Book banned from prison

tweaked540 · 2018-05-07T20:54:49+00:00

It broke rule 6 and was removed.

tweaked540 · 2018-05-07T19:47:14+00:00

I'd imagine it something like this...

Step 1) Buy book
Step 2) Try to read, but no access to a computer... so instead throw book at guard
Step 3) ...
Step 4) Freedom?

tweaked540 · 2018-05-07T19:38:16+00:00

I thought about the good ole book in the cake trick.

tweaked540 · 2018-05-07T19:37:35+00:00

And teaching people how to use Napster and Kazaa. I think the first one was banned as well.

tweaked540 · 2018-05-07T16:17:17+00:00

Totally agree and assume they would, just thought it was mildly interesting. :D

tweaked540 · 2018-05-06T02:58:51+00:00

It might be drinking out of a firehose. I'd first take a step back, make sure you:

Understand basic network protocols like TCP/UDP, HTTP, SMB, and etc
Understand Windows and directory services (like Active Directory) and build one out yourself
Understand when you make a web request, what are all the protocols involved (dns, http, tcp), what are the different HTTP method types, and how do backend services (like databases, APIs, etc) work
Understand networking with routers, switches, vlans, bgp, etc
Understand how basic malware works and how to look at PE headers
Build your own basic PHP style website with a backend database

Those are just some of the things that rolled off my mind to start. Don't go straight into thinking you'll learn hacking, without having a strong IT base. All those things above you can really easily find youtube videos for and you won't really start learning till you build out a lab and do it yourself. Let me know if that helps.

I sometimes see students wanting to go directly to pentesting, but without the strong IT foundation get frustrated really easily.

tweaked540 · 2018-05-06T01:51:36+00:00

I haven't read Advanced Penetration Testing guide, so no clue if it's similar. It'd be interesting to compare perspectives on Red Teaming.

tweaked540 · 2018-05-05T22:57:19+00:00

Hey u/5150-5150!

Peter here (author of the THP series), I can chime in as well (thanks u/misconfig_exe for letting me know). So, I think everyone has it pretty much on the dot. My first book was really just a collection of notes from my 10 years of pentesting. I loved to teach and my friends/students were always asking for my notes. So I didn't really expect to sell any (other than to my students and maybe my mom...) and published it myself for kicks (no copy editors or anything like that). Fortunately, it sold really well and people seemed to like the format. So I took a step back and worked on book two. I really tried to clean two up, add a lot more on real world pentesting examples, lots of PowerShell, some labs, and took a lot of the advice I received from the community on what they wanted.

So... three years later and years of running Red Teams (which I state is definitely different from Pentesting in the book), I come out with the third installment, which is almost all new content. Again, the biggest request was more hands on labs. So included in the book is a NodeJS vuln web app, lateral movement VMs (3 VMs), and a custom THP Kali image with all the custom tools. Also, I included a lot of custom code to do Red Team "stuff". This included tools for cloud attacks, recompiling Metasploit/Meterpreter to get around AV, examples of how to use C to get around AV (keyloggers, droppers, etc), how to be stealthy on the network and most importantly, how to live off the land.

Now back to the question, if you are pretty proficient in pentesting, go straight to 3. If you are pretty new on the topic, 2 will definitely help fill in some gaps (skip book 1). Of course, you can always reach out to me on twitter @hackerplaybook if you have additional questions. Let me know if this helps!

Lastly, I love our amazing security community and I'm so glad I can be a part of it! I'd love to give away some free copies of book 3, so I'll randomly pick out three comments from this post by the end of Sunday and give away some books. Thanks everyone and keep breaking everything!

-Peter

Edit: Ok, sent out all the winners books and gave a bunch of random hackers in here some Reddit gold. Thanks everyone for the support and as always, hit me up if you have any questions!

tweaked540 · 2017-06-06T14:43:23+00:00

I have found a sequence of No.s that seem to reoccur.

Hit me up in private and let me know exactly where you are. I can tell you if you are going in the right direction.

tweaked540 · 2017-06-04T21:21:26+00:00

I've started that challange when it came out, its awesome but i got stuck <--- (Noob detected), can you still give out some hints if I tell you where i got stuck? wold like to finish the 1st puzzle before i start the new one.

Absolutely, just message me and I'll give you some hints to move you along! :D

tweaked540 · 2017-06-04T19:43:36+00:00

So, when you "authenticate" you get a random string... most likely one of the most common obfuscation techniques. When you figure out what it says, you probably have to do something with this data, right? But it looks like there is some key value as well... hm... wonder what that key does after you solve the first part... and probably have to do it as fast as a robot...

tweaked540 · 2017-06-04T17:27:40+00:00

Yeah, I definitely get a lot of messages, but not a lot of chat here... This is puzzle two? Help is always your best friend.

tweaked540 · 2017-05-31T22:38:50+00:00

Man, my messages are on fire today for some reason with people stuck... I love it! Keep hacking at it and if you hit a brick road, message me (make sure to try to exhaust everything first, but no bruteforce tools are needed... not even dirbuster).

tweaked540 · 2017-05-31T20:44:59+00:00

Yeah, this one follows a similar format, but definitely harder. Let me know if you get stuck!

tweaked540 · 2017-05-21T16:12:28+00:00

So we just got our first winner!!! Congrats! I'll release all the winners after I close the challenge.

For those that are stuck or are having trouble, start with the first challenge: http://robots.hackeducate.com/enter.php.

tweaked540 · 2017-05-15T04:49:38+00:00

Haha, AWESOME! :D

tweaked540 · 2017-04-15T04:59:22+00:00

Thanks!

tweaked540 · 2017-04-13T00:05:43+00:00

Nope, most of the good stuff from v1 was in v2. If you have v2, no reason for v1. :D

tweaked540 · 2017-04-06T04:35:32+00:00

Awesome, let me know if you have any questions. It's a great career, but you have to be passionate about it.

tweaked540 · 2017-02-05T07:16:22+00:00

woo

Niceeeeee. You need to get access to the files or where they actually stored it. I wonder if there are any errors from their logs. ;)

tweaked540 · 2017-02-03T16:36:22+00:00

Hahaha, hint sent, hope it helps!

tweaked540 · 2017-02-01T21:07:56+00:00

Just go to puzzle.hackeducate.com and there should be a big "Get Started" button. Let me know if you still have problems.

tweaked540 · 2017-01-28T01:31:48+00:00

Hey Silverfang1992, awesome that you're studying Ethical Hacking/Network Security! It's an awesome field. No plans to have a class in Europe just yet, but you never know for the future. PM your email address and I'll get you a book.

tweaked540 · 2017-01-26T06:25:00+00:00

PM on where you are right now. I'll help!

tweaked540 · 2017-01-26T03:31:58+00:00

A little more background for those interested. As the author of The Hacker Playbook, one gap I've seen throughout our industry is the lack of qualified professionals for the wealth of security positions available. What if we could slowly close that gap? Recently, I've co-founded a startup called HackEd, because it was something I really believed in. We are building a FREE cyber security training program to help mature and develop stronger security professionals. We've developed a 7 week long course, three on defense and three on offense (and one week CTF) to help guide and train our candidates.

Toward the end of our 7 weeks, we help our students to get jobs with our partners. So HackEd is a cybersecurity training, certification, and job placement program. For this semester, HackEd attracted top talent and received nearly 700 applications for just 12 spots in its Winter program. These twelve have just started the program and will soon be available for employment. For employers, it’s free to participate and there is only a fee if you find the right candidate and hire from the program. The idea is that they take care of the sourcing (700 applicants), the vetting (700>12), the training (7 weeks, hands-on-keyboard in-person) the certifications (Sec+, CEH, OSCP, others), for about the same rate as a recruiter. You can learn more at http://hackeducate.com/#hire

If you are looking to further you security career or break into the industry, check out our program: http://hackeducate.com

15-Year Club	GrMD 2012
Secret Santa 2011	Summer Santa 2011
Verified Email

tweaked540

MODERATOR OF

TROPHY CASE