unfo

A few tips for OSCP

1. Doing all of the exercises is important since you will discover low-hanging fruit from the labs based on the recon you do with the different tools in the exercises.
2. Be wary of doing full /24 range port scans, especially for anything more than a few TCP ports. The machines might be in all sorts of broken states left by students etc.
3. When starting to recon a specific machine:

• Revert
• Port scan
• Try to identify services

Those steps in that order are important. You want a fresh state for the machine and you want to do just simple port scanning first because doing nmap's service scanning or nse scripts might send payloads that actually crash services. So be careful.

Cr4sh

void **find_sys_call_table(void *kernel_addr, int kernel_size)
{
    /*
        Check for the system_call_fastpath() signature, hand-written piece of
        assembly code from arch/x86/kernel/entry_64.S:

            ja      badsys
            mov     rcx, r10
            call    sys_call_table[rax * 8]
            mov     [rsp + 20h], rax

okapies

This is a document describing how to install Ubuntu 16.04 LTS on ThinkPad T470s.

My Hardware

• CPU: Intel Core i7-7600U (2.80GHz, 4MB cache)
• Graphics: Intel HD Graphics 620
• Display: 14” WQHD (2560 X 1440) IPS Non-Touch Anti-Glare
• Memory: 24GB DDR4 2133 MHz (8GB Onboard + 16GB)
• SSD: PCIe-NVMe 256G OPAL 2.0
• Wireless: Intel Dual Band Wireless AC (2x2) 8265 Bluetooth 4.1
• Fingerprint Reader

alex-zige

Rails Rspec APIs Testing Notes

Folders Structure

  spec
  |--- apis #do not put into controllers folder. 
        |--- your_api_test_spec.rb  
  |--- controllers
  |--- models
  |--- factories
 |--- views

m1st0

#!/bin/bash

# PHP 8 Compile #
# Author: Maulik Mistry
# Please share support: https://www.paypal.com/paypalme/m1st0
# References:
#   http://www.zimuel.it/install-php-7/
#   http://www.hashbangcode.com/blog/compiling-and-installing-php7-ubuntu
#   root-talis https://gist.github.com/root-talis/40c4936bf0287237839ccd3fdfdaec28
#

kennwhite

Most VPN Services are Terrible

Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.

This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016

lizthegrey

default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'

unfo

How to pass the OSCP

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

ashfurrow

Apps to install from macOS App Store:

• Pastebot
• GIF Brewery
• Slack
• Keynote/Pages/Numbers
• 1Password
• OmniFocus 3
• Airmail 3
• iA Writer

rtt

Tinder API documentation

Note: this was written in April/May 2014 and the API may has definitely changed since. I have nothing to do with Tinder, nor its API, and I do not offer any support for anything you may build on top of this. Proceed with caution

http://rsty.org/

I've sniffed most of the Tinder API to see how it works. You can use this to create bots (etc) very trivially. Some example python bot code is here -> https://gist.github.com/rtt/5a2e0cfa638c938cca59 (horribly quick and dirty, you've been warned!)