#100daysofhacking — Public Fediverse posts

#medium post available: https://blog.valters.eu/why-bsky-app-is-rising-while-x-com-is-declining-and-how-to-automate-bsky-posts-with-python-9f62408d9b27

#blog #seo #socialmediamanager #GoogleAds #Advertising #advertisement #YouTuber #100DaysOfCode #100DaysOfHacking #GitHub #pythonprogramming #pythonlearning #Python

Bypassing Okta SSO=> HTTPS/HTTP

Credit: https://t.co/I6SA3Jj94X

#cybersecurity #Pentesting #Hacking #bugbountytips #infosec #CTF #pwn #cybersecuritytips #redteam #coding #100DaysOfHacking #vulnerabilities #BugBounty #Computer #Software #100DaysOfCyberSecurity #okta #CyberSecurityAwareness

Android Deep Link Issues And WebView Exploitation

🔗 https://8ksec.io/android-deeplink-and-webview-exploitation-8ksec-blogs/?noamp=available

#cybersecurity #Pentesting #Hacking #bugbountytips #infosec #CTF #pwn #cybersecuritytips #redteam #coding #100DaysOfHacking #vulnerabilities #BugBounty #Android #Deeplink #100DaysOfCyberSecurity #CyberSecurityAwareness

Collection of some OSINT tools 🔎

🔗 https://github.com/asharbinkhalil/intellitoolz

#cybersecurity #Pentesting #Hacking #bugbountytips #infosec #pwn #CTF #cybersecuritytips #redteam #coding #100DaysOfHacking #vulnerabilities #BugBounty #OSINT #Software #100DaysOfCyberSecurity #hardware #CyberSecurityAwareness

25 Recon Tools for Hacking & BugBounty 🔎

#cybersecurity #Pentesting #Hacking #bugbountytips #infosec #CTF #pwn #cybersecuritytips #redteam #coding #100DaysOfHacking #vulnerabilities #BugBounty #recon #enumeration #100DaysOfCyberSecurity #CyberSecurityAwareness

25 Recon Tools for Hacking & BugBounty 🔎

#cybersecurity #Pentesting #Hacking #bugbountytips #infosec #CTF #pwn #cybersecuritytips #redteam #coding #100DaysOfHacking #vulnerabilities #BugBounty #recon #enumeration #100DaysOfCyberSecurity #CyberSecurityAwareness

Hardware Hacking to Bypass BIOS Passwords

Link: https://blog.cybercx.co.nz/bypassing-bios-password

#cybersecurity #Pentesting #Hacking #bugbountytips #infosec #CTF #pwn #cybersecuritytips #redteam #coding #100DaysOfHacking #vulnerabilities #BugBounty #Hardware #CyberSecurityAwareness

All about bug bounty 🔎

(bypasses, payloads, etc)

Link: https://github.com/daffainfo/AllAboutBugBounty

#cybersecurity #Pentesting #Hacking #bugbountytips #infosec #BugBounty #cybersecuritytips #redteam #coding #100DaysOfHacking #vulnerabilities #100DaysOfCyberSecurity #CTF #CyberSecurityAwareness #pwn

Account takeover via IDOR form JWT

Link: https://t.co/snsgTSfGHg

#cybersecurity #Pentesting #Hacking #bugbountytips #infosec #CTF #cybersecuritytips #redteam #coding #100DaysOfHacking #vulnerabilities #BugBounty #JWT #IDOR #pwn #100DaysOfCyberSecurity #CyberSecurityAwareness

#100DaysOfhacking I finally finished this bad boy! I remember I tried this course in 2021 & couldn’t get passed the first section bc I didn’t understand subnetting or how to set up a VM. I’ve learned quite a lot since then lol 😂. For the last 3 weeks I’ve been on this course and it’s really challenged me. I learned everything from buffer overflows to Active Directory attacks like LLMNR poisoning, golden ticket, pass the hash and kerberoasting to writing a proper pentest report #infosec

#100DaysOfHacking I updated the tool I wrote a while ago and added more features and made it pretty lol 😂 🦄. That goal I have of writing more open source security tools? Working on it everyday babyyyyyy

I’m also 90% done with the Practical Ethical Hacking course for the PNPT. I could cry lol I actually don’t want the learning to end.

#infosec #cybersecurity

#100DaysOfHacking Officially started the next round of my journey learning infosec & it’s my birthday month sooo lol I gotta start off big.

I started this morning with learning crackmapexec which took the first set of credentials I found after compromising a system on Active Directory & found other machines on the network where I can use those creds. It also dumped the SAM hashes!

Last night I used Bloodhound to perform enumeration of an AD domain, it was so cool lol #infosec #cybersecurity

Today I’m doing the post-compromise enumeration section of the Practical Ethical Hacking course. I’ve been spending a lot of time in Windows 10 and Active Directory for about a week now. Got to explore PowerView and now getting into Bloodhound! 🩸

I start round 2 of my #100DaysOfHacking challenge tomorrow! My birthday month 🎉 ♋️. I have those goals!! Lol lofty goals

Where I started from when I started the #100DaysOfHacking journey to where I am now? I guess I’ve learned a lot. When you’re learning a new skill it feels like you don’t know enough because you’re always focused on the next thing, but when you sit and reflect it’s like damn, I am further than where I started. And it only gets better

#100daysofhacking
My Quentin Tarantino-themed Active Directory lab was completed at around 1am :-D now I’ll learn how to attack it! First I’m learning about LLMNR poisoning then capturing NTLM hashes with Responder, I did this on HTB so it’ll be good to get more practice on these techniques #infosec

#100DaysOfHacking
I executed my first buffer overflow attack :-D the goal was to exploit a vulnerable Windows process in order to execute a reverse shell and gain root. And we did it! The practical ethical hacking course by TCM is truly great. I took screenshots and notes of every step I did so my future self won’t struggle lol

Now it’s on to learning how to attack Active Directory :-D YESSSS IVE BEEN WAITING FOR THIS. #infosec

#100DaysOfHacking :-) Day 90 (technically 🥲): We reached the capstone of the Practical Ethical Hacking course from TCM where I downloaded vulnerable machines & working on exploiting them myself. The first machine is running windows 7 & I used an eternal blue exploit against it both automated & manually.

I’ll work on the next machines

I like to watch his walkthroughs after I exploit or when I get stuck to learn from his techniques. It’s been a good weekend #infosec #cybersecurity

#100DaysOfHacking I'm going over the SSRF challenges again on Portswigger so I can screenshot for my next blog post on SSRF and I feel so much more confident going over them. It helps that I take notes for sure lol

#infosec #burpsuite #ssrf #cybersecurity #learning #study

#100DaysOfHacking

The past 2 days I was on Pentester Lab learning different recon techniques by solving challenges. I like how it’s not guided, you have to figure it out yourself.

The different ways I performed recon on my web app target including finding AWS S3 buckets, searching the GitHub repo to find sensitive data, performing virtual host, subdomain & directory enumeration, & wrote a Python script to find subdomains & take screenshots of each subdomain to find the secret key.

#infosec

#100DaysOfHacking

Today we got to write a JavaScript exploit that grabs the user token from a web page, allowing us to execute CSRF attacks. The anti-CSRF measures are making some of these attacks not possible but it provided me insight on how I can use my web dev background to craft exploits. It’s really cool!

#infosec

#100DaysOfHacking
I’ve been getting rejection emails for application security and pentester roles but honestly? I’m not tripping about it at the moment. I’m just focused on getting better and better. I’ve also been listening to my friend whose been on her job search too to learn from her experiences in appsec interviews to see where I need to brush up on!

#infosec

#100DaysOfHacking Day 19
I finally scheduled my exam date for the Security+, I’m going to throw up. But while I’m throwing up and having anxiety attacks, I’m going to get back to reading Network Basics for Hackers.

I love the author & his crusade to cultivate a new generation of white hat hackers, I’m down for the cause lol 🤜🏽

#infosec #hacking #linux #cybersecurity

#100DaysOfHacking Day 18:
I learned more about file upload vulnerabilities & was able to get a reverse shell by first detecting what file extensions were allowed by inspecting their client-side filtering function, changing the file extension of my reverse shell from php to png. Then I intercepted the upload with burp suite and changed back the MIME type to php and it successfully loaded.

From there I was able to set up a listener and get the shell! It was really fun #infosec

#100DaysOfHacking Day 16:
I actually don’t know if it’s day 16 but I’m going to just say it is lol at least I’m consistent. I went to the park to study for the Security+ and now I’m going to continue with the Practical Web App Security Testing course from TCM Security.

I’ve been doing so much TryHackMe but I want to focus on finishing this course and passing the exam fr

#infosec

Basic #Linux skills for coders: Learning about that ubiquitous series of distros from #picoCTF 2023 https://levelup.gitconnected.com/basic-linux-skills-for-coders-c34f4dba185d #infosec #Programming #CyberSecurity #Python #DevOps #sysadmin #hacking #ctf #cyber #100DaysOfHomeLab #100DaysOfHacking

#100DaysOfHacking
Finished the SSRF labs on Portswigger, that was intense lol 😂 no joke
#infosec

#100DaysOfHacking So far I’ve completed 4 SSRF labs on Portswigger & wow I’ve learned a lot! I find this vulnerability to be the most fascinating. I’m taking Rana Khalil’s Web Security course. What I do is do the labs on my own & then go back & see her technique & how she crafts her python exploits

What I’ve learned:
- There’s ways to bypass black list filters for local host such as double encoding the URL for /admin, using http://127.1 or the decimal version to reference local host
#infosec

#100DaysOfHacking Day 15:
Writing my first blog post in like a few years :3 I always loved creating content because I love sharing what I learn and encouraging others to do the same but I stopped for a few years because of mental health. But I’ve started believing in my own value and I’m ready to share more knowledge :-D
#infosec #kalilinux

#100DaysOfHacking
I completed the Metasploitable module on TryHackMe & fell in love with Metasploit in the process lol #infosec
https://tryhackme.com/thecyberbarbie/badges/metasploitable

#100DaysOfHacking
I competed the vulnerability research module on TryHackMe where you manually search or scan an application for vulnerabilities and find exploits to get an RCE. It was fire I’m ngl. Now I’m back to Metasploit 🙇🏽‍♀️ #infosec

#100DaysOfHacking Day 1️⃣1️⃣:
Writing a Bash script called ‘Auto-recon.sh’ that performs reconnaissance on a target and incorporates my fave tools like amass, nmap, subfinder, sublist3r, etc to find subdomains, open ports and services, and more. It creates a folder (for ex, “tinder.com_recon”) for the target and stores the results in separate files in it. I’m working on implementing 2 modes - stealth mode using passive recon tools & active mode.

#infosec #cybersecurity

Brim - I have just completed this room! Check it out: https://tryhackme.com/room/brim #tryhackme #Brim #Traffic Analysis #Log Analysis #Network Forensics #Threat Hunting #PCAP #brim via @RealTryHackMe

Day 79 of the #100DaysOfHacking challenge

Brim - I have just completed this room! Check it out: https://tryhackme.com/room/brim #tryhackme #Brim #Traffic Analysis #Log Analysis #Network Forensics #Threat Hunting #PCAP #brim via @RealTryHackMe

Day 79 of the #100DaysOfHacking challenge

Brim - I have just completed this room! Check it out: https://tryhackme.com/room/brim #tryhackme #Brim #Traffic Analysis #Log Analysis #Network Forensics #Threat Hunting #PCAP #brim via @RealTryHackMe

Day 79 of the #100DaysOfHacking challenge

Brim - I have just completed this room! Check it out: https://tryhackme.com/room/brim #tryhackme #Brim #Traffic Analysis #Log Analysis #Network Forensics #Threat Hunting #PCAP #brim via @RealTryHackMe

Day 79 of the #100DaysOfHacking challenge

For any of y'all who are interested, I published an #infosec writeup on TryHackMe's #AdventOfCyber2022 https://infosecwriteups.com/advent-of-cyber-4-writeup-a-case-study-in-digital-forensics-and-incident-response-4988aae9f48b specifically, I discuss their #DFIR challenges which include email analysis, physmem #forensics and more! #100DaysOfHacking #100DaysOfHomeLab #CyberAttack #tryhackme #cybersecurity #tryhackme #ctf #malware

For any of y'all who are interested, I published an #infosec writeup on TryHackMe's #AdventOfCyber2022 https://infosecwriteups.com/advent-of-cyber-4-writeup-a-case-study-in-digital-forensics-and-incident-response-4988aae9f48b specifically, I discuss their #DFIR challenges which include email analysis, physmem #forensics and more! #100DaysOfHacking #100DaysOfHomeLab #CyberAttack #tryhackme #cybersecurity #tryhackme #ctf #malware