[INFO] PBDump - Pastbin Dump

The project to collect sensitive information like: logins, passwords, API, Github/AWS config etc.
More about my project here
#pastbin #security #api #aws #password #login

[INFO] My first forensic script

I prepared the script (category: forensic) to print and/or clear metadata such as: names, author, company, path to resources etc. for the most popular office files like: xlsx/docx/ods/odt, I will add more supported files in the futher.
If you read more about my security projects see here
#forensic #security #wipe #bash #pentest

[INFO] After event BSidesWarsaw2018 - Summary

One again on Security BSides 2018 Warsaw. It was the best conference so far. Location in the city center, air conditioning and interesting speakers as ever afterparty ;)
Big thanks a lot for presentation (in my option the best presentations from BSides2018Warsaw):
- Jacek Grymuza Wykorzystanie [email protected] MITRE Do Wykrywania Technik Stosowanych
- Krystian Szybis Responsible Disclosure W Banku
- Jakub Zoczek Atakowanie Wewnetrznej Infrastruktury Przy Pomocy Przegladarki
- Mariusz Litwin Windows 10 Forensics - for inspirations, very helpful guy, thx.
- Marek Szustak Who Watches The Watchmen
Piotr Jasiek has done a good job.
Security BSides Warsaw - Youtube channel
#bsides #bsideswarsaw2018 #event #security

[INFO] Updated security feeds

I added a new security feeds Security Feeds
I removed unpopular feeds (not useful and not updated for a long time). All feeds are up-to-date (last entries within max 1-2 days).
#update #security #rss #feed

[INFO] A new a project - CEH prepare test

Today I start my project: CEH - prepare quiz.
This script can help you check and improve your knowledge in the area of security, audit, procedures, policy
Select key features:
- random questions
- feedback: correct, not correct answer
- reference
- add a new question
- more...
#security #test #ceh #hacker #learn #script

[INFO] Change on my website, for your and my comfort

First change: Today I decided that I will sort my old and new sources of knowledge on my website.
Second change: I added my security rss.
Full updated list of my links to security resources

##changes ##rss ##channel ##youtube ##security_links ##links ##sec

[INFO] Update information about my projects WAC

Today I added a info about my next security project WAC, script/scanner to check response headers, cookie flags on webistes.
Brief info: current status: in-progress, bash, support read hostnames from file and more functionalities.
The script/scanner is a part of my pentest tools which I use every day during my daily work duties.

#wac #pentest #security #script #sec

[ART] First info about SecurityBSides 2018

Hell yeah!
Finally we know when SecurityBSides 2018 starts.
Below I put the basic information about event:
Agenda in-progress
When: 12-14 October 2018
Where: Warsaw, Tytusa Chalubinskiego 8 street - Oxford Tower
Cost: Free
More information in the near future.

#securitybsides #bsides2018 #security #conference #event #hacking #secure #securitybsides2018

[ART] It is tomorrow, Semafor 2018 Warsaw

From 15/03/2018 to 16/03/2018 I will have the pleasure to participate in conference Semafor 2018 Warsaw. I am waiting for:
- "Dezinformacja i manipulacja w dobie internetu - analiza przypadkow"; Adam Haertle
- "Wpadki i potkniecia polskich bankow "; Piotr Konieczny
- "Bezpieczenstwo API REST - 20 przykladow z zycia wzietych"; Michal Sajdak
- "Socjotechniki, czyli zlosliwe oprogramowanie to nie wszystko"; Pawel Olszar
See you at the ground

#semafor2018 #conference #security #hack #sec #defense #hacking

[INFO] Cybrary.it - script get titles of articles

If you know the webiste cybrabry.it for sure you know that on the page you can read aricles written by cybrary community, my script get all current titles from your home page (first page after logging in).
Download script get_art_cybrabry.sh here.
#cybrary.it #articles #learn #security #article

[INFO] Update my project Hackme

Today I updated my project: Hackme - Vulnerable_page.
This is the VM with vulnerable page, your goal is easy, hack website. Do you like website hacking like sqli, xss, path traversal, if yes please download VM, run and hack ;).
Download VM | md5/sha1 hash
MD5: d2e1eaf99f40554837104332ed51f88b
SHA1: 0d446c1bf248a2138a5c9d9af20c4fc95d15d285
#hackme #hacker #sqli #traversal #xss #vm

[INFO] A new content on my website

I added a new content on my website, info about my accomplishments on the https://www.hackthebox.eu/
#hackthebox #servers #users #hacking #hack

[INFO] Update my project - SecLab

Today I updated my project: SecLab.
It is virtual machine with vulnerability pages as like: DVWA, OWASP Bricks, Mutillidae, bWAPP and others.
Current version uses DHCP. Next edition will be on Arch Linux (current is on CentOS), more contain vuln webistes and VHD will be smaller that now (I hope).
Download VM | md5/sha1 hash
MD5: 9b645161905ea75407e278e2c53413e5
SHA1: e34c475738d48a58a403d90b217262fcdfff06d8
#seclab #hacking #owasp #bwapp #dvwa #bricks #vm

[ART] Search engine for Internet-connected devices - my list

Today short post about my list security engines for Internet-connected devices. The list contain the most used by me webapp.
- Shodan Guide to Shodan | Shodan - Search examples
- Censys Tutorial to Censys | Censys - Search examples
- Zoomeye
By the way, do you know how it is works, that in short time (for example: over 500 banners per sec).
The answer is: zmap
#shodan #zoomeye #censys #iot #ioe

[ART] Hackthebox - invite code

If you have a problem with 'invite code' or if you have to do it quickly, I prepared the script hackthebox.sh.
Please first understand how it is working, analyzing the code.
#hackthebox #script #invite_code

[ART] My impression after Dig IT Workshops

Today I had the pleasure participate in crash course "System Forensics and Incident Handling Workshop" with Paula Januszkiewicz and Grzegorz Tworek.
Workshop helped to understand better how to vulnerability management, detect anomalies, discovery attacks and threats, undestand how compromised system.
Although Windows is not my favorite operating system but really useful knowledge. I recommend :) Thanks for workshop.
#security #workshop #dig_it #paula #januszkiewicz #tworek #cqure.pl #cqureacademy.com

[INFO] Securak Hacking Party - free passes

I have two free passes to the Securak Hacking Party - Cracow (SHP) - today at 5:15pm.
If you are interested - let me know.
See you today at the hacking party.
#securakhackingparty #shp #hacking #meeting #education #edu #learn #oit #event #camera #shodan #zoomeye #ssti

[ART] Run away! Meltdown and Spectre vulnerability coming!

Below I added a few links to websites about vulnerability, I recommend first read these links.
Meltdown, Spectre can be exploited through your browser like Microsoft Internet Explorer, Mozilla Firefox, Google Chrome.
Basic page about Meltdown and Spectre
Details about Meltdown - pdf
Details about Spectre - pdf
Technical overview from Google Project Zero
Linux Kernel Mailing List about new KAISER isolation patches - Thomas Gleixner
List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates
How bypass ASLR - pdf
Example patch KAISER (first patch to analysis)
Article from July 2017 - how reading kernel memory from user mode
More about Address Space Layout Randomization (ASLR)
Practical cache attacks ASLR - video
Web browsers:
Microsoft Edge/IE
Mozilla Firefox
Google Chrome
#meltdown #spectre #linux #processor #vulnerability

[ART] OSCP exam - my impression

A few days ago I had the pleasure join to exam: OSCP. It was very pleasant and educational experience for me.
If you are serious think about the exam, remember:
firstly: you have 24 hours of practice (virtal lab, victims and think 'out-of-the-box') and next 24 hours to prepare the documentation from the previous 24 hour. It is really short time. Don't ignore both areas!
secondly: you must prepare to think 'out-of-the-box', have really practical and theoretical knowledge. Of course you can use pdf/google/your scripts but if you don't have skills, you may have really problem do it within 24 hours.
thirdly: you must have a plan for next 48 hours. What does mean? You should know when to rest, eat, exercise (below my checklist it may be helphul for you).

Below my private checklist ('have must' list):
- coffee with milk (coffeine)
- bar of chocolate (magnesium and energy)
- peanuts (magnesium and energy)
- water min 1,5l (rehydrating)
- chewing gum +25 (concentration)
- food (energy)
- short breaks ever 1hour (rest for brain)
- excercises during breaks (speed up your pulse)
- turn off all time waster (facebook, phone, youtube etc.)
- eye drops (preventing eye dryness)
- sleep min 4 hours during exam (brain and body rest)
- use your authorial scripts automate tedious and boring tasks for example --> pentest_liner.sh
- document all tasks during exam
- backup all documentation to another server (rsync)
- prepare second working VM with Kali and snapshot (full copy)
- read careful instruction from Offensive-Security (very important)
- read careful requirements about your targets (very important)
Have a good time while exam ;)
#oscp #exam #tips #checklist #out_of_the_box #hacking #hack #pentest #pentester

[ART] Poweful 3 x liner for pentester

How to speed up the search for vulnerability, in this case ftp, you can use below three powerful liner.
First step scan with nmap, second step get ip address for all hosts with open ftp port and last step run nmap scripts for service ftp (all from /usr/share/nmap/scripts and start from ftp-vuln).
nmap -v -A -T4 -oA nmap-full-scan
cat nmap-full-scan.gnmap.txt | grep "open/tcp//ftp" | awk '{print $2}' > open-ftp.txt
for i in $(cat open-ftp.txt) ; do $(grep "\-- nmap" /usr/share/nmap/scripts/ftp-vuln-cve2010-4221.nse |awk '{$1=" "; print $0}' | sed -e 's/\|\|\|/'"$i"'/g') ; done

Download liner here
#script #nmap #liner #ftp #automation

[ART] Pentesting testing methodology, standards for pentester

List of the most important methodology for pentester:
- OWASP Web Application Penetration Testing (Testing Guide) - WEB
Web Application Security Consortium Threat Classification (WASC-TC) - PDF
Penetration Testing Execution Standard (PTES) - WEB
- Open Source Security Testing Methodology Manual (OSSTMM) - WEB
- Information Systems Security Assessment Framework (ISSAF) - WEB
- Application Security Verification Standard Project (OWASP ASVS) - WEB
- Penetration Testing Framework (PTF) - WEB
- OWASP Top Ten Project - WEB
- SANS 20 Critical Security Controls - WEB
- NIST SP 800-115 Technical Guide to Information Security Testing and Assessment - PDF
- NIST SP 800-42 - Guideline on Network Security Testing - PDF
- Payment Card Industry Data Security Standard PCI-DSS v2.0 - PDF
- ISO/IEC 27001 (Information Security Management Systems)
- ISO/IEC 27002 (Code of Practice for Information Security Management)
- ISO/IEC 27005 (Information Security Risk Management)
Security Checklist / Guide / Benchmarks
- NIST - National Checklist Program Repository
- CIST - CIST Benchamarks
- SANS - Checklists and Step-by-Step Guides
- Red Hat Enterprise Linux 7 - Security Guide
#OWASP #pentest #methodology #OSSTMM #NIST #ISO #PCI-DSS #CIST

[INFO] After event: BsidesWarsaw2017 - summary

My subjective top 3 talks from BsidesWarsaw:
- Mateusz Kocielski aka Łorys Bącki - Impulse 9 - humorously and interesting about how get shell by Quake ;)
- Adam Haertle - Jak upolować Hakera - interesting, humorously talk about stupid bloomer hackers plus a few protips
- Dariusz Damian Jakubowski - Metody pozostania w ukryciu w sieci i w terenie - brief and general description how to keep safe, few interesting tips
#bsideswarsaw2017 #hacking #security #conference #event #bsides

[INFO] Welcome BSidesWarsaw2017

From 13 to 15 October 2017 I will have great pleasure to be on conference BSidesWarsaw2017 in Warsaw/Poland.
If you want attend on BSW2017 and pick up free pass, please let me know. I still have 2 free pass.
If you need know about Bsides (Security Bsides) please read here.
Video stream from BSidesWarsaw2016 day1 | day2 | day3
I heartily recommend presentation from BSidesWarsaw2016: Cyfrowa twierdza - poradnik rebelianta by Jakub Mrugalski.
Agenda for Warsaw edition Bsides2017 is here.
#bsideswarsaw2017 #security #event #hacking #conference #bsides

[ART] Basic Linux privilage escalation, how do it?

If you have access to Linux server as a user without root privileges, good idea is privilege escalation.
What does it mean? The answer is simple, youmust collect as much as possible information about your victim, search for errors in configuration, backdoors and every opportunity to get full access to server.
Very basic and short information where and how check information about configuration Linux --> Basic Linux privilege escalation
Of course remeber that is not all, you must find more interesting information about your victim, how? So it is very hard question, but I can give you a one tip: meddle.
Soon coming I will prepare my script to privilege escalation (get 'interesting' information about system).
#linux #escalation #privilege_escalation #hacking

[INFO] Anniversary 1 year!!

Today I celebrate anniversary, one year ago I wrote my first post "Hello guys" on my homepage ;)
What has changed in my life?
First I wrote many public/private scripts for sys/sec guys
Secondly I created a few small/medium projects --> myprojects
Thirdly really a lot of new knowledge from in the area of security like: DVWA; OWASP Bricks; OWASP Mutillidae; OWASP bWAPP; Peruggia; Hackthebox.eu; Offensive Security training PWK etc.
My plans for futher?
- finish my open projects (section: TODO)
- start my 'secret' project for security enthusiasts, details soon
- improving my website (tunning website)
#1_year #anniversary

[ART] How to prepare for OSCP certification?

Briefly: practice, practice and again pratice and more knowledge :)
Below I write in my opinion the best two pages which has a many tips how prepare to exam, contain many links to others pages and advice how do it.
- http://www.abatchy.com
- http://niiconsulting.com
From my side I may suggest below materials:
- Cybrary Intro to Ethical Hacking
- Cybrary Web Application Pen-Testing
- Cybrary Advanced Penetration Testing
- Kioptrix VMs
- Cybrary Python for Security Professionals
#hackthebox #OSCP #traning #prepare #certification

[INFO] My first article - "Building Strong Random Passwords: Length vs. Complexity"

Hello friends. I am very happy because my first public article has been published. The article is about basics for creating secure passwords with example script to generate strong random passwords.
Certainly is not my last article on the cybrary.it, currently I am working on next articles.
My article: Building Strong Random Passwords: Length vs. Complexity.
The page https://cybrary.it is a online cyber security traning, it is very good resource of security knowledge for everyone who want know more.
Why I recommend Cybrary?
- cyber security micro courses
- cyber security skill certifications (pdf)
- cyber security certifications (pdf)
- badges
- 0P3N
- over 1 million members
- over 80 cyber security courses
#article #passwords #cybrary #free_learning #courses

[INFO] Added mission solutions for http://hackthebox.eu

Guys today I added my solutions for mission from http://hackthebox.eu.
If you have doubts with tasks or you need suggestions how resolve task here you have file with answers.
Remember that only solved tasks on my own give you true learn. I hope that you understand my bro.
Have a good time and 'hack them all :)
#hackthebox #OSCP #hacking #solution

[SCRIPT] Oath (event/time token) on Linux

If you know what is the yubikey, for sure you know that yubikey have a good functionality: OATH-TOTP and OATH-HOTP.
If you don't have yubikey or another hardware key with support OATH you may use the script to generate it.
Below I prepared next easy and clean script, this time I have for you script to generate:
- Event Token (OATH-TOTP)
- Time Token (OATH-HOTP)
- Secret key
Default settings for event token is create a 10 tokens, for time token is change token always after 60 seconds.
Script is here --> oath_token.sh
If you need more information how it works or you are geek, I suggest look on:
- RFC 6238 - TOTP: Time-Based One-Time Password Algorithm
- RFC 4226 - HOTP: HMAC-Based One-Time Password Algorithm
#oauth #hoth #toth #event_token #time_token #token #security #hardware_token

[ART] PHP webshells - how to find on my server

The easiest way is to find keywords typical php shells for example:
system, curl_exec, passthru, base64_decode, shell_exec, exec, eval, create_function, passthru, edoced_46esab, proc_open, curl_multi_exec,parse_ini_file, show_source.
If you have access to server you can use find and grep commands on Linux like:
find /var/www/ -name "*.php" -type f -exec grep -nHoE 'system| curl_exec| passthru| base64_decode| shell_exec| exec| eval| create_function| passthru| edoced_46esab| proc_open| curl_multi_exec| parse_ini_file| show_source' {} \; 2>/dev/null
UPDATE [2017/08/02; 04:47]:
I addedd my script, it checksif you have phpshell on your webserver. phpshell_detect.sh
If you cant access to server you can use software: Web Shell Detector, maldet, rkhunte.
#hacking #hack #php #shell_php #shell #script #bash

[SCRIPT] Script to generate random passwords

Today I have for you my authorship easy and effective script to generate random passwords.
I use the script to generate password for personal and professional use for example: login page/password to OS/etc.
Below the example passwords:
2B%c80By}|Tg ?to7O
dcJX:"c`ymXk >y~gA
- portable code may works on Linux/Cygwin [tested on Centos/Ubuntu/Cygwin]
- using: cat | /dev/urandom | tr | head
- clear code
- you can generate passwords of any length and any quantity
#script #password #random_password #linux

[ART] Two good lists of Sec talks/videos

If you are interested in security and want be 'up-to-date', great I have for you two good pages with links to talks and videos about security.
These pages are kept up to date, have archival videos and a lot of sources.
So let start guys ;)
#video #list #security #hacking #learning #links

[ART] Hashcat - Parsing Hashes: 0/1 (0.00%)...No hashes loaded - why?

Recently during testing the website I had small problem with cracking passwords.
Below details:
[email protected]:~/Desktop/directory$ hashcat -m 300 --force uuu.hash rockyou.txt
hashcat (pull/1273/head) starting...
OpenCL Platform #1: The pocl project
art.sh index.html index_temp.html update.sh Device #1: pthread-Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz, 10031/10031 MB allocatable, 2MCU
Hashfile 'uuu.hash' on line 1 ($P$BgrNqqCM54GCFYkbsk4MIZ/cXoj8nU1): Line-length exception
Parsing Hashes: 0/1 (0.00%)...No hashes loaded.
Started: Wed Jul 5 07:01:42 2017
Stopped: Wed Jul 5 07:01:42 2017s

Where was the problem?
I choose the wrong hash type ;)
My suggestion first check and make sure that use correct hash type. If you are not sure you can use tool called: hash-identifier or check manually on Hash types - Hashcat (hardcore geek way ;))).

If you need more knowledge about cryptographic hash functions I recommend to:
Comparison of cryptographic hash functions
Hash function security summary
Cipher security summary
List of hash functions
#hacking #kali #cracking #cathash

[ART] List of honeypots

Do you need honeypot but you don't know where to start search? Or maybe just looking for good list of honeypots to compare with others?.
I have for you 2 pages with list of honeypots (really great lists).
First link here and second link here
If you don't know what is honeypot - read here
#hacking #honeypot #list_of #kippo #honeywall #kojoney

[INFO] My solution tasks for: DVWA, Bricks, Mutillidae, bWAPP, Peruggia and others

If you are interested security and you want develop your security skills for sure you know what it is: Damn Vulnerable Web Application, OWASP Bricks, OWASP Mutillidae and others pages from my list .
At the moment I finished DVWA and OWASP Bricks and currently I am working on: OWASP Mutillidae, OWASP bWAPP as for 29.06.2017.
Current status is here below Achievement.
#solution #dvwa #bricks #owasp #hacking #learning

[ART] A pack of security addons for Firefox

It is short post for everyone who want install additional security addons for Firefox, but have a doubts. The list created by Jeremy Druin, author the OWASP Mutillidae 2 Project
List of security addons for Firefox
#firefox #security #pack #addons #web_security

[ART] Upsss OWASP Mutillidae 2 doesn't work on CentOS?

First check your error log for apache (in my case /var/www/httpd/error.log) if you see error like:
Call to undefined function mb_convert_encoding()
you should install yum install -y php-mbstring.x86_64, restart your apache and reload you webpage.
If you get error like:
"The database server at localhost appears to be offline"
on homepage, I suggest check again configuration file MySQLHandler.php, maybe problem is with login/password to database or you should change database hostname. In my case I must edit my config in location /var/www/mutillidae/classes/MySQLHandler.php and replace row: static public $mMySQLDatabaseHost = ""; on static public $mMySQLDatabaseHost = "localhost";
#centos #problem #Mutillidae #solve

[ART] Hub with hacking/cracking/CTF

Short post about place where you can try your hacking/cracking skills.
- frequently update tasks (wonderfully ;))
- community
- variety tasks, areas, goals (get flag / get access root / get a shell / vulnerable web / stenography / other)
- variety difficulty
- interesting ideas (CTF/vulnerable web collections on VM)

#hack_me #secure #hacking #education #ctf #vulnerable #wargames #hack

[INFO] Updated list of CTF/hack/wargames/vulnerable webpages

Guys today I have for you updated list of CTF/hack/wargames/vulnerable webpages, it means that you may have more fun and more areas to improve your hacking skills ;)
I added 21 a new websites also in this “ExploitMe Mobile Android“, yes, yes, yes this is a environment to hacking Android, surprise ;)
Full updated list
#hack_me #secure #hacking #education #ctf #vulnerable #wargames #hack

[ART] Bugbounty list - legal hacking

Do you want test you technical skills/knowledge on live systems and get:
Thanks ; Gifts ; HoF ; Rewards from "victims*"?
If yes, I below put a main resources:
- Bugcrowd.com
- Vulnerability-lab
- Hackerone
- Firebounty
- Bugbounty
Have a fun and good luck my security buddy ;)
art.sh index.html index_temp.html update.sh - company who shared program bugbounty
#bugbounty #hack #hacking #ethicalhacker #list

[INFO] List tools from Kali

Today I have for you updated list of security tools from Kali with description
Tools from Kali

#kali #list_of_security #hack #hacking #linux_kali

[ART] DVWA (Damn Vulnerable Web Application) - problem with install on Centos

Today I have for you two tips to help you install DVWA on Linux (tested on CentOS).
First read install guide
First tip:
I can't install DVWA on Linux because I see error: Could not connect to the database - please check the config file
If your settings in file: config.inc.php are correct check again server_name in line: $_DVWA[ 'db_server' ] = ''; and correct db_server from to localhost
Second tip:
I get error that my folder uploads is no writable: Writable folder /var/www/dvwa/hackable/uploads/: No
I am sure that you set correct permission for folder uploads, set access for web user, but still problem. I suggest change folder name from uploads to uploads_BAC and again change folder name from uploads_BAC to uploads.
Again set correct access and permission, after this operations your DVWA should works ;)
BTW.: Default security level is: "impossible", I suggest change it on "low" or "medium".
#dvwa #centos #security #vulnerable #tools

[ART] Burp Suite error "burpsuite handshake alert: unrecognized_name"

If you have problem with open website when you use Burp and you get error: burpsuite handshake alert: unrecognized_name" you should close Burp and open again with option: -Djsse.enableSNIExtension=false
java -Djsse.enableSNIExtension=false -jar burpsuite[YOUR_VERSION].jar
The problem is with Java from an update in Java 7 where Server Name Indication (SNI) support was enabled by default
If you know more please read this
#burp #proxy #java #burp_suite

[ART] List of attacks - OWASP

This is a list of common attacks in one place, types of attacks, how to protect yourself and how to test. Below "Pages in category "Attack"" you see links to description of attacks.
List of attacks
#attack #list #hacking #prevent #owasp #xss #hijacking #csrf

[ART] My favorite youtube channels list about security

Hi. It is next post about useful list that may be helpful for you. This is my subjective list youtube channels for everyone who likes and love security.
My list includes two groups, channels for people who know polish (with mark PL) and people who know english (mark EN).
If you want be 'up-date' in future you can see here, this is the file where I will update my favorite channels, if you want suggest 'good' source, please let me know.
English Youtube channels:
Adrian Crenshaw [EN]
Security BSides London [EN]
Virus Bulletin [EN]
GynvaelColdwind [EN]
Polish Youtube channels:
Akademickie Stowarzyszenie Informatyczne [PL]
CERT Polska [PL]
GynvaelColdwind [PL]
Bsides Warsaw
#security #videos #hacking #pentest

[INFO] Basic Security Checklist Update

I updated basic security checklist, I added a some records which I consider that important for security. I will update this checklist in the future.
security checklist update
#checklist #security #linux #hardering

[ART] Basic Security Checklist

I have prepared for you prelude to security your Linux as concise checklist. security checklist
#checklist #security #linux #hardering

[INFO] A new content on the page

From today I have the pleasure to inform you that I am starting with a new content on the page. First I will put my content with tag [ART], [INFO], [SCRIPT].
My next post will be about basic security checklist, short prelude to security. Have a fun and safe play ;)
#info #update #tag

[ART] Security/OpenSource/News RSS

Hello amigo, today I have great pleasure give you a list of the best rss channel about security/opensource/news from the Internet. Pluse point is that in one place where you can read short description and link to the webistes and read more. RSS channels.
#info #rss #security #open_source #news

[SCRIPT] Added a new script "Compare SSL keys"

Next useful script compare_ssl_keys.sh use to check that your keys are consistent. Below a short presentation how it works.
[[email protected] check_ssl]$ ./compare_ssl_keys.sh
*.crt: cert.crt
*.key: private.key

*.crt: 4d72cbd0e029b2147b1ac05adedea7a5
*.key: 4d72cbd0e029b2147b1ac05adedea7a5
*.csr: error
#script #ssl #compare #tool #testing #info

[INFO] Updated my script "Check propagation DNS"

Today I updated my check_propagation_dns.sh to checking propagation DNS records. I added a new DNS servers. Below a short presentation how it script works.
[[email protected] propagation]$ ./check_propagation_dns.sh chojnowski.it
SERVER DNS FROM:Saint_Petersburg_RUS
#info #update #dns #script #tool

[INFO] Finally welcome on my website https://chojnowski.it

Hell yeah! Yes it is true from today my website https://chojnowski.it has a SSL certificate.
#info #update #https

[SCRIPT] Check propagation DNS records all over the world - script

Today I put on my website, simple and quick check_propagation_dns.sh test where your DNS records are available.
Titbit: do you know that my domain chojnowski.it aren't available in: Mexico_City (Mexico), Tirana (Albania), Johannesburg (South Africa), New South Wales (Australia) - very interesting ;)
Remember: sometimes your domain may be not available in diferrent countries, don't worry ;)
#script #dns #propagation #testing #tool

[ART] List of CTF/hack/wargames/vulnerable webpages (primarily practice)

Today I have for you list websites where you can test your knowledge/technical skill of security. Most of websites are "OFFLINE" I mean you have to use virtual machine on your computer.
ONLINE - you can start fun on the website (online challenge)
OFFLINE - you have to download software to your computer
WEB - type of vulnerability
VM - virtual machine
CODE - software is code and you have to install on your virtual machine
LOGIN - Website require create account
NO LOGIN - Website not require create account

(ONLINE / LOGIN) https://www.hack.me/
(ONLINE / LOGIN) https://www.hackthis.co.uk
(ONLINE / LOGIN) http://Enigmagroup.org/
(ONLINE / LOGIN) https://lab.pentestit.ru/
(ONLINE / NO LOGIN) http://overthewire.org
(ONLINE / NO LOGIN) http://smashthestack.org
(ONLINE / NO LOGIN) http://ctf.infosecinstitute.com
(ONLINE / LOGIN) https://ctf365.com/
(ONLINE / LOGIN) https://www.root-me.org
(OFFLINE / VM) https://exploit-exercises.com/
(OFFLINE / VM) http://www.cis.syr.edu
(ONLINE / LOGIN) http://www.wechall.net
(OFFLINE / WEB / VM) OWASP_Broken_Web_Applications_Project
(OFFLINE / WEB / CODE) OWASP_Mutillidae_2_Project
(OFFLINE / WEB / VM) hackxor
(OFFLINE / WEB / VM / CODE) vuln-web-app
(OFFLINE / WEB / VM) lampsecurity
(OFFLINE / WEB / VM) virtualhacking
(OFFLINE / WEB / VM) metasploitable
(OFFLINE / WEB / CODE) exploitcoilvuln
(OFFLINE / WEB / CODE) OWASP_WebGoat_Project
#hack_me #secure #hacking #education #ctf #vulnerable

[ART] Interesting links from OWASP Project

Below the best projects, materials about website/application security from OWASP Project.
- Testing Guide - OWASP Testing Project
- List of the 10 Most Critical Web Application Security Risks - OWASP Top Ten Project 2013. Version 2016 should be this year or early next year.
- Fundamentals of testing web application technical security controls and secure development.OWASP Application Security Verification Standard Project (OWASP ASVS)
- Cheat sheets provide collection of information on specific web application security topics - OWASP Cheat Sheet Series
- Describe the most important control and control categories in your projects (for all architects and developers) - OWASP Proactive Controls
- Utility checks publicly disclosed, vulnerabilities in your software (Java, .NET) - OWASP Dependency Check
#owasp #projects #top_ten #guide #education #security #tips #tricks

[ART] Metasploit Unleashed - Free Ethical Hacking Course + video

If you reflect how is first step to learn ethical hacking, you should consider free course about how tool Metasploit Unleashed.
Official free ethical hacking is available here
Minimum hardware requirements (on VM):
- HDD: 10 GB
- RAM: 512 MB
- CPU: 500 Mhz
farther you can take a look on free video materials
Have fun! ;)
#metasploit #security #hacking #course #video #education #ethical_hacker #hacking

[INFO] FreeIPA, problem with your IP address server?

If you have a problem during installing FreeIPA on virtual machine and get below error message:
invalid ip address for ipa.example.com: cannot use ip network address
you should change mask from /32 to /24 (or some other network mask)
Problem is visible in line inet when you enter command:
[[email protected] ~]$ ip addr | grep
inet brd scope global eth0
#linux #free_ipa #tips #trick

[ART] Hardering RedHat Enterprise 7 (Security Guide)

Security friends, below I would like to present security guide for Red Hat Enterprise ver. 7=>, it is very clear and easy way to learn how hardering Linux (Red Hat, Centos, Fedora and other distro which is based on Red Hat). By the way I recommend other materials from http://www.redhat.com/.
Security Guide here
All documents for Red Hat Enterprise Linux here
#linux #red_hat #hardering #secure #guide

[ART] List tools for pentester

It is list over 235 tools for pentester/ethical hacker/security expert with description from my distro: Kali Linux. The list can you help quick find proper tool for your expectation.
Below example:
hping3 +++ Active Network Smashing Tool
p0f +++ Passive OS fingerprinting tool
sslstrip +++ SSL/TLS man-in-the-middle attack tool
Download here.
If you want see all basic tools from official website click here.
#kali #security #backtrack #pentester #hacking #ethical_hacking #security

[INFO] Hello guys

It is my first post on my page. Section "Home" will be use to post a short and very very short information, tips and links about security, open source and everything what is interesting. Sometimes I may post information about update homepage or information about me.
If you want know more about me please click here
If you want know about me projects please click here
#hello #first_post