• Hacking and Pentesting,  News

    TryHackMe Advent of Cyber 2024 has started

    The yearly Advent of Cyber from TryHackMe has started. Think of the Advent of Cyber as the cyber security Advent Calendar but instead of sweets everyday you get to do a cyber security challenge and learn new skills, tools and technologies everyday. A new challenge will be released every day till the Join the TryHackMe Advent of Cyber to do these challenges everyday till Christmas and learn new skills with the chance of winning some prizes in the process. Check it out here.

  • Hack the Box Writeups,  Hacking and Pentesting

    Meow – Hack the Box

    Meow is the 1st box in Hack the Box Starting Point that you will encounter which is in the Very Easy category. To get the flag open up nmap and scan the IP using nmap 10.129.53.45 -p- –open or just nmap 10.129.53.45 or another popular flag is -sV to get the service version running on the open ports using nmap 10.129.53.45 -sV (go and read up on nmap and the different flags) You will see a response such as below showing that port 23 is open: (Port 23 is used to telnet to a machine but it transmits data in clear text and should not be used in production) Now…

  • Uncategorized

    Cyber Security Awareness Month

    It is October and this marks Cyber Security Awareness month every year. As the name suggests, the idea is to raise awareness on the importance of Cyber Security. Not just for small, medium or enterprise businesses but also to raise awareness of personal cyber security. I will be posting a few important basic steps you can take to improve your personal cyber security this month of which some of the how to videos will be posted at ExchangeTimes.net. As a quick run down on what you can look forward to:

  • How To,  Information Security

    How to check if a link in an email is malicious

    I’ve always told family and friends to never just click on a link, received in email, whatsapp, sms wherever. They always ask “how do I know if the link is malicious”? In this video I show you some red flags to look out for and where you can verify these links. Remember, if you did not expect the email then it probably is not 100% legit and you need to be always verify links. It is very easy to fake a sender and I will do another video on how to check that. Here’s the links to the sites I most commonly use to check links and files: Virus TotalPalo…

  • Uncategorized

    Hard work pays off

    As the title and cliche says, hard work pays off and I can vouch for that. It’s been a lot of work, studying, practice and networking but at last I am working in an Information Security role. I’ve been thrown in to the deep end, but that’s what I like, sink or swim. I have already learnt so much more since I started in my new awesome team. It goes to show, you will achieve your goals if you work hard, believe in yourself and take any failures as stepping stones and experience rather than as failures. I have not reached all my goals as yet, I am still working…

  • News

    2023 Update

    2022 has been a busy year with work and studies. I wrote and passed the Security+, AWS Certified Cloud Practitioner, Palo Alto’s PCNSA and updated my M365 Certified Security Administrator Associate certification. This year I’m focusing more on the Red Team / penetration testing side of things. Currently I am busy studying to write the CCNA and then the medium plan is to write and pass the CPTS, PNPT and OSCP this year depending on time and budget. I will also be posting a lot more TryHackme and Hack the Box walk through as I work through those. CTF competitions are also high on the to do list for this…

  • Try Hack Me Walk Throughs

    Try Hack Me – Pentesting Fundamentals Room Walk through

    The room can be found here. Penetration Testing Ethics: “You are given permission to perform a security audit on an organisation; what type of hacker would you be?” Answer: white hat 2.“You attack an organisation and steal their data, what type of hacker would you be?” Answer: Black Hat 3.“What document defines how a penetration testing engagement should be carried out?” Answer: Rules of Engagement Penetration Testing Methodologies: The stages are Information Gathering (OSINT), Enumeration/Scanning. Exploitation, Privilege Escalation, Post-exploitation (sub-stages: pivoting, gather additional information as a privileged user, cover your tracks, reporting) OSSTMM – Open Source Security Testing Methodology Manual OWASP – Open Web Application Security Project NIST Cybersecurity Framework 1.1 – National…

  • Python,  Tkinter

    import Tkinter does not work in Python 3

    I am busy working through an older book called Tkinter GUI Application Development HOTSHOT by Bhashkar Chaudhary but the book is written for Python 2.7 I am using Python 3.10 and some of the statements in the book does not work for Python 3 so I will be posting the changes from time to time. The first issue I stumbled on is the import statement to import Tkinter. From the book you need to import it as:import Tkinter and this does not work in Python 3. in Python 3 use import tkinter (without the capital T) The test in IDLE as per the book will also fail for Python 3.The…