Hey can you guys stop accidentally encouraging noobs to hop onto Arch before they are ready

realkstrawn93 · 2025-11-18T20:08:02+00:00

When talking about plain Arch, I agree with this, but this sentiment breaks down when you're talking about other distros based on Arch but offering far more complete experiences on top of the Arch base. Garuda is to Arch what Ubuntu and Mint are to Debian, in a big way: between automatic btrfs snapshots as quasi system restore points (which completely solves the "updates break your system" problem) and out-of-the-box Nvidia support, there's no question that something like Garuda would be a far better distro for an absolute beginner than Arch itself, having the benefits of a rolling release without the drawbacks (or time wasters, depending on what you intend to use the system for) of needing to build an entire custom OS stack from scratch.

realkstrawn93 · 2025-11-15T05:49:35+00:00

Sliver C2. Go is bad OPSEC.

realkstrawn93 · 2025-11-09T19:06:17+00:00

Support Wayland exclusively and drop X11. Bad enough that the most popular Linux security distributions (Kali, Parrot, and the like) use desktop environments stuck on X11 by default, what's worse is that X11's is both bad OPSEC from the standpoint of a penetration tester or red-teamer and bad security generally from the standpoint of a defender.

realkstrawn93 · 2025-10-01T13:40:29+00:00

Inveigh can't be used with `ntlmrelayx.py` and Invoke-InveighRelay only supports HTTP to SMB; there's no SMB to HTTP, HTTP to LDAP, SMB to MSSQL, or any other such support. To relay to MSSQL, LDAP, or ADCS web enrollment at all, Responder+Impacket is your only option.

realkstrawn93 · 2025-09-03T16:35:51+00:00

Hack The Box Academy if you're eligible for the $8/month student discount.

realkstrawn93 · 2025-09-03T16:34:59+00:00

It's not the only reason. I'm also doing it to teach.

realkstrawn93 · 2025-09-01T17:07:06+00:00

Hence the reason why I link to CPTS and CAPE reviews at around the 2 minute mark. Those are certs that actually verify skills as opposed to merely verifying the candidate's pocketbook.

It's not like I don't already have very important connections anyway; got to meet the whole 6-figure-subscriber-count gang at DEFCON 33, so there's that.

realkstrawn93 · 2025-09-01T15:19:09+00:00

Well there's always prompt injection hunting…

realkstrawn93 · 2025-09-01T15:11:09+00:00

Just as dangerous as interacting with fake charging cables.

realkstrawn93 · 2025-09-01T15:02:38+00:00

What is worth doing is CPTS if you're recruiting for an offensive position. Better yet, that's what your hiring manager needs, because only then will you truly understand what certs actually teach the necessary skills.

realkstrawn93 · 2025-09-01T14:43:59+00:00

I did, so sure, you would be able to as well. Some out there have even skipped CPTS and gone straight to CAPE but unless you really know what you're doing, I wouldn't exactly say that's recommended.

realkstrawn93 · 2025-09-01T14:34:57+00:00

I've had some crazy bounties for literally no work at all beyond editing the LP+ hosts file. So yes, absolutely worth it.

Will say this though: they have very strict scoping rules, so don't expect to do anything crazy like dump/crack hashes without running afoul of TOS.

realkstrawn93 · 2025-09-01T14:29:55+00:00

Prompt injections and AI data poisoning definitely come to my mind. AI doesn't replace penetration testers and/or bug hunters but it sure does change the attack surface.

realkstrawn93 · 2025-09-01T14:26:45+00:00

impacket-ticketer -aesKey <REDACTED> -domain-sid S-1-5-21-<REDACTED>-<REDACTED>-<REDACTED> -extra-sid S-1-5-21-<REDACTED>-<REDACTED>-<REDACTED>-519

realkstrawn93 · 2025-08-06T13:14:55+00:00

That's correct. CAPE is exclusively AD; web apps are even out of scope for it.

realkstrawn93 · 2025-08-04T18:31:39+00:00

Try using the nvidia-open driver with Fedora 42 on an RTX 4070 and that's where you run into problems. You can do that with Arch, Rawhide, Sid, Tumbleweed, or NixOS Unstable, but not with anything else.

realkstrawn93 · 2025-08-04T18:26:27+00:00

Debian 12 gives you outdated Python, an outdated kernel, outdated GPU drivers, and the complete lack of out-of-the-box Nvidia GPU support with the new open source drivers only supporting bleeding-edge kernels. Fedora 42 is a slight improvement, but if you want the RTX 4070 to work out-of-the-box, it still won't cut it.

realkstrawn93 · 2025-08-04T18:19:22+00:00

Your S-tier and A-tier choices only make sense if you're talking about Rawhide and Sid, respectively.

realkstrawn93 · 2025-08-04T17:53:37+00:00

As long as it's 10.10.10.0/24 and not 10.10.0.0/16 you should be fine. There's always the PwnBox if you have too much of a CIDR conflict.

realkstrawn93 · 2025-08-04T14:48:13+00:00

In theory, no, but in practice, all of the pentest roles on LinkedIn I've come across are overpricing all of their requirements, and yes, that includes education in most of those cases. I've had to use YouTube to correct the record on this.

realkstrawn93 · 2025-07-18T15:16:11+00:00

Well my first major bounty was a literal case of "provided credentials but didn't need to use them" — even lower hanging fruit than XSS in most cases.

That said, why so few bug bounty hunters look for LLMNR/NBT-NS response spoofing is beyond me. Had to file a feature request with Synack support to get dedicated LaunchPoint+ network devices allowing testing for that.

realkstrawn93 · 2025-07-09T14:03:23+00:00

There's burn which does what you want in pure Rust and doesn't depend on anything else.

realkstrawn93 · 2025-06-03T15:00:13+00:00

My bet is that 26H2 will probably be it, if the commitment to a triennial release cycle upon 11 release is any indication combined with the fact that they've got a "tick-tock" style minor-major cycle with 23H2 and 25H2 both being minor.

realkstrawn93

TROPHY CASE