/PrivEsc https://github.com/xapax/oscp/blob/master/linux-template.md https://github.com/xapax/oscp/blob/master/windows-template.md https://github.com/slyth11907/Cheatsheets https://github.com/erik1o6/oscp/ https://backdoorshell.gitbooks.io/oscp-useful-links/content/ https://highon.coffee/blog/lord-of-the-root-walkthrough/ MsfVenom https://www.offensive-security.com/metasploit-unleashed/msfvenom/ https://netsec.ws/?p=331 Shell Escape Techniques https://netsec.ws/?p=337 https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells https://airnesstheman.blogspot.ca/2011/05/breaking-out-of-jail-restricted-shell.html https://speakerdeck.com/knaps/escape-from-shellcatraz-breaking-out-of-restricted-unix-shells Pivoting http://www.fuzzysecurity.com/tutorials/13.html http://exploit.co.il/networking/ssh-tunneling/ https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117 https://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/ https://www.offensive-security.com/metasploit-unleashed/portfwd/ Linux Privilege Escalation https://0x90909090.blogspot.ie/2015/07/no-one-expect-command-execution.html https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/\#gref https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ https://github.com/mzet-/linux-exploit-suggester https://github.com/SecWiki/linux-kernel-exploits https://highon.coffee/blog/linux-commands-cheat-sheet/ https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt https://github.com/lucyoa/kernel-exploits https://www.rebootuser.com/?p=1758 https://www.securitysift.com/download/linuxprivchecker.py https://www.youtube.com/watch?v=dk2wsyFiosg https://www.youtube.com/watch?v=2NMB-pfCHT8https://www.youtube.com/watch?v=1A7yJxh-fyc https://blog.cobaltstrike.com/2014/03/20/user-account-control-what-penetration-testers-should-know/ https://github.com/foxglovesec/RottenPotato https://github.com/GDSSecurity/Windows-Exploit-Suggester/blob/master/windows-exploit-suggester.py https://github.com/pentestmonkey/windows-privesc-check https://github.com/PowerShellMafia/PowerSploit https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/ATT%26CK-Stuff/Windows/Windows_Privilege_Escalation.md https://github.com/SecWiki/windows-kernel-exploits https://hackmag.com/security/elevating-privileges-to-administrative-and-further/ https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/ https://toshellandback.com/2015/11/24/ms-priv-esc/ https://www.gracefulsecurity.com/privesc-unquoted-service-path/ https://www.commonexploits.com/unquoted-service-paths/ https://www.exploit-db.com/dll-hijacking-vulnerable-applications/ https://www.youtube.com/watch?v=kMG8IsCohHA&feature=youtu.be Sursa: https://securit.ie/blog/?p=70

Se pot vedea imbunatatiri cu folia de aluminiu daca orientarea antenelor este corecta(atat pentru Rx cat si pentru Tx). Cu toate astea, randamentul este mai mic decat o antena construita cu caracteristici directionale. In plus, din cate stiu metoda cu folie de aluminiu nu este recomandata(probabil pentru ca nu este deloc eficienta) cand se foloseste tehnologia MIMO (adica cand sunt folosite mai multe antene pentru AP). Ideea foliei este de a creste castigul antenei, transformand o antena omnidirectionala in una usor directionala asemanatoare antenelor parabolice. In principiu, ai nevoie de un adaptor WiFi care are o antena cu un castig mare(antena directionala) pe care sa o orientezi catre sursa semnalului (catre AP/hotspot). Cele de la Alfa sunt bune in general. Daca sursa semnalului nu e foarte departe (daca deja prinzi o linie pe laptop inseamna ca nu este foarte departe) atunci o antena cu un castig de 7 dBi este suficienta. Daca vrei sa ai acces la distante si mai mari, exista antene yagi cu un castig in jur de 25dBi dar care sunt mult mai sensibile la orientare dar si mult mai scumpe(din cauza directivitatii crescute). Ideea cu castigul e simpla. Castigul arata cum este focalizata energia semnalului. 0dBi reprezinta o antena omnidirectionala pur teoretica care radiaza energia in mod egal in toate directiile posibile (daca vrei sa vizualizezi, in plan 2D este energia radiata in mod egal la 360 de grade). Cu cat castigul creste, cu atat energia este orientata mai mult in anumite directii si mai putin spre deloc in altele ( daca castigul tinde la infinit, forma ar arata ca o linie intr-o directie arbitrara). Doua antene cu acelasi castig pot fi diferite deoarece producatorul alege arbitrar directia in care focalizeaza energia semnalului. Pentru a vizualiza cum este distribuita energia antenei cauta diagrama directivitatii in fisele tehnice ale antenelor. Recomandarile lui fbob sunt bune(atentie, prima recomandare reprezinta un adaptor WiFi iar cealalta recomandare o antena care poate fi atasata adaptorului respectiv).

These flaws exist in the encryption mechanism of several types of solid state drives – listed below – of two major manufacturers, namely Samsung and Crucial. The vulnerabilities occur both in internal storage devices (in laptops, tablets and computers) and in external storage devices (connected via a USB cable). The storage devices affected include popular models that are currently widely available. [...] The models for which vulnerabilities have actually been demonstrated in practice are: Crucial (Micron) MX100, MX200 and MX300 internal hard disks; Samsung T3 and T5 USB external disks; Samsung 840 EVO and 850 EVO internal hard disks. https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/

Intrii in boot manager, in general e pe tasta F9, si dai acolo USB Stick. Nu din bios. Daca tot nu il vede, booteaza cu rufus si seteaza la Partition Scheme : MBR. Astfel, o sa ti se puna automat BIOS ( UEFI-CSM ). Si la File System : NTFS

SCLAVII FERICITI Lumea vazuta din Silicon Valley de OVIDIU HURDUZEU https://www.google.ro/url?sa=t&source=web&rct=j&url=http://www.desprevremuriledinurma.ro/wp-content/uploads/sclaviifericiti.pdf&ved=2ahUKEwjrjYTwzsLcAhXjI8AKHYlJBhsQFjAAegQIABAB&usg=AOvVaw0tavLf8DZgUIwtDsZJj_R3

O carte ce merită toți banii https://mihaiserban.net/

Daca nu iti permiti sa iti cumperi un dongle la care sa imbini o antena eficienta, continua cu folie de aluminiu sau cutii de bere. Dar nu ai sa poti niciodata demonstra ca functioneaza mai bine decat produsul oficial. Esti exact ca aia de pe forumurile cu masini. Nu au avut niciodata mai mult decat un clio la mana a doua, dar comenteaza de masinile noi "ca nu sunt bune, ca nu renteaza" si asa mai departe..

I'm tired of childhood comments ...!!! I closed this discussion ... !!!