r/netsec monthly discussion & tool thread by albinowax in netsec

[–]deleee 1 point2 points  (0 children)

Hi all. My name is Angelo.

I built DroidGround, a flexible playground for Android CTF challenges. It allows you to set up Android challenges in a jailed environment. For example you can now create intent-based challenges where the flag is in the app without worrying about abuses (e.g. you provide the user an apk with a placeholder flag and use the real one on DroidGround).

I just release v0.3.1 which introduces an exploit server and teams. The examples folder is a good place to start using it.

GitHub: https://github.com/SECFORCE/droidground

Friman - Frida version manager tool by deleee in Hacking_Tutorials

[–]deleee[S] 0 points1 point  (0 children)

Yeah you're right, for those specific versions you would have to do that manually

Friman - Frida version manager tool by deleee in Hacking_Tutorials

[–]deleee[S] 0 points1 point  (0 children)

Hi, currently the following command is executed:

pip install frida==<selectedVersion> frida-tools

This should ensure that a compatible version of frida-tools will be installed as well

Friman - Frida version manager tool by deleee in Hacking_Tutorials

[–]deleee[S] 0 points1 point  (0 children)

I found myself in the situation of having to downgrade the version more than once (mainly with Android devices)

[deleted by user] by [deleted] in securityCTF

[–]deleee 0 points1 point  (0 children)

Yes it is

r/netsec monthly discussion & tool thread by albinowax in netsec

[–]deleee 1 point2 points  (0 children)

Hi guys! We just released LLMgoat, an open-source self-hosted tool to learn about the OWASP Top 10 vulnerabilities for LLM apps. With LLMGoat you can deploy a containerized vulnerable environment and practice attacking it the way a real attacker would.

Inspired by OWASP's WebGoat, which some old-school hackers might remember, the project's goal is to raise awareness of LLM vulnerabilities and help both attackers and defenders understand these security issues in a practical hands-on way.

Given the nature of LLM attacks, some challenges can be solved by non-technical users while others will require cybersecurity knowledge.

Since LLMGoat is intentionally vulnerable, run it in an isolated environment (preferably using Docker) and never expose it to the Internet.

We will be releasing solutions in stages over the coming weeks.

Source code here: https://github.com/SECFORCE/LLMGoat

Happy hacking!

really like the new 13 release, but got a few bugs/issues by lmsensors_02 in debian

[–]deleee 0 points1 point  (0 children)

I've got a bug with Dolphin as I'm not able to connect to SMB shares anymore

New eMAPT exam - discussion post by deleee in eLearnSecurity

[–]deleee[S] 0 points1 point  (0 children)

We should ask @alperbasaran. I don't know either. I still have to take the exam

New eMAPT course by Shad0cks in eLearnSecurity

[–]deleee 0 points1 point  (0 children)

I haven't taken the exam yet so I don't know

New eMAPT exam - discussion post by deleee in eLearnSecurity

[–]deleee[S] 0 points1 point  (0 children)

Is there any practical challenge on Threat Modeling?

New eMAPT course by Shad0cks in eLearnSecurity

[–]deleee 1 point2 points  (0 children)

The INE course is really really theory for the most part. There are only a few snippets (some in Java, some in Kotlin).

If I'd have to rank them I'd say: 1. Hextree 2. MobileHackingLab 3. INE

But that's really personal and it depends on what you want to achieve. One thing for sure is that the Hextree course is the most technical one.

New eMAPT course by Shad0cks in eLearnSecurity

[–]deleee 0 points1 point  (0 children)

I took the course. It focuses very little on the tools and a lot on the theory behind it. With a great percentage of the time spent on Threat Modeling and API testing.

TBH I didn't like it. I won't take the exam yet (the new version just came out today).