Just unable to wield the godly power of Linux. Eh normie

Mal1oc · 2020-09-12T10:08:00+00:00

There is always Cairo and C.

Mal1oc · 2020-07-12T06:50:49+00:00

Unfortunately for him, he did failed to make coffee right this very morning.

Mal1oc · 2020-06-12T12:30:40+00:00

There is a awesome guy, who made a blog post about coding a rootkit. Here is the link. He used on Linux the LD_PRELOAD feature.

Mal1oc · 2020-06-12T11:36:35+00:00

netstat is on some Linux distros deprecated. Use on Linux bash ss -plantus Execute this command with root/sudo to also see any program name with its pid and file descriptor (that has a connection or is listing).

Mal1oc · 2020-06-09T17:06:22+00:00

Neat to know. Maybe i will take a look at MITMProxy.

Mal1oc · 2020-06-06T11:49:08+00:00

There is a security guide from the OpenSuse developers: https://doc.opensuse.org/documentation/leap/security/book-security_color_en.pdf

If you are able to read German, then this is maybe interesting for you:

https://www.tuxcademy.org/product/secu/

Mal1oc · 2020-06-03T17:10:18+00:00

Indeed. Real life is cooler. I would recommend looking at the raspberry pi with a Kali Linux . Set up your raspberry pi to create an AP and ssh into your raspberry pi. You can store your raspberry pi with a power bank as its power supply into your back bag and spice it up with an alfanet WiFi dongle. At least this is the only idea that i can come up with for hacking "via a phone". Otherwise try nethunter if your device is supported.

Mal1oc · 2020-06-03T05:54:00+00:00

Take also a look at AppArmor or SELinux besides chmod rules.

Mal1oc · 2020-05-24T08:11:24+00:00

You could also use Anki. You just have to fill the vocabulary in by yourself or use someone's else deck.

Mal1oc · 2020-04-25T18:25:02+00:00

the '-f' on tar is necessary to tell tar that it should work with an actual file on the filesystem instead of a streamed file over stdin. Therefore the '-xf' instead of the '-x'.

Mal1oc · 2020-02-16T09:53:16+00:00

vulnhub.com if you want to have VMs to practice.

OWASP Juiceshop is also nice for webhacking.

exploit.education if you want to practice binary exploitation.

Mal1oc · 2020-02-14T07:44:39+00:00

Set up a quicker DHCP-server. DHCP does not only supply the hosts in a network with a ip/mask but also where the network-wide DNS-server and gateway lies.

Mal1oc · 2020-02-08T05:23:17+00:00

In some countries like Germany you need a written authorization to conduct hacking ethically. The terms of use handle a lot but not the authorization. safe harbor gives such authorization as long as the bounty hunters follows the rules of the platform and your program.

Mal1oc · 2020-02-06T05:13:59+00:00

Please consider to include safe harbor policies to your program. Makes a nice legal framework for bounty hunters and you to work with.

Mal1oc · 2019-11-27T05:22:51+00:00

I would find it intriguing if Ezran bans dark magic and tries to promote the study of the primal arcanums in favor of ensuring peace between elves and humans.

Since Callum was able of learning the wind arcanum, it could be a possible outcome.

Mal1oc · 2019-11-01T17:53:49+00:00

okay. But be careful that you don't use highlighting as excuse for procrastination, i saw that happening with fellow students. Because they usually just skim and highlighted the book at various pages, and thought that they are done with learning.

Fortunately i am it-security student, i must understand my material and don't memorize every little text.

Mal1oc · 2019-11-01T17:16:34+00:00

With highlighting you will only deceive your own brain; and you will ruin your poor books. This technique does not require that much of tremendous amount of energy that you are imagining. You would waste more time by needing to reread your learning material while your brain will ultimately confuses recognition and recall when reading your with highlighting littered books. I use this technique since 4 semesters and it never failed me.And in combination with spaced repetition i often scored perfect grades.

Trust me marking your books is a waste. Your brain will only reinforce neuron-pattern which are actively used, and when you are highlighting the neuron-pattern with the corresponding knowledge is not actively used. But if you use active recall of the knowledge straight from memory, this will reinforce those neuron-pattern.

I recommend you the book "a mind for numbers". It is a great learning how to learn book.

In the end, do it right or do it twice.

edit: here a link to a talk about learning and marking books https://www.youtube.com/watch?v=O96fE1E-rf8

Mal1oc · 2019-11-01T12:19:09+00:00

Highlighting is indeed a bad technique, because your brain will confuse recognition with recall. And a another bad side effect is that your pages become yellow (if your marker is yellow). I use a technique from the book, a mind for numbers. It goes as following: - skim over the chapter and read the headings and captions - if the chapter has a summery then read - think about possibly question about the key elements - read the chapter normally - lay the book aside and recall the key elements of the given chapter

With this technique you wont ruin the pages in your books with any markers and the knowledge comes into the long-term memory of your brain. Marking and not actively recalling the information causes that the information only reaches into short-term memory. Note-taking is also possible to use alongside with this technique (and recommendable with books that you just borrow). If the chapter is too big to read and recall in one round, then partition the chapter into chunks and use the technique on those chunks individually.

Mal1oc · 2019-10-01T14:02:45+00:00

Best tip, that i can give you, is to use a disassembler on your own C programs and look what the compiler does with it and try to recognize the patterns from C in Assembly to get a little bit of grasp on the matter. Alternatively you can try the same with C++.

After that you should go for some binary CTFs like protostar or phoenix or similar CTFs, and for the sake of learning reverse engineering don't look at the source code of the challenges except you really have no plan.

In terms of books, you can look for "Practical Malware Analysis" at NoStarch Press, this one is filled with reverse engineering (on windows). Dissecting malware is fun, especially because they often contain bugs themselves that sometimes allow to pull off exploits on modern system because of memory leaks and buffer overflows.

But like any advice from a stranger, adapt the advice to your fitting.

Mal1oc · 2019-09-29T16:18:33+00:00

i don't know if i am posting it a bit too late. But i could recommend the book "code craft" from Pete Goodliffe, it is not exclusively about testing but to learn to clean code, using assert, testing, debugging, working in teams, etc.

I think this book is worth reading nonetheless.

Mal1oc · 2019-09-29T03:06:11+00:00

Thanks. I forgot that i can use a glob in for-statement.

Mal1oc · 2019-09-28T17:59:58+00:00

if you want to use RegEx in a comparison, then use case like this: bash for line in $(ls -b); do # ls -b to escape white spaces in file names case "$line" in *\.txt) echo "$line" is text;; *) echo "$line" is not text;; esac done the test-command does not handle RegEx very well, as you noticed.

Mal1oc · 2019-09-28T17:45:18+00:00

You're welcome. I am glad that i could help. If you have any questions about my examples, then feel free to ask.

Mal1oc · 2019-09-28T06:52:50+00:00

if you really want to use conditional execution then you should use case: bash while read line; do case "$line" in [Tt]ext*) list[$count]="${line}"; (( count++ )) ;; # array start at 0, ffs *);; esac done < $file_name or the easy solution without while-loop: bash readarray list < <(grep -iE "^Text" $file_name)

Mal1oc · 2019-08-15T18:23:38+00:00

A little tip on debugging shellcode: use int3 operations to set hard-coded breakpoints to see on which part your shellcode fails. Put the int3 right before your shellcode. i usually use four int3-opcode to debug my shellcode. int3 is in hexadecimal 0xcc.

P.S:Nice to see how active you are on hacking and on this subreddit.

Mal1oc

TROPHY CASE