/hmg/ Hackerman General

In /hmg/ we discuss pentesting, ctfs, exploits, and general being a hackerman.

Resources:
VM/CTFs:
overthewire.org/wargames/bandit/
>easy beginner bullshit
vulnhub.com/
>prebroken images to work on.
hackthebox.eu/
>super secret club
ctf.hacker101.com
>part of hackerone, a bug bounty program. Find flags, get private invitations to bug bounty programs

Tools:
kali.org/
>meme dragon distro but it just werks
metasploit.com/
>scriptkiddie starting point and swiss army knife

Tutorials/Guides:
abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
>From zero to OSCP-hero rough outline
youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
>IppSec, video guides for retired HTB VMs.

Certs:
eccouncil.org/programs/certified-ethical-hacker-ceh/
>CEH, only looks good a resume to non-technical in HR
offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
>OSCP, the big dick swinging exam, 24 hours to own 5 machines and a further 24 hours to write up a report detailing your methods.

Attached: hmg.jpg (250x250, 9K)

Other urls found in this thread:

owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
youtube.com/watch?v=frh-jYaUvrU
twitter.com/NSFWRedditVideo

>tfw no respect for the art of pure reverse engineering of algorithsm

is there where i join anonymoose? XD

no dude u need to go to dark web xD

Link to the lastthread in OPs please

Would you run kali under a windows host?

Attached: 1547493982277.png (1150x830, 137K)

Why should you?
Just install Kali on a USB drive.

You should stop using windows

Thanks for keeping the general up based user.
Working through these while taking CCNA, lots of new skills to learn

Onks näissä langoissa ikinä ketään Suomesta?

Lmao derbycon got cucked by the CoC

Checking that was fucking dumb, I guess that's what happens when the infosec community does not focus on infosec. Still I wonder why "boobies" was such a bad comment when you had "raging masturbation".

Anyone ever been to DefCon

Attached: chad_reviewbrah~2.png (562x800, 490K)

How do you fucks pop an empire agent nowadays? Been trying all stagers and windows defender catches them all. Even invoke-obfuscation doesn't seem to work.

Does anyone have any hot tips for hackerman literature?

Nah seems it's not as good as it used to be

what is your ultimate endgoal with learning to hack? I am thinking of putting more time into learning it, but I dont want to break the law and dont see myself going down the path of cybersecurity or whitehat stuff. Mostly just learning this stuff for fun.

Only for legal use

Any non larpers here that can tell me how to defeat html encoded brackets? Trying to get Xss to fire but I have to close out a paragraph element with a tag so I can put in a script, < > encoding is stopping me though.

Not sure, but my go to place when I'm not sure how to evade filters is OWASP: owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet

Just wrote a short paper on the heartbleed bug. How did OpenSSL programmers fuck up so bad? How many other zero days are there out there?

how to hack Jow Forums

Is instagram security completely safe? Is there any way you can hack an account? I've actually been trying to break this security for a while but haven't been able to get anywhere. I'm trying with my own account. Any ideas?

Can someone change the win10 printer spooler zero day payload to make the current user an admin or grant elevated privs?

>Is instagram security completely safe?
Nothing is completely safe, but usually the weakest link are humans.
If you have to ask, then you probably only have a chance via phising.

Don't die, got two invites waiting from H101 now. I already feel like a hacker.

bump

>what is your ultimate endgoal with learning to hack?

I'm just simply impressed by the amount of knowledge that you need to succes on this field, and I wish that I could be as good on a skill as a skilled hacker is. I'm also interested on military history, especially cold war era and for me computers and networks are the epitomes of that time.

hacking is easy

Attached: 1546571421522.gif (444x408, 368K)

youtube.com/watch?v=frh-jYaUvrU
yeah right

so I got a private invite to hackerone after getting the right amount of points in hacker101 CTF. Turns out this "private invite" is already active on hackerone for a year.....

anybody got some tips? it's getting more difficult to find vulnerabilities on hacker101

doesn't sound hard

Attached: cutie.png (225x225, 7K)

:(

I'm a full-stack web dev. I've been learning so I don't fuck up my reputation when an app I publish gets destroyed. Also, it really is fun.

I imagine there will be a devastating bug discovered within the next 1-2 years

Bump

I used to hack but then I lost all my friends and my heart