Skip to content

Latest commit

 

History

History
79 lines (46 loc) · 2.19 KB

Planning - To do.md

File metadata and controls

79 lines (46 loc) · 2.19 KB

Not Streamable

Pentesterlab - Will run out, do it, just 1 month

TCM IOT.. - I only have 3 months https://academy.tcm-sec.com/courses/2138967/lectures/48187595 https://academy.tcm-sec.com/courses/enrolled/1547503

Humble bundle courses (on packt) - Not time critical

Check if it's streamable

NahamSec's Bug Bounty Course, sent question

Tibs privesc courses

Streamable

Advent of Cyber - Timing

Antisyphon Labs https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md

Go through s1rens notes https://sirensecurity.io/blog/s1rens-zero-to-navy-seal-of-crackin/

Projects

Hacking router - Arris NVG468Q

  • status: we have serial communication and can abort boot
  • next: can we download the firmware? can we get root?
  • download firmware? make account to do this?

Honeypot project, T-Pot?

  • status: Debian installed on SFF
  • next: install t-pot?

Raspberry Pi GPIO

  • status: We found the preinstalled python library and did some tests
  • next: test ultrasonic sensor
  • can we get lower level control
  • can we get analog input

cyber security game (to make a twitch category)

  • status: We have a building and a basic character. we also found a separate server room
  • next: open doors, interact
  • the plan is to get into the building, physical pen test style, and finally get into the server room

netcopy program (c program to copy files using sockets)

  • status: we can connect and communicate and enumerate files
  • next: actually copy the files

use arduino tools for hardware hacking

  • Status: not started

Boxes

List of boxes for cert study

https://www.vulnhub.com/entry/stapler-1,150/ https://docs.google.com/spreadsheets/u/0/d/18weuz_Eeynr6sXFQ87Cd5F0slOj9Z6rt/htmlview?pli=1# https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#

Articles to read

https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work

Youtube to watch

Finding and Fixing AD CS Issues with Locksmith w/ Jake Hildreth https://www.youtube.com/watch?v=e3zW3Xdn9VE Attack Tactics 5: Zero to Hero Attack https://www.youtube.com/watch?v=kiMD0JFFheI hardware n binary stuff https://www.youtube.com/@hackerassociate/videos