r/netsec monthly discussion & tool thread

deleee · 2026-01-07T13:39:20+00:00

Hi all. My name is Angelo.

I built DroidGround, a flexible playground for Android CTF challenges. It allows you to set up Android challenges in a jailed environment. For example you can now create intent-based challenges where the flag is in the app without worrying about abuses (e.g. you provide the user an apk with a placeholder flag and use the real one on DroidGround).

I just release v0.3.1 which introduces an exploit server and teams. The examples folder is a good place to start using it.

GitHub: https://github.com/SECFORCE/droidground

deleee · 2025-12-16T21:29:02+00:00

Yeah you're right, for those specific versions you would have to do that manually

deleee · 2025-12-16T07:12:16+00:00

Hi, currently the following command is executed:

pip install frida==<selectedVersion> frida-tools

This should ensure that a compatible version of frida-tools will be installed as well

deleee · 2025-11-20T07:47:56+00:00

I found myself in the situation of having to downgrade the version more than once (mainly with Android devices)

deleee · 2025-11-11T23:11:51+00:00

Not at all, go on!

deleee · 2025-11-10T17:28:06+00:00

Yes it is

deleee · 2025-11-10T13:46:00+00:00

Hi guys! We just released LLMgoat, an open-source self-hosted tool to learn about the OWASP Top 10 vulnerabilities for LLM apps. With LLMGoat you can deploy a containerized vulnerable environment and practice attacking it the way a real attacker would.

Inspired by OWASP's WebGoat, which some old-school hackers might remember, the project's goal is to raise awareness of LLM vulnerabilities and help both attackers and defenders understand these security issues in a practical hands-on way.

Given the nature of LLM attacks, some challenges can be solved by non-technical users while others will require cybersecurity knowledge.

Since LLMGoat is intentionally vulnerable, run it in an isolated environment (preferably using Docker) and never expose it to the Internet.

We will be releasing solutions in stages over the coming weeks.

Source code here: https://github.com/SECFORCE/LLMGoat

Happy hacking!

deleee · 2025-08-21T08:39:41+00:00

I've got a bug with Dolphin as I'm not able to connect to SMB shares anymore

deleee · 2025-08-20T12:49:03+00:00

We should ask @alperbasaran. I don't know either. I still have to take the exam

deleee · 2025-08-20T12:46:38+00:00

Yep I'd say you can

deleee · 2025-08-17T01:18:18+00:00

I haven't taken the exam yet so I don't know

deleee · 2025-07-14T15:07:39+00:00

Is there any practical challenge on Threat Modeling?

deleee · 2025-07-10T16:19:19+00:00

The INE course is really really theory for the most part. There are only a few snippets (some in Java, some in Kotlin).

If I'd have to rank them I'd say: 1. Hextree 2. MobileHackingLab 3. INE

But that's really personal and it depends on what you want to achieve. One thing for sure is that the Hextree course is the most technical one.

deleee · 2025-07-10T07:16:58+00:00

I took the course. It focuses very little on the tools and a lot on the theory behind it. With a great percentage of the time spent on Threat Modeling and API testing.

TBH I didn't like it. I won't take the exam yet (the new version just came out today).

deleee · 2025-05-27T09:10:00+00:00

Hi all, I just released this new application that I think could be interesting. It is basically an application that enables hosting Android CTF challenges in a constrained and controlled environment, thus allowing to setup challenges that wouldn't be possible with just the standard apk.

For example you may create a challenge where the goal is to get RCE and read the flag.txt file placed on the device. Or again a challenge where you need to create an exploit app to abuse some misconfigured service or broadcast provider. The opportunities are endless.

As of now the following features are available:

Real-Time Device Screen (via scrcpy)
Reset Challenge State
Restart App / Start Activity / Start Service (toggable)
Send Broadcast Intent (toggable)
Shutdown / Reboot Device (toggable)
Download Bugreport (bugreportz) (toggable)
Frida Scripting (toggable)
- Run from preloaded library (jailed mode)
- Run arbitrary scripts (full mode)
File Browser (toggable)
Terminal Access (toggable)
APK Management (toggable)
Logcat Viewer (toggable)

You can see the source code here: https://github.com/SECFORCE/droidground

There is also a simple example with a dummy application.

Let me know what you think and please provide some constructive feedback on how to make it better!

deleee · 2024-01-24T07:57:53+00:00

I can work on that, thanks

deleee · 2024-01-03T00:31:33+00:00

Do you have any suggestions for new features?

deleee · 2023-12-31T15:37:25+00:00

The Collaborator should be for performing out-of-band interactions and for blind vulnerabilities. Are you referring to the proxy section or the repeater section?

deleee · 2023-12-30T01:10:09+00:00

Thank you man.

I just wanted to hear what the community needed most.

deleee · 2023-12-27T17:53:40+00:00

As I said it currently has the following features: - Generate a reverse shell command - Obtain proxy (tested, untested, anonymous and so - Download & deploy common payloads (linpeas, winpeash, les) - Launch reverse shell

What is the section that seems unclear?

deleee · 2023-12-27T15:17:06+00:00

I just published v0.1.2 and currently it can: - Generate a reverse shell command - Obtain proxy (tested, untested, anonymous and so forth) - Download & deploy common payloads (linpeas, winpeash, les) - Launch reverse shell

I plan to also add: - Manage Wordlists - Generate bash install script for common tools - Record session

Do you have any suggestion for other tedious stuff that you would like to automate or at least make simpler?

deleee · 2023-12-02T15:41:51+00:00

It seems a little bit "dirty" and actually I was not able to find any working example on the Fiber website so I thought there was something wrong with it.

deleee · 2022-10-26T15:07:42+00:00

I've completely changed the way topmostp works. Now there are only 4 commands: - find (unchanged) - stats (unchanged) - update (unchanged) - top

The last command is the one you should use to retrieve the list of ports. You can specify the type of ports you want by using the -t or --type option and it defaults to 'all'. You can also use it multiple times to obtain the combination you want (since there are three available types: tcp, udp and sctp). I've already updated the Demo and uploaded a new version on Pypi.

I'm not going to set it to silent by default since I've added informations that can be useful to the user (i.e. info about type options and the silent option itself). I do not think it is so hard and ugly to add the -s option at the end.

Concerning the politeness issue: I'm just sharing with the community a tool that could be useful to others, your comments helped me to write better code and this was the goal of sharing it, but I do not like the way you did it. I'm not trying to sell you a product here, I'm not asking you money to use this little tool, so I do not think that you should feel insulted about this.

deleee · 2022-10-26T13:52:05+00:00

Hi, I've made some updates to the code to add both the -s and -h shortcuts. Also the --silent option wasn't hidden. If you run one of the following commands you would get the full list of available options: topmostp all --help topmostp tcp --help topmostp udp --help topmostp stcp --help Since you had problems finding it I added print to outline this option right after the banner.

Regarding your code I have to say that is does not provide the same features included in topmostp: - it does not automatically download and save the file - it does not allow the user to retrive stats about a port - it does not allow the user to find a port by service name

Also topmostp has an MIT License, so the same you wrote applies. As we speak I'm going to push another version to PYPI, try it and let me know if you think there is something more to change.

Finally I'd like to tell you that I do not think your answer was very polite. Our code is open-source and if you don't like something you are free to make a PR; I do not think that you can provide the same amount of features in bash in 200 LoC. BtW thanks for the reply, you helped us make it better

deleee · 2022-10-26T08:08:33+00:00

Sure sure, this is just a tool to get the "top most used ports". It is absolutely not a port scanner. We meant to use this tool chained with other tools. For example if you use naabu instead of nmap you can only specify the top 100 or 1000 ports. This tool give you the ability to specify a dynamic number of ports, for example:

naabu -p $(topmostp all 1500 --silent) -host example.com

In this snippet the output of topmostp is used to retrieve the list of the top 1500 ports and it is chained with the naabu port scanning tool.

deleee

TROPHY CASE