000webhost

Web hosting

Friday, February 14, 2020

Security/Penetration Testing Research Notes, Random Stuff, and More

- note the following information is to help understand the field of security and to help defend your own network not to attack others. I guess it's a follow on from some of my other work in cybersecurity:
http://dtbnguyen.blogspot.com.au/
https://dtbnguyen.blogspot.com/2020/02/seclist-generator-random-stuff-and-more.html
https://dtbnguyen.blogspot.com/2020/02/web-server-global-sampling.html
- if you do most courses you'll be taught a certain way to conduct a pentest but it's highly limited. Ironically, there's a huge amount of overlap between testing methodologies. I studied for the CISSP  CEH, and various other programs and they're very similar
pentesting overview
- I obviously prefer to automate repetitive tasks wherever possible. This includes templates and automated reports as well? You can use online reports to learn about what others are doing. They're also interesting to read even if you're just bored and want to do some reading
penetration testing report template
- one thing that has become obvious to me is that the line between white hat, gray hat, black hat, etc... isn't as clear as you think. Over time, I've realised that a lot of people may be making money on the side by selling software, information, data, etc... The finance and cryptocurrency sector seems to overlap heavily with the Internet security sector. In fact, a lot of people seem to be speculating that some state actors under sanction (such as North Korea, Russia, Venezuela, Iran, etc...), criminals,  and even terrorist groups are using cryptocurrencies to bypass US imposed sanctions? My guess is that a lot of hackers are using cryptocurrency as a way to keep their operations anonymous. One funny is that a lot of cryptocurrency forums have been breached and have had their databases dumped to the Internet for free or for sale
https://www.buzzfeednews.com/article/craigsilverman/disinformation-for-hire-black-pr-firms
cryptocurrency north korea
fintech startup podcasts directory
crypto traders directory
free airdrop directory listing
cryptocurrency news websites pastebin
crypto exchange directory
- studying others methodology tells you what they are likely to do. Their total number of tests for a given time period, and total staff, will tell you the rate at which they get things done. The tools that they use tell you about their relative skill and knowledge as well? People who seem to build their own tools seem to be minimal? Online job descriptions will tell you what tools a particular firm uses. Social media tells you what people are like (YouTube footage from conferences is really useful because it tells you what someone's personality is like, LinkedIn profiles gives you an idea of their educational and professional background, blog posts and sample code give you an idea of what their work is like, staff profiles tell you of cultural, company, and personality biases, etc...). Obviously, it tells you what a firm may be weak at as well?
https://inteltechniques.com/
https://dtbnguyen.blogspot.com/2017/05/song-sound-and-polygraph-spectrum.html
https://hackerone.com/leaderboard/all-time
hivint penetration testing
nikto sqlmap dirb parsero
Anthony C.
TECHNICAL KNOWLEDGE & SKILLS
- Proficiency in utilization of information security tools such as Nessus, Kismet, Airsnort, NMAP, Ethereal, WebInspect and Nikto, Metasploit, and manual techniques to exploit vulnerabilities in the OWASP top 10 including but not limited to cross-site scripting, SQL injections, session hi-jacking and buffer overflows to obtain controlled access to target systems 
- Ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols
...
Specialties: SQL Injection, XSS, web application and network penetration testing. Wireless penetration testing. less
bae systems penetration test report
Job Description This BAE Systems program supports our federal customer who plays a key role in providing direct cybersecurity engineering support. This program provides systems and security engineering and integration support to specific Government-sponsored projects, pilots and prototypes. This includes solution planning and engineering, defining security requirements, target architecture, interoperability and integration, system testing, Verification and Validation, Modeling and Simulation, studies and analysis, post-deployment security validation (PDSV), and project risk management. As part of this team, you will contribute to the engineering of current and emerging cybersecurity systems, policies, and processes to enforce standards and identify vulnerabilities and capability gaps, and reduce cybersecurity risk of our customer networks.
The ST&E team is expected to have knowledge and extensive experience in networking, systems management, programming and tool development, the UNIX (different variants) operating system, the Microsoft Windows (different variants) operating system, security analyst tools and techniques, and system design and architecture is necessary to identify required modifications, determine innovative solutions, and to recommend sound security measures. Typical Education & Experience Typically a Bachelor's Degree and 4 years work experience or equivalent experienceRequired Skills and Education Experience in Red Team (preferable) or Blue Team penetration testing a MUST HAVE. At least three years within LINUX environment a MUST. Incumbent should have engineering management experience and be willing to manage.
Kali Linux + custom made tools/fuzzing (must have), Metasploit, Burpsuite; Nmap; Wireshark; Jenkins/CloudBees, GitHub, Artifactory, JIRA, Burp Suite Pro, Tenable Security Center, Nessus, Twistlock, Acunetix, Visual Studio, Eclipse, PyCharm, Core Impact.
Preferred Skills and Education Deep understanding of the methodology associated with penetration testing, such as creating Rules of Behavior, selection of pen testing team, and have a developed tool kit.
Cloud experience a plus! (AWS or Azure)
ANY OF THE BELOW CREDENTIALS ARE A PLUS!
Licensed Penetration Tester (LPT) Master, Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), IACRB Certified Expert Penetration Tester (CEPT), IACRB Certified Expert Penetration Tester (CPT), Certified Red Team Operations Professional (CRTOP), CompTIA’s PenTest+, GIAC Exploit Researcher and Advanced Penetration Tester (GXPN); and/or, GIAC Penetration Tester (GPEN)
https://www.linkedin.com/jobs/view/journey-level-penetration-tester-red-or-blue-at-bae-systems-inc-1608742336/
Sandeep S.
Senior Penetration tester
 Web Penetration Testing(OWASP Top 10 methodology) | Network Penetration testing | OWASP API Security | Mobile Vulnerability Assessment(IOS and Android) | Source Code Reviews(.Net, Java, PHP) | Vulnerability Assessment and Penetration Testing
Have 7+ years of experience in both black box and white box testing penetration testing. Perform VAPT(Vulnerability and penetration testing) services like Web-Application penetration testing; System Application penetration testing; Mobile application penetration testing; Network application penetration testing; social engineering penetration testing etc. Conduct penetration testing in a systematic approach. Follow the standard methodology of the industry like OWASP Testing Guide v4(OTGv4); SANS top 25; NIST SP 800-115; PCI DSS to perform penetration testing so that client can concentrate on their professions without worrying about security threats.
Web Application Testing: Do web application penetration testing with the latest methodology like OWASP Top-10, SANS Top-25. Perform both manual and automated penetration testing for vulnerabilities like Injection flaws(such as SQL, NoSQL, OS, and LDAP injection etc),Broken Authentication, Sensitive Data Exposure,XML External Entities (XXE), Broken Access Control,Security Misconfiguration, Cross-site scripting(XSS), Insecure Deserialization, Using Components with Known Vulnerabilities,Insufficient Logging & Monitoring. Also, perform source code reviews for many technologies like Java, NET, PHP etc.
Approach for Manual Web-Application Penetration Testing: Conduct manual testing with following controls:
* Configuration and Deployment Management Testing
* Identity Management Testing
* Authentication Testing
* Authorization Testing
* Session Management Testing
* Input Validation Testing
* Testing for Error Handling
* Testing for weak Cryptography
* Business Logic Testing
* Client Side Testing
Tools that use for Automated Web Penetration Testing: Acunetix, Burp-Suite, Netsparker, Nexpose, Nikto, IBM AppScan, HP fortify, W3af etc.
Network penetration testing: Provide both external and internal network Penetration Testing so that your Network Infrastructure is secured from the real world attacks. Do both manual and automated network penetration testing.
Approach for Manual Network Penetration Testing: Manually check for IDS/IPS, Server, Networks switch, Network Router, VPN, Firewalls, Anti-virus, Password etc.
Tools that use for automated network penetration testing: OpenVas, Wireshark, Nessus, Metasploit, Armitage, Scapy etc.
Mobile Testing: Provide mobile penetration testing so that you can be fearless while using and storing private data into your mobile device. As mobiles are the soft targets for hackers because of the evolution of mobile technology, our team perform both manual and automated mobile penetration testing.
Social Frauds: Also provide social engineering to prevent you from social frauds like online banking frauds, email scams, phishing attacks etc. less
https://www.upwork.com/fl/sandeepsaini75
people who make money on upwork
- a lot of people prefer to use specialised Linux distributions such as Kali Linux or Backtrack Linux. The obvious irony is that most Linux distributions are capable of the same thing. A good IT professional with development skills will be able to reproduce most of the functionality that is lost from a possible distribution change as well
- one strange thing for me is that there are generally few people who work in the forensics field (there's little training in this area as well. My guess is that attribution is very difficult to achieve. Hence, they overlook it?)? Most of them work on the offensive or defensive side but the people who know how to investigate seem to be minimal? Note, that a lot of the time when a firm gets breached an external consultant often gets called in? It's likely because the capabilities of the internal team were surpassed? I know that a lot of people say you should just use off the hardened shelf software because supposedly experienced people built it but in reality picking up multiple systems in play (including those that are custom built and difficult to detect) is much more difficult
https://dtbnguyen.blogspot.com/2019/08/getting-free-education-and-training.html
pageup recruitment breach hivint
- as I mentioned in my other post sometimes going to the cloud isn't the best option. Quality of services by cloud providers can vary significantly which means that you're open to a supply chain attack. As indicated in my other work normally what you'll find is that if there is one weak point there will be many others in the same product. I've found dozens of bugs in many products (including websites, desktop applications, routers, firewalls, etc...) and I suspect it'll be the same for other people who look deeper into this space?
http://dtbnguyen.blogspot.com/2020/02/web-server-global-sampling.html
http://dtbnguyen.blogspot.com.au/
- a lot of tools are becoming invalidated through better technology. A good example of this is email enumeration tools. A lot of modern firewalls basically don't respond in the way the original protocol specifies which means that you can't just enumerate/guess email addresses quickly. You have to use alternative mechanisms
email server statistics
https://w3techs.com/technologies/overview/email_server
http://research.domaintools.com/statistics/mailservers/
https://my.kualo.com/knowledgebase/79_whm-services-series-/1044_how-to-view-statistics-regarding-the-mail-thats-passed-through-your-whm-server.html
hydra smtp
hydra smtp-enum
https://null-byte.wonderhowto.com/how-to/hack-like-pro-extract-email-addresses-from-smtp-server-0160814/
https://null-byte.wonderhowto.com/how-to/hack-like-pro-use-maltego-do-network-reconnaissance-0158464/
hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost
hydra smtp-enum explain
https://en.kali.tools/?p=220
smtp-user-enum perl script
https://github.com/pentestmonkey/smtp-user-enum/blob/master/smtp-user-enum.pl
https://github.com/pentestmonkey
http://pentestmonkey.net/tools/user-enumeration/smtp-user-enum
https://kowalcj0.github.io/posts/2018/ethical-hackin-enumeration-course-notes/
email enumeration
https://blog.rapid7.com/2017/06/15/about-user-enumeration/
https://www.hacksplaining.com/prevention/user-enumeration
- note the same mechanisms that can be used to get around Cloudfare can also be used to bypass other cloud services (provided the target hasn't been locked down properly to only allow the cloud service to act as an intermediary)
getting around cloudfare
https://blog.detectify.com/2019/07/31/bypassing-cloudflare-waf-with-the-origin-server-ip-address/
https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/
https://shadowhosting.net/blog/bypass-cloudflare/
https://shadowcrypt.net/tools/
https://viewdns.info/
- there's a lot of autorecon software out there but you'll find that using multiple tools is often more fruitful? A really good source of information are the repositories of penetration testers and computer security firms
https://github.com/kudelskisecurity
https://github.com/Inf0Junki3
https://github.com/urbanadventurer/urlcrazy
https://www.morningstarsecurity.com/research/whatweb
https://github.com/bcoles?tab=repositories
whatweb scanner
https://www.whatweb.net/
https://hackertarget.com/whatweb-scan/
https://latesthackingnews.com/2019/08/10/whatweb-a-very-handy-open-source-web-scanner/
https://latesthackingnews.com/2019/08/04/autorecon-an-open-source-enumeration-tool/
- based on what I've seen of the less explored parts of the Internet, it's a bit of a "warzone". It wouldn't surprise me if much of the traffic online were just bots attacking other systems? I've seen heaps of indications of targeted attacks against specific cultural, religious, sports, national, etc... groups. A good example of this are wordlists which are used to seed attack software. At the other end of the scale you have permutation based wordlist/seclist generators
crunch cupp cupp3 cewl
packstorm wordlist
router password wordlist
- if you use a bunch of products for automated testing you'll come to realise that a lot of them vary in quality and have strengths and weaknesses. The weaker products in the AV space generally have a lot of false positives and don't pick up all threats that may be incoming
virustotal alternative
- most security firms that I've come across generally specialise in a particular style of penetration testing or have a limited set of competencies which they tend to stick to?
- if you want to practice there are heaps of honeypots and virtual machines you can find online now to allow you to learn things legally. You can also practice on junk hardware that you come across via online markets, decommissioned equipment, etc... There are many types of honeypots now including language specific (Perl/Python), container type (Docker), VM type (QEMU/VMWare), etc...
https://github.com/Tib3rius?tab=repositories
https://sourceforge.net/projects/metasploitable/files/
https://www.vulnhub.com/
https://defendtheweb.net/
https://github.com/swisskyrepo/PayloadsAllTheThings
https://sourceforge.net/projects/virtualhacking/files/
https://www.cvedetails.com/
vulnhub honeypot
https://github.com/topics/vulnhub
vulnhub qemu
https://www.vulnhub.com/entry/damn-vulnerable-web-application-dvwa-107,43/
https://www.vulnhub.com/entry/damn-vulnerable-arm-router-dvar-tinysploitarm,224/
https://dominik-birk.com/2017/11/06/setting-up-a-pentesting-environment-based-on-qubes-os-step-by-step/
https://forums.hak5.org/topic/41091-budget-pentesting-environment/
https://www.vulnhub.com/?q=qemu&sort=date-des
honeypot iisemulator labrea tinyhoneypot fakeap
https://dtbnguyen.blogspot.com/2019/03/becoming-golf-coach-becoming-better.html
perl based dns server
bash dns server
CheRuisiBesares/dns_server.sh
https://gist.github.com/CheRuisiBesares/f35f71f028926e65191d29c6a7094fd2
flawed blockchain
backhttps://hellofuture.orange.com/en/on-the-blockchain-there-are-flaws-too/
https://thenextweb.com/hardfork/2019/07/26/security-firm-vulnerable-blockchain-education-fumblechain/
https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/
https://www.computerworld.com/article/3411841/researchers-to-launch-intentionally-vulnerable-blockchain-at-black-hat.html
- social engineering is an underestimated aspect of the entire security space. It reminds me of something a Russian Intelligence officer once said. Why bother with technical attacks if you can simply bribe or comprimise someone?
kompromat
In Russian culture, kompromat, short for "compromising material", is damaging information about a politician, a businessperson, or other public figure, used to create negative publicity, as well as for blackmail and extortion.
Lies, Cons & People Hacking with Jenny Radcliffe ן Not Another D*ckhead with a Podcast #5
kevin mitnick
- some people think that physical access to a computer system means that your organisation is in trouble. In my opinion, if physical access is granted to a building then it may as well be "game over". People forget stuff constantly or have to comprise for the sake of convenience. You can tap IP phones (because a lot of them have packet capture capability and be brute forced), tap USB devices, intercept wireless keyboard and Bluetooth communications, tap/splice Ethernet and Fiber lines, shoulder surf, overhear conversations, get heap/stain maps off of keyboards and keypads, etc... It all comes down to how much an attacker wants to breach a target, how well resourced they are, how much knowledge they have, etc...
aircrack-ng reaver iw
linux brute force ssid pasword
brute force wireless password linux cli
worldlist wifi linux
- this brings me to my next point. I used to think that honeypots were generally just for intelligence collection. Now, I think they should also be used for obfuscation as well. If you have a physical breach by someone who is skilled they'll obviously try to do recon. To slow things down and to try to figure out methodologies you need more data collection points particularly if you have a larger network where locking things down isn't so easy (I've heard people say that their networks were so large, complex, and ad-hoc that they came to the realisation that even if they were breached they would have no idea where to start looking to fix the problem or get rid of the breach. Without something similar to the Dynajail /Zero Trust concepts that I've looked at in the past it's very difficult to lock down a network properly). I'd be looking to create honeypots, fake traffic, fake wireless APs, fake network devices, etc... SIEM won't really help unless you keep a close eye on things which is not possible when you're short staffed or when there is a seriously high network load or if the AI that underlies the SIEM isn't good enough
perl honeypot fakeap sagan snort
qemu router
smallest virtual machine
tiny core linux
vde2 vlan
virtual router vm qemu
qemu honeypot
tiny qemu linux
- one thing you'll come to realise is that clients of security products are often crazy and believe that they know better then the security products or IT staff that they use and/or employ. Even if software or someone tells them that a file attachment may be dangerous they'll ask for the file to be released to them? As an aside, what I've learnt is that most employers generally do not support employee development. This means if you want to learn about malware or botnets you'll have to do the research yourself. Thankfully, this area has become more mature in the amateur sphere now
malware sample
unmark cloudfare
spam ip address list
open smtp server pastebin
firehol ip address list direct url
open relay smtp ip address list
Open Relay Database Servers keep lists of known or suspected IP addresses that try to relay mail through unauthorized mail servers on
 the Internet. Here are some examples of ORDB servers:
inputs.orbz.org
outputs.orbz.org
relays.ordb.org
orbs.dorkslayers.com
dev.null.dk
relays.osirusoft.com
bl.spamcop.net
relays.visi.com
- there are some tools that do borderline penetration testing from the outside but they are very limited. Your best bet is to do it yourself in a Red Team, Blue Team, etc... type of environment. Even if you only have two people in your department it's useful. One person tries to protect while the person attacks then they meet up and see what to do next. You can still do it with one person in your department but it'll be limited by your rate of learning, your ability to take on alternative perspectives, your tools, etc...
alternative shieldsup
- this brings me to my next point. A lot of IT people who haven't been exposed to the security space are very naive. They are kidding themselves if they believe that they can defend everything in their network. Certain systems must be on the outside and there is very little you can do to hide their presence
dnsmap dnsrecon dnsenum
- data leakage is a problem that virtually all firms have. Obviously, a lot of email marketing (and collection of addresses) is done via automated systems so I'm surprised that many people don't cover themselves up more?
shodan pricing
alternative shodan
- the basic process of pentesting is to figure map their servers and systems, find out what can be exploited, exploit it, cleanup after yourself, maintain access, report on it, tell the client of what needs to be fixed, collect the bill
https://github.com/SolomonSklash/htbenum
https://github.com/SolomonSklash
- it's clear to me that a lot of pentration test may only last several hours. I you do a "proper penetration test" (lasting days or weeks at a minimum) I think that most companies would be breached no matter how secure their policies may say they were?
You are looking for a penetration tester
What city is this in? Most of the Big4 do it, but also some other players like hivint, content security, hacklabs (PS&C), asterisk,. there are really a fair few.
Usually average test is 5 to 10 days. I just got a quote for a weeks worth at 12k. It will depend on complexity. I would draft up a RFQ and if you need some help I can probably grab some templates. I also usually ask them to cut down on the report or just have it in excel to save money... but for your first one a report with exec summaries etc might be better for your management.
This is the quick whirlpool reply. Happy to provide more info but I think the biggest advice is to vet the person doing the test. OSCP/crest certs are almost mandatory for them to have etc. You want a person doing the test not automated tools only or vulnerability management.
It is good to do these yearly or with major code changes. This is usually far too expensive for most companies so there are other options available.
https://forums.whirlpool.net.au/archive/2724796
- I think part of the security world is dealing with the "aura factor". You need to really sift through data before you can figure out what's and who's good and not
https://github.com/EdOverflow/can-i-take-over-xyz
https://venturefizz.com/stories/20-top-cybersecurity-companies-hiring-now
https://securecodewarrior.com/pricing
best cybersecurity team australia
https://clutch.co/au/it-services/cybersecurity
https://www.stanfieldit.com/cyber-security-australia-the-40-best-cyber-security-articles-to-read-in-2020/
https://www.cyber.gov.au/
- the number of tools for pure brute force cracking is ridiculously high and they run across the board for many protocols. Cross it with my previous script for mapping and you have a crude example of what I believe what a lot larger scale cracking operations are doing. Even if they can't breach your network and you're running something like fail2ban then it can still cause disruption if they take multiple routes or accounts get locked out for bad login attempts. The obvious difference is that they may be working on behalf of someone or something which means that they may have access to resources, infrastructure, expertise, money, etc...
nscrack hydra medusa ncrack 
time hydra -l admin -P xato-net-10-million-passwords-10000.txt http://10.1.1.1
Hydra v8.0 (c) 2014 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2020-02-11 04:02:25
[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.
[WARNING] You must supply the web page as an additional option or via -m, default path set to /
[DATA] max 16 tasks per 1 server, overall 16 tasks, 10000 login tries (l:1/p:10000), ~39 tries per task
[DATA] attacking service http-get on port 80
[STATUS] 808.00 tries/min, 808 tries in 00:01h, 9192 todo in 00:12h, 16 active
[STATUS] 790.00 tries/min, 2370 tries in 00:03h, 7630 todo in 00:10h, 16 active
[STATUS] 782.86 tries/min, 5480 tries in 00:07h, 4520 todo in 00:06h, 16 active
[STATUS] 780.67 tries/min, 9368 tries in 00:12h, 632 todo in 00:01h, 16 active
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2020-02-11 04:15:14
real 12m49.464s
user 0m2.728s
sys 0m11.704s
- most networks can be taken down from the inside pretty easily. If you do it subtly and intermittently you can cause mayhem especially if the company makes a lot of money. For a company with inadequate logging, minimal compartmentalisation, and minimal contingencies for protection they'll be chasing their tails for what may be quite a while? If you can just get inside the network then you can often run whatever you need to provided you have your own system with admin rights (or maybe even not?). That means you can craft packets, run arbitrary programs and scripts, etc...
yersinia hping3 sucrack slowhttptest apache2-utils goldeneye packit
get flood bash
https://github.com/GinjaChris/pentmenu
https://www.linuxjournal.com/content/back-dead-simple-bash-complex-ddos
simulate broadcast storm
route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.1.1.1        0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.0.0.0       U     100    0        0 eth0
- some hacking tools are written so badly that you can take them down via bad input
mdk3 mdk4 fakeap
Package: mdk3
Description-en: Wireless attack tool for IEEE 802.11 networks
 MDK is a proof-of-concept tool to exploit common
 IEEE 802.11 (wifi) protocol weaknesses.
 Features:
   * Bruteforce MAC Filters.
   * Bruteforce hidden SSIDs (some small SSID wordlists included).
   * Probe networks to check if they can hear you.
   * Intelligent Authentication-DoS to freeze APs (with success checks).
   * FakeAP - Beacon Flooding with channel hopping (can crash NetStumbler and
     some buggy drivers)
   * Disconnect everything (aka AMOK-MODE) with Deauthentication and
     Disassociation packets.
   * WPA TKIP Denial-of-Service.
   * WDS Confusion - Shuts down large scale multi-AP installations.
- I've learnt is that if you learn only from the whitehats you'll be helpless. Most whitehats I come across basically apply a particular framework but while that framework can pickup most threats it doesn't deal with a creative or thorough attacker (these guys are called APTs (Advanced Persistent Threats) by some in the security industry). You need to watch the black hat community or place yourselves in their feet as an absolute bare minimum to genuinely understand how to defend yourself (when you're old enough you'll figure out that there are far more ways to look stupid then smart)? I've learnt that if someone has thought of a defense a blackhat has already thought of an attack. Use major reports to understand the state of affairs and figure out a way to figure out whether they are true or just FUD. This means a minimum of tens of thousands of machine are scanned. That's the only way you can get a good idea of what's happening out there. The more you learn the better off you'll be
https://www.channelnews.com.au/parliament-house-unprepared-for-cyberattack-investigators-find/
https://www.youtube.com/results?search_query=%22cats+and+dogs%22+boris+the+cat
Cats & Dogs (6/10) Movie CLIP - Stopping the Bomb (2001) HD
https://www.youtube.com/watch?v=MuFfh15AMLU
- if there is any sort of policy whatsoever this can be used as leverage/intelligence for a possible attack. For instance, if you use a scheme of any sort (including random non-dictionary based words), don't use wireless or Bluetooth devices, etc... you'll end up with a known set of data from which to begin an attack sequence. All that I've learnt is that it's simply a matter of time before most organisations are breached. Even government agencies with classified data get breached continuously. What does that tell you?
- learn to understand your tools. I do this by by reverse engineering a lot of the tools that I come across. Over time you'll find that you'll need to use prepared tools less and less. You'll also realise over time that pretty much everything has already been built unless you're going after well resourced target using custom and hardened software. Sourceforge, Github, Gitlab, Bitbucket, etc... are your friends
https://recipeforroot.com/
http://overthewire.org/
https://gtfobins.github.io/
linenum.sh for linux on hack the box
https://github.com/diego-treitos/linux-smart-enumeration
https://github.com/SolomonSklash/htbenum
sublister
amass
https://github.com/aboul3la/Sublist3r
https://github.com/OWASP/Amass
https://www.f6s.com/
metasploit burp pompem
nmap -sV --script http-wordpress-enum --script-args limit=195 somewordpresssite.com
wpscan -u somewordpresssite.com --threads 20 --wordlist /home/user/rockyou.txt --username admin
sourceforge password cracking
android app security test
https://www.appknox.com/blog/mobile-app-security-testing-tools
aws discount code
https://www.reddit.com/r/aws/comments/2xdorh/any_easy_ways_to_get_aws_promo_credits/
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
- this moves me to my next point. It's best to know how to do manual as well as automated testing. If you don't know how the tools work and know how a vulnerability works you could be running tools for nothing, tools don't always catch every single permutation, online tools could stop working/change, etc...
- despite what most people say I believe that most governments tell manufacturers to put backdoors into their software/hardware for intelligence and law enforcement purposes. If that's the case you just need to sit there and intelligently fuzz the relevant software/hardware until it breaks or it's breached?
Random Stuff:
- as usual thanks to all of the individuals and groups who purchase and use my goods and services
- latest in science and technology
- latest in finance and politics
- latest in defense and intelligence
- latest in animal news
- latest in music and entertainment

Random Quotes:
- American threats of not sharing intelligence if the UK does not ban Huawei have been dismissed for what they are: hot air. The US has shared its war gear around with several countries, the most powerful of which is the UK. If it is unable to call on London to join its military adventures — and the UK always plays the role of faithful poodle when called on — who will play that role? France? Germany? Australia? These threats are more than just a bit risible.
Indeed, the only country which uses military hardware from the US and which can decide to fight a war on its own — without getting permission from Washington — is Israel. For all its big talk, Australia is also among the crowd that has joined the Americans and now cannot engage in any military adventures unless it asks for, and obtains, permission.
Of course, the Brits never state the bleeding obvious and embarrass anybody in public; that old stiff upper-lip tradition continues to dominate all their discourse. They have even given former Australian prime minister Malcolm Turnbull an easy out despite his ridiculous assertion that the core and non-core parts of a 5G network cannot be separated, by saying that the geography of the UK is different to that of Australia, and that may account for Turnbull's assertion.
Most European countries are likely to follow the UK's lead. Another reason for this is the lowest common denominator: money. Another is that the US has not given anyone an iota of proof to substantiate its claims that Huawei poses a security threat. Memories of the 2003 invasion of Iraq, when the presence of weapons of mass destruction was advanced as a Biblical truth to justify the toppling of Saddam Hussein, have also not been forgotten altogether. Fool me once, etc, etc
For the EU, the fact that any decision will weigh on the probability of getting a trade deal with China done soon will also be a consideration.
- Not too long ago, the U.S. announced a portion of troops will remain in Syria to protect the oil fields. While some commentators have made it clear that unless the United States wants to become a globally renowned pirate outfit, it would not be able to exploit these resources as the oil belongs to the Assad government.
- When I worked in Iraqi Kurdistan in 2013-14, Kurds often told me: "America is our friend".
Incredulously, I would reply that the US does not have friends, but rather interests and instruments it uses in pursuit of these, pointing to the Kurds' own long history of betrayal at the hands of others.
Iraqi Kurds learnt this when the US sided with Baghdad to scupper the results of the referendum; it is this lesson that Syrian Kurds may now be learning.
- What about a separate suite of longer standing issues, such as the state of urban school systems still lagging under the legacy of segregation? Beyond Medicaid, food stamps and other programs that funnel tax dollars to individuals, should national policy be used more aggressively to subsidize education, services or jobs in low income areas?
“There is strong consensus there is a problem...We don’t know quite what to do about it,” said David Autor, a Massachusetts Institute of Technology labor economist whose research on the “China shock” helped frame debate about the disproportionate impact China’s rise had on U.S. manufacturing hubs.
- Decades earlier, while the elder Bush was in office, Trump hit at a fundamental difference between them: "I like George Bush very much and support him and always will. But I disagree with him when he talks of a kinder, gentler America. I think if this country gets any kinder or gentler, it's literally going to cease to exist," Trump told Playboy in 1990.
- For last 40 years, workers average hourly wages went nowhere, Richest 10% of Americans own 80% of stocks that rose 753%. Rich got richer; rest of us did not. Inequality surged.
- The research, published last month in the Proceedings of the National Academy of Sciences, sheds light on how these important traditions are passed on and hints at the evolutionary origins of complex cultural abilities in humans.
Researchers, including Lonsdorf and 2015 F&M graduate Madison Prestipino, studied chimpanzee communities in the Goualougo Triangle, Republic of Congo, and Gombe, Tanzania. Both chimpanzee communities had different ways of harvesting termites, and with that came varied levels of difficulty — “just like you and I eat rice with a fork and our Asian friends eat it with chop sticks,” Lonsdorf said.
In Republic of Congo, where termite fishing is more complex, mothers were more likely to help by giving their offspring their digging tool or even splitting it in half so both could simultaneously dig.
In Tanzania, mothers were more likely to reject their offspring, sometimes even throwing up an elbow or swatting at their babies when asked for their tool.

Dodgy Job Contract Clauses, Random Stuff, and More

- in this post we'll be going through dodgy job contract clauses. Ironically, many of which are actually unlawful and unenforceable on c...