Cybersecurity, hacking, certifications, mentoring, programming, red teaming, etc. All these things require you to be constantly learning, but how does one do that effectively? This channel is dedicated to an 'organic' learning style where I will be experimenting with and learning interesting things related to cybersecurity. My hope is that by sharing my curiosity, thoughts, opinions, successes, and failures, we will all grow in our understanding and passion for all things cybersecurity.
This unfortunate software, which has been around since the early 2000's, will now and forever have its name uttered with a slight chuckle as each of us manifests our inner Beavis and/or Butthead for just a brief moment in time. 😁
Hey welcome back again😂 ur here one moment next your gone for months anyways glad to see videos come out instead of not posting for years like some other youtubers. Hey could u maybe do some more of the evasion malware videos u did earlier like i think its been almost a year since u did a video like payload creation obfuscation evasion stuff like that
LOL yeah, I tend to be a bit sporadic with the content 😁, but I try to make unique content (which is probably why I only have 11k subs after 3 years 🤣). If you're looking for good av/edr evasion videos, I would hop over to the Red Siege channel and watch their "Adventures in Shellcode Obfuscation" with Mike Saunders. Mike is a friend of mine and my dude is super smart. Here' s the link to the playlist ru-vid.com/group/PLT3EmOikjcyY2t6zVJT7rSB1sqK2IMq4e Cheers and thanks for being such a loyal subscriber!
@@daniellowrie yeah im already following it thats a cool series learned many tactics so far from it hoping to see some cool stuff from you also sadly i wasnt able to join the evasion course u had on ACi learning platform but will learns tons from here
Start Your Challenge: Url Fbyqvre! Lbhe gnfx vf gb gnxr qbja "N Unfu" Svaq jnlf, Svtug uneqre, Fznegre naq Oenire. Jva vf Lbhef. Tb ba, Oevat Tybel naq Gebcuvrf!!! uggcf://jjj.frphevhznpnqrzl.pbz --> Guvf vf jurer lbh fcnja A zipfile is given encrypted it tryed fcrackzip to unzip it I got the password In that there is a jpg I got an hash in a jpg i used exiftool>author>U2FsdGVkX1/Nzd+SqTEHDW1boiaehOmCFR0u+S1nQ0ZiYdX5aDGIKa2xADEiS3r/3h+VI4CL8ZLg24l35omqqw== I tried to decrypt it but its very harder it is multi encrypted Sir plz capture the flag Or help me to crack the hash plz plz sir
Entrapment is for law enforcement, not private individuals or companies. They are also your system and there’s nothing wrong with running your own system. The only questionable part is whether it’s legal to hack them or not because that’s the purpose of them. Is it legal to use something the way it’s intended to be used?
The prs sunburst guitar is magnificent and the ibanez I couldn't figure out ist a gio or jem with peavey amp nice setup I'm a subscribing for the good taste
It's so nice to have a fellow guitar nerd chime in to appreciate the gear! The Ibanez is a late 90's RG470 with a Seymour Duncan SH8 Invader in the bridge. Thanks for watching and thanks for the sub!
could you do some videos on evasion i recently saw you had a course in ACL about the same i couldn't join it cause of some financial conditions so if you do post some videos based on that here it would be awsome
Hey @user-wpnen1lt8r, let me point you to the Red Siege blog, where Mike Saunders goes over many evasion techniques and hopefully that is a useful resource to you. redsiege.com/blog/2024/06/adventures-in-shellcode-obfuscation-part-1-overview/ Cheers!
Thank you for doing this video. I just started my learning journey on cybersecurity just a few days back and just mainly did embracing my noobiness. LOL Well, I mean I did researching on where to start. That's how I found Portswigger and then eventually arrived at your RU-vid channel (GOOD STUFF!). BTW, on the last part where you need to see the content of /etc/passwd. You can view it by opening the URL (the one you edited) in a new tab and do a "Save page as". Save it as a text file and there you go you can view the goodies with just a text editor. Excuse my English. Not my native language. xD
Hey @Mechsas, thanks for watching and I'm glad to hear that you're enjoying my channel! I really appreciate your description of saving to disk to view the /etc/passwd file. I get so conditioned to rely on tools like Burp, that it can be very easy to get tunnel vision and forget about alternative methods. You should do a blog write-up for each lab. It will help you solidify your knowledge and would be a great resource for other learners! Cheers
Hi daniel , I have completed HTB Penetration Tester path now i am planning to go for cert I have two options what you recommend which one should I go for PNTP OR ecppt ?
Great question! The short answer is 'no'. The man page for nologin explains it like this... "nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field to deny login access to an account." "If the file /etc/nologin.txt exists, nologin displays its contents to the user instead of the default message." I hope that helps clear things up for you. Cheers!
Great question! If you don't get a root shell, then I would suggest dumping the firmware and then looking for useful secrets, or you could modify the firmware in a way that would allow remote access and then upload that modified firmware to the device. Just a few suggestions off the top of my head and I hope they help 👍 Cheers!
Hey KingErasmos, I'm so sorry to hear that you didn't enjoy my content. The intended audience I was aiming for was for those new to concepts and practices such as connecting to UARTs on devices that, as you say, "stupidly drops to the root shell without any authentication", looking for sensitive information, and possibly discovering weaknesses that could allow for exploitation. I was under the impression that this was something that falls under the rubric of "hardware hacking" as I learned how to do it from books and sites that described this process as an essential "hardware hacking" skill to master. If I'm mistaken in that understanding, then many thanks for the correction. When I made this video, I was new to this type of cybersecurity and was just excited to share what I'd learned with others new to it as well. I'm sure you're already aware of great hardware hacking channels like Joe Grand, The Flashback Team, and Matt Brown, but just in case you haven't here are the links to their channels. I hope they are more aligned with the type of content you're looking for. - Joe Grand ru-vid.com - The Flashback Team www.youtube.com/@FlashbackTeam - Matt Brown www.youtube.com/@mattbrwn All the best, Daniel
Hello sir, i have been infected with x worm and bitcoin miner. I resseted my pc and uninstalled a windows logon application from control panel, could you please give any tips or am i still infected?
So sorry to hear that you were infected. I'm a little more paranoid, so I probably would have restored from backup or just completely reinstalled Windows. Also, make sure you're running a quality AV/EDR solution, installing updates and patches on a regular basis for both your OS and 3rd-party apps, and finally don't trust links, downloads, or anything from the internet. I hope that helps
10:47 I've done this. Connected VCC to 5V on my adapter and heard a literally frying sound. Fortunately my brand new Waveshare USB to TTL had some kind of protection and both my board and adapter still works lol.
You made this look so d@mn easy. This was some information I have been looking for. I'm glad I stumbled across this video and look forward to learning more.
Hey Abdallah, I have some beginner content on this RU-vid channel, but not a full "zero-to-hero" kind of series. I do have a playlist that helps you solve all the labs for the Apprentice track for PortSwigger Web Security Academy, but other than that, I have full training courses that cover everything from beginner to experienced at acilearning.com I hope that helps
You're welcome and much love to my fans in India! I really enjoyed making this series, so I'm really glad to hear that you enjoyed it. Thanks for watching
I am honored to be compared to OccupyTheWeb! I haven't had the pleasure of meeting him yet, but he is a LEGEND and would really enjoy the opportunity to meet him! (Maybe I'll get to meet him at a conference some day 😀) Thank you so much for the compliments and I'm happy to hear that you're enjoying my content. I know I haven't posted in a while, but I'm hoping to get some fresh content out in the near future. Cheers!
@@daniellowrie can you provide some content about evasion i saw you were doing a course on aci learning that place about the same i couldnt join that cause of money restrains i have if you provide some content like that here it would be awsome
Hey Daniel, thanks for this new frame work video, Am still in my middle journey of learning bash. These past two days i tried out metasploit by creating a reverse shell(kali VM). I then established an http server using python, in the current directory that contains my reverse shell. Then when i accessed the http server in kali, using the browser in windows, the payload would not download but instead it just views in the browser and output encoded strings that's unreadable. What can i do for the payload to get downloaded when i access the http server listening on any address and on port 8000 in kali
Oh man, I can be a bit verbose for sure 😅 I'm sorry to hear that it bothered you so much. I totally get that my content isn't for everyone, but maybe you'd enjoy Matt Brown or Joe Grand. They are both very skilled at hardware and great presenters too. Cheers 😀👍
Just proves everything runs linux pretty much. Such a cool thing. I love it when i get to see the boot process of a device for myself instead of waiting silently for the device to come online. Also uboot has some great tools and you can even set env variables so it will boot into the shell by setting init=/bin/sh or init=/bin/bash
I used kali when it was called backtrack 4 ^^ It is truly my favorite OS. I also love Parrot OS, i use it whenever i need to use my WIFI adapter and i don't want to redo the driver installs with some headaches. But Kali is my all time favorite at age 14 i asked my mom to do the OSCP, but of course i did not knew what i was asking. Back when it was called Backtrack 5 it was only 1k for a permanent cert. On the bright side if my mom said yes i would lose the exam for sure XD so at least know we have guys like Daniel so we can prepare.
Right on! I remember the Backtrack days too! I remember thinking, "this will make me a 1337 h@x0r, it's got ALL the hacker tools!" Then I realized, "Oh yeah, now I need to learn how to USE all those tools 😅", and I'm still working on learning all those tools to this day 😆
@@daniellowrie Yes i had to admit that i looked up tutorials on slowloris and learned Linux without knowing what linux was because there was nothing online you could find 😆now i'm still learning how to do stuff and i love it! 🤪
Whonix can be run as a VM or on bare metal. I would highly suggest reading the Whonix documentation before deploying in your production environment. www.whonix.org/wiki/Documentation I hope that helps
I would try all the common passwords and even no password at all. If that doesn't work then you can try extracting the shadow file from the firmware and brute-forcing it with hashcat or using an online password cracker like crackstation.net. You might be able to grab a copy of the firmware from the device's support page. Then try extracting with binwalk. I hope that helps and best of luck!
Hi Daniel from ITproTV i did not know you had a youtube channel until today ^^ I saw you on David Bombal years ago but i didn't know you had a channel yourself
@@daniellowrie Haha well not for long I subbed to you! And by the way I spent 3 months on ITaproTV & watching you was always my favourite thing because you made every episode entertaining & masterfully interesting:) thank you for being our teacher
Daniel, I've been a fan of yours since the early days of itprotv. This series was great, as I've found myself in charge of perimeter assets at my current organization, this will help me provide additiional context around perimeter-based vulnerabilities.
Great video. You need an oscilloscope so you can have a visual representation of the voltage variations. They will be highs and lows; 1’s and 0’s. Have fun
Funny you say that! I was just looking at oscilloscopes the other day because I want to do more with hardware and it seemed like a good tool to have in the kit. Thanks for the suggestion!
Thanks for checking in on me, Bruce. I've just been super busy and haven't had the motivation to post anything new in a while. I hope to post something new soon though!
I honestly don't have any experience with Fedora Security Lab. I haven't used anything similar to RedHat since CentOS was a thing, but maybe it's time to take FSL for a test drive. Thanks for the suggestion!
Is there an easy way to develop a bypass technique like this? I want to solve it myself because the update is fast. But it's hard because I'm not a great developer.
I feel your pain. I too am not a great developer and building this bypass was a bit of a struggle for me, but I loved every minute of it (well maybe not EVERY minute LOL) and I learned a lot. So, the best advice I have is, don't look for the shortcut. Don't rob yourself of the knowledge and experience that comes from struggling through a problem and learning/failing your way out of it. I'm not saying you shouldn't ask for help, but don't look for the "easy way" while you're learning. Put the time and effort into making sure you understand what it is you're trying to do and eventually you won't have to label yourself as "not a great developer" (even though you probably will any way. DAMN YOU, IMPOSTER SYNDROME!!!) All that said, feel free to check out my code and just modify it for your bypass. Looking at other's code is a great way to learn at a faster pace. I'd even suggest you lean on AI a bit. Since you're learning it can be much faster to learn how to do something using AI, then it is to scour stackoverflow or sift through a book, or hit the right link on the google results page. Just make sure that you're not just doing a straight up copy/paste job without understanding what's going on and filling in the gaps with books,videos,tutorials,etc. Well I hope that helps you out. Now go write some crappy code and then keep massaging it until it does the thing :) Cheers!