This was great. I love your usual content but it's kinda filed under "studying" content rather than "entertainment" content in my brain lol. But with this the stress of the time limit made it very entertaining while still being educational. I'd love to see more stuff like this!
great video. really love the way you explain things is just so thorough and detailed. i also liked the fact the you dont cut out parts where you made a mistakes.
Thanks mate! I make videos for Portswigger's WebSecAcademy on the intigriti channel: ru-vid.com/group/PLmqenIp2RQciV955S2rqGAn2UOrR2NX-v Planning to cover their gin 'n juice shop on this channel soon as well 🙂
Retired boxes? I'm going to do one soon hopefully with a focus on my notetaking process and some tips and tricks for Obsidian. Might do some more Battlegrounds videos first though 🤔
Would love to see a similar video on Cyber Mayhem! Also I would focus less on automating enumeration here as the time limit is very constraining so I would mostly rely on gobuster/nmap and then manually enumerate everything else, that's just me though :) good stuff all around
Thanks mate! I'll try and do one for Cyber Mayhem at some point, I need to brush up my [non-existent] defence skills a little first 😅 Good tip, I actually just launched Tib3rius's AutoRecon for the last few games yesterday and focused more on manual enumeration. The time limit really adds pressure and I end up wasting time with indecisiveness 😆 Good practice though, I like it!
Good question! I generally use gobuster at the start but it's not recursive so if the website is big I might switch to ffuf (which has a recursive mode) or, more commonly, to dirbuster as I like the tree structure UI 🙂
Thanks for the recommendation! I have thought about doing juice shop in the past, time has always been the main issue. I've been doing some Web Security Academy videos over on the Intigriti channel so maybe I'll do some juice shop content there after 🙂
Hey, good question! When you are trying to find subdomains (or webpages, credentials etc) with ffuf, you want to filter out the invalid responses, e.g. if the subdomain exists, it should have a different content-length than a non-existing subdomain. In some cases, the valid/invalid responses will have exactly the same content-length, in which case we would filter by something else, e.g. the response code or some string the in the response such as "invalid" or "success" 🙂