Don’t Enter Your Password Into That Website: A Rant You Need to Hear

2025-05-01 3 min read Security Password

Don’t Enter Your Password Into That Website: A Rant You Need to Hear

Let me set the stage.

I came across a YouTube video the other day where the creator casually suggested that you can “check if your password has been leaked” by typing it directly into a website or tool. It was not a very popular content creator, none the less, I think we need to talk about this.

How Vim Can Make a Hacker’s Life Easier with Macros and Registers

2025-03-09 5 min read Hacking Tools

How Vim Can Make a Hacker’s Life Easier with Macros and Registers

Why Every Hacker Should Master Vim Macros and Registers

If you’re deep into hacking, pentesting, or security research, you know that automation is key. Repetitive tasks like manipulating payloads, encoding/decoding strings, or tweaking shell scripts can become tedious. Enter Vim macros and registers! These powerful features let you record and replay keystrokes, making your workflow insanely efficient.

No that I dont use IDE’s the likes of Visual Studio code (sometimes I do). However they can never match the raw power of vi/vim/nvim or any of the vim family of editors. To reap the maximum benefit, you have to learn the basics of using the editor in normal mode ( which is by the not the editing mode).

GOAD_Provisioning_ActiveDirectory

2025-03-02 8 min read Active Directory AD Ethical Hacking Windows

Today we will talk about GOAD, from its creators:

GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.

This lab is extremely vulnerable, do not reuse recipe to build your environment and do not deploy this environment on internet without isolation (this is a recommendation, use it as your own risk). This repository was build for pentest practice.
Continue reading

Using Burp with Containers In Docker

2025-02-08 3 min read Cybersecurity Ethical Hacking Penetration Testing DevSecOps Web Security Docker

Making Docker Containers Trust Burp Suite’s CA for Testing

When testing applications running inside Docker containers, intercepting traffic with Burp Suite can be challenging because containers don’t automatically trust Burp’s CA certificate. Without trust, HTTPS requests from inside the container will fail with certificate errors.

In this post, I’ll show you how to:

Add Burp Suite’s CA to your host system
Pass the trusted CA to Docker containers
Ensure seamless HTTPS traffic interception for testing

Let’s get started!

Anonymous AI Chat with different models

2024-12-31 1 min read Bash Linux Networking

If you ever wished that you did not have to login or could use AI chat with anonymity, then you are in luck and right place, read on.

Head over to DuckDuckGo search. Click on the Hamburger menu in the right hand top side. In the drop down, select AI Chat, you will see it somewhere in middle of the menu.

Now, you can click “Get Started” (after reading the information on the page).

Using AI to Visualize File Contents: A Sandbox Adventure

2024-11-22 3 min read AI Experiments Tutorial

Explore how to use AI to create and manipulate images that represent file contents in innovative ways. A journey through creative prompts in the [aichatbot] sandbox. Continue reading

Cyborg Room Walkthrough

2024-11-17 3 min read TryHackMe Cyborg CTF OSINT Pentesting

Room Overview

Room URL: Cyborg

Room IP: 10.10.79.217 - This will be different for you.

Recon

We begin our reconnaissance phase by scanning the target using Nmap. This helps us identify the open ports and services running on the machine.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17


Starting Nmap 7.60 ( https://nmap.org ) at 2024-10-28 16:28 GMT
Nmap scan report for ip-10-10-79-217.eu-west-1.compute.internal (10.10.79.217)
Host is up (0.018s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 db:b2:70:f3:07:ac:32:00:3f:81:b8:d0:3a:89:f3:65 (RSA)
|   256 68:e6:85:2f:69:65:5b:e7:c6:31:2c:8e:41:67:d7:ba (ECDSA)
|_  256 56:2c:79:92:ca:23:c3:91:49:35:fa:dd:69:7c:ca:ab (EdDSA)
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
MAC Address: 02:1F:A9:A5:69:89 (Unknown)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Nmap done: 1 IP address (1 host up) scanned in 8.96 seconds

Web Enumeration

Next, we perform directory enumeration using Gobuster to find hidden directories on the web server.

Older posts Newer posts