Social Media

Social Media may be seen as nothing but fluff and nonsense but for the most resourceful bug bounty hunters, websites like Facebook and Twitter can be great resources.

The most prolific way to get resources is to follow the bug bots such as @TheBugBot on Twitter. It’s literally just a bot account but it provides all the links you need if you want a good start on bounty hunting.

There are also bug bounty groups that you can join in if you either have a Facebook or Twitter account. These guys will usually contribute to the group with legit resources that you can gather.

Hacktivity

Hacktivity is the central hub of all the resources you need to start hunting. Found in Hackerone.com, Hacktivity is a forum filled with all of the lucrative resources required for bug hunting. Hunters look for either Hacktivity or Reddit but I do recommend you go with the former since it’s a tried and tested site. Also, it’s a great place to find bug bounty friends too.

Newsletters

Sure, newsletters are quite a nuisance but if you are an intensive bug bounty hunter, you’d agree that newsletters can help too. This is especially if you subscribe to cybersecurity forums and general websites. All you have to do is open up your email and read the feed given.

Other Accessible Resources

Reddit is another great place to find resources, specifically in r/bugbounty which has over 10.6 members who contribute links and other essential matters on daily basis. You can also go for other portals like Hacker101, Portswigger Academy and PentesterLab but they require paid subscriptions to access the resources.

The post Best Bug Bounty Resources appeared first on Hack Talk.

LiveOverflow

If you know CTF, then you probably have heard of LiveOverflow. As of this writing, he has more than 550,000 subscribers under his belt for plenty of good reasons: a great personality, awesome video content and plenty of helpful guides and analyses on CTF and beyond.

HackerSploit

If ethical hacking is your thing, then HackerSploit is your go-to guy. He has more than 500k subscribers right now thanks to his extensive explanations on various cyber security topics.

The Cyber Mentor

Formerly an accountant and now an ethical hacker, The Cyber Mentor currently has 500k+ subscribers that adore him for his free lessons regarding penetration testing, OSINT, and general topics on cyber security.

John Hammond

If you keep in touch with CTF competitions, then you know who John Hammond is. This legendary CTF player that provides his own challenges for the viewers and even does extensive analyses on how challenges are properly made.

STOK

If you prefer a fun yet relaxed vibe on bug bounty hunting, STOK is a guy that provides just that. This former IT consultant is an up and coming cybersecurity YouTuber has made bug bounty more interesting for its viewers and also provides some fun videos on the topic.

Ceos3c

He’s slowly rising up the subscription ranks thanks to his effective tutorials on bug bounties, OSINT, and challenge walkthroughs. Ceos3c is a no-frills personality who can be your best buddy when it comes to explanations on certain topics like pen testing and CTF.

NahamSec

Finally, we have NahamSec – a bug bounty hunter who made a large influence in the bug bounty community. He is mostly known for interviewing well-known bug bounty hunters, live hack streaming, and cyber security podcasts.

Subscribe if You Haven’t 

These guys don’t just provide you with helpful knowledge; they are very fun to watch too. If you haven’t subscribed yet, we highly suggest you do.

The post Best Bug Bounty YouTube Channels appeared first on Hack Talk.

Mr. Robot

Considered as the most used Virtual Machines on the hub, Mr. Robot is based on the same show with the exact title. The machine has 3 hidden keys that you need to find on different locations. Obviously, your goal is to find all 3 keys but everytime you retrieve a key, the difficulty significantly gets higher.

By the time you get to the second key, the skll ceiling spikes, giving you an extra layer of challenge. Yet, this is not considered one of the toughest VMs on the hub. It is also the best entry-level VM for beginners and internediate pen testers.

The Necromancer

The Necromancer is a CTF-based VM that is used to prepare its players for the highly competitive SecTalks Brisbane CTF league. You will need to capture 11 keys. The game also gradually gets tougher per key acquisition and, by the time you acquire the 11th key, you must face the “final boss” of the game: the necromancer.

SickOS 1.1 and 1.2 

SickOS is a great two-part VM series where you must fight to get to the highest priviledges to compromise the system. It is also considered as one of the most realistic VMs in the hub as it is replicated from the OSCP labs. 1.1 has a low skill ceiling where you must work your way up in the system to compromise it. 1.2 expands all the best things in 1.1 but on a more masterful level.

Tr0ll 1 and 2 

Another VM that was close to OSCP labs is the Tr0ll series. In this game, you must acquire the root and get a hold of Proof.txt from the /root directory. However, getting there is tough and you will need to work with plenty of strategy. The sequel also follows the same system but with a much harder difficulty.

These VMs are completely free to use and these are just a few out of hundreds of virtual machines in VulnHub. Should you wish to try all of them, consider visiting the VulnHub website.

The post The Best VMs on VulnHub appeared first on Hack Talk.

Reversing

Reversing is a short term for reverse-engineering. Here, you get to play with various reversing tools to discover specific programs, apps and scripts to detect the flag and capture it.

Misc

Also known as Miscellaneous, it presents multiple challenges that make problem solving more fun. True to its name, these challenges are spontaneous are not categorized as a specific type.

Stego

Stego is more of a hidden object type challenge where you need to use steganographic tools to find the flag. It is considered the best challenge for anybody who likes pretending to be a detective.

Crypto

Crypto challenges are stealth-based activities that mainly focus on cryptographic functions. You will need to decrypt well-defended objectives while preventing the watchful eyes of its defender.

Web

If you want to play around web-based apps, the Web challenges should do justice. It is also one of the most popular challenges in the game and has a great set of intriguing themes.

Forensics

Another detective type challenge is the Forensics. It focuses on data recovery where you will need to do intensive investigations to recover batches of data and solve the root of the problem.

OSINT

OSINT is also one of the most played challenges in HTB. Also known as Open Source Intelligence, OSINT challenges provide you with multiple data from makeshift accounts who leave their digital footprints behind. You can use this for algorithm purposes to solve a certain puzzle.

Pwn

An internet slang for “Own”, Pwn is simple to play, but hard to master. You get yourself involved with binary exploitation and also memory corruption. It is arguably one of the hardest types of challenges in HTB.

Mobile

Another popular challenge is the mobile challenges. Mobile challenges let tinker with social media profiles and go through various mobile phone apps to find the flags and other crucial data to recover.

Hardware

Hardware challenges are slightly different from the other HTB apps. You will have to penetrate within hardware systems using the software provided for you. You must analyze the attacks and other attempted penetrations onto the system.

Plenty of Fun as You Learn

HTB challenges are not just learning tools; they are also fun as game programs that provide excitement as you increase your experience.

The post Hacking the Box Best Challenges appeared first on Hack Talk.

Metasploit lets you work with custom codes that are premade for convenience. These codes are usable to probe the weaknesses within the network. You can use these identified weaknesses as documented information to analyze which solutions should be deployed. Metasploit is a great convenient method to discover the various conflicts that lie within the servers.

You can get the program directly from the Rapid7 website.

How It Came To Be 

Developers H.D. Moore and Matt Miller wanted to provide a Perl-based network tool in 2003. They executed the Metasploit Project in that year but was converted to Ruby in 2007. In 2009, Rapid7 acquired the license to the project. It became a tool that was viable for targeting remote exploitations and anti-forensic solutions.

Since then, it became the mitigation tool for cyber security professionals as it became easier for them to use Metasploit rather than probing with various tools that they do not know if they were effective for a weak spot. The convenience of remote testing spread throughout the entire world. What used to be a special tool only used in local areas and private companies is now a free tool for anybody to use.

Who Uses Metasploit 

Anybody is free to use the framework but it is primarily used by DevSec operators and hackers. It is a tool used for both good and evil, depending on whoever is using it.

Thanks to its constant updates, Metasploit provides more than 1677 exploits. These exploits are found in 25 platforms like Python, Java, Cisco, and Android. As for payloads, it includes over 500 of them such as command shell payloads for running scripts against the host’s will, dynamic payloads which lets you generate unique payloads to trespass antivirus protocs, a meterpreter payload which lets you take control over the monitors with VMC so you can possess the machine and do whatever you want with it like uploading and download files, and static payloads which allow port forwarding and various network communications.

The Importance of Metasploit 

Metasploit is now a crucial framework for anybody within the security analysis and penetration testing field. It gives them a glimpse of how malicious attackers can slither through even the toughest systems in the world and provides them the knowledge on how to deploy countermeasures.

This free tool has become one of the main sources for cybersecurity, making it the backbone of both ethical hackers and malicious hackers. It keeps on evolving everyday with more exploits and solutions for the benefit of better security protocols in the future.

The post What is Metasploit? appeared first on Hack Talk.

Why HTB and VulnHub 

Simply said, HTB and VulnHub are among the most used sources for pentesters. Both have a great number of PCs, CTF tasks and various hardcore virtual AD forests. HTB and VulnHub are both go-to tools for pen testing researchers.

Hacking The Box 

HTB is one of the latest sources with the latest virtual PCs. All registered users get the priviledge to hack the PC and has over 20 virtual PCs at the same time inside a free server. It also has a VIP subscription of 10 Euros per onth but subscribers can upgrade it to 100 Euros per year.  

For the paid subscribers, they can have access to the old machines inside the source. Along with the access to these machines, subscribers also get to read official walkthroughs by long-time HTB professionals.

HTB also houses one of the most difficult virtual machines to tinker with. However, beginners in the IT course can sample the dummies provided by the program. It also has a useful filter system where you can select the most optimal machine based on your skill level.

Hacking The Box is a very good tool for various skill levels for cyber security personnel and is considered one of the most recommended programs according to specialists in the course.

Even if you do not opt for the paid subscription, the 20 active PCs are good enough for you to work with. However, the subscription is a good investment for long term usage.

VulnHub 

VulnHub or Vulnerable by Design is a more hands-on practical tool that lets you tinker with software, network administration and cyber security. It also provides an easy hub for beginners yet it also provides complex machines for veterans to work with.

Their purpose is to make sure you have the right tools for penetration and have the guaranteed safety to do so. In other words, if you make a mistake in testing, you won’t get in trouble at all because VulnHub protects you.

There are plenty of resources found in VulnHub with the right virtual machines for you to test out. These are created by the users who utilize the VulnHub engine and converting them into a sort of training range for the beginners.

The hub is also constantly updated with the best possible database indexed within its program.

Which is Better to Use  

It’s all up to you. HTB is a very flexible program but is only limited to 20 PCs if you wish to go with its free program. VulnHub is more beginner-oriented and completely free but is more limited compared to HTB. Whatever you choose will remain as a winner.

The post Hacking The Box (HTB) vs VulnHub appeared first on Hack Talk.

It is not so long ago that such activities were of dubious reputation and dubious legality. Nowadays, everything is disclosed and very respectable, even if the participants take an alias and play Bond villain. To stop the cyber-attacker, you need to think like the cyber-attacker. Hackers created Capture the Flag (CTF) contests to hone their skills where they compete for p0wn servers and gain credibility.

 Overview 

CTFs for corporate security personnel are a win-win situation for the white hats. Security personnel learn new techniques, practice dealing with challenging scenarios and network with other members of the security community. But that’s not all.

Bobby Kuzma, Director, Cyber Threat Strategy and Empowerment for IT automation and security software vendor HelpSystems, says: “I see that a respectable number of companies are actually using CTFs as part of their community outreach and recruitment strategies. They help to get people, especially students, excited about cyber security and identify promising, non-traditional candidates”.

A personal favorite resource of mine is Didier Stevens and his tools. Didier’s original specialty is tools for analyzing PDFs, Microsoft Office documents, and other complex data files, many of which are used to launch attacks. His collection is now much more diverse. They are invaluable for examining and creating malicious files.

The largest group is resource hacking. These are the resources: network scanners, static source,  decompilers, heap visualizers, packet capture, debuggers, binary analysis, hash crackers, and image editors,. All security professionals have their own preferred tool sets, but a CTF can challenge them to find new ones.

I will discuss other instruments that are more specifically geared to the CTF, but let me first discuss the two main styles of the CTF: Attack-defense and danger style.  

 Attack-Defense 

In an attack-defense competition, there are two teams, each with a computer environment that can be as simple as a single server. Each team tries to attack the other team’s systems and defend its own system from attack. Each system contains a set of information flags that the attacker tries to find and capture. Hence the name “Capture the Flag” (that and the traditional outdoor game).

The attacker, on the other hand, uses intrusion techniques to gain privileged access to the server. If the attacker can gain root access, the game is certainly over soon, but depending on the applications and services involved, more limited attacks may be sufficient.In such a scenario, the defenders have to do all the things they want to do on their own servers in the real world: Patch all software vulnerabilities, even the obscure ones; leave only the very necessary services open through the firewall; ensure that all passwords are secure and that accounts have the least necessary privileges; and so on.

 Danger style 

Jeopardy style tournaments have any number of teams and a Jeopardy style board with challenges worth different amounts of points. When a team accepts a particular challenge and finds the flag, it submits it to the point system, receives the points, and moves on to the next challenge. When time runs out, the team with the most points wins.

Because they are much easier to set up and manage, Jeopardy style contests are far more common than attack-defense.

 King of the Hill 

In a King-of-the-Hill event, each team tries to take and keep control of a server. When the clock runs out, the team that has held it the longest wins. This is a variant of the attack-defense CTF.Why would you prefer one type of competition over another? Kuzma says that “Jeopardy events are good for building problem-solving skills.” King of the Hill events are great for strengthening incident response, collaboration and planning.

 Juice Shop 

The closest thing to CTF-in-a-box is the OWASP Juice Shop. OWASP (the Open Web Application Security Project) is an organization of security experts who design tools and policies to help developers and other IT professionals create secure applications.

The Juice Shop is a fictional web-based store that sells juice, T-shirts, and other items whose details are not important. What matters is that the site is peppered with vulnerabilities of almost every known type. The website is customizable, so you can brand it as you like and change the products as you like. OWASP includes different forms like a docker image and runs with a single server instance.

The OWASP Juice Shop does not prevent users from running scriptsJuice Shop also includes the scoreboard and account management required to run a contest.

 Capturing the Flag Frames

These are some of the most popular CTF frameworks, as well as some that are a bit more opaque. CTFd is a CTF platform widely used by security vendors, universities and hacker groups. It includes the scoreboard and other infrastructure of a contest. They simply add the actual challenges, i.e. the puzzles solved by users, and their scores.

Other important frameworks are:

• The CTF frame of Facebook
• iCTF from the UC Santa Barbara computer security lab
• HackTheArch
• Mellivora
• NightShade
• LibreCTF
• picoCTF

 Capturing the Flag Tools  

Google holds some significant CTFs. It hasn’t published its entire framework, but it has published its scoreboard code and most of the challenges.

The list of helpful tools is long. Here are a few of them:

• Damn Vulnerable Web Application is an open source PHP/MySQL web application designed to highlight known and unknown vulnerabilities. The user selects a vulnerability (e.g. SQL injection) and calls it via the UI. The DVWA does not have an amusing front-end like the Juice Shop, but sometimes the easy way is the best.
• The Security Scenario Generator (SecGen) creates semi-randomized vulnerable virtual machines.

 Where to Find CTF Descriptions

The records are so detailed that with little work you can change things so that you can make the challenge your own. The main problem with the archives of records is that many of them are lists of challenges for which the record is “to do”. Another disadvantage of many transcripts is that many of the authors do not write well.

Performing a Capture the Flag event in the public cloud

Because of the volatile nature of CTFs, it is tempting to run them in a public cloud where you can allocate resources to them and then release them again, paying only for what you use. You can do this if you are careful and follow the rules.

Microsoft also has strict rules for pen testing at Azure, but they do not require pre-approval for this.

Many of the best resources, especially for Jeopardy CTFs, are the records of CTFs in the past and postmortem records of participants describing them. If you look around, you will find records of CTFs describing the challenges and how they were solved. If you find enough of them, you may already be finished. On this github CTFs page you will find a large archive of recordings as well as tools to create recordings.

Google also does not require pre-authorization, only that you comply with the Google Cloud Platform Acceptable Use Policy and the Google Cloud Platform Terms of Service.

A CTF is likely to be a popular event among employees, more so than traditional training and perhaps more useful. At a time when many security positions remain unfilled, a CTF can be a valuable recruitment tool that objectively helps you find the most qualified candidates. Think of it as a tool to maximize the skills of your team, and the fun is free. 

The post Best Tools for Running CTF Hacking Games appeared first on Hack Talk.

So you understand black box external penetration testing. Now it’s time to move on to grey box penetration testing. Grey box testing is for a presenter with only partial knowledge of the internal structure of a network. Grey box testing is the perfect hybrid of the straightforwardness of black box testing and the code targeting of white box testing.

Because grey box testing uses the assertion method to present all the conditions of a program, it is based on requirement test case generation. In order to verify its correctness and make it easy to understand a specification language is required. Required assumptions include Activation of Methods, State Reporting and Report Testing both in Class Under Test (CUT).

Grey Box vs Black Box

While grey box testing is more focused and efficient than black box testing the code coverage is only partial and it can be difficult to associate defect identification in distributed applications. And yet, it cannot be ignored that grey box testing has the advantages of being non-intrusive, handles the intelligence testing exceptionally and maintains unbiased testing conditions required for ethical hacking engagements.

Rather than squandering hours determining elusive information, presenters can use grey box testing to focus their assessment efforts on systems with the greatest risk and value. A sort of cyber triage, if you will. The security of the system is tested by simulating an attacker with long term access to the network.

What are the Best Pen Tests for Grey Box Security Testing?

Because web applications typically require user accounts to be provided (unless the pentester can self register for user accounts) grey box security testing is best suited to web app security testing, due to the test having some knowledge of the application and typically a user or a number of user accounts to conduct the pentest against the web application. Functional of business domain testing is also ideal for grey box penetration testing. This will confirm that the software meets the defined requirements.

Grey box penetration testing is the right way to go when the tester has no access to the souse code and a non-intrusive, unbiased test is desired.

The post What is Grey Box Penetration Testing? appeared first on Hack Talk.

Well, if you are planning to hack like a pro, then you need to know some of the basic commands for Metepreter exploits, before you dive in below.

A Meterpreter is a dynamic and advanced extensible payload. It deploys in-memory DLL injection stagers. Moreover, it extends over the network during runtime. Nevertheless, t communicates over the stager sockets to provide a client-server Rubi API.

Written by Skape for Metasploit 2.x, there has been an overhaul of the standard extension, and the current one is Metasploit 3.3. Typically, the server side is implemented using plain C and is compiled using and MSVC; thus, making it portable. Besides, the client can be written in any language. However, it is worthy to note that the Metasploit has a full-featured Ruby client API.

How does Meterpreter Work?

-The target first executes the initial stager. Usually, this is one bind, findtag, passivex among others.

-The stager then loads the DLL prefixed with reflective. The reflective tub is responsible for loading or injection of the DLL.

-Next, the Meterpreter core initializes and establishes a TLS/1.0 link through the server socket and sends a GET message. When Metasploit receives the GET message, it configures the client.

-Lastly, the Meterpreter is involved in loading the extension. If the module gives administrative rights, it will load priv modules; otherwise, it loads stdpi. All the extensions are stacked over the TLS/1.0 through a TLV protocol.

Now that you have a clear glimpse of Metasploit Meterpreter. What are some of the Cheatsheet commands to use?

Step one: The Core Commands

Meterpreter is a Linux based terminal based on a victims PC. As such, most of the underlying Linux commands can still be used on the Meterpreter even if you are running on a Windows or other operating systems.

The core commands include:

-?: If you are not sure os nay command, you can use this to access the help menu.

-Background: The control moves the current session to run on the background.

-bglist: Allows you to access all the scripts running in the background.

-bgkill: The command is used to kill any Meterpreter running on the background.

-bgrun: You can use this to run a script as a background thread.

-Close: Closes the terminal.

-help: opens up the help menu.

-irb: Used when you want to go intoRuby scripting mode.

-quit: terminates the session.

-write: Used to write data to a channel.

-read: Reads data from a chain.

-migrate: Used to move the active process to a specific PID.

Step two: The file system commands

The following are file system commands.

-mkdir: Used to make a directory on the victim system.

-rmdir: Used to remove an index from the victim system.

-del: Command for deleting a file on the victim.

-getwd: If you want to print the local directory, then use this command.

-ls: list all files in the current directory.

-edit: Used when you want to edit a file using vim.

-cd: change directory of the victim system.

-cat: Command used to read and output the content of a file.

-lcd: Change local directory.

-download: Used to download a file from the victim systems to an attacker system.

Step Three: Network Commands.

If you want to find something on the network, then the following commands will be handy.

-ipconfig: Used to display all the network interface key information including IP addresses.

-route: Used to modify or view victims routing table.

-portfwd: Command used to forward a victims port to a remote server.

Step four: System commands

Whenever you want to get the details of a victim PC, you can use the sysinfo command. It will display the operating system and the name of the PC. Other system commands include.

-shutdown: Shuts down victims computer.

-reg: Allows you to interact with the victim's registry.

-getpid: Shows the current process ID.

-getuid: Provides information on the user on which the server is running.

-drop_token: help drop the stolen token.

-kill: terminates the PID process.

-ps: Lists all running processes.

-getprivs: Used when you want to get privileges.

-shell: Opens command shell.

-clearav: helps clear event logs on the victim machine.

Step five: Interface commands.

-set_desktop: Changes the Meterpreter desktop.

-screeshot: Grabs screenshots on the victim desktop.

-keyscan_dump: dumps the software keylogger

-keyscan_stop: Stops the keylogger.

-enumdesktops: Provides a list of all available desktops.

-idletime: checks how long the victim system has been idle.

-keyscan_start: Starts the keylogger software associated with a process.

-uictl: Enables control of the UI components.

Step six: Privilege escalation

If you want to escalate the system privileges, you can use the gestsytem command. It uses a 15 built-in way to gain system administrator privileges.

Step Seven: How to dump passwords

You can use the hashdump command to grab the hashes in the password file. Notably, the command often trips AV software, although you can run more stealthy like “run smart_hashdump” or “run hashdump.” The above scripts will stop the AV from tripping.

The post Metasploit Meterpreter Cheat Sheet appeared first on Hack Talk.

But hacking in real-world circumstances paints a different picture that more or less isn’t far from the one painted above. Ethical hacking is a term given by a company or an individual that is said to perform by identifying, in a computer or network, potential threats. They do so, not with malicious intent, but with the sole intent of finding vulnerabilities.

The difference in methods between an ethical hacker (also see grey box penetration testing) and a regular hacker isn’t much. They both use the same technique. The only difference is in their intent. One works for the betterment of security while the other works against it. The ones that work for the betterment are called “white hats” and the ones who work with malicious intent are called “black hats”, a set of terms inspired by old western movies in which the good guy wore a white hat and the antagonists, black hats.

Ethical hacking differentiates itself by following a set of rules which include respecting the privacy of the company or the individual, not leaving a backdoor for anyone, including the hacker himself, to exploit later and also letting the ones responsible know about the vulnerabilities in the software or hardware that the company isn’t aware of.

One of the first instances of ethical hacking ever to be recorded was in the 1970s. The United States government assembled a group of experts which came to be known as the “red team”. The team was assigned to hack into their own systems. This led to the spark which that ignited the inception of a sub-industry within the information security market. It has gone on to dwell both the physical and mental aspects of a corporation’s defense line.

Today, many large companies have a team of ethical hackers; some companies have solely focused on ethical hacking alone, such as Trustwave Holdings, Inc. Trustwave Holdings specialize in penetrating ATMs and surveillance systems. The employment of ethical hackers by large companies has come under question. Many people have often voiced criticism, citing there is no such thing as ethical hacking. This is because hacking is seen as a crime and is an action commonly associated with cybercriminals. Ethical hackers are, therefore, needed to ask permission from the network’s owner to perform probing.

But one cannot undermine the importance of ethical hacking as it has led to the successful improvement of security.

The post What Is Ethical Hacking And What Is An Ethical Hacker? appeared first on Hack Talk.