[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website

This entry is part 25 of 32 in the series [ Hacker Night School ]

OWASP supports two hackable-website packages, WebGoat and Mutillidae. “WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.” – https://github.com/WebGoat/WebGoat …

[ Pen Testing ] :: Step by Step :: Exploiting SETUID

This entry is part 1 of 1 in the series [ Penetration Testing ]

Setting the user ID on an executable means it runs under that user’s permissions, not the perms of the user that runs the executable. It’s highly useful in system admin, but it’s wildly dangerous too, because every SETUID file is a vector for hacking. John Hammond (on YouTube) give an excellent example in the context …

[ Hacker Night School ] :: Kali Linux Metapackages (All Tools or Subsets)

This entry is part 20 of 32 in the series [ Hacker Night School ]

There are actually four subsets of tools you can install with Kali, depending on your needs, disk resources and download speeds. These packages have names like kali-linux-full and kali-linux-all (those sound the same, don’t they?). Fortunately the good people at Offensive Security have a guide to the various metapackages. For instance: kali-linux is the barebones, …

[ Hacker Night School ] :: Adding the Kali Tools to Ubuntu

This entry is part 19 of 32 in the series [ Hacker Night School ]

Kali is cool as hell, but taking it to work could get you fired, or at some of the places I support, get me arrested. It’s not really intended to be a daily-driver OS, though the 2020 update has moved it a long way in that direction. The biggest problem with carrying Kali around is …

[ Hacker Night School ] :: A Memory Forensics with Volatility Writeup

This entry is part 18 of 32 in the series [ Hacker Night School ]

I’ve spoken in many classes about the process of dumping memory with DumpIt, then analysis with Volatility (preinstalled on the SIFT Workstation, a VM distro you should definitely explore). Meet LeetDev.net and their CTF Archives. Here’s a link to the CTF list page; click the Volatility graphic to go to the article, fortunately in English. …

[ Hacker Night School ] :: Commando VM: a Windows Hacking “Distro”

This entry is part 21 of 32 in the series [ Hacker Night School ]

When you hack or pen test or play CTF, you use Kali or Parrot or some other Linux, right? Windows hasn’t been a preferred security testing platform, but that doesn’t mean people haven’t been thinking about it. Enter FireEye, and the “Commando VM: The First of Its Kind Windows Offensive Distribution”. Hmmm. So … going …

[ Hacker Night School ] :: Metasploitable 3: A Hackable Windows VM

This entry is part 23 of 32 in the series [ Hacker Night School ]

Rapid7 is the organization behind Metasploit, and also maintains a series of vulnerable-by-design virtual machines – Metasploitable 1, 2 and now 3.The first two were nice Linux machines with lots of services and misconfigurations to exploit, but the third is a Windows machine. This requires using Vagrant to provision (build and configure) a VM from …

[ Hacker Night School ] :: VulnHub Walk-Throughs: This is how you learn to pwn

This entry is part 22 of 32 in the series [ Hacker Night School ]

Of course all us 1337 haxors know about VulnHub (https://www.vulnhub.com/), where you can download virtual machines to hack to your heart’s content. This place will devour your free time, your weekends, your relationships. Some of the challenges will truly reduce your brain to pudding. IgniteTechnologies maintains a Github repo of of hackingwalk-throughs against a bunch …

[ Hacking 101 ] :: [ Introduction ]

Hacking 101
This entry is part 2 of 11 in the series [ Hacking 101 ]

Hacking 101: Just the Basics. ¬†Okay, I’m picking up another video series, and this time I’m working to answer the question I see on so many pentesting and CTF videos: How do you get started doing this? Watch this video and then: Assignments: Introduction (Video 1) 1. Set up at least three email/user accounts. Try …