Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Wildcards are a way to use 1 or more characters to grab 0 or more characters. This sounds complicated but it is essentially a really powerful autocomplete feature.

Here are the possible wildcards:

• *: Matchs any number of characters, following the previous pattern entered.
• ?: Matches any single character.
• [ ]: Matches from a set of characters.
• -: Used within the brackets to denote a change of characters.
• ~: Expands to the name of your home directory. If you append another user's login name to the character, it refers to that user's home directory.

The asterisk, being a wildcard character, had some weird affects. For instance, when having a file, with the name '-rf', being include in a rm * command, it would append the flag -rf. This would then delete all of the directories within the location.

Essentially, unix will view file names as flag for commands. This happens with chown and chmod in this example.

Two other examples gave arbitrary command execution: parameter to tar (as a file) and rsync (as a file)

Not discussed in this article, but just using wildcards in general can be dangerous in scripts. You never know what you are getting yourself into!

The title is slightly deceiving...This article goes through multiple ways that people track us and the individual stories of a person who helped people disappear.

People constantly ask "How do I get a job?". Honestly, employers are looking for people to stand out! Doing crazy stuff like this is a great way to get a job :)

Essentially, this guy got an ad to be extremely targeted... To the point where the ad would practically only go to the CEO of reddit. After that, the CEO contacted HR to give this guy a call!

Part of security is being smart to start with, not fixing things afterwards.

This article has a really good description on the Secure Development Lifecyle (SDL) from the perspective of Slack. There have been very few security issues with slack; I believe their obsession with security from the beginning is why.

This article gives a good list of things to go through and articles to read to become a pentester. However, he makes a great point in this article Nothing is out of scope, with cybersecurity. Without web application, web security would not exist... Understanding technology in general is crucial.

His resource reccomendations:

• LiveOverflow: A fantastic Youtube channel that I always keep tabs on. From web security to binary exploitation, this is an amazing resource.
• Inside the Machine: Diving into how a computer works is crucial for pwning. Although this book is not security focused, the low level stuff is important.
• The Hacker Playbook: A book on red-teaming. According to the author of the article, this does a great job at making the content easy to digest.
• Serious Cryptography: Dives into the basics of cryptography how to use it properly. I grew up on a different book but this looks like a wonderful book!
• CCNA: Udemy courses on TCP/IP network stack.
• Automating the Boring Stuff with Python: Python is what I use in my day to day; this guy also makes the claim. This book does a good dive into Python and automation.
• PluralSight: A diverse set of random technical content.

I watch LiveOverflow all the time. Besides that, these other resources have not been on my radar much.

This takes a deep dive into what DNS is and different attacks against it. This is quite the intense explanation of DNS.

Multiple attacks exist: Cache poisoning, DNS Amplification and Reflection Attacks, Abusing the TTL (time to live) and DNS rebinding that are very common. This article explains many attacks, with many great mitigation's for these attacks.

Defenses:

• Randomization for DNS Transaction Identifier: Attackers need to be able to predict this identifier for several different attacks. Randomizes the value makes it very difficult to attack.
• IP Source Guard: Helps stop spoofed IP traffic.
• Access Control Lists: A list for where people using the DNS service can visit.
• Do not use open resolving.

The above tutorials are about three things: introduction to different operating systems, introduction to networking and system administration (web scraping, bash and powershell).

SANS offers great courses! However, they are CRAZY expensive. So, having free courses from them is awesome.

Where to attack first? That is what this article tries to discuss.

Although this is more of a prep for the OSCP, I thought this data was very interesting.

My main takeaway: map out the attack surface. Nmap, all web apps... How could you get in?

Microsoft Outlook renders remotely-hosted OLE content when an RTF (Rich Text Format) email message is previewed and automatically initiates SMB connections.

The authentication request to SMB is made, which then leaks the username and password hash.

What do you test while looking for vulns? You could look at the common thing. However, the common thing has likely been tested on multiple occasions. Look for the items that are less used, as they have not been tested as much.

Character sets are really interesting! In this situation, it is taking advantage of characters that have zero width (aka, they are not seeable characters!).

With these two zero-width characters, it was really easy to make a binary system: one of the characters was a '1' while the other was a '0'.

He added these zero-width characters to create a character encoding. These characters were added to the text of a message board, with their username.

Based upon this, the author was able to find the snitch, leaving the data, on the message board.

Again, character encodings are quite interesting :) What we see, may not be what the computer sees.