β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Wargame- 2020 most popular :
π¦ OverTheWire - Semtex
π¦ OverTheWire - Vortex
π¦ OverTheWire - Drifter
π¦ pwnable.kr - Provide various pwn challenges regarding system security
π¦ Exploit Exercises - Nebula
π¦ SmashTheStack
π¦ HackingLab
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Wargame- 2020 most popular :
π¦ OverTheWire - Semtex
π¦ OverTheWire - Vortex
π¦ OverTheWire - Drifter
π¦ pwnable.kr - Provide various pwn challenges regarding system security
π¦ Exploit Exercises - Nebula
π¦ SmashTheStack
π¦ HackingLab
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Hacking-Lab
Hacking-Lab for Cyber Security Training
Hacking-Lab offers tailored cyber security training to strengthen your team's offensive and defensive skills. Learn more.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
> 2020 Reverse Engineering-most popular-Helfull :
π¦ Reversing.kr - This site tests your ability to Cracking & Reverse Code Engineering
π¦ CodeEngn - (Korean)
π¦ simples.kr - (Korean)
π¦ Crackmes.de - The world first and largest community website for crackmes and reversemes
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
> 2020 Reverse Engineering-most popular-Helfull :
π¦ Reversing.kr - This site tests your ability to Cracking & Reverse Code Engineering
π¦ CodeEngn - (Korean)
π¦ simples.kr - (Korean)
π¦ Crackmes.de - The world first and largest community website for crackmes and reversemes
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Codeengn
CodeEngn.com [μ½λμμ§] - Challenges
μ½λμμ§μ κ΅λ΄ 리λ²μ€μμ§λμ΄λ§ μ 보곡μ λ₯Ό μν΄ 2007λ
λΆν° 리λ²μ€μμ§λμ΄λ§ 컨νΌλ°μ€ λ° λΉκ³΅κ° μν¬μμ νμ
μ€λ¬΄μλ€κ³Ό ν¨κ» μ΄μνκ³ μμ΅λλ€. 리λ²μ€μμ§λμ΄λ§μ΄λΌλ νλμ ν° μ£Όμ λ‘ μννΈμ¨μ΄ 보μμ λν λ€μν μκ°κ³Ό μ°κ΅¬μ£Όμ μ λν μ 보곡μ λ₯Ό μΆκ΅¬νκ³ μμΌλ©°, μμ
μ μ΄μ΅ μμ΄ μμ μμ°μΌλ‘ μ΄μνκ³ μμ΄ ν° μμ°μΌλ‘ μ΄μνλ λ€λ₯Έ 컨νΌλ°μ€μ λΉν΄ μ¬λ¬ κ°μ§λ‘ λΆμ‘± ν μ μμ΅λλ€.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
2020 CTF
#Competition :
π¦ DEF CON
π¦ CSAW CTF
π¦ hack.lu CTF
π¦ Pliad CTF
π¦ RuCTFe
π¦ Ghost in the Shellcode
π¦ PHD CTF
π¦ SECUINSIDE CTF
π¦ Codegate CTF
π¦ Boston Key Party CTF
π¦ ZeroDays CTF
π¦ InsomniΓ’β¬β’hack
π¦ Pico CTF
π¦ prompt(1) to win - XSS Challeges
π¦ HackTheBox
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
2020 CTF
#Competition :
π¦ DEF CON
π¦ CSAW CTF
π¦ hack.lu CTF
π¦ Pliad CTF
π¦ RuCTFe
π¦ Ghost in the Shellcode
π¦ PHD CTF
π¦ SECUINSIDE CTF
π¦ Codegate CTF
π¦ Boston Key Party CTF
π¦ ZeroDays CTF
π¦ InsomniΓ’β¬β’hack
π¦ Pico CTF
π¦ prompt(1) to win - XSS Challeges
π¦ HackTheBox
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
2020 General hacking :
> top git resources :
π¦ Hack+ - An Intelligent network of bots that fetch the latest InfoSec content.
π¦ CTFtime.org - All about CTF (Capture The Flag)
π¦ WeChall
π¦ CTF archives (shell-storm)
π¦ Rookit Arsenal - OS RE and rootkit development
π¦ Pentest Cheat Sheets - Collection of cheat sheets useful for pentesting
π¦ Movies For Hackers - A curated list of movies every hacker & cyberpunk must watch.
π¦ Hopper's Roppers Intro. to CTF Course - A free course that teaches the fundamentals of forensics, cryptography, and web-exploitation required to be successful in Capture the Flag competitions.
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
2020 General hacking :
> top git resources :
π¦ Hack+ - An Intelligent network of bots that fetch the latest InfoSec content.
π¦ CTFtime.org - All about CTF (Capture The Flag)
π¦ WeChall
π¦ CTF archives (shell-storm)
π¦ Rookit Arsenal - OS RE and rootkit development
π¦ Pentest Cheat Sheets - Collection of cheat sheets useful for pentesting
π¦ Movies For Hackers - A curated list of movies every hacker & cyberpunk must watch.
π¦ Hopper's Roppers Intro. to CTF Course - A free course that teaches the fundamentals of forensics, cryptography, and web-exploitation required to be successful in Capture the Flag competitions.
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
ctftime.org
CTFtime.org / All about CTF (Capture The Flag)
Capture The Flag, CTF teams, CTF ratings, CTF archive, CTF writeups
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
2020 Post exploitation populars :
π¦ empire - A post exploitation framework for powershell and python.
π¦ silenttrinity - A post exploitation tool that uses iron python to get past powershell restrictions.
π¦ ebowla - Framework for Making Environmental Keyed Payloads
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
2020 Post exploitation populars :
π¦ empire - A post exploitation framework for powershell and python.
π¦ silenttrinity - A post exploitation tool that uses iron python to get past powershell restrictions.
π¦ ebowla - Framework for Making Environmental Keyed Payloads
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - EmpireProject/Empire: Empire is a PowerShell and Python post-exploitation agent.
Empire is a PowerShell and Python post-exploitation agent. - EmpireProject/Empire
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Updated Empire is a PowerShell and Python post-exploitation agent.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½:
1) git clone https://github.com/EmpireProject/Empire.git
2) Initial Setup
> Run the ./setup/install.sh script. This will install the few dependencies and run the ./setup/setup_database.py script. The setup_database.py file contains various setting that you can manually modify
3) and then initializes the ./data/empire.db backend database. No additional configuration should be needed- hopefully everything works out of the box.
4) Running ./empire will start Empire, and ./empire βdebug will generate a verbose debug log at ./empire.debug. The included ./setup/reset.sh will reset/reinitialize the database and launch Empire in debug mode.
> [for more](http://www.powershellempire.com/?page_id=110)
β @UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Updated Empire is a PowerShell and Python post-exploitation agent.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½:
1) git clone https://github.com/EmpireProject/Empire.git
2) Initial Setup
> Run the ./setup/install.sh script. This will install the few dependencies and run the ./setup/setup_database.py script. The setup_database.py file contains various setting that you can manually modify
3) and then initializes the ./data/empire.db backend database. No additional configuration should be needed- hopefully everything works out of the box.
4) Running ./empire will start Empire, and ./empire βdebug will generate a verbose debug log at ./empire.debug. The included ./setup/reset.sh will reset/reinitialize the database and launch Empire in debug mode.
> [for more](http://www.powershellempire.com/?page_id=110)
β @UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - EmpireProject/Empire: Empire is a PowerShell and Python post-exploitation agent.
Empire is a PowerShell and Python post-exploitation agent. - EmpireProject/Empire
Forwarded from Backup Legal Mega
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Quickly check whether the computer has been hacked (Linux version)
1) Abnormal account and permissions
If a hacker has ever had an opportunity to run a command, the other party will often want to continue this opportunity, as the industry calls it (persistence).
2) And creating a backdoor account is often a persistent approach.
3) Check abnormal account
3) Search users
cat /etc/passwdYou can see all the users and corresponding group information in the current system. If you have too many accounts, you canβt see them at a glance.
I usually use the following methods to filter:
> cat / etc / passwd | awk - F : '{print $7}' | sort | uniq - c
The purpose of changing the command is to print all types of shells and the corresponding number. For users with shells, you need to check carefully.
π¦Quickly check whether the computer has been hacked (Linux version)
1) Abnormal account and permissions
If a hacker has ever had an opportunity to run a command, the other party will often want to continue this opportunity, as the industry calls it (persistence).
2) And creating a backdoor account is often a persistent approach.
3) Check abnormal account
3) Search users
cat /etc/passwdYou can see all the users and corresponding group information in the current system. If you have too many accounts, you canβt see them at a glance.
I usually use the following methods to filter:
> cat / etc / passwd | awk - F : '{print $7}' | sort | uniq - c
The purpose of changing the command is to print all types of shells and the corresponding number. For users with shells, you need to check carefully.
Forwarded from Backup Legal Mega
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Β» π¦Quickly check whether the computer has been hacked (Linux version)
π¦Check users :
If you obtained an abnormal user name (assumed to be hacker) in the previous step , you can check the user in detail using the following methods:
1) View user id and group information: id hacker
2) View user's recent login information: lastlog -u hacker
3) View user history login information: last hacker
4) View user login failure information: lastb hacker
5) View comprehensive information: finger hacker
6) Note: The fingercommand is not built-in in some operating systems, you can use the package management tool to install it yourself, such as:
> Ubuntu/Debian: apt-get install finger
> CentOS/RedHat: yum install finger
> ArchLinux: pacman -S finger
7) The other non-built-in commands mentioned below are similar
Β» π¦Quickly check whether the computer has been hacked (Linux version)
π¦Check users :
If you obtained an abnormal user name (assumed to be hacker) in the previous step , you can check the user in detail using the following methods:
1) View user id and group information: id hacker
2) View user's recent login information: lastlog -u hacker
3) View user history login information: last hacker
4) View user login failure information: lastb hacker
5) View comprehensive information: finger hacker
6) Note: The fingercommand is not built-in in some operating systems, you can use the package management tool to install it yourself, such as:
> Ubuntu/Debian: apt-get install finger
> CentOS/RedHat: yum install finger
> ArchLinux: pacman -S finger
7) The other non-built-in commands mentioned below are similar
Forwarded from Backup Legal Mega
Β» ]Quickly check whether the computer has been hacked (Linux version)
π¦Check abnormal permissions
Linux users will generally use sudoto allow ordinary users can perform root operations, so for the average user already exists,
Can not be taken lightly. sudoPermissions management, in /etc/sudoersand /etc/sudoers.dyou can view,
It is best to check the changed files frequently to ensure that no ordinary user has obtained unexpected permissions. For each ordinary user,
You can use the command groups usernameto query the group it belongs to, if it is root or sudo group,
Or the group is in the /etc/sudoersfile, then it will be especially alert.
π¦Check abnormal permissions
Linux users will generally use sudoto allow ordinary users can perform root operations, so for the average user already exists,
Can not be taken lightly. sudoPermissions management, in /etc/sudoersand /etc/sudoers.dyou can view,
It is best to check the changed files frequently to ensure that no ordinary user has obtained unexpected permissions. For each ordinary user,
You can use the command groups usernameto query the group it belongs to, if it is root or sudo group,
Or the group is in the /etc/sudoersfile, then it will be especially alert.
Forwarded from Backup Legal Mega
Β» ]Quickly check whether the computer has been hacked (Linux version)
1) Abnormal startup items
The self-starting process under Linux differs according to its service manager, and the following three are commonly used:
2) Upstart
Upstart is an event-based method used to replace the ancient /sbin/init process to handle tasks and service self-starting.
π¦To view this type of self-starting file, you can use the following command:
> View all self-starting projects: initctl list
>View a self-starting project: initctl show-config evil
SystemV
> SystemV is service start/stop/status xxx.servicethe service management system behind commonly used commands.
π¦ To view this type of self-starting file, you can use the following command:
1) View the self-starting script: ls /etc/init.d/
2) View symbolic links for runlevels: ls /etc/rc*.d/
SystemD
3) SystemD is a modern service management system, and the newer Linux versions have all been migrated to SystemD.
π¦ There are two ways to view all self-starting services:
1) systemctl list-unit-files --type=service
ls /lib/systemd/system/*.service /etc/systemd/system/*.service
2) The old version of Linux is generally a mixture of Upstart and SystemV, and most of the new versions have been migrated to SystemD.
1) Abnormal startup items
The self-starting process under Linux differs according to its service manager, and the following three are commonly used:
2) Upstart
Upstart is an event-based method used to replace the ancient /sbin/init process to handle tasks and service self-starting.
π¦To view this type of self-starting file, you can use the following command:
> View all self-starting projects: initctl list
>View a self-starting project: initctl show-config evil
SystemV
> SystemV is service start/stop/status xxx.servicethe service management system behind commonly used commands.
π¦ To view this type of self-starting file, you can use the following command:
1) View the self-starting script: ls /etc/init.d/
2) View symbolic links for runlevels: ls /etc/rc*.d/
SystemD
3) SystemD is a modern service management system, and the newer Linux versions have all been migrated to SystemD.
π¦ There are two ways to view all self-starting services:
1) systemctl list-unit-files --type=service
ls /lib/systemd/system/*.service /etc/systemd/system/*.service
2) The old version of Linux is generally a mixture of Upstart and SystemV, and most of the new versions have been migrated to SystemD.
Forwarded from Backup Legal Mega
Β» ]Quickly check whether the computer has been hacked (Linux version)
π¦other
1) Abnormally scheduled tasks
In addition to the above self-starting services, under Linux, you can also run persistent tasks through scheduled tasks.It is relatively simple to check for abnormal scheduled tasks
2) You only need to view /etc/crontaband /etc/cron.*the scheduled task files in the subdirectory .
3) bash initialization
Anyone who has used Linux knows that $HOME/.bashrcit can be initialized and applied to each shell in the file,
4) In other words, the script inside may be executed every time a new terminal is opened.
5) Such profiles include .bashrc, .bash_profile, .bash_login, .profileand so on.
6) Whether it runs and the order of running is determined by whether the shell is logged in when it is called, and whether it runs interactively,
π¦other
1) Abnormally scheduled tasks
In addition to the above self-starting services, under Linux, you can also run persistent tasks through scheduled tasks.It is relatively simple to check for abnormal scheduled tasks
2) You only need to view /etc/crontaband /etc/cron.*the scheduled task files in the subdirectory .
3) bash initialization
Anyone who has used Linux knows that $HOME/.bashrcit can be initialized and applied to each shell in the file,
4) In other words, the script inside may be executed every time a new terminal is opened.
5) Such profiles include .bashrc, .bash_profile, .bash_login, .profileand so on.
6) Whether it runs and the order of running is determined by whether the shell is logged in when it is called, and whether it runs interactively,
Forwarded from Backup Legal Mega
π¦For bash, the execution flow is as follows:
Forwarded from Backup Legal Mega
The execution sequence is A->B->C, B[123] means that it will be executed only when the first script exists. The flow chart is as follows:
Forwarded from Backup Legal Mega
Β» ]Quickly check whether the computer has been hacked (Linux version)
π¦ For the login/non-login shell and interactive/non-interactive shell, please refer to other introductions on the Internet, which will not be expanded here.
> As long as you know the order of files executed by your shell initialization and check these files for suspicious commands, you can find abnormal information.
> Application-level self-start
It is difficult to find all suspicious self-starting items. Experienced attackers can modify existing self-starting scripts and pull up additional commands.
> This reduces the risk of being discovered. Some Linux desktop versions will also be responsible for running similar self-starting commands, such as my favorite xfce,
In Settings -> Session Starup -> Application Autostartcan add applications from the start.
π¦ For the login/non-login shell and interactive/non-interactive shell, please refer to other introductions on the Internet, which will not be expanded here.
> As long as you know the order of files executed by your shell initialization and check these files for suspicious commands, you can find abnormal information.
> Application-level self-start
It is difficult to find all suspicious self-starting items. Experienced attackers can modify existing self-starting scripts and pull up additional commands.
> This reduces the risk of being discovered. Some Linux desktop versions will also be responsible for running similar self-starting commands, such as my favorite xfce,
In Settings -> Session Starup -> Application Autostartcan add applications from the start.