Leaderboard

Download all of the released NSA documents (continuously updating) with two scripts. Very hacky, but gets the job done. DEPENDS ON LYNX. (Why? Because I'm lazy) $ apt install lynx nsadl.sh #!/bin/bash echo 'Scraping links from Primary Sources...' lynx -dump "https://www.eff.org/nsa-spying/nsadocs" | grep "https://www.eff.org/document" | awk '/http/{print $2}' > links echo 'Done. Links saved as "links.txt"' echo 'Downloading .pdf documents using "links.txt" -- this may take awhile...' while read line do name=$line sh scraper.sh $name done < links echo 'All done!' scraper.sh #!/bin/bash STR="`wget --quiet -O - $1 | grep -Eo 'https://www.eff.org/files/[0-9]+/[^"]+\.pdf';`" wget --no-clobber --quiet $STR Usage: $ sh nsadl.sh; echo 'Have fun!'

Offensive Security has some of the most, if not the most, respected certifications in the industry. It differs from other certs, like CEH, in that instead of providing a knowledge that's a mile wide and an inch deep, it gives you hands-on drills and practice. Unfortunately, the program is also quite costly. If you can learn the whole thing proficiently in 30 days, you're looking at $800.00 for the OSCP alone. Ultimately, if you want the cert. You're going to have to pay. In the meantime, I want to write about how you can be acquiring the same skills now for cheap and in some cases free. And maybe at some point down the line, you won't need all 30 days to get the parchment. I'll also add that, while this is a damn decent set of certs and courses, it's not comprehensive heavily relies on you to do your own research. supplementary certs such as CCNA or L-PIC will be needed for example to elaborate on any particular concept (tis why I'm studying CCNA currently). Disclaimer: I haven't obtained any of these certs myself yet, so I'm offering general information only. Certifications: OSCP link: https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ Description: Learning Goals: Identify Existing Vulnerabilities Execute organized attacks Write simple Bash and/or Python scripts Modify existing exploit code to their advantage perform network pivoting perform data exfiltration compromise poorly written PHP applications. Keep going until you win. Official Training guide: Penetration Testing with Kali Linux (PWK) Talking Point: The first bullet in the learning goals is very important to note. By the end of the course you're not going to be writing custom exploits. The entire point of it is to get good at using what's already available in an efficient and creative way. You won't be developing custom exploits because that isn't the point. The point is to practice using the cyber killchain, with success, until it's burned into your brain. You won't learn until you get that positive feedback - the shot of dopamine from actually compromising a box. Focusing on the details at this level would only slow down your learning. So at this level just use other people's exploits and tools. Substitutes/freebies: Training guide + video series (2014): https://thepiratebay.org/torrent/20152226/Offensive-Security__PWK__Penetration_Testing_with_Kali free Practice labs (vmware): https://www.vulnhub.com/ more labs specifically concentrating on learning Linux system hierarchy and common commands: http://overthewire.org What I can't find is a viable substitute for simulating an actual network. And you're not always going to be testing from the same subnet as the target. OSCE link: https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/ Description: Learning Goals: Obtain shell from basic web application attacks such as xss and directory traversal. Modifying executable files with custom shellcode on windows. Avoid AV dealing with ASLR Finding possible 0days using fuzzing techniques then developing an exploit. Official Training guide: Cracking the Perimeter (CTP) Talking Point: The actual course description on this isn't too indicative of what you learn in the course. So I did my best to extract the learning goals from a 2012 CTP manual. This course gets quite a bit more advanced and actually relies way more on the individuals' ability to do their own research. That said I'm actually unconvinced of this courses usefulness outside of its case studies. The shellcoders handbook is a thousand page tome that elaborates way more on all of these topics. We're actually getting into the hard security research/computer science realm with this. for labs in this course I'd recommend finding exploits on exploit-db or packetstorm and try setting up a debug environment yourself, fuzz (this is the analog of recon at this level), and write your own version of the exploit. Compare your code to the POC code. Substitutes/freebies: OLD training guide(2012): https://thepiratebay.org/torrent/7483548/Offensive_Security_-_BackTrack_to_the_Max_Cracking_the_Perimeter Shellcoders handbook: http://index-of.es/Varios/Wiley.The.Shellcoders.Handbook.2nd.Edition.Aug.2007.ISBN.047008023X.pdf OSWE link: https://www.offensive-security.com/information-security-certifications/oswe-offensive-security-web-expert/ Description: Learning Goals: fingerprint web applications identify vulnerabilities found exploit vulnerabilities write a report about it Official Training guide: Advanced Web Attacks and Exploitation (AWAE) Talking Point: This is the OSCP equivalent to web applications. Not much in the way of crafting your own exploits. Fortunately, new exploits found in web applications tend to be rehashes of other common vulnerabilities, so with webdev experience, it starts to become intuitive anyway. Labs to find for web app attacks are everywhere. so this is the easiest to learn the basics of. Substitutes/freebies: Web application hacker's handbook (Huge comprehensive tome): https://leaksource.files.wordpress.com/2014/08/the-web-application-hackers-handbook.pdf lab (courtesy of mls577): https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project lab: hackthissite.com OSWP link: https://www.offensive-security.com/information-security-certifications/oswp-offensive-security-wireless-professional/ Description: Learning Goals: Conduct wireless information gathering. Circumvent wireless network access restrictions. Crack various WEP, WPA, and WPA2 implementations. Implement transparent man-in-the-middle attacks. Demonstrate their ability to perform under pressure. Official Training guide: Offensive Security Wireless Attacks (WiFu) Talking Point: This is a narrow topic that only covers wi-fi (no discussions of bluetooth for example). Substitutes/freebies: Course manual (2012): https://thepiratebay.org/torrent/20152240/Offensive-Security_-_OSWP_-_WiFu OSEE link: https://www.offensive-security.com/information-security-certifications/osee-offensive-security-exploitation-expert/ Description: Learning Goals: reverse engineering assembly/disassembly Develop sophisticated exploits. Create custom shellcode. Evade DEP and ASLR protections. Exploit Windows kernel drivers. Perform precision heap sprays. Official Training guide: Advanced Windows Exploitation (AWE) Talking Point: this course is only available live by attending blackhat here in Vegas. Need an expert to make a recommendation for this one. Substitutes/freebies: OLD course manual (2012. this is so freakin dated) https://thepiratebay.org/torrent/7835702/Offensive_Security_-_Advanced_Windows_Exploitation_(AWE)_v_1.1 A free course from Offensive security: Metasploit Unleashed. https://www.offensive-security.com/metasploit-unleashed/

phpAPE phpAPE is a web application that allows for the administration, registration, and grading of exams. Create exams and in-class exams Create exam categories with custom points Manage locations, rooms, and seats Allow students to register for exams during certain time periods Assign graders to grade exams Register entire classes for an exam with a csv file Configure custom reports and generate reports for exams https://github.com/cwade12c/APE-Rebuild-2.git Credits Personal Notes Nothing too impressive. There's some interesting design patterns and API security, in addition to separation of concerns. Could be a useful resource to learn from. Requirements Software Version php 7.0.22 apache 2.4.18 mod-rewrite curl 7.47.0 Installation --Step 1. Install the required bower packages: bower install --Step 2. Install the required php dependencies: composer install --Step 3. Install the required node modules: npm install --Step 4. Move datetimepicker to the vendor directory: mv node_modules/jquery-datetimepicker vendor --Step 5. Edit the config.default.php file and set the CONFIG_PATH to equal the absolute path to the "config" directory of this project. --Step 6. Edit all of the default files located in the "config" directory. --Step 7. For each file in the "config" directory, remove "-default" from the file name. --Step 8. Rename config.default.php to config.php --Step 9. Create a cache directory that is owned by the web server: mkdir cache; chmod 755 cache; chown www-data cache --Step 10. Create a security.log file located in the LOG_PATH as defined in config/path.config.php cd /var/www; touch security.log; chown www-data security.log; chmod 755 security.log --Step 11. Enable mod-rewrite and restart apache: a2enmod rewrite; service apache2 restart IMPORTANT: Make sure that DEBUG is set to false in config/security.config.php Directory Structure ./ ------------------------------------------ Root directory ├── api ------------------------------------- Contains API files ├── cache ----------------------------------- Twig caching directory ├── config ---------------------------------- Configuration files ├── includes -------------------------------- PHP backend inclusions │ ├── db ---------------------------------- Database related inclusions │ │ ├── functions ----------------------- Database page functions │ │ └── queries ------------------------- Database query functions │ └── operations -------------------------- Operation behaviors for the API ├── node_modules ---------------------------- Contains installed node packages ├── pages ----------------------------------- PHP page files that invoke renderTemplate(...) ├── scripts --------------------------------- APE javascript files ├── sources --------------------------------- General resources │ ├── images ------------------------------ Image resources │ └── styles ------------------------------ Styling resources ├── templates ------------------------------- Twig templates │ ├── components -------------------------- Markup+JS that use Operations │ ├── layout ------------------------------ Common templates that compose layout │ ├── modals ------------------------------ Modal related templates │ └── pages ------------------------------- Page templates that include Components └── vendor ---------------------------------- Contains third party libraries ├── bootstrap --------------------------- CSS library ├── composer ---------------------------- PHP Dependency Manager (Twig) ├── jquery ------------------------------ JavaScript library ├── jquery-datetimepicker --------------- jQuery plugin ├── jquery-mousewheel ------------------- jQuery plugin ├── less -------------------------------- CSS pre-processor ├── lodash ------------------------------ Utility function JavaScript library ├── phpcas ------------------------------ CAS authentication dependency │ └── CAS ├── php-date-formatter ------------------ jQuery plugin ├── remarkable-bootstrap-notify --------- jQuery plugin ├── symfony ----------------------------- Twig dependency ├── tether ------------------------------ Bootstrap dependency └── twig -------------------------------- Template engine Adding a new page Adding a new page consists of: Creating a new php file (pages/pageName.php) Create a $parameters array to send extra variables to Twig template (can be an empty array) Invoke renderPage("pages/pageName.twig.html", $parameters); Creating a new Twig file in templates/pages Extend the base template {% extends "layout/base.twig.html" %} Overwrite the content block {% block content %} {% endblock %} Add custom markup to the content block or include components {% block content %} {{ include('components/nameOfComponent.twig.html') }} {% endblock %} If you need to conditionally show child templates (for example, a different homepage depending on the user type), use Twig conditionals {% block content %} {% if params.type == constant('ACCOUNT_TYPE_STUDENT') %} {{ include('pages/home/student-home.twig.html') }} {% elseif params.type == constant('ACCOUNT_TYPE_GRADER') %} {{ include('pages/home/grader-home.twig.html') }} {% elseif params.type == constant('ACCOUNT_TYPE_TEACHER') %} {{ include('pages/home/teacher-home.twig.html') }} {% elseif params.type == constant('ACCOUNT_TYPE_ADMIN') %} {{ include('pages/home/admin-home.twig.html') }} {% endif %} {% endblock %} New page example URL will be: site.tld/createAccount Create pages/createAccount.php <?php $parameters = array(); renderPage("pages/create-account.twig.html", $parameters); Create templates/pages/create-account.twig.html {% extends "layout/base.twig.html" %} {% block title %}Create Account{% endblock %} {% block head %} {{ parent() }} {% endblock %} {% block content %} <h2>Create New Account</h2> {{ include('components/create-account.twig.html') }} {% endblock %} If you have trouble loading your new page, try clearing Twig's cache: rm -r cache/* Composer Composer offers several subcommands that may be necessary Use composer list to list all commands Use composer install to update dependencies, autoload lists, etc