AccessCyber
r/AccessCyber
Information technology and cyber security require a strong technical foundation in knowledge and skills. Most employees learn about the basics in school, on the job, or through training or certifications. After mastering the foundations and becoming a professional in IT and cyber security, how does one improve their knowledge? They need hands-on technical training in an isolated and secure lab environment in order to stay current and improve their technical skills. The most effective strategy for doing this is to build virtualized hacking laboratories. The CYBERSOC HACKLAB PROJECT can provide specialized training, be used to prepare employees for a scenario, and help employees in improving their technical abilities, making them better all-around technical staff. You may learn how to build your own hacking lab on this channel.
Subscribe to our Channel at https://bit.ly/3D1HkcN Thank you for your support and God Bless!
GET 12 MONTHS PLURALSIGHT SUBSCRIPTION FREE with Pluralsight ONE + Code.org
Subscribe: https://linktr.ee/cybersocitlibrary
I hope this helps someone looking to break into either or both fields. Please respond with your own lessons learned and the lessons you disagree with.
For HTB/OSCP/THM: The harder the box, the more realistic it is.
Certs are far more effective for personal morale/the will to stay in the field than being a resume must-have. This field will drain you and certs can recharge you.
Windows gets larger and clunkier with each new version. Expect unwanted features.
Windows Defender is not terrible. It's market exposure means more scrutiny from sec professionals.
Your NMAP skill will never stop evolving. There is no ceiling to improving one's enumeration.
Threat Hunters: Never assume Port 443 is encrypted.
Pen Testers: Learn to defend and threat hunt. Experience limitless value.
Anonymous logon (SMB) is common in Active Directory and should never be written as a misconfig.
Anonymous logon with full read/write access is another thing.
If you have credentials, you can logon a Windows device using RPC alone.
Working on AD and lost the domain name? Run an NMAP Script scan on LDAP really quick.
When training, its better to not use WIN/LINpeas so that you can train your human eyes to find the Priv Esc route. That way, when you use these for an exam, you'll have the extra power of your human eyes to find the Priv Esc as a backup. (Probably why I passed the OSCP).
Don't obsess over the HTB difficulty ratings. Just go with the flow and accept any box. Sometimes, you'll get major wins on Insane boxes while getting very stuck on Easy. So, why limit yourself?
Don't drop the Bloodhound executable on the victim. Run python-bloodhound remotely.
Its much better to work on Retired Machines by timing yourself as if you were taking an exam than trying to move up in rank with Active machines. When you are ready, however, please have at the active machines (HTB).
Its better to learn ethical hacking in a group with a shared goal.
In the workforce, we dont care if you can hack. We want you hack AND recommend fixes.
Its not as common or as easy to gain SYSTEM on a Windows machine as you think and with Credential Guard you can only dump LSASS as SYSTEM, not Adminstrator.
About Community
Members
Online