marcostolosa

Sete Atitudes para Hackear a Indústria de Software

by Klaus Wuestefeld

1) Torne-se excelente.

Seja realmente bom em alguma coisa. Não fique só choramingando ou querendo progredir às custas dos outros. Não pense q pq vc sentou 4 anos numa faculdade ouvindo um professor falar sobre software q vc sabe alguma coisa. Jogador de futebol não aprende a jogar bola tendo aula. Ele pratica. Instrumentistas geniais nao aprendem a tocar tendo aula. Eles praticam. Pratique. Chegue em casa depois do trabalho e da aula e pratique. No final de semana, pratique.

• Crie seu próprio virus, seu proprio jogo, seu proprio SO, seu proprio gerenciador de janelas, seu proprio webserver, sua propria VM, qq coisa. Varias coisas.

Nao precisa ser só programacao. Pode ser networking, vendas, etc. Só precisa ser bom mesmo. Tenha paixão pela coisa.

marcostolosa

Docker for Penetration Testing

Official Kali Linux

docker pull kalilinux/kali-linux-docker 

Official OWASP ZAP

marcostolosa

from PIL import Image

i1 = Image.open("A.png")
i2 = Image.open("B.png")
img = Image.new('RGB', i1.size)

p1 = i1.load()
p2 = i2.load()
pnew = img.load()

marcostolosa

Command Line cheat-sheet

Search recursively for a string inside files and directories

grep -R 'string' dir/
egrep -ril 'string|palavra2' ./dir

Download entire website w/ wget

marcostolosa

Docker Cheat Sheet

Table of Contents

• Why Docker
• Prerequisites
• Installation
• Containers
• Images
• Networks

marcostolosa

Bash Getting started

Example

#!/usr/bin/env bash

NAME="John"
echo "Hello $NAME!"

marcostolosa

Bash is a name of the unix shell, which was also distributed as the shell for the GNU operating system and as default shell on Linux and Mac OS X. Nearly all examples below can be a part of a shell script or executed directly in the shell.

Read more here.

#!/bin/bash
# First line of the script is shebang which tells the system how to execute
# the script: http://en.wikipedia.org/wiki/Shebang_(Unix)
# As you already figured, comments start with #. Shebang is also a comment.

marcostolosa

# read more here http://tautt.com/best-nginx-configuration-for-security/

# don't send the nginx version number in error pages and Server header
server_tokens off;

# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;

marcostolosa

Typing vagrant from the command line will display a list of all available commands.

Be sure that you are in the same directory as the Vagrantfile when running these commands!

Creating a VM

• vagrant init -- Initialize Vagrant with a Vagrantfile and ./.vagrant directory, using no specified base image. Before you can do vagrant up, you'll need to specify a base image in the Vagrantfile.
• vagrant init <boxpath> -- Initialize Vagrant with a specific box. To find a box, go to the public Vagrant box catalog. When you find one you like, just replace it's name with boxpath. For example, vagrant init ubuntu/trusty64.

Starting a VM

• vagrant up -- starts vagrant environment (also provisions only on the FIRST vagrant up)

marcostolosa

Vagrant.configure("2") do |config|
  # All Vagrant configuration is done here. The most common configuration
  # options are documented and commented below. For a complete reference,
  # please see the online documentation at vagrantup.com.

  # Every Vagrant virtual environment requires a box to build off of.
  config.vm.box = "precise64"

  # The url from where the 'config.vm.box' box will be fetched if it
  # doesn't already exist on the user's system.