/biz/ - Business & Finance

free Burp Suite course (Burp Suite is the no.1 tool for web app testing):
https://hackademy.aetherlab.net/p/burp-suite


Other Resources (podcasts, tech reading, misc):
https://darknetdiaries.com/episode/36/ (great podcast. Ep.36 is about a pentest)
more to come...

Link to Certification Info:
https://www.elearnsecurity.com/certification/ejpt/ (Junior Pentester Cert)
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ (OSCP - The ultimate goal of aspiring pentester)

Thanks to everyone who replied to my email with the guide. My protonmail inbox is now a beacon of hope. I really appreciate your warm regards, and your positivity proves to me this is going to be a worthwhile venture.

I will also be updating the guide as we go, and I am currently working on writing a guide for monetization options for this skill. Since it is not complete yet, we can discuss a little in today's thread. For starters, you can check out:

Bug bounty site (hack large companies and websites for bounty rewards):
hackerone.com

Hackerone also runs this site, which is for learning:
https://www.hacker101.com/

If you are looking for the original PDF guide I posted / emailed , then please see the previous /RPG/ threads. As always any questions are welcome, and I will answer them as soon as I can throughout the day. If you want to discuss other remote work opportunities in tech, outside of hacking, that is fine too. And anyone who wants to chime in with advice on such a topic is welcome to join in.

You got this anons!

ps. I'll be adding IRC chat info and guide for anonymous IRC use next /RPG/ update!

I'll start this thread by sharing a question and answer from my protonmail here:

Anon asks:
>Outside of the content covered by the OSCP prep guides, what sort of tools or techniques do you use day-to-day that we wouldn't already know about?

Good question. Deserves its own addition the the /RPG/ general OP post in the future. For now, let me share a few tools that I use all the time, that you should look into and get familiar with:

https://github.com/codingo/Reconnoitre
Written by former OSCP student Codingo, specifically for use on the OSCP lab. however I still use this tool on professional engagements. It runs nmap and unicornscan, while also creating folders for each target, and custom output with hints on what tools to run next for various services discovered. Just amazing.

Xsltproc:
http://xmlsoft.org/XSLT/xsltproc.html
Got a lot of targets to scan? Hate standard nmap outputs? Run your nmap scan and output to xml, with -oX scan.xml . Then use xsltproc to convert to html. The html can be opened in a browser and makes reading scan results a breeze. Using kali or parrot, you can download with a simple: sudo apt-get install xsltproc

Responder:
https://github.com/SpiderLabs/Responder
Written by Laurent Gaffie, this is the absolute best tool to deploy once inside a network. It does it all when it comes to capturing credentials. Check out Laurent's blog too at :
https://g-laurent.blogspot.com/

Impacket Tools:
https://github.com/SecureAuthCorp/impacket
Another great toolset. Written in python. Easy to use, very powerful. You can do things like setup a fake SMB server to capture hashes, or use previously captured credentials to dump creds from the domain controller. Oustanding.

Hashcat:
https://hashcat.net/hashcat/
Ships by default in kali. Best cracker period. Not easy to use at first, but once you learn the command line syntax, it is unbeatable. Check out Hash Crack v2 book on amazon or as ebook for help using this tool.

>>14460030
based and rpg pilled

>>14460622
thanks for the bump! hoping to reach as many /biz anons as I can with this info.

Also, here is another Q and A from my protonmail that other anons might find useful:

anon asks:
>What the job entails on a day to day basis?

Honestly, the most important thing about my job is my ability to adapt to situations I HAVENT seen before. Sure it is much more comfy when I get a web app test and I've seen this kind of web app a million times before, but that doesnt happen very often. A lot of times, I am getting assigned to engagements for stuff that I haven't done or thought about in years. In some cases, I've never even done it before! But once you have made it far enough on this path, that doesn't matter. You will have learned enough, to know how to approach a problem, or a language, app, or framework, and build out an attack. For example, I have been given tests that dealt with a web framework I had never seen before, ever. I didn't know how to attack it at all. I spent the first 2 days of the test researching as much as I could about the language used in the source code, researching the names of software and version numbers I could locate on the website, and then researching known vulnerabilities, or vulns in other similar setups. By the end of the week, I had taught myself enough on the fly to execute a new high-severity exploit against the website. That is what this job is really all about. No hacker can know everything, so you will run into stuff you have never seen before or even considered. Your ability to apply what you have learned, about hacking and attacking in general, in order to learn quickly and adapt, is the most important skill you will develop as a penetration tester.

Thank you for taking the time to share this valuable info anon, I purchased the hacker methodology book and already set up Parrot on my computer, ready to start learning on Monday.
God bless.

>>14460703
Great! Thanks for coming by to share an update on your progress anon. That book is really awesome. It doesn't describe a lot of the theory, but it provides all the necessary command line syntax and tools for getting through a whole pentest. Basically you can start on a test, at the front of that book, and by following it through to the end, execute an entire pentest of a given target, start to finish. It's awesome. Keep in touch!

Ty based hackeranon!

To any beginner anons out there considering this, I can personally vouch for the Udemy course in the guide. It's an amazing starting point for learning both linux and python from scratch. You don't have to buy it, since most resources linked are free, but if you do don't be a retard and make sure you use promocode EMAIL10 so it's only $10.

From my journey so far, the most important skill you can learn is how to Google. If you know how to search, you can do anything with enough time!

>>14460814
The "learn python and ethical hacking" course on udemy is one of my favorites indeed. Instructor is very good, and I had issues learning python before I took that course. After, I wrote my own tools to automate some of my day to day processes.

You are also spot on with the google tip. It is certainly worth taking the time to learn how to properly search google and other search engines. Some advanced google searching (or google dork) techniques can also help on pentests. Check out the google hacking database for some examples:
https://www.exploit-db.com/google-hacking-database

>>14452385

In your earlier thread from today, you mentioned
>Don't use kali as your daily driver, as it is not secure, and not meant to be.

What does this mean exactly? Are there a bunch of known vulnerabilities in Kali by design?

It seems like there's a way to break into almost ANY target system if you try hard enough. How do you recommend we safeguard our linkies?

>>14460030
you are the best, man

>>14461227
That's a nice Pepe Nazarov. Mind if I save him on my hard drive?

Question! I will be taking python in school as a programming requirement for my IT course.

Should I just take C++ or java instead and just learn python through Udemy?

>>14461259
Go ahead it is all yours
You can save it if you want to

>>14461313
Ymmv. C and assembly are lower level and will give you a more complete picture to work with.

Are we still doing an IRC or Discord?

>>14461323
Much appreciated

>>14461227
Basically yes. The thing is, kali is designed to be a completely offensive system. In order to perform various attacks and use various tools, normal modern safeguards have not been included. For an example, if you try to put metasploit, or impacket tools, or a number of other pentest tools on a normal OS, they will get flagged by antivirus and other protections, and either quarantined or deleted. This is to try to protect systems from attackers using these tools against them.
Another example is that in order to conduct certain types of attacks, you will want to do things like quickly host a file on a temporary web server on port 80 (in order to serve it up to a victim.) In order to accomplish this with a regular OS, you would need to undo some protection mechanisms that are in place by default. Theres a million other examples, but basically, treat Kali OS like it is nearly "wide-open" to the internet. It is Not meant to be used for defense.

Regarding your question about protecting your linkies:
Use a paper or hardware wallet. Personally I like hardware wallets. I would probably lose or destroy the paper somehow. I use the nano ledger, but there are other good wallets, too. Keep a minimum 2 copies of your words, safely stored, in at least a metal lockbox (fires happen.) Don't tell anyone you have a nano ledger, and don't even let people see it, ever. Break-ins and thefts usually are committed by people you know, sadly. Keep it a secret.

As far as having a secure OS for daily driver, I would recommend researching some security focused linux distros. Stay off windows if you can. It is NOT secure. For the ultra paranoid, there is Qubes:
https://www.qubes-os.org/

It is not a beginner OS, but it sandboxes everything. If you want security, this is a good option. Other than that, any security focused linux distro (not kali or parrot, those are offense) is a good idea.

>>14461313
I would recommend taking C++ or java. You can learn python on your own, with the udemy course, or the books and other courses I listed on the PDF (see first few posts of previous thread for images of PDF guide.)

Java is good for web app testing, since it is everywhere nowadays and theres lots of attacks for it (cross-site scripting / XSS).
C++ is good for reverse engineering exploits and malware, or for having a foundation for debugging apps you want to build exploits against.

Pick the one that interests you more. I would say java for web app and C++ for desktop apps.

>>14461534
thanks!

>>14461439
I also agree with this.

And yes we will do an IRC, maybe Discord. I have not set it up yet or anything, but I will definitely get something ready for next week's /RPG/ thread. I don't normally discord, so I'm thinking IRC. Plus I'll get those nostalgia feels and force people to be more technical by using IRC.

>>14461534
Any thoughts for c# or the new windows terminal in these contexts?

This is my first time posting to this general. Thank you so much anon. This has given my something to do and look forward to. I'm starting from total brainlet mode but making fast gains.

I can't believe I was fortunate enough to stumble upon this. I have no idea where learning this will take me but it's really turned my last 2 weeks around.

>>14461479
Got it, thx.

To add to that question:
How secure is running one of those security distros in a VM inside windows for sensitive work? Viable or nah?

Additonally, can some blackhat asshole climb up out of my insecure Kali Virtualbox instance and BTFO my shit?

>>14461605
C# is going to be good to learn as I am seeing more thick clients using C# . Personally I hate C# , but I have to know it enough to exploit it, so it is what it is. I never program in it though. I prefer other languages.

The new windows terminal is what the terminal should have been long ago, but it is dope. I am also very happy they included the linux subsystem, which allows you to use linux commands within a windows terminal. Very cool and about time. I'm not an expert on it yet, since I live in linux nowadays, but I'll brush up on it for those times when I exploit a windows machine and RDP into it in order to pivot through the rest of the network. Regardless, for penetration testing, it is important to be able to work from both linux terminal and windows terminal / cmd / powershell.

>>14461618
awesome anon! glad to hear it. If you stay focused on it, you will go far. My favorite thing about it is that it is a path that you can self-teach everything and get a great career or hobby. I mentioned hackerone in the last thread. Even if you don't get a full-time gig doing pentests, there are bug bounties you can earn money by exploiting websites and software.

>>14461768
Thank you, I'll be sure to look into it. Everything you've posted has been incredibly helpful

>>14461699
>How secure is running one of those security distros in a VM inside windows for sensitive work?
Very secure! I think this would be a great approach.

Additonally, can some blackhat asshole climb up out of my insecure Kali Virtualbox instance and BTFO my shit?
Very very doubtful. Sandbox escape and VM escapes do get reported every so often, but these attacks are almost never seen "in the wild" against consumers. I wouldn't worry about this. Just keep your VM software up to date and you will be fine. An attack of that level would be nation state, in which case, you'd probably get pwnd anyway. (sorry but NSA can break into anything I think)

It helps if you use a VPN. If you are using a VM with NAT or NAT network settings for you networking options, then it will also be on the VPN. You could also setup your VM on a virtual network with no internet connectivity. If you are practicing against another VM (like one from vulnhub) then you don't need internet but the target and kali machine can still connect to each other. Check this out:
https://www.techrepublic.com/article/how-to-create-virtualbox-networks-with-the-host-network-manager/

>>14461618
To this and other anons joining me on this journey from n00b to 1337 h4xx0r, I recommend a few things that have helped me so far in my first week, in addition to the Udemy course, I recommend:

-Start with basic Linux commands. I threw myself into a Kali virtual machine and just started watching walkthrough vids and doing
https://linuxjourney.com/
https://overthewire.org/wargames/bandit/

-Read all the brainlets who finally managed not to fail at https://old.reddit.com/r/oscp/top/
You'll get an understanding for what the testing environment is actually like and start hearing references to the more advanced tools you'll google later.

-Keep a journal! Each day I write down links to the stuff I read or covered in a google doc with bullet point descriptions. Helps to reinforce what I learned as well as giving me a searchable document if I need to return to a resource later (protip: you will)

thanks for all the info anon, ive started working through 'Learn Python the Hard Way'

>by 2020 /biz/ will be full of millionaire nazi hackers
Based timeline

>>14461960
This is anecdotal, but one of my friends had his binance account remotely compromised last year and the cybersecurity pal he asked told him the most likely attack used was intercepting traffic through his VPN's compromised server (PIA). Is this something you've heard of before?

It was especially crazy because he had Google Authenticator enabled for the account through his iPhone, and no other email accounts were compromised. He didn't lose any funds though, since he smartly didn't store his LINK on the exchange, and only knew about it because he got an email notification from Binance about the new login. Cyber pal said it wasn't a particularly sophisticated attack, it was supposedly just some russian in the VPN server who was monitoring network traffic for mentions of common Cryptocurrency terms.

Don't store your linkies on an exchange, kiddos

>>14462379
So it is important to keep in mind that your VPN provider does have logs of ALL of your internet traffic. This is why it is important to research your VPN provider and make sure they are not sketchy.

I am surprised though, because I would expect exchanges to use HTTPS , which would encrypt the traffic somewhat. Sounds like binance was using port 80 and sending the credentials in clear-text. Very bad security practice. Not sure how they could have gotten around the google auth part. That is perplexing. There are ways, but that would up this to a sophisticated and likely targeted attack. I'd have to have more info to figure out what went wrong there.

But in the end, it is mostly important to never leave your funds on an exchange. Always get them to a secure wallet, preferably a hardware or paper wallet.

>>14462020
good tips anon. ty

>>14462047
sounds good anon. thx for the update, and let us know if you need anything along the way

>>14462313
kek

>>14462379
also, don't let people use your phone. not saying it happened in this case, but if someone had access to his phone, it would have been trivial to get into his binance, especially if he ever browsed to the exchange and logged in from his phone.

don't let people use your phone.

>>14462511
>>14462573
Yeah from what I've heard, that cybersec pal claims the blackhats he knows already have backdoors into ALL major exchanges. If not their wallets, then their KYC docs. Even though it's "a friend of a friend of a friend told me," I believe him. Crypto custody is still a joke.

I've been practicing what I hope is good opsec by never using my phone for crypto or financial info ever, and just using it for porn ;)

>OP raising an army of /biz/ hackers

>>14462685
>I've been practicing what I hope is good opsec by never using my phone for crypto or financial info ever, and just using it for porn ;)

Very solid security practice. kek

>>14462883
we must be ready for the AI revolt, anon. great pic

What are some good materials for complete computer science noobs?
Have been a semi neet for a while (wasted too much times) and now I'm planning to enroll for cs degree program since university barely costs anything here in Germany

>>14463131
Professor Messer on youtube:
https://www.youtube.com/user/professormesser

He focuses on CompTIA A+ , Network+ , and Security+ . If you are preparing to do a CS degree, these courses would be a great way to lay a solid foundation. Beyond that, learn some linux command line, and learn some powershell.

linux command line:
https://overthewire.org/wargames/

windows powershell:
http://underthewire.tech/

>>14461591
>Discord
This lets me assume you are larping else you would be aware of the security issues with discord. Usually I would suggest a self hosted riot/matrix server but even those are not secure anymore. Looked into ODIN but that is shit as well. Still suggesting Discord, bro..

>>14463287
Many thx lad

>>14463343
If you read the threads closely, you would notice that I said multiple times that I do not use discord, and I would be looking into a viable alternative medium for faster comms. I have not listed an IRC channel or anything yet, specifically because I want to take the time to setup a secure method of communication. If I do go IRC route, then I will also provide guide for secure implementation and use. I said "maybe" on discord, only because so many anons have suggested it to me. I said only I would look into it, but said each time that I do not use it and would prefer other means.

I appreciate your concern though.

>>14463453
anytime. if you do the CS degree, come back and let us know how that goes. /RPG/ will run every saturday and you can email me (see 1st post)

>>14460030
Sup bro? Do you work for offensive security and trying to sell us the certification (1000 usd)?

>yeah bro study 3 months and make 120k lmao

>>14463456
Sorry bro, this is actually a pretty great thread with good sources, I'm just completely on the edge, I wasn't prepared to be a multi millionaire in the span of a year.
>>14463131
little hint on CS degrees, they are very general. If you just do basic CS and just work to get the worthless piece of paper, you will be out competed by every third class java script monkey. Specialize specialize and specialize again.

>>14463718
I do not work for offensive security. They offered me a job doing "content creation" but I did not accept it. I work for a very large company, doing penetration testing for mostly fortune 500 size companies.

Considering there is a waiting list to sign up for the OSCP, it is unlikely they need to shill it. I am simply telling you the best cert to get in order to qualify for good remote penetration testing jobs. Once I completed the OSCP cert, I doubled my salary within weeks.

I did not say "study for 3 months" and make 120k. The cert took me that long to complete, but I was not starting at zero knowledge. From what I have seen others share, it would take a year (dedicated, not half-assing) to go from zero to OSCP. I suspect it is different for different people though. Let me know if you need some info on starting out. Feel free to email me (see 1st post) if you do not want to discuss your knowledge level here.

>>14463755
np anon. I understand. Also, good advice on the tip for CS degree anon. You should certainly specialize post-degree. I spoke on degrees in the first /RPG/ general, and like all degrees, they are very broad. Find the niche wthin IT that interests you and dive into it.

>>14462933
Re: AI revolt, how much of this pentester skillset do you think will just be automated away in the coming years?

>>14464007
Little to none. I could write a whole whitepaper on this topic, and I have given a few talks about this before. It's not a brief answer, but I'll do what I can here quickly.

AI is in its infancy. It is not good at broad knowledge decision making, like what is required of an ethical hacker. It is also a lot father away than what the media makes it seem. My guess is that only nation-states will be capable of developing the kind of weaponized AI that could hack into systems any time soon. Even they are far off. Proof of that is the amount of resources spent within various 3 letter agencies for the purpose of offensive hacking. If they could accomplish it with an AI, they would. They cannot. When they can, it will be a highly guarded secret, the highest level of secrecy. It will be treated like nuclear weapons in the 50s, only to be revealed and deployed in a serious wartime emergency, and probably as a last resort. Once you reveal the weapon, everyone knows you have it, and now you have to talk about it. It the coming future, AI hackers, and probably (the best) human hackers, will be treated like weapons and heavily regulated, like WMDs. The concept of corporations using AI to automate and profit from pentesting, or to secure their networks, is simply out of the question, for a long time to come. The resources required to achieve this, combined with the government scrutiny and regulation, will make it less viable than just paying humans to do it.

In brief, I wouldn't worry about it any time soon.

>>14464007
oh I shoudl throw in the issue of "ethics". You would also have to teach the AI to be ethical in its approach, unless you wanted it to destroy everything. If you wanted to use it commercially, it would have to be able to make the same ethical decisions, based on legal and ethical consequences, that humans make doing the same job. That makes it even less viable any time soon. It would be near sentient at that point.

>>14464153
But what about less-than-general-ai?

It seems like the ethical hacking toolset is mostly using a series of specific tools in the right order. I would expect further development of these sorts of tools to automate more and more of the "critical thinking" process of pentesting as time goes on, kind of like how modern programming languages are way simpler and more accessible than using early punchcards and Assembly.

So maybe not an entirely capable AI superweapon, but more along the lines of less job security as it becomes easier for pentesters to do what you do now?

>>14460030
Why bother shilling OSCP on a board full of brainlets?
Cybersec is a great field and I also work as an SOC Analyst and casually do some AD pentesting.
Still don't get your point on this

>>14464318
Companies have tried and failed miserably. We cannot yet even properly automate basic vulnerability scanning. The results still must be examined by humans, and verified. DISA does all human assessment, and relies on only basic automation. The tech is simply unreliable, and will remain so for some time to come. As for getting automated out of a job; well tool&die workers and factory workers thought they would be automated out a job when the first C&C machines were introduced. Yet the industry still needs massive amounts of these workers and in fact, there is a shortage. The industry advanced, and now the humans program and run the C&C machines. Even Tesla factories need engineers programming the robots.

>>14464323
Put simply, if you shoot for the stars and land short, you still make it to the moon, or at least higher than you would have if you had never aimed that far. Even if anons who go down this path never attain OSCP, they will have learned so much more, and have learned enough to get a comfy job. One that is much better than most other wageslaving today. On top of that, I consider myself a bit of a brainlet, and I was able to accomplish this. I tend to believe that the type of people on /biz are well suited for this kind of work. I believe they can do it.

>>14464493
Neat, thanks for the explanation!

>>14464541
sure thing. I also tend to think that by the time penetration testers are automated out of a job, all retail and truck drivers, and lab techs, and nurses, will be automated out first. At least this job will come after all the rest! lol.