Hello everyone!

I’m currently working on a project for one of my college courses involving a flash drive based keylogger. I’ve gotten the keylogger working, but I am stuck on the next step. One of my goals is to make the program start automatically upon insertion of the flash drive into a windows pc without user interaction. The answers I’ve found online say it “can’t be done” since auto run is disabled on newer windows versions. Auto play seems to be a dead end too because it requires human interaction. All other answers require prior configuration of the computer itself. A solution must be out there since flash drive based malware still exists. How can I get it to start automatically? Any leads would be greatly appreciated!

Thank you!

https://www.extremetech.com/internet/us-cybersecurity-agency-will-review-malware-samples-sent-by-the-public

Title

So basically I'm asking for the most secure, most private, free password manager out there.

Certainly, nothing is more secure than a notebook, but let's face it—no one wants to carry around a notebook everywhere, especially one filled with thousands of passwords.

Thx

Usually a failed sign in attempt with impacket-mssqlclient gives output like “Invalid credentials” or “untrusted domain” (if your IP isn’t allowed to connect).

I’m working on a CTF & it’s just outputting

[*] Encryption required, switching to TLS

Then exiting.

Have any of you seen this before? Is it indicative of something, like the MSSQL Server not working properly?

Hey y’all. Working through hackthebox stuff and just wondering what resources are good for learning effective SQLi, or possibly any tips or things you wish you knew earlier. I’m pretty good at the networking side of things but SQL is kicking my ass

Thanks in advance

Here, you'll find a wealth of information on various aspects of hacking, including information gathering, scanning and enumeration, web hacking, exploitation, and windows/linux hacking.

https://github.com/Hacking-Notes/RedTeam

So professionally I had to do some certs. I was really excited about them especially the CEH, probably because I never looked into them ahead of the event.

but fuck me. I especially hated the definition of a script kiddie by the CEH I figured that showed perfectly what the CEH is. I can’t remember now but it wasn’t what a script kiddie was a script kiddie is someone who only knows the CEH.

the most advanced part of the course was going over or rather flying over metasploit. not even the advanced cool stuff just here’s metasploit here’s a few flags have fun.

Did I just take a terrible course (I did pass the cert) or do you feel the same?

I am doing a lab where I need to exploit NFS. So far I ran the following commands:

​

mkdir ross

showmount -e <ip>

mount -t nfs <ip>:/home/ross ross

cd ross

useradd -u 1005 ross (1005 is the UID of the owner of the files)

​

Goes without saying, but <ip> isn't actually the IP I am typing. Now I am supposed to install an SSH backdoor but I don't have write permissions in that folder, even though I am using the same UID and the folder is intentionally designed to be vulnerable. How do I bypass this?

​

Hello, I'm a master's student in cybersecurity and need to build a data exfiltration to a c2, what are the most common methods?
I want nobody to do my work just directions please =)

TL;DR No-U-Kai-Reply is a work in progress as a counter tool against spam emails. Looking for thoughts from other experts. Yes, initial research is done. Yes, this project is in progress and growing. The next post will share a GitHub repo.

First post so please be nice. I plan to follow up with a lot more work and results along the way if the feedback is good. (14+ years as a software engineer).

Context: So a few months ago, I was reading through my emails as I do every day. And over the years I've taken many steps to protect communications, but after a stout cup of joe and about 25 minutes of double-checking spam folders on multiple accounts as I do every few days. I got an idea and perhaps this is already done, but as an engineer, I think it is a fun build. Not to mention making the world a happier place for scammers. So I wanted to bring it to the larger community for feedback.

How: It takes emails from spam folders from many email accounts, then it takes the bodies and the emails and shuffles them, sending from each spammer email to another spammer email and sending the bodies with slight variations to the subject and the body. Alternatively, I can take blacklisted emails from ISPs or ESPs. In retrospect, that's probably better.

Edge Cases: A verified white list of emails that are safe and just happened to land in the spam box.

Of course, the IPs get blacklisted very quickly.

Having worked with massive companies on projects that have been blacklisted by ISP I know that email blasting or mass emails are possibly effectively off the table.

Rotating email servers every X hours/minutes.

Hitting some limits from the cloud service providers or ISPs but I'm sure I can figure that out with debouncing.

My school provides students with Macbook Airs as part of their education system, and have them all set up as company/school devices with a locked admin account and several proxy's and firewalls such as Linewize and Falcon.

For some extra context about my school, we are heavily iSTEM focused with a massive engineering course budget. Despite the large budget however, they have only this year opened up a programming course for year 11 and 12. There hasn't been much interest so far so the IT department decided to issue a challenge. (with permission from the school)

For the challenge, we have to figure out a way to either steal the password for the admin account or change the student account into an admin. The only rule is that our method has to involve programming, apart from that anything is allowed, and we have permission to use some degree of malware as long as it doesn't create any permanent changes or damage to devices. The winner of the challenge gets $50 and are allowed to unblock 1 website (non-explicit) for every unique solution the students can come up with. They will all be reset next year so the quicker we come up with a solution the more we get out of it.

I haven't ever tried coding before this, so I'm kinda stumbling around in the dark. So far I have figured out how to make a decent keyreader on Swift UI, but it can't run without admin password because all permission, VPN, Proxy and account settings are password locked. I also can't run the side command from terminal. I have scrolled through every web certificate and key chain entry possible, but the ones I need are admin locked. I can't think of any other ways to do it through kinda normal means. Recently I have been reading about malware, in particular SQL injections but don't know where to start and what would be a waste of time.

Any suggestions would be great.

Guys, right now, I am studying for the hack the box certification for pentester, so creating a playbook became of the uttermost importance, I always used Joplin to store the knowledge I learned and content I create, but Joplin is at most a markdown wiki.

I was thinking about creating a tool that could be used in the terminal or web app, where you can store your commands, and later be queried by some tags (like tool name, OS, usage), what you guys think about this idea?

I tried to find a tool with a similar idea, but I was unable to find such a thing. Or maybe I used a poor search terms.

Also, please let me know how you store your playbook if you have such a thing.

Thanks in advance.

hey there, so im looking for books which talks about technical stuffs, like not one of those kinds which talks about how to use (CLI) softwares.

Something like which explains all the known vulnerabilities, the working behind it and how they were discovered or something like that, Just looking for technical stuff.

i've looked on so many books for beginners but all of them talks about how to use software(like nmap or basic bash)

Hope i got myself clear. Ty.

I was under the impression the entire point of BIOS passwords were to "lock" the computer entirely, but no data was encrypted and the quickest safe way to unlock the BIOS was to reset the CMOS battery. However i've been told that some computers, specially laptops, have a BIOS password that can be set to stay on permanently unless you unlock them with the right password even if you reset CMOS, or you contact support from the manufacturer to get a flash key to remove it. Since as far as i know no method from any manufacturer involves external communications between a server and the computer i can assume its not a DRM measure.

Is it true? Are BIOS password that serious now and impossible to crack?

Is there any privacy/security concern about having a computer that the manufacturer can, using security through obscurity, always keep a backdoor open yet at the same time not let anyone with physical access to the internals crack or reset the BIOS password?

Vps are expensive and often share the same ip, if from the same providers

Vpns, socks, tor and so on, are often already abused/banned

Sim cards do share the same ip addresses

Leeching off third party devices, is not that easy,

Hello guys :) !

I built a raspberry pi with a touchscreen, I first wanted to run Kali and then wifite, airgeddon, etc. but as I wanted it to be portable it is not working with the inbuilt touchscreen keyboard.

Maybe some of you have an idea for a script (image) I can flash on it, something like the wifi marauder, etc. but for the Raspberry Pi. Maybe evil Twin, rogue AP, etc. That would be awesome! Thanks!

body text(optional)