As Promised! I have decided to update my guide for preparing for OSCP. The guide is full of new updates and information to help you prepare for PEN-200/PWK 2.0.
If anyone wants to read it here it is:
As promised! My guide for Preparing for OSCP is now online! I have provided a variety of resources and information in this guide! I want to thank
@g0tmi1k
and
@offsectraining
for approving this guide. If anyone would like to read it here it is:
#oscp
It is time! I have made an update to my OSCP-Like VMs List. The biggest update for sure...30 new boxes have been added. I added 26
@VulnHub
boxes to the list.
To check out the full list of OSCP-Like VM's you can find it here:
I think I have finished putting all my tools and tricks I have into my pentesting template in Joplin.
These notes also include some tips that I have learned from OSCP and in actual assessments. Once I do a final review I plan to release the template in the next few weeks.
I have updated my list of OSCP-Like systems for
@hackthebox_eu
. Most of these boxes are retired but if you have VIP access, take some time to try them out! Also check out
@ippsec
channel for the OSCP playlist we created if you want to watch them there!
In the meantime for anyone that is on
@hackthebox_eu
I have created a list of OSCP-Like boxes you can try. Most of these are retired but if you have VIP access try them out! If you do not have VIP don't worry I recommend you check
@ippsec
channel as most of them are there. Enjoy!
Since Microsoft plans to disable macros by default, I have decided to release a proof of concept that I use on my engagements by leveraging the document properties built in Microsoft Office.
Here is the link to the article:
Today I have updated my list of VM's for preparing for PWK/OSCP. I have also included a new list of VM's from
@offsectraining
Proving Grounds Practice Environment!
Here is a link to the new list😁:
Over the weekend I have decided to update my list of VM's for preparing for PWK/OSCP. The list has been revamped to remove older boxes that were similar to the old PWK/OSCP. You will find a new section of current ones.
Here is a link to the new list:
It is done! This should have been released a long time ago but I am glad I took the time to finish it.
For those of you who are into
#osint
or for
#threatintel
I am releasing my OSINT Notebook to share with you all.
I spent a lot of time working on this but I think it is done for now.
Today I am releasing my pentesting template that I use in Joplin. It contains a lot of my notes that I used in the PWK and on current engagements. You can find it on my Github here:
I have made an update to my OSCP-Like vm list for
@hackthebox_eu
. Three new boxes have been added to the list. If you have VIP and are preparing for OSCP check out those boxes! If you don't check out
@ippsec
videos to watch them. They will be added to the OSCP playlist soon.
Last night I added new boxes to my VM list for preparing for the PWK/OSCP and for AWAE/OSWE.
40 new boxes have been added overall. I am working on making another list for another course. Can you guess which one it is?
Here is the link to the new list:
For those prepping for OSCP. I have added some more OSCP Like boxes to the
@VulnHub
list I have created.
The new boxes that have been added are:
Hackme 1
Escalate_Linux 1
DC 6
If you want to see the whole list you can find it here:
Someone took the time to convert all of the source code files for Black Hat Python to be used with Python 3. I have to admit it is done really well.
Here is a link to the project:
For anyone that is on
@hackthebox_eu
and for people prepping for OSCP I have updated my list for OSCP-Like boxes. Conceal and Irked have been added. These two have been added to
@ippsec
OSCP playlist as well.
Check the next tweet below for the list and playlist. Have fun 😁
After a few months of reviewing the latest PWK course, I have decided to refactor my list to create a new list of VM's for those who are preparing for the PWK/OSCP.
Here is the link to see the new list:
The moment for those who have been waiting for it. I have released my pentest template for Obsidian:
This template includes better structure, tags, and more techniques that I use on engagements, hackthebox, and in PEN-200.
As of today, I am no longer the community manager for
@offsectraining
. While I am doing my best to handle my emotions regarding the decision, I am very happy that I got to accomplish a dream of mine working alongside legends I looked up too for most of my life.
Yesterday at the meetup I also showed a new pentesting template I have been working on that includes my tools and tricks I have used for OSCP and in actual assessments.
This template is an update to what
@411Hall
created in cherry tree but instead the tool I used is Joplin.
In order to become a pentester/hacker you don't need to be bright. You don't even need great technical knowledge. You just need dedication, and believe in yourself!
If you haven't heard the news, I have decided to create a list of vulnerable boxes I have gone through that have helped me prepare for AWAE/OSWE so far 😁. I will continue to update this as I finish the course.
You can find the list here:
After months of review and adding a lot of notes/resources it is time to share my home lab guide with you all 😁!
I want to give a shout out to TunnyTraffic
@netsecfocus
for taking the time to review it and giving me feedback.
Here is the link:
For those of you prepping for OSCP I have updated my list of
@vulnhub
boxes that are OSCP Like. These are good prep boxes to do. The updated list includes
@Pink_P4nther
v1-v4 boxes. Enjoy :)
You literally copied all of these techniques from the orginal cheatsheet:
Next time include a reference and provide credit to the actual authors instead of stating its your own cheatsheet...
Alright its time I share my announcement with you all!
After a few months of talking and thinking I have been offered a position to work for
@offsectraining
as there Community Manager.
Today I just started my first day! 😁
This past weekend I made big step in my life and signed a contract to buy a house.
I would have never expected myself at 24 to do this...but I am ready and cannot wait to make this place mine. 😁
Well today I signed the papers and now I officially own a home!
Although I am excited and nervous to be on my own for the first time...this is a start of a new chapter in my life and I am eager to get started 😁
A lot of hard work has finally paid off!
Since it is a new year I added some more boxes to my list of VM's for preparing for PWK/OSCP and for AWAE/OSWE.
I also added some more AD boxes that you will find in PG Practice from
@offsectraining
. 😁
Here is a link to the current list:
Final draft of the infosec homelab guide is done! Now having a few people peer review it before it gets released.
Still need to figure out where it will be posted.
A new version of my pentest template will be released later this fall.
New tips, techniques, and resources are being added. Most importantly I am moving my notes away from Joplin to Obsidian. Here is a sneak peek of what the new template will look like:
My work for testing Powershell on Kali Linux is complete! You can install Powershell and Powershell-Preview by doing "apt install powershell"
Thanks to the
@kalilinux
team for making this possible and I am glad I was able to work with them on this project😀.
#PowerShell
#posh
Recently, I found an old python script created that runs a SimpleHTTPServer and it includes an option where you can upload files to it.
So I made modifications to it to make sure it worked in Python 3. Here is the script if you want to check it out:
I really do love the new look they have done too
@kalilinux
and they have replaced the default Desktop Environment from GNOME to XFCE!
Can't wait to play with this more!
Just went through my guide for preparing for the PWK/OSCP and removed some dead links.
I do plan to update my guide to align with the course. It is going to take some time. Will keep you posted when I have made the updates. 😁
Powershell 7 was just released yesterday and I can confirm that it is working on
@kalilinux
fine. I cannot wait to test out the new features that they have added.
Congrats to the PowerShell team on this release!
#pwsh
#PowerShell7
Just in time before some of you are heading to
@defcon
or
@BlackHatEvents
, I have updated my list of VM's for preparing for PWK/OSCP. New boxes in all 3 tabs.
Here is the link to the list if you do not have it:
Got something to share with you all about the home lab guide...Keep an eye out this week!
In the mean time here is a sneak about what the guide will be going over.
Last night I finished updating my Joplin Pentest Template and I added some more tools, tips, and resources into it.
You can find the changes I made in the first page of the notebook. Here is the link if you want to grab the new version (2.0):
2021 New Years Resolution:
1. Update the PWK/OSCP Guide
2. Finish PEN-300
3. Release my Cloud Pentesting and OSINT Templates for Joplin
4. Help support other community projects out there!
For those of you that use other note taking tools like Obsidian, Notion, etc, you can now pull the raw markdown versions of my Joplin Pentest Template and add them into your notes:
The latest notes will be in 3.0
After speaking at
@BsidesBuffalo
, I am releasing my privilege escalation script: Cadiclus
A simple PowerShell script that you can use to enumerate Linux systems that are using PowerShell for Linux.
Here is the link:
Got an awesome care package from
@offsectraining
! These are legendary and rare to find nowadays.
I will be giving some of these items away at future conferences if you can find me 😁
The NetSecFocus Trophy Room continues to grow! I have added a new section of boxes for those who are looking to prepare for the PEN-300/OSEP.
Here is the link to latest update:
Wanna install Windows 11 but your unable too because you need to enable TPM 2.0.
I will share a cool change I found to have the installer bypass checking for TPM so you can install Windows 11.
I am extremely honored that I have been nominated for the
@defcon
awards for the following categories:
1. Acid Burn Award
2. Hacker of the Year Award
You have till December 31rst Las Vegas time to vote if you can. Here is where you can vote:
I have made some updates to my Joplin Pentest Template. This may be my last release...
I had a lot of fun putting this together for the community and I hope it helped you in your infosec journey.
Here is the link if you want to obtain the 4.0 template:
Version 3.0 of my Joplin Pentest Template has been released! It took me some time to refactor the structure but it also packed with some tools, tricks, and resources.
Here is the link:
Ever wanted to spin up a GOAD environment in VMware ESXi?
Well I decided to dig into it and I wrote a step-by-step guide to help anyone that wants to deploy it.
Well I am very shocked to be waking up to over 5k followers today! I really want to thank you for following me. I hope the resources and material I share has helped you on your journey to get into infosec or OSCP.
Expect to see more guides and blog pieces in the near future 😁.
In the end hard work pays off. It feels good to finally win first place in the
@TraceLabs
OSINT CTF!
I always have a blast competing with my team
@AletheDenis
@C_3PJoe
@Ginsberg5150
. We finally did it!
As always thank you
@AK47Intel
and your team for running this CTF!
After some recent feedback I decided to add some more machines to my list to help those prepare for the PWK/OSCP!
Biggest Update:
10 new machines in PG Practice!
Here is the link if you want to check out the new updates:
When I was a senior in high school I wanted to get my OSCP. On my first attempt I can now say that I tried harder. I passed :D
Thank you
@offsectraining
for the fun labs and making me work harder every day. I also want to thank the infosec community for supporting me!
#tryharder
In case anyone is looking to build a homelab, I just updated my guide and added some new resources to it.
Will be making some more changes and adding more resources I find in the future.
In case you want to step back in time this holiday season, the
@kalilinux
team is hosting all of the old versions of back | track. You can find them here:
Going to
@shmoocon
? I will be there and if you find me I got some new printed
@kalilinux
stickers to give out!
I only have a few of these printed so first come first serve if you want it. Bringing back the classic red that use to be in Backtrack 😄
Finally working on my next content piece. Building your own homelab will be coming out soon.
Also planning to write a guide to build your own cloud homelab as well for those who do not have the ability to build there own homelab.
Got some free time this week. Going to be updating my OSCP guide, hackthebox/vulnhub list, and installing powershell for Kali Linux.
Will tweet the updates as soon I finish them this week 😊
For those you that want some
@offsectraining
and
@kalilinux
swag. Come find me tomorrow at
@defcon
. I have ton of stickers on me 😁 and some other goodies!!!
For those of you who have been waiting for my OSCP guide. I finally got the last confirmation for feedback from a friend. Expect to see something posted and shared later this week! Still need to learn how to properly use markdowns and github lol. 😁
Made some more updates to my list of VM's for those who are preparing for the PWK/OSCP. The new list includes an active directory section for those that want to go through certain AD boxes to prepare for the course.
Here is the link:
For those of you preparing for the PWK or about to take the OSCP, I highly encourage you to read Ian's thread.
Lots of good advice and really understandable as you prepare for your journey!
Since it appears to be OSCP season again, some unsolicited advice on the OSCP exam from someone who failed multiple times before passing: a thread!
I promise I'm not going to tell you to try harder.
Last night I was going through Sau on
@hackthebox_eu
and I was trying out some new tools.
Villian is a very cool tool to manage multiple TCP socket & HoaxShell-based reverse shells. I would totally include this tool in your arsenal if you have not:
I am going to need a whole pot of coffee for today as I have finished updating 10 sections to my original PWK-OSCP Guide last night. However, I still have a 10 more sections I need to write and update.
Keep an eye out for a new update soon!
This was my first time speaking at a conference! Thank you
@BsidesDC
for having me speak!!
Most importantly thank you for those who attended my talk and watched the live stream! I really do appreciate your support. I hope you were able to learn something as well 😁
Lots of refactoring and new resources added into my Joplin pentesting template. Will be releasing either later today or tomorrow.
Keep an eye out. In the mean time here is what new structure will look like:
#Pentesting
#defcon31
The main reason why ChatGPT has been banned from being utilized in the OSCP Exam is that it is considered as receiving third party help/assistance to identify potential steps/vulnerabilities.
The OSCP Guide is almost complete! Waiting for one final person to review it and once it is done I will post it online for you all to review. I am sorry it is taking so long but it will be out soon. I cannot wait for you all to see it!
#OSCP
Checking the recent changes regarding the OSCP here is the breakdown:
- Offsec has introduced OSCP+ a subset to the OSCP
- Those that have OSCP will never expire
- After November 1rst you earn OSCP+ and OSCP
- After three years if you do not renew your OSCP+, you still have OSCP
I have to admit
@hackthebox_eu
, Rastalabs was a very fun lab to go through for fun. Thanks
@_RastaMouse
for putting it together in the beginning.
I really wish I completed it sooner. Now to figure out what pro lab I should try next?
10 pages into writing this home lab guide. I am hoping to finish it soon.
There is a lot of stuff packed into it...now the question is where to put it?
I really want to thank a lot of you in the infosec community for reaching out to me about the OSCP Guide I released.
You have given me a lot feedback and suggestions that I have included. If anyone has anything they want to share let me know! I am always here to help 😁
11 pages into this OSCP guide and still have 5 sections to cover. This will be very long but detailed guide for sure. Still planning to release it this week if not next week!
#OSCP
@Djax_Alpha
@rana__khalil
Lets make this a challenge then! I give you 5 boxes to start with. To make it more fair do not use any write ups at all unless you feel like you are out of ideas or options. Have fun 😁
1. Stapler
2. DC 6
3. Pinkys Palace v1
4.Symfonos 1
5. Troll 1
If you want to play with Sliver C2, it is actually in the
@kalilinux
repository! All you need to do is run the following commands:
sudo apt install sliver
Once it has installed you can run the sliver-server to run it!
Credit to
@ssh4un
for the image!
My first time competing in Hacker Trivia and my team got first place at
@shmoocon
.
I did not think we would win as we started it in last place. I had an absolute blast! 😁
Just finished building a CTF for a bunch of middle school students. The challenges are based off of the movie wargames.
I am going to be super happy if some of those students have seen that movie and get the reference of them. 😁
@ZephrFish
If you do not know something say "No". It is okay to be honest when you do not know how something works or what it is.
If you say "Yes" to everything then people will start to rely on you more for things you have no context too.
Being honest with people and ask questions.
So you want to learn how to create your own obfuscation techniques for your payloads in PowerShell?
Check out this content piece post from our community moderator Tristram:
I am glad I was able to work with him on this project.
#pwsh
#PowerShell