Данная брошюра подготовлена в качестве бесплатного иллюстративного, уточняющего и раздаточного материала к персональным выступлениям Ивана перед студентами, магистрантами, аспирантами и молодыми учеными высших учебных заведений, профильных образовательных ИТ\ИБ школ и технопарков. А так же всех кто интересуется биографией, карьерным путем и саморазвития Ивана в период с первого выпуска из университета в 2010 году до сегодняшнего дня (январь 2025). Материал носит информационно-справочный характер и призван углубить некоторые знания и дать подтверждающую базу о рассматриваемых на выступлении вопросах.
Иван расскажет свою историю успеха, путь от спеца техподдержки до CISO и владельца ИТ стартапа, Представленный материал вобрал в себя опыт 15 лет работы в индустрии ИБ, (само)обучении, саморазвитии, выступлении спикером, научных и профильных технических публикациях, участия в акселераторе и т.п. По мимо этого, брошюра содержит практически значимые и полезные сведения, советы, рекомендации по развитию профессиональных и личностных качеств, техник (само)обучения, презентации, поиска и реализации возможностей. По мимо этого брошюра дополнена личными мыслим, персональными выводами, мировоззренческими концепциями и субъективными ощущениями автора.
Каждый в детстве мечтает стать легендой (достойно заработать, купить дом или переехать в друге место, открыть свое дело, изменить мир и т.д.), и правда состоит в том – что легендой можешь стать именно ТЫ! Кейс Ивана демонстрирует факт реализации возможностей, показывает, что каждый имеет потенциал и может реализовать себя в жизни, обеспечить достойный уровень себе и близким, и даже в чем-то изменить мир к лучшему! ТЫ — это возможность!
🔻 Demo video clip
#info #great
Please open Telegram to view this post
VIEW IN TELEGRAM
3👍8❤3🤡2❤🔥1🎉1
True_Story_Ivan_Piskunov_w2hack_ver.1.2_Release_2025.pdf
25.7 MB
Please open Telegram to view this post
VIEW IN TELEGRAM
1👍8❤7🔥3😱3🤡2❤🔥1🎉1
Mastering Active Directory Attacks: The Red Team Playbook by Daily REDTeam, 2024
Active Directory (AD) is the crown jewel for attackers during engagements. This comprehensive guide dives deep into techniques that every red teamer should have in their arsenal. From recon to privilege escalation, it's all about navigating and exploiting AD's complexity.
Key Highlights:
1️⃣ Reconnaissance with BloodHound & PowerView
Map out AD relationships and uncover attack paths using BloodHound.
Enumerate users, groups, and domain policies with PowerView.
2️⃣ Privilege Escalation:
Exploit Kerberoasting and Pass-the-Hash to compromise service accounts.
Abuse vulnerable Group Policy Objects (GPOs) to escalate privileges.
3️⃣ Credential Dumping:
Leverage Mimikatz and DCSync attacks to extract sensitive credentials.
Dump NTDS.dit for domain-wide access.
4️⃣ Kerberos Ticket Attacks:
Deploy Golden Ticket and Silver Ticket attacks to maintain persistent access.
Exploit Kerberoasting to crack service account credentials offline.
5️⃣ Misconfigurations to Exploit:
Attack poorly configured LDAP and SMB signing settings.
Abuse Active Directory Certificate Services (AD CS) for privilege escalation.
Tools for Success:
🛠 BloodHound
🛠 CrackMapExec
🛠 Mimikatz
🛠 Impacket
🛠 PingCastle
#windows
Active Directory (AD) is the crown jewel for attackers during engagements. This comprehensive guide dives deep into techniques that every red teamer should have in their arsenal. From recon to privilege escalation, it's all about navigating and exploiting AD's complexity.
Key Highlights:
1️⃣ Reconnaissance with BloodHound & PowerView
Map out AD relationships and uncover attack paths using BloodHound.
Enumerate users, groups, and domain policies with PowerView.
2️⃣ Privilege Escalation:
Exploit Kerberoasting and Pass-the-Hash to compromise service accounts.
Abuse vulnerable Group Policy Objects (GPOs) to escalate privileges.
3️⃣ Credential Dumping:
Leverage Mimikatz and DCSync attacks to extract sensitive credentials.
Dump NTDS.dit for domain-wide access.
4️⃣ Kerberos Ticket Attacks:
Deploy Golden Ticket and Silver Ticket attacks to maintain persistent access.
Exploit Kerberoasting to crack service account credentials offline.
5️⃣ Misconfigurations to Exploit:
Attack poorly configured LDAP and SMB signing settings.
Abuse Active Directory Certificate Services (AD CS) for privilege escalation.
Tools for Success:
🛠 BloodHound
🛠 CrackMapExec
🛠 Mimikatz
🛠 Impacket
🛠 PingCastle
#windows
🔥4❤3👍1
Mastering Active Directory Attacks_The Red Team Playbook.pdf
529.3 KB
Mastering Active Directory Attacks: The Red Team Playbook by Daily REDTeam, 2024
❤3👍2
PEN-200: Penetration Testing with Kali Linux (November 2024)
Updated Nov 2024 course!
he industry-leading Penetration Testing with Kali Linux (PWK/PEN-200) course introduces penetration testing methodology, tools, and techniques in a hands-on, self-paced environment. Access PEN-200’s first Learning Module for an overview of course structure, learning approach, and what the course covers.
❗️Official page
Pass:hide01 or hide01.ir
#education #pentest
he industry-leading Penetration Testing with Kali Linux (PWK/PEN-200) course introduces penetration testing methodology, tools, and techniques in a hands-on, self-paced environment. Access PEN-200’s first Learning Module for an overview of course structure, learning approach, and what the course covers.
❗️Official page
Pass:
#education #pentest
🔥6👍4
𝐅𝐑𝐄𝐄 𝐑𝐄𝐒𝐎𝐔𝐑𝐂𝐄𝐒 𝐆𝐀𝐌𝐄 𝐇𝐀𝐂𝐊𝐈𝐍𝐆
Games are pentested to identify and mitigate security vulnerabilities, comply with regulatory requirements, and improve overall quality. Pentesting helps protect gamers by securing personal information, preventing cheating, and preventing game disruptions.
❗️ 𝗜𝗡𝗧𝗥𝗢𝗗𝗨𝗖𝗧𝗜𝗢𝗡
🌟 Intro to GamePwn (aka Game Hacking) on Hack The Box
https://lnkd.in/eGDmzbr5
❗️𝗖𝗢𝗨𝗥𝗦𝗘𝗦
🌟 Beginner’s guide to Game Hacking by Guided Hacking
https://lnkd.in/erbi7ecN
🌟 Game Hacking by Cryptocat (Intigriti)
https://lnkd.in/eTqp6atd
🌟 Learn Game hacking on Game Hacking Academy
https://lnkd.in/eVt3mK4G
❗️𝗧𝗢𝗢𝗟𝗦
🌟 The Ultimate Game Hacking Resource by Dsasmblr
https://lnkd.in/e3hJydV5
❗️ 𝗣𝗥𝗔𝗖𝗧𝗜𝗖𝗘
🌟 Pwn Adventure 3 - Pwnie Island
https://lnkd.in/eKHYHG2v
🌟 Reverse Engineering an MMORPG by Antonin Beaujant
https://lnkd.in/eZwfct8U
❗️𝗦𝗧𝗔𝗡𝗗𝗔𝗥𝗗𝗦 𝗔𝗡𝗗 𝗥𝗘𝗙𝗘𝗥𝗘𝗡𝗖𝗘𝗦
🌟 OWASP Game Security Framework by Daniel Miessler and Jason Haddix
https://lnkd.in/e7dCYgrp
❗️ 𝗥𝗘𝗦𝗢𝗨𝗥𝗖𝗘𝗦
🌟 Resources Game Hacking by CryptoCat
https://lnkd.in/e_rBWjie
#reverse #coding
Games are pentested to identify and mitigate security vulnerabilities, comply with regulatory requirements, and improve overall quality. Pentesting helps protect gamers by securing personal information, preventing cheating, and preventing game disruptions.
❗️ 𝗜𝗡𝗧𝗥𝗢𝗗𝗨𝗖𝗧𝗜𝗢𝗡
🌟 Intro to GamePwn (aka Game Hacking) on Hack The Box
https://lnkd.in/eGDmzbr5
❗️𝗖𝗢𝗨𝗥𝗦𝗘𝗦
🌟 Beginner’s guide to Game Hacking by Guided Hacking
https://lnkd.in/erbi7ecN
🌟 Game Hacking by Cryptocat (Intigriti)
https://lnkd.in/eTqp6atd
🌟 Learn Game hacking on Game Hacking Academy
https://lnkd.in/eVt3mK4G
❗️𝗧𝗢𝗢𝗟𝗦
🌟 The Ultimate Game Hacking Resource by Dsasmblr
https://lnkd.in/e3hJydV5
❗️ 𝗣𝗥𝗔𝗖𝗧𝗜𝗖𝗘
🌟 Pwn Adventure 3 - Pwnie Island
https://lnkd.in/eKHYHG2v
🌟 Reverse Engineering an MMORPG by Antonin Beaujant
https://lnkd.in/eZwfct8U
❗️𝗦𝗧𝗔𝗡𝗗𝗔𝗥𝗗𝗦 𝗔𝗡𝗗 𝗥𝗘𝗙𝗘𝗥𝗘𝗡𝗖𝗘𝗦
🌟 OWASP Game Security Framework by Daniel Miessler and Jason Haddix
https://lnkd.in/e7dCYgrp
❗️ 𝗥𝗘𝗦𝗢𝗨𝗥𝗖𝗘𝗦
🌟 Resources Game Hacking by CryptoCat
https://lnkd.in/e_rBWjie
#reverse #coding
❤9👍4
Unprotect Project by Thomas Roccia (fr0gger) and Jean-Pierre LESUEUR (DarkCoderSc), 2024
Malware authors spend a great deal of time and effort to develop complex code to perform malicious actions against a target system. It is crucial for malware to remain undetected and avoid sandbox analysis, antiviruses or malware analysts. With this kind of techniques, malware are able to pass under the radar and stay undetected on a system. The goal of this free database is to centralize the information about malware evasion techniques.
This project aims to provide Malware Analysts and Defenders with actionable insights and detection capabilities to shorten their response times.
❗️Source
📌Contribute
📌About project
#malware #reverse
Malware authors spend a great deal of time and effort to develop complex code to perform malicious actions against a target system. It is crucial for malware to remain undetected and avoid sandbox analysis, antiviruses or malware analysts. With this kind of techniques, malware are able to pass under the radar and stay undetected on a system. The goal of this free database is to centralize the information about malware evasion techniques.
This project aims to provide Malware Analysts and Defenders with actionable insights and detection capabilities to shorten their response times.
❗️Source
📌Contribute
📌About project
#malware #reverse
🔥6❤4
Master Secure Coding Practices, Okan YILDIZ, 2024
In the fast-evolving world of technology, secure coding is no longer an option—it's a necessity. From input validation to cryptographic practices, this comprehensive guide highlights OWASP-based checklists and over 200 test cases to enhance application security.
Key Areas Covered:
1️⃣ Input Validation: Safeguard against injection attacks with robust validation mechanisms.
2️⃣ Authentication & Password Management: Implement multi-factor authentication and secure password hashing.
3️⃣ Session Management: Strengthen user sessions with short timeouts and secure session identifiers.
4️⃣ Access Control: Apply least privilege and centralized authorization checks.
5️⃣ Cryptographic Practices: Encrypt sensitive data using FIPS-compliant methods.
6️⃣ Error Handling & Logging: Prevent sensitive data leakage and ensure actionable security logs.
7️⃣ Data Protection: Secure sensitive data with encryption and access control mechanisms.
#AppSec
In the fast-evolving world of technology, secure coding is no longer an option—it's a necessity. From input validation to cryptographic practices, this comprehensive guide highlights OWASP-based checklists and over 200 test cases to enhance application security.
Key Areas Covered:
1️⃣ Input Validation: Safeguard against injection attacks with robust validation mechanisms.
2️⃣ Authentication & Password Management: Implement multi-factor authentication and secure password hashing.
3️⃣ Session Management: Strengthen user sessions with short timeouts and secure session identifiers.
4️⃣ Access Control: Apply least privilege and centralized authorization checks.
5️⃣ Cryptographic Practices: Encrypt sensitive data using FIPS-compliant methods.
6️⃣ Error Handling & Logging: Prevent sensitive data leakage and ensure actionable security logs.
7️⃣ Data Protection: Secure sensitive data with encryption and access control mechanisms.
#AppSec
❤5👍3
The Top 10 Most Prevalent MITRE ATT&CK Techniques, Red Report 2024
Marking its fourth year of publication, the Red Report 2024 provides a critical dive into the evolving threat landscape, presenting a detailed analysis of adversaries' most prevalent tactics, techniques, and procedures (TTPs) used throughout the past year. Conducted by Picus Labs, this annual study examines over 600,000 malware samples and assesses more than 7 million instances of MITRE ATT&CK® techniques. It gives security teams invaluable insights into the techniques that pose the most critical cyber risk to organizations.
By prioritizing the top ten TTPs, The Red Report 2024 empowers cybersecurity teams with strategic intelligence to preemptively strengthen their defenses, reduce their attack surface, and adapt their security posture to today's dynamic threat environment.
#pentest
Marking its fourth year of publication, the Red Report 2024 provides a critical dive into the evolving threat landscape, presenting a detailed analysis of adversaries' most prevalent tactics, techniques, and procedures (TTPs) used throughout the past year. Conducted by Picus Labs, this annual study examines over 600,000 malware samples and assesses more than 7 million instances of MITRE ATT&CK® techniques. It gives security teams invaluable insights into the techniques that pose the most critical cyber risk to organizations.
By prioritizing the top ten TTPs, The Red Report 2024 empowers cybersecurity teams with strategic intelligence to preemptively strengthen their defenses, reduce their attack surface, and adapt their security posture to today's dynamic threat environment.
#pentest
👍5
The Top 10 Most Prevalent MITRE ATT&CK Techniques.pdf
5.5 MB
The Top 10 Most Prevalent MITRE ATT&CK Techniques, Red Report 2024
👍6
Хорошее зрение за 30 дней, Михаил Гребенников, 2024
Это книга о том, как перестать ухудшать своё зрение, научиться его улучшать самостоятельно (без врачей) на ту реальную величину, на которую это возможно, и как затем сохранять это улучшенное зрение даже при больших зрительных нагрузках.
Книгу пишу на основе своего 14-летнего опыта в этой сфере. Рассказываю всё как есть, честно, без обмана и иллюзий. В этой книге будет сухая выжимка самой важной правды о естественном улучшении зрения, которую вам необходимо знать, чтобы самому эффективно позаботиться о здоровье своих глаз.
⚠️ Предыдущий пост про техники Михаила Гребенникова ⚠️
Авторские ресурсы:
📌 Официальный сайт Михаила
📌 ВК блог
📌 Книги на Litres
📌 TG канал + TG новый + YouTube
📌 Интервью с автором
#book #great
Это книга о том, как перестать ухудшать своё зрение, научиться его улучшать самостоятельно (без врачей) на ту реальную величину, на которую это возможно, и как затем сохранять это улучшенное зрение даже при больших зрительных нагрузках.
Книгу пишу на основе своего 14-летнего опыта в этой сфере. Рассказываю всё как есть, честно, без обмана и иллюзий. В этой книге будет сухая выжимка самой важной правды о естественном улучшении зрения, которую вам необходимо знать, чтобы самому эффективно позаботиться о здоровье своих глаз.
⚠️ Предыдущий пост про техники Михаила Гребенникова ⚠️
Авторские ресурсы:
📌 Официальный сайт Михаила
📌 ВК блог
📌 Книги на Litres
📌 TG канал + TG новый + YouTube
📌 Интервью с автором
#book #great
🔥6🤡6👍3❤1
Grebennikov_M._Horoshee_Zrenie_Za_30_Dneyi.fb2
4.4 MB
Хорошее зрение за 30 дней, Михаил Гребенников, 2024
🤡7👍5🔥5