jivoi

A curated list of AWS resources to prepare for the AWS Certifications

A curated list of awesome AWS resources you need to prepare for the all 5 AWS Certifications. This gist will include: open source repos, blogs & blogposts, ebooks, PDF, whitepapers, video courses, free lecture, slides, sample test and many other resources.

---

Index:

jivoi

• How to Build a Successful Information Security Career (Daniel Miessler)
  • https://danielmiessler.com/blog/build-successful-infosec-career/#gs.DtVCbbw
• The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
  • http://blog.erratasec.com/2010/04/first-steps-to-career-in-information.html#.WFrbofkrIuU
• Hiring your first Security Professional (Peerlyst - Dawid Balut)
  • https://www.peerlyst.com/posts/hiring-your-first-security-professional-dawid-balut
• How to Start a Career in Cyber security
  • https://www.concise-courses.com/security/how-to-start-your-career/
• How to Get Into Information Security (ISC^2)
• https://www.isc2.org/how-to-get-into-information-security.aspx

jivoi

from shodan import Shodan
from shodan.helpers import open_file, write_banner
from shodan.cli.helpers import get_api_key
from sys import argv, exit

# Input validation
if len(argv) != 3:
	print('Usage: {} <IPs filename> <output.json.gz>'.format(argv[0]))
	print('Example: {} grizzly-ips.txt shodan-grizzly.json.gz'.format(argv[0]))
	exit(1)

jivoi

Penetrating Testing/Assessment Workflow & other fun infosec stuff

https://github.com/jivoi/pentest

My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

• Reconnaissance
  • Passive/Semi-Passive
    • Tools
• Discover - https://github.com/leebaird/discover

jivoi

RSA 2017 DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links  SessionID: HTA-W02

https://www.slideshare.net/chrisgates/devoops-attacks-and-defenses-for-devops-toolchains

Past talks:
http://www.slideshare.net/KenJohnson61/aws-surival-guide

[Ken Johnson earlier talk on AWS security, dedicated to using these services (cloudwatch/config/cloudtrail)]
https://www.youtube.com/watch?v=g-wy9NdATtA&feature=youtu.be

jivoi

#!/bin/bash
python3 bot.py

jivoi

hashcat (v3.30) starting in benchmark mode...
...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: Tesla K80, 2047/11439 MB allocatable, 13MCU
* Device #2: Tesla K80, 2047/11439 MB allocatable, 13MCU
* Device #3: Tesla K80, 2047/11439 MB allocatable, 13MCU
* Device #4: Tesla K80, 2047/11439 MB allocatable, 13MCU
* Device #5: Tesla K80, 2047/11439 MB allocatable, 13MCU

jivoi

How to pass the OSCP

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

jivoi

Steps to install Metasploit on Windows 10 using the Windows Subsystem for Linux

1.) Enable Developer Mode
    C:\> reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1"

2.) Enable Windows Subsystem for Linux
    C:\> DISM /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux

3.) Reboot

jivoi

# Serving Random Payloads with NGINX
# add set_random module https://github.com/openresty/set-misc-nginx-module#set_random
# edit file /etc/nginx/sites-enabled/default

set_random $uri 1 3;

map $uri $payloads {
    1 /payload.lnk;
    2 /payload.hta;
    3 /payload.exe;