Reconnaissance Tools | Part 1 | TryHackMe Red Team Recon
In this video walk-through, we covered the first part of passive and active reconnaissance basics and tools. We covered DNS reconnaissance using tools such as dig, whois, nslookup in addition to online tools such as threat intelligence platforms. This was part of TryHackMe Red team pathway.

Video is here

Writeup is here
🗣MotasemHa


🎖@malwr

How do you get a debit/credit card without linking it to you?
For Ops Sec purposes:
- how will you get a debit/credit card or whatsoever that you can use to pay for AWS etc without having it traced back to you?

P.S.: Legal methods only please. Please don’t suggest buying off credit card details from dumps etc.
🗣Huang_Hua

The way you’re asking this question is most certainly for nefarious based purposes. Most threat actors will use compromised aws accounts or buy cc dumps.
👤AstroBoy1337

If you are doing legal and authorized testing, this is not necessary. As others have suggested, it is actually better to identify yourself to these services so they know that you aren't a real threat actor - otherwise, they suspend your account, you have bigger problems. They will be more likely to reach out if you information is legit and verifiable. I even use a +pentest alias in my contact email address.

For sketchier services (like residential proxy providers, in my experience) you can use something like Privacy.com, or use crypto if they accept it. The circumstances where you have to consider a service provider in your threat model as an authorized res teamer is few and far between.
👤DoctorGasbag

Buy a cash card from Walmart or Le Target Boutique (Target). You hand them cash, they will activate it there, and you can use that for subsequent online transactions executed over a VPN. Those don't work with Azure but *shrugs* there are plenty of other providers that they do work with. I haven't tried them with AWS.
👤CellUpper5067


🎖@malwr

New ways to inject system CA certificates in Android 14
🗣pimterry

Been using this the last couple days. Loved the ingenuity to it
👤tysear

This is an update to a previous post from a couple of weeks back, discussed quite a bit in this sub over here: https://httptoolkit.com/blog/android-14-install-system-ca-certificate/
👤pimterry


🎖@malwr

reverse engineering nrf51 firmware
I recently managed to extract the firmware from a nrf51822 chip over swd. The problem is, I am an absolute beginner to reverse engineering firmware, binwalk comes up blank, and other things I've tried, like firmware mod kit, have come up blank. I have also managed to open it in ghidra, but it doesn't seem to be quite right. I have found this git repository(https://github.com/DigitalSecurity/nrf5x-tools) that can help with reversing, and the scripts seem to be correctly identifying the firmware binary as from an nrf51822, but for actually reversing the firmware the script requires IDA pro's python api, which is not at all viable given its price. Is there any way to do something similar in ghidra or some other software?
🗣Matlex2


🎖@malwr

Binary Ninja 3.5 (Coruscant) released: mod/div deoptimization, UEFI support, auto variable naming, and more
🗣Psifertex

Coruscant? Uh, that doesn’t compute.
👤lannibal_hecter

Binary Ninja is god tier.
👤Soggy_Dingo_2767


🎖@malwr

Reverse engineering natively-compiled .NET apps
🗣atomlib_com

Yeah
👤Other_Ad8905

No surprises here…I don’t think MS has come up with a way to handle runtime type instantiation on reflected/non-static types. unity, with il2cpp, allows you to declare types, methods, classes, whatever in a config file so you ensure they are there even if they aren’t specified in the ast directly.
👤tnavda


🎖@malwr