Unity Game Hacking Challenge - "Azusawa’s Gacha World" [SekaiCTF]
Video walkthrough for "Azusawa’s Gacha World", a [game] reversing challenge from Project SEKAI CTF 2023. The challenge involved memory manipulation with cheat engine (optional), reverse engineering of Unity game code (C#) in dnSpy, some network traffic analysis and HTTP traffic manipulation. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #SEKAICTF #ProjectSEKAI #CTF #ReverseEngineering #GameHacking #CheatEngine
You can find my full write-up here: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/sekai_23/rev/azusawas_gacha_world.md 🥰
If you liked this video and/or want to learn more about game hacking with cheat engine, check out the full tutorial series I created on the @intigriti channel: https://www.youtube.com/watch?v=ku6AtIY-Lu0&list=PLmqenIp2RQcg0x2mDAyL2MC23DAGcCR9b and the gamepwn README: https://github.com/Crypto-Cat/CTF/tree/main/game_hacking#readme
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Project SEKAI CTF↣
https://ctftime.org/event/1923
https://ctf.sekai.team/challenges
https://discord.com/invite/6gk7jhCgGX
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
0:00 Start
1:05 Explore functionality
2:09 Increase coins/credits with Cheat Engine
3:38 Decompile Assembly-CSharp.dll with dnSpy
5:50 Patch game code
9:39 Monitor network traffic
11:20 Manipulate HTTP requests
12:23 Decode the flag
13:18 End
42
views
16 - Open Redirect (low/med/high) - Damn Vulnerable Web Application (DVWA)
16 - Open Redirection (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. Hope you enjoy 🙂
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Damn Vulnerable Web Application (DVWA)↣
https://github.com/digininja/DVWA
↢Open Redirects↣
@PwnFunction: https://www.youtube.com/watch?v=4Jk_I-cw4WE
https://learn.snyk.io/lessons/open-redirect/javascript
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/04-Testing_for_Client-side_URL_Redirect
https://cwe.mitre.org/data/definitions/601.html
https://portswigger.net/support/using-burp-to-test-for-open-redirections
↢Chapters↣
Start - 0:00
Open Redirections - 0:06
Low - 1:53
Med - 6:14
High - 8:33
Impossible (source code review) - 10:33
End - 12:38
14
views
Is this NEW Generative AI Feature a GAME CHANGER? [Adobe Firefly]
A demo of Adobe Firefly, the new generative AI functionality in Photoshop. We'll explore various applications of the ethical AI-assisted editing feature, including generative fill (beta) to edit a photograph. First, we'll remove the people (and other objects) from the beach. Next, we'll extend/expand the image, generating additional content that seamlessly clicks into the image. We'll also replace the sky, change the sand and add a variety of animals and objects. Finally, we'll play around with a cartoon image (CryptoCat) to see how the AI functionality works with illustrations. During the course of the video, we'll discuss some of the advantages/disadvantages, talk about bugs, design choices (stock images only) and cyber-security implications (deep fakes). Hope you enjoy this video, next week will see the return of the usual hacking content you expect from this channel 😸 #Photoshop #Firefly #AI #GenerativeAI #ArtificialIntelligence #GraphicsDesign #PhotoEditing
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Resources↣
https://www.adobe.com/uk/products/photoshop/landpa.html
https://www.adobe.com/sensei/generative-ai/firefly.html
https://www.creativebloq.com/features/everything-you-need-to-know-about-adobe-firefly
↢Chapters↣
0:00 Start
0:36 Removing people/objects
2:57 Extend/expand the image
6:00 Clean-up seams/tears
7:14 Replace the sky (sunset)
8:36 Add objects (islands, animals, statue etc)
14:06 Attempt to edit cartoon character (CryptoCat)
17:47 End
13
views
15 - Authorisation Bypass (low/med/high) - Damn Vulnerable Web Application (DVWA)
15 - Authorisation Bypass (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. Hope you enjoy 🙂
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Damn Vulnerable Web Application (DVWA)↣
https://github.com/digininja/DVWA
↢Authorisation Bypass↣
https://portswigger.net/web-security/access-control
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References
↢Chapters↣
Start - 0:00
Low - 0:54
Authentication vs Authorisation - 2:22
Insecure Direct Object Reference (IDOR) - 3:47
Med - 5:13
High - 7:08
Impossible - 8:54
End - 10:08
178
views
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1859
https://2023.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Patch lib-c (pwninit): 0:20
Test the program functionality: 1:05
Check the binary protections (checksec): 1:37
Analyse decompiled code (ghidra): 3:53
Recap of analysis: 6:51
PwnTools script: 8:40
Setup breakpoints: 14:38
Debug with GDB (pwndbg): 15:33
Heap recap (chunk structure): 16:20
Reviewing vulnerability / exploit: 18:01
Finish PwnTools script: 20:40
Test against remote server: 24:13
Final recap: 25:07
End: 25:56
25
views
Web Challenges [Space Heroes CTF 2023]
Video walkthrough for some web exploitation challenges from the Space Heroes (CTF) competition 2023. Some topics covered include; HTTP parameter pollution, chatGPT breakout (prompt injection/leakage), insecure file upload, XSS, CSP bypass and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #SpaceHeroes #SpaceHeroesCTF #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Space Heroes CTF↣
https://ctftime.org/event/1856
https://spaceheroes.ctfd.io/challenges
https://discord.gg/BsSyhTDdne
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Sanity Check In Space: 0:24
attack-strategies: 2:27
Bank-of-Knowhere: 4:58
My new best friend: 12:21
The DEW: 18:38
End: 29:28
37
views
Teleporting Through Walls with Cheat Engine - "No Way Out" [PicoCTF 2023]
Walkthrough for a Unity game hacking challenge from the Pico Capture The Flag competition 2023 (picoCTF). First, we'll decompile the Assembly.Csharp.dll with DNSpy and patch/re-compile the code to retrieve the flag. In the second solution, we'll use Cheat Engine 7.5 to identify our player position and teleport through the wall, allowing us to recover the flag. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #ReverseEngineering #CTF #CaptureTheFlag #Pico #PicoCTF #PicoCTF2023 #CheatEngine #GameHacking
If you liked this video and/or want to learn more about game hacking with cheat engine, check out the full tutorial series I created on the @intigriti channel: https://www.youtube.com/watch?v=ku6AtIY-Lu0&list=PLmqenIp2RQcg0x2mDAyL2MC23DAGcCR9b and the gamepwn README: https://github.com/Crypto-Cat/CTF/tree/main/game_hacking#readme
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢PicoCTF↣
https://ctftime.org/ctf/194
https://play.picoctf.org/events/72/challenges
https://picoctf.org/discord
https://twitter.com/picoctf
↢Resources↣
Ghidra: https://ghidra.re/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Review Game: 1:10
Solution 1:Decompile with DNSpy: 3:35
Solution 1: Patch Assembly.Csharp.dll: 7:25
Solution 2: Cheat Engine: 9:13
Solution 2: Identify player position: 10:04
Solution 2: Teleport through wall 12:30
End: 14:11
30
views
Doublespeak: Jailbreaking ChatGPT-style Sandboxes using Linguistic Hacks
A review of Large Language Model (LLM) vulnerabilities/exploits, e.g. including prompt leakage, prompt injection and other linguistic hacks. We'll run through levels 1-9 of the doublespeak.chat challenges, produced by Forces Unseen. doublespeak.chat is a text-based game that explores LLM pre-prompt contextual sandboxing. The challenges prime an LLM (Chat-GPT) with a secret and a scenario in a pre-prompt hidden from the player. The player's goal is to discover the secret either by playing along or by hacking the conversation to guide the LLM's behavior outside the anticipated parameters. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Video-Specific Resources↣
https://doublespeak.chat
https://blog.forcesunseen.com/jailbreaking-llm-chatgpt-sandboxes-using-linguistic-hacks
https://simonwillison.net/2023/Feb/15/bing/#prompt-leaked
https://simonwillison.net/series/prompt-injection
https://medium.com/seeds-for-the-future/tricking-chatgpt-do-anything-now-prompt-injection-a0f65c307f6b
https://lspace.swyx.io/p/reverse-prompt-eng
https://github.com/sw-yx/ai-notes/blob/main/TEXT_CHAT.md#jailbreaks
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Jail-breaking LLM Sandboxes: 0:32
Prompt Leak/Injection: 6:30
Reverse Prompt Engineering Techniques: 9:22
Forces Unseen: Doublespeak: 16:50
Level 1: 18:05
Level 2: 18:23
Level 3: 20:05
Level 4: 21:17
Level 5: 23:07
Level 6: 24:00
Level 7: 24:57
Level 8: 26:24
Level 9: 36:04
End: 40:24
206
views
1
comment
CVE-2022-4510: Directory Traversal RCE in binwalk
A path traversal vulnerability (CVE-2022-4510) was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 (inclusive). This vulnerability allows remote attackers to execute arbitrary code on affected installations of binwalk. User interaction is required to exploit this vulnerability in that the target must open the malicious file with binwalk using extract mode (-e option). The issue lies within the PFS (obscure filesystem format found in some embedded devices) extractor plugin that was merged into binwalk in 2017. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Vulnerability #CVE-2022-4510 #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Video-Specific Resources↣
https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk
https://lekensteyn.nl/files/pfs/pfs.txt
https://github.com/ReFirmLabs/binwalk/pull/617
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Overview: 0:41
PFS (pfstool): 1:50
Vulnerability Breakdown: 2:46
Exploitation Details: 4:20
Proof of Concept (PoC): 6:56
CTF Use Cases: 11:29
End: 12:10
44
views
HackTheBox Battlegrounds - Server Siege (Practice Mode)
Wanna to watch me fail to gain a foothold on two @HackTheBox battlegrounds machines? Well, you're in luck! In this video, I compete in 2 practice games of battlegrounds server siege mode. Unfortunately, I didn't get a shell in either of the 15 minute matches but hopefully showing my real-time thought process and initial impressions of the competitive hacking mode will still be helpful to some people. If you think I should do some things differently, let me know in the comments! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #Battlegrounds #ServerSiege #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/battlegrounds
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific Resources↣
https://help.hackthebox.com/en/articles/5185620-introduction-to-battlegrounds
https://www.youtube.com/watch?v=gH_q0zRcPuI
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
What is Battlegrounds: 0:49
First Game: 5:08
Second Game: 23:44
End: 37:43
45
views
HackTheBox Certified Penetration Testing Specialist (CPTS) - Review + Tips
My review of the new @HackTheBox Certified Penetration Testing Specialist (CPTS) certification - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec #CPTS #Certification #Course
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://www.hackthebox.com/newsroom/certified-penetration-testing-specialist-cpts
https://academy.hackthebox.com/preview/certifications/htb-certified-penetration-testing-specialist
https://academy.hackthebox.com/path/preview/penetration-tester
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific Resources↣
AD Mindmap: https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg
ChatGPT: https://chat.openai.com/chat
@_JohnHammond CPTS Overview: https://www.youtube.com/watch?v=1gWRqxtK-zg
@bmdyy CPTS Review: https://www.youtube.com/watch?v=dRW1Gxmu__Q
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
What is HTB? 1:42
About CPTS: 7:13
Course Structure: 9:37
Pricing: 13:38
The Exam: 15:26
The Bad: 24:25
The Good: 31:44
CPTS vs OSCP: 34:30
Tips: 37:53
AD Attack Mindmap: 45:50
ChatGPT: 47:06
Crowd-sourced Questions: 53:51
End: 56:50
242
views
Tier 1: Funnel - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Funnel" machine from tier one of the @HackTheBox "Starting Point" track; "The key is a strong foundation". We'll be exploring the basics of enumeration, service discovery, pivoting/tunnelling and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/starting-point
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific Resources↣
https://academy.hackthebox.com/course/preview/pivoting-tunneling-and-port-forwarding/introduction-to-pivoting-tunneling-and-port-forwarding
https://nullsweep.com/pivot-cheatsheet-for-pentesters
https://sushant747.gitbooks.io/total-oscp-guide/content/port_forwarding_and_tunneling.html
https://catharsis.net.au/blog/network-pivoting-and-tunneling-guide
https://book.hacktricks.xyz/network-services-pentesting/pentesting-postgresql
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Enumeration (NMap): 0:33
FTP Anonymous Login: 1:48
Review Password Policy: 2:50
Password Spraying: 6:19
Internal Enumeration: 9:38
Port Forwarding: 13:11
Postgresql DB: 20:45
End: 24:38
117
views
2
comments
Tier 0: Synced - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Synced" machine from tier zero of the @HackTheBox "Starting Point" track; "The key is a strong foundation". We'll be exploring the basics of enumeration, service discovery, rsync (file transfer) and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/starting-point
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific Resources↣
https://rsync.samba.org
https://book.hacktricks.xyz/network-services-pentesting/873-pentesting-rsync
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
What is rsync? 0:47
Questions: 3:47
Capture The Flag: 7:30
End: 9:32
57
views
Tier 0: Mongod - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Mongod" machine from tier zero of the @HackTheBox "Starting Point" track; "The key is a strong foundation". We'll be exploring the basics of enumeration, service discovery, mongo (NoSQL) databases and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/starting-point
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific Resources↣
https://www.mongodb.com/nosql-explained/nosql-vs-sql
https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-debian
https://book.hacktricks.xyz/network-services-pentesting/27017-27018-mongodb
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Enumerate ports/services (Rustscan/NMap): 1:16
MongoDB (NoSQL) overview: 4:06
Basic Mongo commands: 6:19
Install MongoSh: 8:32
Explore database: 12:22
Retrieve flag: 13:21
Crack hash? 14:33
End: 16:30
62
views
Tier 1: Three - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Three" machine from tier one of the @HackTheBox "Starting Point" track; "You need to walk before you can run". We'll be exploring the basics of enumeration, service discovery, directory busting, insecure s3 buckets, aws-cli and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/starting-point
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific Resources↣
https://pentestbook.six2dez.com/enumeration/cloud/aws
https://blog.securelayer7.net/aws-penetration-testing-for-s3-bucket-service-basics-security
https://book.hacktricks.xyz/cloud-security/aws-security
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Enumerate ports/services (NMap): 0:12
Explore website: 0:50
Enumerate subdomains (ffuf? gobuster?): 2:07
Amazon s3 buckets: 7:13
aws-cli: 10:01
Insecure File Upload: 14:22
End: 17:51
120
views
Linked List Exploit Continued - GOT Overwrite - "Links 2+3" Pwn Challenge [ImaginaryCTF]
"Links 2" (Pwn) challenge from ImaginaryCTF (iCTF) 27/06/22 - "It turns out that there was a bug in how I was handling writing some elements, so I've fixed that. Also, I've stopped putting the flag in a global variable, because that's probably not a good idea. Double check my implementation one more time for me?". In this challenge we'll use Ghidra, GDB-PwnDbg and PwnTools to exploit a vulnerable custom LinkedList implementation by overwriting an global offset table GOT entry to point system(), so we can get a shell.
"Links 3" (Pwn) challenge from ImaginaryCTF (iCTF) 30/06/22 - "And now you guys are exploiting my View Time feature that I put there solely for your convenience? Fine, then - no more time for you!". This challenge has no view_time() function, so we lose the system() call. However, we can leak an arbitrary function from the GOT and use the Lib-C database to find the correct offsets (ret2libc). Hope you enjoy 🙂 #CTF #iCTF #ImaginaryCTF #Pwn #BinaryExploitation
Write-ups: https://github.com/Crypto-Cat/CTF/tree/main/ctf_events/ictf/pwn/links
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢ImaginaryCTF↣
https://imaginaryctf.org
https://twitter.com/imaginaryctf
https://discord.gg/9r8AJQkfs3
↢Video-Specific Resources↣
https://libc.blukat.me
https://libc.rip
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Links 1 Recap: 0:30
Reviewing Heap Layout in GDB-PwnDbg: 3:25
Keeping the Heap intact: 7:45
Links 2 Attack Plan: 11:55
Overwriting the GOT: 16:48
Stack Alignment: 20:08
Solution (leak system): 23:27
Links 3 (leak another lib-c function): 28:08
Recap: 33:27
End: 34:29
175
views
Exploiting a Vulnerable Linked List Implementation - "Links 1" Pwn Challenge [ImaginaryCTF]
"Links 1" (Pwn) challenge from ImaginaryCTF (iCTF) 23/06/22 - "I love linked lists, but I can never remember the exact syntax how to implement them in C. Can you check over this implementation and make sure I didn't screw anything up?". In this challenge we'll use Ghidra, GDB-PwnDbg and PwnTools to exploit a vulnerable custom LinkedList implementation by overwriting an entry link to point to the flag. Hope you enjoy 🙂 #CTF #iCTF #ImaginaryCTF #Pwn #BinaryExploitation
Write-ups: https://github.com/Crypto-Cat/CTF/tree/main/ctf_events/ictf/pwn/links
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢ImaginaryCTF↣
https://imaginaryctf.org
https://twitter.com/imaginaryctf
https://discord.gg/9r8AJQkfs3
↢Video-Specific Resources↣
https://www.geeksforgeeks.org/data-structures/linked-list
https://www.youtube.com/watch?v=_jQhALI4ujg
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic file checks: 0:56
Explore program functionality: 1:28
Linked Lists: 4:44
Review code (ghidra): 8:21
Attack plan: 15:49
First approach (fail): 17:46
Second approach (win): 21:00
Recap: 23:30
End: 25:43
22
views
Exploiting a Use-After-Free (UAF) Vulnerability - "Unsubscriptions Are Free" Pwn Challenge [PicoGym]
"Unsubscriptions Are Free" (Pwn) challenge from PicoGym (picoCTF) - "Check out my new video-game and spaghetti-eating streaming channel on Twixer!". In this challenge we'll use Ghidra, GDB-PwnDbg and PwnTools to exploit a Use After Free (UAF) vulnerability and read the flag. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Pwn #BinaryExploitation #BinExp #CTF #CaptureTheFlag #Pico #PicoCTF
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢PicoCTF↣
https://play.picoctf.org/practice/challenge/187
https://picoctf.org/discord
https://twitter.com/picoctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic file checks: 0:24
Review source code: 1:17
Ghidra analysis: 6:44
Debug with GDB-PwnDbg: 8:06
PwnTools Script: 13:07
End: 16:46
418
views
Tier 2: Base - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Base" machine from tier two of the @HackTheBox "Starting Point" track; "don't forget to contemplate". We'll be exploring the basics of enumeration, service discovery, directory busting, swap files, PHP type juggling, insecure file upload, privilege escalation with GTFOBins (find) and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/starting-point
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific Resources↣
https://medium.com/swlh/php-type-juggling-vulnerabilities-3e28c4ed5c09
https://portswigger.net/web-security/file-upload
https://gtfobins.github.io/gtfobins/find
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Enumerate ports/services (NMap): 0:13
Add to hosts + export $box: 1:19
Explore website: 3:06
Login (ffuf? SQLMap?): 3:50
Swap file: 6:31
PHP Type Juggling: 8:55
Insecure File Upload: 11:23
Gobuster: 13:53
Reverse Shell (navi - crunch): 15:42
Post-enumeration: 17:30
Privilege Escalation - GTFOBins (find): 19:35
End: 21:41
47
views
SEETF [Social Engineering Experts] 2022 - Challenge Walkthroughs
Video walkthrough for some Misc, Reversing, Pwn, Forensics and Web challenges from the Social Engineering Experts (SEE) Capture The Flag (CTF) competition 2022; Regex101, babyreeee, BestSoftware, 4mats, wayyang, "as" "df", easy_overflow, Sniffed Traffic, Sourceless Guessy Web and Super Secure Requests Forwarder. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #SEETF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Forensics #Reversing #Web
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Social Engineering Experts (SEE) CTF↣
https://ctftime.org/event/1543
https://play.seetf.sg/
https://twitter.com/seetf_sg
https://discord.gg/JNVzKc7PJR
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
[Misc] Regex101: 0:35
[Rev] babyreeee: 2:12
[Rev] BestSoftware: 15:59
[Pwn] 4mats: 19:59
[Pwn] wayyang: 31:11
[Pwn] "as" "df": 35:20
[Pwn] easy_overflow: 39:22
[Forensics] Sniffed Traffic: 1:02:15
[Web] Sourceless Guessy Web: 1:08:38
[Web] Super Secure Requests Forwarder: 1:09:40
End: 1:17:57
30
views
Intergalactic Recovery [easy]: HackTheBox Forensics Challenge (RAID 5 Disk Recovery)
Video walkthrough for retired @HackTheBox (HTB) Forensics challenge (originally featured in Cyber Apocalypse 2022 CTF) "Intergalactic Recovery" [easy]: "Miyuki's team stores all the evidence from important cases in a shared RAID 5 disk. Especially now that the case IMW-1337 is almost completed, evidences and clues are needed more than ever. Unfortunately for the team, an electromagnetic pulse caused by Draeger's EMP cannon has partially destroyed the disk. Can you help her and the rest of team recover the content of the failed disk?"
We'll use PwnTools to XOR the two uncorrupted RAID 5 drives, recovering the destroyed disk. Next, we'll use mdadm to rebuild the RAID 5 array. Finally, we'll mount the array and extract a PDF document, containing the flag. Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Forensics #DFIR #OffSec #CyberApocalypse #CyberApocalypse22
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/challenges/317
https://www.hackthebox.com/events/cyber-apocalypse-2022
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-specific Resources↣
https://medium.com/jeremy-gottfrieds-tech-blog/why-every-bit-is-not-equal-a-primer-in-computer-memory-7cb0be4fe115
https://www.prepressure.com/library/technology/raid
https://www.ontrack.com/en-gb/data-recovery/raid/explained/5
https://www.forensicfocus.com/forums/general/raid-5/
https://sleuthkit.discourse.group/t/raid-forensic-analysis/407
https://www.cyberciti.biz/faq/what-happens-when-hard-disk-fails-in-raid-5
https://mustafakalayci.me/2020/05/01/raid-5-and-xor
https://www.thomas-krenn.com/en/wiki/Mdadm_recovery_and_resync
https://ctftime.org/task/21470
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic file checks: 0:45
Computer Memory (volatile vs non-volatile): 3:04
Redundant Arrays of Inexpensive Disks (RAID): 6:30
RAID 5 parity and XOR: 11:08
XOR working disks to recover corrupted disk (PwnTools): 14:49
Map images to devices (losetup): 17:00
Rebuild RAID 5 array (mdadm): 17:56
Mount array and extract PDF: 19:18
Fix image sequence (-.-): 19:56
End: 22:02
50
views
Heap Exploit (ret2win) - "Hellbound" Pwn Challenge [HackTheBox Cyber Apocalypse CTF 2022]
Video walkthrough for Hellbound, a Binary Exploitation (Pwn) challenge from @HackTheBox Cyber Apocalypse 2022: Intergalactic Chase CTF. In this challenge we'll use a basic heap exploit to ret2win and compile a PwnTools script to automate the exploitation process. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CyberApocalypse22 #CyberApocalypse #CTF #Pentesting #OffSec #Pwn #BinaryExploitation
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HTB CyberApocalypse 2022↣
https://ctftime.org/event/1639
https://ctf.hackthebox.com/ctf/371
https://www.hackthebox.com/events/cyber-apocalypse-2022
https://discord.gg/hackthebox
https://twitter.com/hackthebox_eu
↢More HTB CyberApocalypse Write-ups↣
https://roderickchan.github.io/2022/05/19/Cyber-Apocalypse-CTF-2022-all-pwn-wp
https://github.com/Hilb3r7/CyberApocalypse2022
https://gore-ez-knee.github.io/posts/htb-ca-2022-writeup-table/
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic File Checks: 1:09
Binary Protections (checksec): 1:55
Explore Functionality: 3:05
Disassemble/Decompile with ghidra: 4:03
PwnTools script: 11:12
End: 16:43
77
views
Tier 0: Redeemer - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Redeemer" machine from tier zero of the @HackTheBox "Starting Point" track; "the key is a strong foundation". We'll be exploring the basics of enumeration, service discovery, pentesting Redis (REmote DIctionary Server) databases and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/starting-point
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific Resources↣
https://www.tutorialspoint.com/redis/redis_security.htm
https://book.hacktricks.xyz/network-services-pentesting/6379-pentesting-redis
↢Resources↣
Ghidra: https://ghidra.re/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Enumerate ports/services (NMap): 0:20
Answer questions on Redis: 0:40
HackTricks Pentesting Redis: 2:50
Explore redis-cli: 3:35
Extract flag from database: 5:50
End: 6:40
59
views
Angstrom CTF 2022 - Challenge Walkthroughs
Video walkthrough for some Misc, Web, Reversing and Pwn challenges from the Angstrom (CTF) competition 2022; Interwebz, amongus, Confetti, Shark1, Shark2, The Flash, Auth Skip, crumbs, Xtra Salty Sardines, Art Gallery, baby3, Numbers Game, whatsmyname, wah, really obnoxious problem and whereami. Topics covered include Linux usage, steganography, network traffic analysis, JavaScript debugging, cookie forging, python scripting, cross site scripting (XSS), LFI/directory traversal, reverse engineering, debugging, binary exploitation, buffer overflows. We'll use netcat, zsteg, wireshark, Firefox devtools, burpsuite, python requests, beautifulsoup, ngrok, git-dumper, GDB-PwnDbg, ghidra, ltrace, CyberChef, PwnTools, pwninit and ropper. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #WebSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1588
https://2022.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
[Misc] Interwebz: 0:25
[Misc] amongus: 0:45
[Misc] Confetti: 2:17
[Misc] Shark1: 5:44
[Misc] Shark2: 6:28
[Web] The Flash: 8:20
[Web] Auth Skip: 9:59
[Web] crumbs: 11:58
[Web] Xtra Salty Sardines: 17:58
[Web] Art Gallery: 26:44
[Rev] baby3: 33:17
[Rev] Numbers Game: 36:03
[Pwn] whatsmyname: 40:20
[Pwn] wah (ret2win): 45:26
[Pwn] really obnoxious problem (ROP): 52:35
[Pwn] whereami (ret2libc): 1:02:10
End: 1:18:12
61
views
NahamConCTF 2022: Web Challenge Walkthroughs
Video walkthrough for some of the Web challenges from the NahamCon (CTF) competition 2022; Jurassic Park, EXtravagant XML, Personnel, Flaskmetal Alchemist, Hacker Ts and Two for One. Topics covered include XML external entity (XXE) injection, SQL injection (SQLi), Regex injection, Cross-site Scripting (XSS), Server-side Request Forgery (SSRF) and 2FA (OTP) bypass. We'll use burp suite, Firefox devtools and ngrok. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #NahamCon #NahamCon2022 #NahamConCTF #CTF #Pentesting #OffSec #WebSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢NahamCon↣
https://ctftime.org/event/1630
https://ctf.nahamcon.com/challenges
https://discord.com/invite/ucCz7uh
↢Resources↣
Ghidra: https://ghidra.re/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Jurassic Park: 0:15
EXtravagant: 3:07
Personnel: 6:42
Flaskmetal Alchemist: 11:45
Hacker Ts: 22:42
Two for One: 31:46
End: 42:23
19
views