Full disclosure: This is my notes from watching Plantplants, a student mentor at OffSec, on a Twitch live stream. The video will be reposted to OffSec’s youtube soon. Setup After launching the targe machine on the OffSec portal, set a local zsh environment variable to the target IP export IP=10.0.0.2 The variable can then be used in future commands. Recon Plantplants mentioned he liked to do manual enumeration while the all port scan ran in the background.

This website started out as a college project in 2015 to learn about content creation, SEO, and websites. The domain has changed a few times and so has the layout, but the core purpose has always been the same. It is important to be able to articulate, summarize, and present while learning a new topic. Blogging has allowed me to share about my professional development and community involvement. As a decade approaches, my focus is shifting to include guest authors, cross posts, and more in order to bring in those with a similar passion.

Bsides Harrisburg was on March 11, 2023. This was the first conference for two attendees and below are their own stories. I hope this inspires you to check out a local conference or consider traveling for a Bsides event. Ron I am a Cloud Network Engineer, and part of my responsibility is to ensure the cloud environment I help manage is secure and follows recent cloud security best practices. Before working in the cloud, I was a route/switch guy.

Bsides Harrisburg was on March 11, 2023. Our first post-covid Bsides conference in central Pennsylvania under new organizers. A small team of local security professionals gathered together to collect funding, invite speakers, and attract attendees. I was privileged to be one of the organizers and act as a treasurer, ensuring that we had the required funding to cover what we wanted to include. Here is my summary of planning the event and how I thought the event went.

When I first joined the infosec community back in 2015, I was able to attend some local meetups but one of my highlights for the year was volunteering at GrrCON. GrrCON is a conference in Grand Rapids, MI where the local airport abbreviation is GRR. This conference, it’s staff, speakers, and environment shaped me to be the hacker I am today. In October, I returned for another chance to help out and give back to the community that has given me so much.

DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.

DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist. Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.

S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.

Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted. On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.

Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.

Remote was a fun windows box to hack. This is my second active target on HTB. My first was Traceback. Check that out for a similar web based exercise on Linux. Remote starts with a web vulnerability but requires finding credentials in a public share. DLL Hijacking is required to get a system shell. Lessons learned: Mounting a public windows share Exploit modifications – changing python code for a web exploit DLL Hijacking for privilege escalation Information gathering An initial nmap scan reveals some listening services.

Thanks to a zoom call with members of PA Hackers. I fully exploited my first active HTB machine where I got points for my effort. To celebrate getting root, here’s my write-up. I learned quite a lot with this machine. It introduced me to new PHP web shells and message of the day (motd) privilege escalation. Lessons Learned Open Source INTelligence (OSINT) refresher with Google and Github PHP web shell alternatives to php-reverse-shell.

In this hour long podcast episode, I reviewed a lot of what I have done and what my current projects are. For this year, my goals are to get the OSCP and find a position at Offensive Security that is in the information security realm instead of development. Apart from studying, I’m also trying to help the Kali team with getting official cloud versions available on AWS and Azure with each new Kali release.

On Wednesday April 10th, Misec Lasning held a panel to discuss getting into infosec. Four members of the infosec community shared their stories and advice. I was honored to be on the panel with three others; Kyle Andrus, Melissa Terwilliger, and Brian Martinez. Check out the recorded presentation below to see everyone’s answers! Transitioning from other disciplines to infosec, how should it be done? There is no wrong way to get into infosec.

This year was my fourth attempt at the RuCTFe competition. I was leading the #misec team this year along with some smart and talented people. For those who are unaware. The RuCTFe is a Russian capture the flag event, held online and open to everyone around the world. This year’s event was in November and it was my first time leading the team. The CTF is an active “red vs blue” game, where each team is given a server of vulnerable applications.

Converge 2018 and Bsides Detroit was May 10-12. 3 days of infosec talks, workshops and challenges. I volunteered this year and had an amazing time (as I usually do at conferences). In case you missed out on the fun or are looking to catch up, check out Irongeek’s website for the recorded talks. Converge is a smaller conference if you’re used to hearing about Conferences like Shmoocon, DerbyCon, and Defcon. However we still manage to fill three days with awesome content.

A lot of people ask “How do I get into infosec?” but that is a tough question to answer. There is not one path to follow and there is not one destination either. However if you ask anyone who’s already in the position you’re searching for. A common theme arises, that is years of experience or thousands of dollars for training. Until you’re able to join a company to pay for that training.

GrrCON 2017, the seventh year and my third time attending. I volunteered again this year because it is a lot more involved than being a regular attendee. I’ve been to other conferences where volunteering burns you out. GrrCON is the only con where I could be in the middle of one job and ask “What more can I do to help?”. The 2017 Difference GrrCON hasn’t changed much since I have started coming to it.

May 11-12th was the Converge conference. If you’re in Michigan and are curious about information security, then I suggest you look at attending next year. For those that missed this year, Irongeek recorded all the talks and posted them online for you! Watch some of the talks and then put an alert on your phone to buy tickets for next year. Converge is a great conference. I’ll admit I’m partial because it’s in my backyard.

At the #misec meeting I attended in mid April there was a panel on building a infosec community… so I’m borrowing their title for a post and giving my two cents in order to spread the topic! I won’t give a huge synopsis of who said what like I did in my last post about a #misec panel. Instead, please watch #misec’s video on youtube if you’re interested in what was shared.

Shmoocon is a hacker conference in Washington DC. I’ve been interested in going since 2015 but this is the first year I’ve been able to make it out. The conference was really hard to get into. Not because it’s expensive or that it’s hard to get to DC, but because the process to get my ticket was a unique challenge in itself. It required me to rely on good friends, new skills, and a whole lot of luck.

Some time last year, I wrote a post about setting up an IRC client on my VM. The idea was that since it’s always online, I’d always have the chat history for the #misec IRC channel. That way I’d never miss a mention or interesting conversation. Since then, a lot has changed and I don’t connect to that machine as much as I used to. I had to restart it a few times so the “always online” theory quickly fizzled out as well.

October 6th & 7th was GrrCON. For those that don’t know, it is a security conference in Grand Rapids, Michigan. 2015 was the first year I started going to conferences and GrrCON was my first. That year I volunteered because it’s really hard for poor students to pay their way for the fun stuff. This year, I have a job that actually pays for me to go and learn about security.

April 26th was when I booked my flights to and from Las Vegas for hacker summer camp. I had no idea what was in store for me. The plan was to attend some conferences with Amanda Berlin, who had offered to to let me stay with her. Originally I did not plan to go at all. Although after discussing with her, I really only had one option left. I was walking into one of the best hacker experiences I’ve had to date.

Hey guys, I know it’s been a while since I posted. Thank you for coming back to read more. I hope you find these interesting. This post is a follow up of my SecOps experience at Circle City Con. I learned a lot and am looking forward to doing it again. The Conference Circle City Con is a annual security conference in Indianapolis. This year’s theme was Game of Pwns. The theme added a fun aspect to the usual conference atmosphere.

On Saturday, May 21st. The first career panel in #Misec history was held. Put on by the brave @chaoticflaws, @vajkat, and @ZenM0de, it was highly successful. The panel included @jwgoerlich, @jeremynielson, @jim_beechy, @D0Xt0rZ3r0, and a infosec recruiter from @TEKsystems (Sorry, I didn’t get his contact info). It was five glorious hours of Q/A related to getting a head start in infosec and what really matters in the field. Here’s a recap of what was discussed from the panel.

Hello everyone, thanks for looking at my last post about OverTheWire: Bandit. Since my traffic is about x10 my average consistently for the last four days, I wanted to write a follow up post about the next wargame offered by OverTheWire, Leviathan. All over the exercises, they say to not post walkthroughs or writeups, so I won’t. I will do my best to promote the project without giving away the important stuff.

Hey everyone, this post about Bandit is NOT a walkthrough of the greatest (only) “learn bash hacking” programs I’ve completed. This is NOT going to give you an advantage if you’re looking for cheat codes. This post will hopefully make you click on OverTheWire and want to try it out for yourself. Why you should try Bandit Do you work with Linux, bash shells, scripts, or ever have to deal with the command line?

When a lot of people hear about hacking, they imagine a guy in a hoodie at a computer late at night. That’s not always the case, social engineering is a big part of the picture. This last weekend I went to Bsides Indy, and the keynote was about communicating with management about security. He gave a few examples about breaking into some of the most secure places… because of human error.

Hi everyone, last night I gave a lightning talk at Misec Jackson. It was a quick 15 minute summary of my last blog post on TLS. I summed everything up into 12 slides and threw in some last minute images to make it look better than just bullet points on bullet points. Other lightning talks from the night I wasn’t the only talk that night, there was a talk on IPv6 that was pretty insightful.

Tuesday December 8th was the last meeting of the semester for Spartan Hackers and I gave the presentation. A group of students at Michigan State University who go to hackathons and want to learn more about computer science. Each week we have workshops to introduce new things to our members, topics vary from “Intro to HTML” to “Web Scraping”. The original idea was to have a security company come in and talk with us, but that fell through at the last minute.

** Disclaimer: While this post is about security; it’s also doubling as my homework for MI 201 at Michigan State University ** Creative Breakthroughs, Inc. or CBI is a IT risk management company that was founded in 1991. Their motto is to keep data “secure, compliant and available”. They work with other companies to train them, review their security policies, and more. CBI has their own website with a blog and CBI is also on Facebook, Twitter, and LinkedIn.

I know there is a lot of different people reading this post; mentors, coworkers, students, friends and family. So I’ll be as thorough as possible to cover all the bases. Mainly because I’m very excited about all of this and I want to write down all of the details before it gets too late. (Feel free to skip a paragraph if it gets too boring) what’s ruCTFe? First off, it is capture the flag!

If you’re interested in hacking, information security or even the word cyber. Then you probably are scanning the the internet for things to learn. I want to get as much information as possible, and cons are a great way to listen to some awesome presenters. But how am I going to listen to every talk when there’s three going on at the same time? And on top of that, isn’t cons about networking and connecting with others as well?

Who’s been to a Security Conference before? I’m finally able to include myself in that group and I’m really exited about that. A conference is all about meeting others in infosec, learning a lot from talks and workshops, trying your hand at capture the flags (CTFs) or lock picking, networking and most importantly having a great time. Not only did I get to go to my first con, I got to volunteer at GrrCON!

Yesterday, I was at Arbsec’s a2y.asm “(as in Ann Arbor / Ypsilanti assembly) [which] is a mini-conference aimed at showcasing presentations on hacking and computer security-related topics by practitioners, researchers, etc. in/around the greater Ann Arbor area.” It’s a small, local, group of Michigan infosec people and it was a lot of fun. The venue was Bona Sera, a nice bar with a basement level big enough for all of our activities.

I’ve posted before about chatting on #misec IRC and how it’s a great group of people. Well now it’s also the place where I’ve found my first infosec mentor! Jimmy Vo is a security researcher at rapid7 and is teaching me the basics of information security. We are meeting online at least every other week and talking about a large range of things from current security events, best practices, and tool walk throughs (like metasploit), as well as career prep and how to survive in this industry.

First meeting at #MiSec and I missed it! Right as I was about to leave, there was a knock at my door. Impromptu Comcast employees trying to save us a couple hundred dollars. Of course by the time they were done installing free cable, it was already 7:05 and it would take 30 minutes to drive to the meeting… So I watched the live stream on youtube and wrote comments on IRC.

A couple weeks ago I was volunteering at Spartahack, a awesome new hackathon hosted at MSU. One of the guest celebrity judges was Jay Freeman a.k.a. Saurik. If you have ever jailbroken your apple device, you should be thanking Jay because he’s the creator of the jailbroke app store called Cydia. He had a talk at the hackathon where he explained approximately 10 bugs used in apple and andriod phones in the last decade that was found by reverse engineering code.

When people say “I want to be a Hacker” a lot of people don’t know where to start. Google is a good option but there’s a lot of dead ends, if you try to find “How to hack my friend’s Facebook account” you’re more likely to find a way to get a virus then to actually find a way to get into Facebook. Step 1 to becoming a Hacker: Find communities both online and local.

Who’s excited for the next Chris Hemsworth movie coming out Friday January 16th?!? He’s trading in his hammer for a laptop in this up and coming action packed thriller. Now, granted, anyone who calls themselves a hacker would cringe to call Hemsworth a “black hat hacker”. But there’s one thing I love about movies like this one. It opens your minds to the endless wonders of what hacking can do.

If you work in any technical field, there is some level of programming knowledge required. Developers program code day in and day out, but even penetration testers, IT helpdesk, or SOC analysts benefit from automating mundane tasks to improve efficiency. If programing is a skill set that you want to improve, how best do you learn? Playing with redstone in minecraft will teach you about some basic logic. Youtube videos can show how to create basic discord bots to roll dice for your DND games.

To develop in cybersecurity, it is vastly important to keep a growth mindset. Always be learning. In order to allow that, it helps to have the right tools available. One important tool is a dedicated computer for hacking activities such as participating in training labs, testing tools, or learning new methodologies. I reset a Macbook Pro, keeping the intending macOS and installed VMware fusion for running virtual machines (VM) including Kali linux.

A friend and mentor in the field introduced me to Wazuh. An open source, free to use tool for security. He was looking at the tool to understand some of it’s inner functionality for his own projects, but when I was reviewing it with him I was impressed by it’s feature set. First off, being open source means that Wazuh has source code published online that anyone can use, review, or extend.

Cloudflare offers some amazing, and free, products to secure personal use, self-hosted applications and devices. Last week, I set up a server at home running docker containers. By using Cloudflare I can securely make those docker containers internet accessible. Previously in order to do that, I’d have to open a port through my home router and accept any traffic from the internet on that port. This is visible and allows a home IP to appear in use to anyone who scans it.

Note from hackerunder.dev: This post was copied from https://www.passwordmanager.com/are-password-managers-safe-to-use/ with permission to display on this site. Managing all of your passwords for different accounts can be surprisingly complicated. You need to be able to create, store, and access strong passwords for all of your accounts on every device you use. Furthermore, each password needs to be unique, making it nearly impossible to remember every one of them on your own.

This blog post is a record of what I did to spin up a home server that uses Docker for various side projects and fun. One of the pain points of having projects that involve computer applications, websites, or code is that it needs to be hosted somewhere to run. Our personal computers are not usually online for projects that could be running all the time. Creating physical servers or paying for cloud hosting can get expenive fast for passion projects or proof of concepts.

Friends among my various hacker spaces have shared links to a new tool called Updog created by Sc0tfree. A python3 implementation of an HTTP server that is intended to replace Python2’s SimpleHTTPServer module. I had to test it out myself and these are my opinions. In many hacker training courses, it is vital to be able to host your tools on a web server to download them onto target machines. One example would be to download a network scanning tool once you’ve gained a shell on the first machine of a target network.

In order to learn something, you need to practice it. When it comes to becoming a hacker, that is done by attacking machines in a lab. There are many ways of doing this, such as building your own, spinning up an OWASP or Metasploitable virtual machine, or using a service like Hack The Box. There’s one common flaw with these labs though, they’re not realistic. To build realistic labs that look like live environments is a hard task to accomplish.

What is the best part of creating a new blog? You create everything, move content, and then get back to the daily grind. Come back to write the next post and, wait, what did I set as the WordPress password? Looks like we’re going to have to overwrite the hash in the database. <pre class="wp-block-code">``` mysql> SELECT ID, user_login, user_pass FROM wp_users; +----+------------+------------------------------------+ | ID | user_login | user_pass | +----+------------+------------------------------------+ | 1 | admin | $P$BThiRip7s2lXh/PBVW7yFnKbQWvDtc0 | +----+------------+------------------------------------+ Here’s the problem though, we need to know how WordPress hash passwords in version 5.

On March 9th, I was a part of an awesome class hosted by @Ashioni that went over the Bandit challenges from OverTheWire.org. While I’ve attempted the Bandit challenges a few years ago, there are new additions and it’s always good to review how to answer these puzzles. There is never a single solution! In this article, I want to show a few ways we attempted the last challenge of the day.

Have you ever wanted to be a 1337 hacker like you see in the movies? Metasploit automates some of the harder tasks related to penetration testing. This blog post is a quick setup to install two virtual machines that will allow you to explore how to use Metasploit. Step 1: Get files needed to create the VMs Download VirtualBox Download Kali for VirtualBox Clone Metasploitable2 Step 2: Setup Kali Open VirtualBox, click File > Import Appliance.

Have you ever wondered how web applications do validation on forms? How does the app know when your input is really an email address? In most PHP applications, this is done using regular expressions (Regex). I’ve previously posted about how to defend against XSS and SQL injection. Checking strings with a white list of allowed characters is one of the easiest changes a developer can make. Regex makes this easy in most programming languages.

Ever sit at a bar with friends and try to have a conversation but the TVs behind the bar were too loud? If only there was a quick convenient way to turn them all off at once. This is where the TV B GONE remote comes in. A simple kit that sends over 100 “power off” signals to TVs within a 150 foot range at the push of a button.

First off, I don’t know if you’ve been avoiding the political storm as much as I have but there’s one thing that’s been so retweeted, shared, and updated that I couldn’t avoid it. The discussion about the privacy of our internet content. The Problem ISPs are able to sell your data. While it is possible that similar data is already being collected and used by social media, applications, and other providers… It’s brought up an interesting conversation about how to secure ourselves while browsing the internet.

Last week I posted in Hacking about installing a Honeypot to record SSH traffic. Since it was installed, I’ve been working on easily monitoring of the output. Michel Oosterhof, the creator of Cowrie, has done a lot of development work to create some awesome logging output from the honeypot. There are a lot of different options and you can even store output in a mySql database. I found instructions for that on a wordpress blog.

Who likes honey? I know I do. Unfortunately Cowrie isn’t the like of honeypot you might imagine. Instead of thinking source of deliciousness, think something you will get your hand stuck in. In security terms a Honeypot is where a system is set up to record everything that’s going on. In those terms, cowrie is a SSH monitor that tracks everything that happens over an ssh connection. This is a project that I started with @Taco_Pirate.

Two posts ago, I wrote a quick post about installing OWASP’s Broken Web App. This post will be about exploiting the BWA and by that I mean I’m sharing my experience following existing proof of concepts and walkthroughs. For example, reported vulnerabilities from sourceforge and video walkthroughs on irongeek.com. This post assumes you have the OWASP BWA virtual machine up and running and that your target VM’s IP address is mapped to owaspbwa.

I wanted to do a quick write up of the last project I did for class, it was a scoreboard app written in Python and used Flask. For extra credit we could host it on Python Anywhere. The app also uses SQLlite for the database. All of the development work was done using PyCharm. One of my Media and Information classes has a lot of programming based projects. We used two main different languages and IDEs to get them done, the final for the class and the early projects was done using C# and Unity, while the end of the class utilized Python and PyCharm from JetBrains.

OWASP Broken Web App (BWA) is a safe place to practice some fun stuff and is basically a collection of applications to test everything security related. OWASP has a few projects like Web Goat, Security Shepherd, and more. Broken Web Apps is a collection of these guides and some outdated apps to test your developing skills. Install All The Things! In order to set things up, it’s important to have everything you need installed.

Hello again, I am going to share my love hate relationship with my latest web design project: spartanhackers.com Some background information, Spartan Hackers is a group at Michigan State University that holds weekly events to introduce students to various technical skills that they can use at hackathons like Spartahack. The Beginning Spartan Hackers started up just last year, and only had a few members to run everything. The president at the time wrote a nice website for the club that was using only static content and the grayscale bootstrap theme.

I’ve had a couple posts about Kali on here already. But I still haven’t had a chance to fully get in to it myself. I know, it’s tragic right? Well for those who know less than I do about it; Kali is a linux distro from Offensive Security that comes packed with tools and programs that make hacking easy. However carrying around a computer for work, one for class, one with Windows, and a tablet or two isn’t really an option, unless your bag is designed for 80lbs.

Who likes Angular? A JS library that is all about load a page once and get a dynamic website. Who likes Node JS? A server written in javascript. Who likes scripts that write code for you? Hello Yeoman! The first time I used Jhpister was for a innovation project that maps out the office seating. This is a great internal tool since we have an entire floor of developers and finding the third “John Smith” is kind of annoying.

GrrCon 2015 is in October, it’ll be a great conference with a lot of talks. It’s the first con I’ll be able to attend. The tickets are a little expensive and I was unsure about going since this would be my first conference… Not to mention I’m still trying to get through college and I’m tight on money. So of course, I’m volunteering! I’ll be working my butt off to get you the best Con possible while making all the connections I can.

I’ve mentioned in previous posts that my girlfriend is on a gymnastics team. I did their club website for them a while ago. I went to a meet they hosted their year and helped out as much as possible. They were using a Microsoft Excel sheet to do all of their scoring for each event. While watching the guy use excel, I got a headache just trying to follow the complex steps that were set up for it… so I had the bright idea to set up a website that simplifies the process and allow anyone to use it for their meets as well.

One of my first “professional” website creations. Making the club’s website gave me a solid 4.0 in a college web design class where I reviewed the basics of CSS, Javascript, and HTML5. Fun stuff really. What I learned by doing this project is how important initial design and communication is. Working with a client (in this case, the “client” is my girlfriend a.k.a club President) means that you can’t just look at the website and think “Good enough, ship it”.

How many people do you see every day that are staring infinity into their smartphones? How much would you bet that they are on Facebook or Twitter right now? There are also a lot of people on the internet who write interesting blog posts to people about a lot of cool things… and I am one of those people. There is a wordpress plugin that allows me to share new published posts with friends and followers automatically.

This is a big project I’ve worked on from the beginning when working at Matrix: Center for Digital Humanities & Social Sciences. It’s taking an old platform and revamps it into a modern application. KORA 1.0 was built over the last two decades by non-software developers, I never saw the code personally but I heard horror stories of unorganized pages of code that was thousands of lines long. KORA 2.0 reorganized the code into an Object-Oriented-Programming (OOP) format, Matrix’s system admin (now retired) and students introduced classes and actually made the code readable to developers.

If you’ve never played with BASH/terminal or you don’t know what Linux is. I suggest you read into that first before you get much further into hacking. Most of Kali’s toys are based off of the terminal, so in order to run them, you will be typing commands like “nmap -A http://your-ip-address”. This link is Offensive Security’s website where they have some awesome documentation about what’s available on Kali.

Everyone wants to break into their neighbors wifi or steal someones password at Starbucks, but depending on National, State, and local law, even packet sniffing could be illegal. So how do we safely practice how to hack before we are ready to find Sony’s back door? We set up a environment for virtual machines on our local computer or server! For those of you who don’t know what a Virtual Machine is, it’s a “computer” inside your computer.

Every computer, social media platform, or online tool requries some level of authentication. This usually requires a username and password. Correctly managing these credentials can be a defining point in defending yourself from an online attacker. What if I told you that a hand written log of passwords is not the most insecure means of password management? Key requirements of credentials Lets start with the basics. A username is a value that is used to identify a user and a password is a secret that is used to verify a user is who they claim to be.

In this post, we will review the basics of phishing as a part of cybersecurity month. Many organizations, goverments, and infosec companies prepare ways to inform the general public on how to prevent falling victim to these kinds of attacks. Hopefully by the end of this, you will know what phishing is and have a few things to review falling victim to criminals that may be targeting you. What is Phishing?

The month of October is Cybersecurity Awareness Month. The National Cybersecurity Alliance (NCA) has partnered with US government agencies to promote understanding of security topics. Many communities and security companies use this month as an opportunity to reach out to the general public as well. This year, I have partnered with NCA as a awareness champion to promote four topics with my readers. On top of that I will be reposting related threads on Twitter and sharing about additional opportunities that could benefit you.

There’s a sticker on the back of my personal laptop. I don’t recall where I got it from I believe it was an informal sticker exchange at GrrCON a few years ago. It’s a pretty clear message and you can see it here. For anyone who’s trying to watch what they say, lets call it “Patch your stuff”. It’s a simple rule, but an important one we should all follow.

A good friend once mentioned how cool it’d be to practice brute forcing for a website login. I created a simple web page with a login form. Incorrect logins display a red error message while successful logins show the rest of the web page. There’s no database or complex code behind the webpage. It simply hashes the user input and compares it to a stored value. Before we continue, I must make it blatantly obvious that hacking any online service without consent could land you in a lot of trouble.

This is my last post related to HTTP Public Key Pinning (HPKP). This is a post in response to Scott Helme’s latest post about him giving up on HPKP and how my blog is a perfect example of his concerns. In the past I’ve written three articles about the HPKP header: Testing HPKP headers Adding HPKP headers HPKP.. Public Key Pinning? The point of each of these articles are pretty well summed up in their titles.

One of the tools offered by default in Kali and many other hacking related distros is WPscan, a black box WordPress vulnerability scanner. I wanted to learn how to use this tool because it would help with recon on CTF challenges, practice boxes from vulnhub, and even trying to keep my own blog vulnerability free. Disclaimer Before I tell you more about the tool and how it can be used, I have to throw out the usual disclaimer.

Over the last two weeks, I’ve posting a lot about HTTP Public Key Pinning. This will be my last post about it, I want to focus on testing HPKP. If you don’t know what HPKP is, read the first post. To learn how to add those headers, read the second post. I’ve had to spend a lot of time trying to figure out how to properly test these headers. In theory, this is how it should work.

Before we try to add a HPKP header, let’s review from last week. I made a post about what HTTP public key pinning is. It’s a fingerprint that browsers use to compare certificates can warn the user if the certificate is from a different source, even if it’s trusted or from the same server. If that doesn’t make sense, check out the link to the previous post. Public-Key-Pins A Public-Key-Pins header looks like this:

On a project I’m involved with, a scanner has picked up a low issue where the HTTPS is missing HTTP Public Key Pins (HPKPs). If you’re like me, you’re probably thinking what the heck is HPKP? Well, I did a little bit of research and got it working on my personal website, I’ll share my struggles below so you don’t have to follow my footsteps. The Theory Our browser stores a list of places that are accepted TLS/SSL certificate providers.

In my normal fashion, I’m going to start this blog post with a little intro to cover my butt. Recently at work, I’ve been tasked with learning about Transport Layer Security or TLS. This blog post is my own thoughts and is not 100% accurate, but I hope you get the idea as well as I do. What is TLS? Well, as I said above, TLS is Transport Layer Security. It’s the encryption used by clients and servers to encrypt messages sent between the two.

I hope you’ve been enjoying my posts. I know that writing these posts have been a good outlet for all I have learned over the last few years. This website is hosted on a VM, but it’s still a server that’s vulnerable to your every day hacks. For instance, every day someone pings my server, finds the SSH port and attempts to brute force into it. Now while there’s nothing here for them to steal, there’s still 20GB of free internet storage for whatever they want and the only thing stopping that brute force attack is that they can’t guess my password.

Following my post from two weeks ago about Scanning, enumeration is a Network Hackers next step. Enumeration is when you probe services (that was identified from scanning) for vulnerabilities. Now, up to this point we were able to keep a anonymous veil around us. However, enumeration requires active connections or direct queries to your target, which could be logged or capture and then used against you. Typically you are looking for usernames (that you can use for brute force guessing), email addresses (used for phishing attempts), or misconfigured/outdated systems with known vulnerabilities.

One you’ve found a target and it’s time to dig in a little more to find a way in, start with scanning. Try to Follow these steps: Determine if the system alive Try using ping sweeps, nmap offers this with the -sP option ICMP Queries offer a wide range of information about a target Determine which services are running/listening Sending packets to TCP / UDP ports to see what is listening There are a variety of tools, nmap, netcat, and strobe are examples Determine the Operating System Get content info from FTP, HTTP, or others.

Footprinting is gathering information about a target before attempting to hack them. There are a few ways to do it but the important part is getting the right details, What kind of servers are in use, What kind of operating system is in use, What is the deployment and version control systems in place… Things like these will lead you to what vulnerabilities to use to get into the system

This is an article about defending from attacks, but we can use it as the “7 steps of hacking”. This shows the basic categories of where we can exploit vulnerabilities. So use this for ideas as to how you can break into a network but beware because it’s also how people defend against us. EDIT: Don’t get ahead of yourselves, if this looks completely foreign to you, keep working at things that are simpler.

Step 2: Learn the basics Google and the internet is your friend. If you can’t take a class, there is a multitude of online resources you can use. Whether you’re trying to learn programming and use Stackoverflow or you’re learning about basic hacking skills and want to use Hacking Highschool; you really do need to have some understanding of how things work before you try to hack them.

A long time ago, I built a computer and have since sparsely used it as a home server. The last time I reinstalled an operating system on it, I installed Ubuntu Desktop Eoan and never remembers to update the machine. This blog post will serve as a record of what I did to setup the machine again after wiping it. Services I installed included ufw ssh ftp Minecraft Samba fileshare While attempting to install samba on the old system, apt update failed.

One of my goals for 2022 is to blog more frequently. I used to try and get a post out weekly when this blog was originally a college project. Weekly turned into monthly posts as my content got more technical and my career took off. Last year I posted once. Now that ends! I’m kicking off this revival with a site refresh. HackerUnderDev is moving away from a WordPress site running on a DigitalOcean droplet for a Hugo site running on Netlify.

There is no get rich quick schemes to maximize your finances. Hacking is not cyber crime. If you think this post is going to be 5 steps to become a millionaire or advice on how to steal money, you’re wrong. This is a collection of advice I’ve picked up in recent years and suggest you follow. I will also admit that I have been blessed. My family is not poor, I grew up in a good area and received a strong education.

4/9/2022 Update: After migrating from WordPress to Hugo, I do not have the ability to password protect blog posts. All content will be public and because of that these decryption instructions are no longer worthwhile for https://hackerunder.dev. I will not be posting content that requires password protection. For example, I previously shared unretired hackthebox machine walkthroughs but required hashes as the password for the post. This decryption method was copied from 0xPrashant and his own blog.

Words of inspiration for many and an explanation to others who only see hackers as problems. Maybe one day I’ll base this manifesto to write my own. First it’s important to dig deep and see what’s going on then find how to put it into one clear document. Copied from Phrack Magazine <pre class="wp-block-preformatted">==Phrack Inc.== Volume One, Issue 7, Phile 3 of 10 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The following was written shortly after my arrest.

I’ve had a love hate relationship with Minecraft since I bought the beta when I was in highschool 2011. Throughout the years I’ve played countless local games, and joined others online in public servers. Over the last decade, I cycled through playing, getting mad at myself for not being productive, and taking a break. Lately I’ve been watching Hermitcraft more than playing or working combined. To convince myself I was being productive, I told myself starting a Minecraft server to play with friends and family would be a worthwhile systems administration and security project.

Another year, maybe decade, has come and gone and it’s time for me to review 2019. I realize I have not blogged consistently and that’s due to a couple different reasons. Work is busy, I burned out while studying, and there are some personal changes in my life. All that said, not much has changed my priorities. I still want to learn to be a better hacker and to give back to the community that gave me so much.

This year seemed to fly by, but looking back a lot has happened. This is a summary of what I did in 2018. Tackling the OSCP If there’s one thing I’m going to struggle with recording on the internet… it’s that I’ve struggled with the OSCP exam three times. With each attempt I have gotten better and better, but I still need to try harder. Looking back, there’s more I need to do in the PWK course.

Like years before, I want to share a summary of what I have accomplished. While there has been months where I feel like I focused on everything except security, my notes for 2017 turned out to be pretty extensive. One of the first things I did this year was go to Shmoocon. I was not able to get a ticket, but that did not stop me from getting on a plane and tagging along with Infosystir (Amanda)!

2016 has been a crazy year, and I’m not talking about celebrities, politics or world news. A lot of security related things have happened for me personally. I wanted to base this post chronologically on what I’ve done. One of the first screenshots from 2016 is a constant reminder for me. What’s the first rule of infosec? Troll first, work later. I’ve come to realize that Twitter is the diving platform everyone needs.

A long long time ago, I wrote a blog post about trying to assemble a new Folger Tech 3D printer. Long story short, I was given a bad Arduino board that started to smoke as soon as it was plugged. I spent weeks trying to get help from Folger to check my wiring, because to the best of my knowledge I had followed their instructions and I didn’t know what was wrong.

In July of 2015, I volunteered to create a web app to score college gymnastics. There’s an old blog post from my original COGSS project. COGSS 2.0 is going to be a place to submit scores and have rankings for a meet. Sounds simple right? Turns out it is not, this project feels like it is turning into a full blown application which ideally would require a dev team… Instead there is me!

2015 has been quite the year for me! For one, I started blogging about information security and software development. I added a category for hardware, but I haven’t been able to dive very deep into those projects (yet). This blog post will be a review of all of the content I’ve blogged about, hopefully it’ll be a good collection of how much I’ve grown. To prove I really am what my tag line says; that I’m better than I was a year ago.

Hey everyone, it’s been a while since I’ve written something about hardware. I’ll share a current project of mine that has taken some interesting turns. Something that is all the age right now is 3D printing. Most assembled printers range from $400 to $800 and that can range on a lot of things from filament type to the hardware in use. Kits generally run cheaper, because you have to assemble them yourself.

If you’ve been following my posts, you’ll know that I do some consulting on the side for some websites. LCORI is the Lake Chemung Outdoor Resort in Howell, Michigan. My grandma has been working on the board for more than a few years. She came to me asking to help fix the navbar on www.lcori.com, and I was happy to help. After getting into the code, I saw that it was a bit of a mess.

If you have tinkered with computer hardware projects before, I hope you have checked out hackaday.com. They are a famous website that re-posts about many kinds of hardware hacks. If you have found a new toy you want to customize or want to be inspired by other hackers or makers, hackaday is a great start and I visit the site frequently. Now, me being the “young, easily misguided, and overly willing kid” I was when I read an article titled Hacking a Cheap Toy Quadcopter to Work with an Arduino my first reaction was “Awesome!

Hey everyone, so at work we’ve had a couple vulnerabilities pop up so I was privileged with writing this up and I wanted to share it with you. I hope you find it interesting! Sorry it’s such a long read. There’s two parts, one for SQL injection and one for Cross Site Scripting. SQL Injection Check out SQL injection on OWASP SQL injection is, simply put, a user adding additional requests to your database calls.

Something pretty basic that I didn’t cover early on is anonymity. Do bank robbers wear masks? Unless you want the police knocking on your door the next day. I suggest you look up the Tor project. It’s a proxy network that divides your data into packets and sends each one randomly through different bots on the network. While some may say Tor isn’t secure. You need to realize that nothing is perfectly secure.

How do you learn to hack? Read a book! Here are the books I have shown: Hacking exposed 6 Violent python The web application Hackers Handbook 2 A bug hunter’s diary

Ok, lets review, we know our basics. We know how to use a computer, we know how to write code, we know what unix systems like Linux are, and we know how to use Unix tools like those provided in Kali. Wait, I still can’t get into my friends Facebook account, what are we really learning anyways? Well giant corporations like Google or Facebook are hard to hack, especially for people new to hacking like us.

On November 14, 2015, VTech discovered a hacker had broken into their databases, servers, and websites. The hacker used SQL injection to gain complete access to the databases that held all of the data used by the Kid Connect application that VTech uses. A friend of mine wrote up an awesome case study about the breach and you can read it here StephenManz_KidConnectHack. My two cents on the VTech breach (Not a TL;DR of the case study, just what I took away)