Daily Read #1

This post is going to kick off an extensive and constantly updated list of links to all kinds of resources that I check every single day. I'll post five resources per post, in no particular order, but I suggest checking every single one every day! HackRead DarkReading CyberCrime & Doing Time Security List Network … Continue reading Daily Read #1 →

Technique, Tool and Lecture #9

Technique: Basic one liner to clean masscan output cat masscan-output | cut -d ' ' -f4,6 This will return something like this Tool: Drozer - https://labs.f-secure.com/tools/drozer/ Awesome extensive attack framework for Android Apps (Must have) Lecture: Not super technical but very interesting Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev https://www.youtube.com/watch?v=6Chp12sEnWk&t=784s Check out … Continue reading Technique, Tool and Lecture #9 →

Who are you?!

Security Researcher Security Researcher... I have to say, since the rise of Bug Bounties, The self-proclaimed title of Security Researcher has gotten less and less popular Here is something I realized years ago... A little background, at this time, I had used some tools, I had used BackTrack and then Kali, I have monitored trends … Continue reading Who are you?! →

Technique, Tool and Lecture #8

Technique: One line dash loop for running CLI tools on Kali for IP in $(cat ~/Desktop/target); do nikto -host $IP >> ~/Desktop/nitko-output; done; Tool: Nikto Lecture: Drinking from the caffeine firehose we know as shodan https://www.youtube.com/watch?v=5cWck_xcH64 Check out all the entries of this series! Technique Tool and Lecture #14 Technique Tool and Lecture … Continue reading Technique, Tool and Lecture #8 →

Difference between Ethical Hacker, Boug Bounty(ier), Penetration Tester, Security Consultant and Security Researcher

Let me first say that most of these terms are used interchangeability by the majority of outlets (especially media) incorrectly Please note this is VERY incomplete and I will continue to update this as time goes by Types of "Hacker" -- Whitehat Grayhat Blackhat -- Ethical Hacker: Type: Whitehat or Grayhat Someone who actively monitors … Continue reading Difference between Ethical Hacker, Boug Bounty(ier), Penetration Tester, Security Consultant and Security Researcher →

So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #4

Always find way to train your mind to think like an attacker. Shortly after I got this job in retail (I think my first year was when I was 17) and had the training experience I mentioned in my last post, I started to find ways to work my brain to think like a hacker … Continue reading So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #4 →

So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #3

It's Story time 🙂 For a few summers before I got into the industry I worked at a retail store. On my first day they locked me in the managers office (who was away on vacation) to do some online training. One of the big trainings was about cyber security. This was the funniest thing … Continue reading So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #3 →

So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #2

Most important thing to ask yourself if you're thinking of pursuing any of these fields are Your desire to learn...Just kidding! This is a VERY common thing to hear or read in the industry... Doesn't matter how much you know walking in, just your desire to learn... This is false and bullshit. Why you ask? … Continue reading So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #2 →

Technique, Tool and Lecture #7

Technique: Google Dork for getting results consisting only of IP addresses. You have to include 2 octets but then can use * for the right. For example if I'm looking for data on 103.10.1.1/16 I can do site:103.10.* or site:103.10.*.* Remember * aren't wildcards but they are as close as you'll get. Also remember that … Continue reading Technique, Tool and Lecture #7 →

So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #1

This one is going to be quick, that is because I'm just linking my lecture where I go over where higher education and academia as a whole should move towards as well as provide a general overview of what it means to work professionally within offensive cyber security. Consider this my kick-off post for further … Continue reading So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #1 →