Monday, November 4, 2024

Filling in the Gaps of your foundational Knowlege

 Hacking is basically just abuse of foundational knowledge.
Seriously, its about foundational knowledge. So learn it!!

So the new kids don't come from CS and EE backgrounds as often anymore.

With just surface level attack knowledge you might be able to hack at an intermediate level and than one day you will hit a wall and that will be your hacking knowledge failing to propel you further, due to lack of foundational knowledge letting you see the unseen. We need to fix this.

The kids never listen but I always scream it from the mountain tops. and then I hear cries that they didn't go to school so poor them its not their fault right? Wrong, it is your fault because information is free cheap and in abundance, but at least your interested so cheers to that, lets move forward.

There is an easy fix to this dilemma

You don't need a CS or EE degree because you will self teach one in 1/4 the time frame without curriculum bloat. (universities are inefficient) Instead we learn relevant foundational skills to your career, interests, objectives so you can progress quicker. You need to learn math? No problem khan academy.. You need to learn about network protocols or programming no problem there are full YouTube playlists / books / labs for this that are better then university classes by far

The Fix:
Choose a foundational item of interest and roll with it daily, this can even be as little as just 20 minutes a day with your morning coffee. Sadly that's more efficient then a university class lol

Base your choice 75% off your interest and 25% off what you actually might use it for.. Lets give a few examples

1. Programming - You can use programming in literally every single part of infosec. Pick a general purpose language like "Python" to learn and code useful things.. Or a specific language if you have a specific interest for example, "solidity" if in blockchain, or "C/C++" if doing exploit dev / Reversing

2. Assembly / Computer Architecture - Choose this if you have any need / want to dive into reverse engineering, exploitation or even old school game dev

3. Hardware / Electronics stuff - Choose this if you want to work on fun projects and see how those 0's and 1's function while using your general purpose code do neat things as a way to progress into more IOT / Hardware hacking etc. This could be as simple as buying some arduino kits / books and learning about circuits and creating them and building devices etc

4. Protocols Protocols Protocols... Learn all about network protocols and how they function and how to interact with them and send raw sockets and assemble various protocols from standard network protocols to Bluetooth zigbee, blockchain, sub-ghz etc Scapy anyone?

5. You can choose any other foundational thing you feel that is holding you back maybe Linux cmdline?

Choose 1 thing and spend 6 - 18 months daily learning a bit and playing with it each day, building things with it and coding things related to it etc

Friday, October 11, 2024

Learning Binary Ninja for Reverse Engineering - Integrating AI workflows to Reverse Engineer Keygens

In this video we run through creating Keygens from binaries to bypass software restrictions using AI prompts where relevant to help us code our own keygens and understand algorithms. 

Example Binaries: CTF Binaries Used: https://github.com/cclabsInc/Binja

 

Twitter: https://twitter.com/ficti0n

Looking for a penetration test? 


 


 


 

Sunday, September 8, 2024

Real World Social Engineering Part 2: Integrating SE With Stealth Badge Readers Tips and Tricks

 Below is a video on using stealth readers with social engineering to gain access to physical targets on your penetration tests..   This is all based off real world engagements and actual use.. Not theory.. 

Cheers and keep hacking...  

Twitter:   https://x.com/ficti0n

Need A Penetration Test or a Covert Access Engagement / Physical Audit? 

CC Labs:  https://cclabs.io / https://consolecowboys.com




Monday, January 22, 2024

Learning Binary Ninja For Reverse Engineering and Scripting

 Recently added a new playlist with about 1.5 hours of Binary Ninja Content so far..   

Video 1: I put this out a couple months ago covering use cases and reversing flows as well as some basic scripting.. 


Videos 2+3 in the playlist start getting specifically into scripting for reversing automation.. Enjoy.. 


@Ficti0n on twitter..   


Video 1 UI Workflows and Scripting:



Video 2: Scripting Part1 


Video 3: Scripting Part 2



Wednesday, December 27, 2023

Real World Social Engineering - Turning life into a Penetration Test or one Hell of an Adventure

In this video you will learn all the things they never told on how to become a badass social engineer..  Instead of wasting time learning sneaky tactics to "Engineer" the outcome.. We focus on the part which is always left out when teaching social engineering..  the "Social" part..  

With the social part working correctly, the engineering part becomes seamless and easy to pull off without feeling forced. 




Monday, March 27, 2023

New Consulting Series Financial Statement Workshop

 I added a new video to the consulting series playlist today... This is for creating and managing your personal financial statements,  your budgeting of income/expenses from various sources and how to allocate those automatically to investments to build and track over time.... 

If you learn something.. Like and leave a comment...   Cheers... 




Tuesday, March 21, 2023

Web3 Smart Contract and Blockchain Hacking with Python Free Course Section 1

 Below is the full playlist and the outline for Section 1 the Web3 Hacking in Python course.. This is the most in-depth python based web3 material I have seen anywhere online. 

Section 1 is the foundational section of the course using python for web3 that covers the following topics and also assumes that you have already taken my smart contract hacking course from 2020.  


Smart Contract and Blockchain Web3 Hacking in Python: 

Section 1: 

Smart Contract Interactions: 

1.  Simple Smart Contract Interactions

2.  ERC20 Token Interactions

3.  Wallet Interactions

4.  Manual ByteCode Reversing

5.  ByteCode Function BruteForce Automation

6.  Automated Reversing and Disassembly

7.  Transaction Signing

8.  In Depth Manual Smart Contract Interactions

9.  Asynchronous programming to monitor Contract Events


Homework Assignments

1. Uniswap Pair nested Contract Interactions

2. Attacking Smart Contract Pathways Manually with python

3. Analyze Bytecode and Determine what it Interactions


Network Interactions: 

1. Blocks and transaction Filtering and Monitoring

2. Pending Transaction Subscriptions And Network Monitoring

3. Monitoring Smart Contract Mempool Transactions (Uniswap Routers)


Playlist: 

https://www.youtube.com/watch?v=UBK2BoFv6Lo&list=PLCwnLq3tOElrubfUWHa1qKrJv1apO8Aag&index=1

Filling in the Gaps of your foundational Knowlege

  Hacking is basically just abuse of foundational knowledge. Seriously, its about foundational knowledge. So learn it!! So the new kids don...