Technique: One line dash loop for running CLI tools on Kali for IP in $(cat ~/Desktop/target); do nikto -host $IP >> ~/Desktop/nitko-output; done; Tool: Nikto Lecture: Drinking from the caffeine firehose we know as shodan https://www.youtube.com/watch?v=5cWck_xcH64 Check out all the entries of this series! Technique Tool and Lecture #14 Technique Tool and Lecture … Continue reading Technique, Tool and Lecture #8
Category: Google Dorks
Difference between Ethical Hacker, Boug Bounty(ier), Penetration Tester, Security Consultant and Security Researcher
Let me first say that most of these terms are used interchangeability by the majority of outlets (especially media) incorrectly Please note this is VERY incomplete and I will continue to update this as time goes by Types of "Hacker" -- Whitehat Grayhat Blackhat -- Ethical Hacker: Type: Whitehat or Grayhat Someone who actively monitors … Continue reading Difference between Ethical Hacker, Boug Bounty(ier), Penetration Tester, Security Consultant and Security Researcher
So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #4
Always find way to train your mind to think like an attacker. Shortly after I got this job in retail (I think my first year was when I was 17) and had the training experience I mentioned in my last post, I started to find ways to work my brain to think like a hacker … Continue reading So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #4
So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #3
It's Story time 🙂 For a few summers before I got into the industry I worked at a retail store. On my first day they locked me in the managers office (who was away on vacation) to do some online training. One of the big trainings was about cyber security. This was the funniest thing … Continue reading So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #3
So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #2
Most important thing to ask yourself if you're thinking of pursuing any of these fields are Your desire to learn...Just kidding! This is a VERY common thing to hear or read in the industry... Doesn't matter how much you know walking in, just your desire to learn... This is false and bullshit. Why you ask? … Continue reading So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #2
Technique, Tool and Lecture #7
Technique: Google Dork for getting results consisting only of IP addresses. You have to include 2 octets but then can use * for the right. For example if I'm looking for data on 103.10.1.1/16 I can do site:103.10.* or site:103.10.*.* Remember * aren't wildcards but they are as close as you'll get. Also remember that … Continue reading Technique, Tool and Lecture #7
So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #1
This one is going to be quick, that is because I'm just linking my lecture where I go over where higher education and academia as a whole should move towards as well as provide a general overview of what it means to work professionally within offensive cyber security. Consider this my kick-off post for further … Continue reading So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #1
Top 8 Podcasts For Hacking, Privacy, Cyber Security and Penetration Testing
Walk around a lot or drive a lot? Don't let that stop you from continuing your learning. Here is my list of my personal favorite podcasts that have some relevance to my role as a security consultant/penetration tester or peaks my fancy as a privacy and cyber security enthusiast. The Privacy, Security, & OSINT Show … Continue reading Top 8 Podcasts For Hacking, Privacy, Cyber Security and Penetration Testing
Technique, Tool and Lecture #6
Hi Guys, Time some more hacker's TLC. Or Tips and tricks for penetration testers! Anyway, here we go! Technique: 2 Incapsula WAF XSS Bypasses I haven't had a chance to use these yet but I do encounter Incapsula once in a while so I'll keep then in my bag <iframe/onload='this["src"]="javas	cript:al"+"ert``"';> <img/src=q onerror='new Function`al\ert\`1\``'> Source Tool: … Continue reading Technique, Tool and Lecture #6
Government Run People Search Tools
People search engines are all the rage at this moment in history. New ones appear online and go offline just as fast. These are the sites like thatsthem.com where you put in a first and last name and you get a list of addresses and other information. What if I told you that there are people search engines to find out where someone lives or who lives at what address completely free and ran by the government? Would you believe me?