Forwarded from 0x0012637 » ([L]uŧh1er | #PL )
The Complete Cyber Security Course - Endpoint Protection
https://mega.nz/#F!5HgF2ByB!P4pXvkCyjfB1z8oEwn2OtA
https://mega.nz/#F!5HgF2ByB!P4pXvkCyjfB1z8oEwn2OtA
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now
the-complete-cyber-security-course-anonymous-browsing
https://mega.nz/#F!AfZx2AqL!_9UeIUJBzAz_fyjDCpwa9A
https://mega.nz/#F!AfZx2AqL!_9UeIUJBzAz_fyjDCpwa9A
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now
" From February to September 2016, WhiteBear activity was narrowly focused on embassies and consular operations around the world. All of these early WhiteBear targets were related to embassies and diplomatic/foreign affair organizations. Continued WhiteBear activity later shifted to include defense-related organizations into June 2017. "
https://securelist.com/introducing-whitebear/81638/
https://securelist.com/introducing-whitebear/81638/
Securelist
Introducing WhiteBear
WhiteBear is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private intelligence report “Skipper Turla – the White Atlas framework” from mid-2016.
The No-Bullshit Guide to Pentest
Here's a few suggestions in no particular order.
> Learn python
> Learn assembly for at least x86
> Set up a test lab
> Put a small Windows domain in your lab and try to go from a regular user foothold to domain admin. Also try to go from a local administrator to domain admin. You can simulate that scenario by having a privileged account login to a workstation used by the local admin as if it were helpdesk troubleshooting a problem, then attack it as the stolen local admin account and use a tool like Mimikatz to get the privileged account and pivot from that workstation.
> Grab some intentionally vulnerable virtual machines and poke at them in your lab. Vulnhub has these for download and there's several other places too.
> If you're wanting to get into web app pentesting, learn javanoscript, learn how web servers work, learn how web browsers work, fire up wireshark and capture then analyze the traffic when you browse to a regular HTTP website, then again when you browse to HTTPS.
> Get good with Google.
> Hit up a training course for CEH (weak, but teaches some basic concepts) or PWK/OSCP (beast, and probably way out of your league as a beginner) and take everything you learn and apply it in your test lab. The knowledge is worthless unless you do something with it, so practice, practice, practice!
> Learn to hide. Find ways to hide your traffic in the normal background noise of a busy network. Learn to know what I mean by normal background noise of a network.
> Learn about the tools the blue teams will use to detect and stop you. Learn about next-gen firewalls, IPS devices, malware sandboxes, etc. Be too noisy and you get caught.
> And the most important one: never attack something without getting the owner's permission in writing first. CYA is a way of life
~ @H0N3YP07
Here's a few suggestions in no particular order.
> Learn python
> Learn assembly for at least x86
> Set up a test lab
> Put a small Windows domain in your lab and try to go from a regular user foothold to domain admin. Also try to go from a local administrator to domain admin. You can simulate that scenario by having a privileged account login to a workstation used by the local admin as if it were helpdesk troubleshooting a problem, then attack it as the stolen local admin account and use a tool like Mimikatz to get the privileged account and pivot from that workstation.
> Grab some intentionally vulnerable virtual machines and poke at them in your lab. Vulnhub has these for download and there's several other places too.
> If you're wanting to get into web app pentesting, learn javanoscript, learn how web servers work, learn how web browsers work, fire up wireshark and capture then analyze the traffic when you browse to a regular HTTP website, then again when you browse to HTTPS.
> Get good with Google.
> Hit up a training course for CEH (weak, but teaches some basic concepts) or PWK/OSCP (beast, and probably way out of your league as a beginner) and take everything you learn and apply it in your test lab. The knowledge is worthless unless you do something with it, so practice, practice, practice!
> Learn to hide. Find ways to hide your traffic in the normal background noise of a busy network. Learn to know what I mean by normal background noise of a network.
> Learn about the tools the blue teams will use to detect and stop you. Learn about next-gen firewalls, IPS devices, malware sandboxes, etc. Be too noisy and you get caught.
> And the most important one: never attack something without getting the owner's permission in writing first. CYA is a way of life
~ @H0N3YP07
Forwarded from .: PR1V8 :.
#desec #pr1v8 #informacaolivre #acervopr1v8 #kopimi
Novo curso no @acervopr1v8!
Desec Security - Pentest Profissional Completo
dl: https://news.1rj.ru/str/acervopr1v8/224
senha: @PR1V8
🌐 @PR1V8
Novo curso no @acervopr1v8!
Desec Security - Pentest Profissional Completo
dl: https://news.1rj.ru/str/acervopr1v8/224
senha: @PR1V8
🌐 @PR1V8
https://drive.google.com/open?id=0B9NFM_JUmxW_UmYxSmdDUkt3Nmc
Correção do Módulo 6 incluso - Mairo Vergara 4.0
🕴🏼 @NoUs3r
🕴🏼 @Phantasm_Lab
Correção do Módulo 6 incluso - Mairo Vergara 4.0
🕴🏼 @NoUs3r
🕴🏼 @Phantasm_Lab