I Played Beginner-Level Security CTFs For 30 Days - Here's What I Learned
Вставка
- Опубліковано 31 тра 2024
- 🔗 Links Mentioned:
CTF Overview Document: docs.google.com/document/d/1H...
PicoCTF: www.picoctf.com/
VulnHub Mr. Robot: www.vulnhub.com/
🐕 Follow Me:
Twitter: / collinsinfosec
Instagram: / collinsinfosec
Cybercademy Discord Server: / discord
🤔 Have questions, concerns, comments?:
Email me: grant@cybercademy.org
🎧 Gear:
Laptop (Lenovo X1 Carbon Ultrabook 6th Gen): amzn.to/2O0UfAM
Monitors (Dell D Series 31.5” D3218HN): amzn.to/2EXlgRF
Keyboard (Velocifire VM01): amzn.to/2TEswfd
Headphones (Audio Technica ATH-M40x): amzn.to/2F4Tvq6
as a pro ctf-player: awesome to see you getting into ctfs. However, I would recommend not keeping to beginner levels for a whole 30 days, instead trying to push the envelope with harder challenges - thats where you learn the most! keep it up
Whats your favorite ctf?
How did u get your first hacking knowledge. (I have fun with kali linux tools , i think that's not a good approach)
@@--Morpheus-- there are multiple that i like, googlectf, realworld, defcon, and then some smaller ones organized by ctf teams
where do i begin to get into this stuff?
@@philipjacobsen6550tryhackme or hackthebox is a great start. Tons of rooms to practice
An often overlooked part of CTFs is taking notes! Taking what you learned and restating it in your own words, and saving all that information in a file (or your favorite note taking app) is crucial to improving
side question , whats ur fav note taking app ?
@@GGS0N2 I use obsidian
It's actually for all learning, and fysical notes is even better (type it out after if you reallywant it digitaland extra results)
@@GGS0N2 I vouch for Obsidian it's very flexible with it's uses, you should watch a video about it.
@@GGS0N2 Microsoft OneNote
Write-ups are not cheating as long as your learn from them. When i first started I used write ups very often, I am slowly using them less and less now though. Very good video BTW!
I am just learning to hack, and I often use write-ups and videos. But somewhere I feel like, if I look at the write-up, I won't do it on my own, and after seeing them, in a way the question or the problem is wasted. I can't think of just learning the way, and move on. I feel like, why was I not able to do it. Sometimes, it is like, I am doing it for the first time, so I can't do it, but, then I feel, where could I have learnt it beforehand?
Writeups are awesome to learn. That's not cheating, that's learning!
I appreciate it Regas!
I agree, but I think people should decide ahead of time for when they refer to a write-up or walkthrough.
- After you solve it yourself: you may learn a different approach, a new trick, or learn about a new resource/tool
- After X number of hours working on it yourself, but you hit a wall: gives you time to try and practice what you know
- Right from the beginning: use an official write-up or a good source such as IppSec (for HackTheBox) and learn that way
Some people, and I would include myself, might feel a little guilty or that they are not good enough if they have to refer to a write-up. But, I think deciding on some guidelines or rules ahead of time can help people take control of how they use these sort of resources for learning.
Those write-ups can be used to help you get a job during your interview you either hand that paperwork to your interviewee or if it's a zoom call see if you can do a screen share and then walk somebody through your thought process that shows how you think how you solve problems and will help you stand out in the crowd
Try, try harder, then look up the answer! You don't know what you don't know.
Which platform did you get that mr.robot?
What matters most is 1. the approach is understood and 2. the person learns. Using writeups is what lots of people do - just make sure you as the reader get why the write-ups work.
Another good habit to make is that when you use a write-up, analyze it to a degree where you understand exactly how each step works, but do so only up to the point where you're having trouble. Once you learn what you were doing wrong on that step, put the write-up away and only bring it back up if you get stuck on something again. It's only cheating if you just copy it step by step without at least trying to understand what's happening or without trying to do it on your own. In my experience this is the process that has helped me get a lot better at hacking in a short amount of time.
I still dont understand how I should approach right ups or any CTFs in general. Enumerate or recon then proceed to exploit?
How to achieve the exploitation? Find vulnerabilities.
But how do I know vulnerabilities exist? Search them up is my go to answer but that doesnt feel like learning.
But if I try to discover the vulnerabilities on my own, it's too far high for my skills (very new to this).
Then, what we're supposed to do is understand the exploit for the vulnerabilities, right? At least that's what I think I am doing but I still think that doing it that way does not feel like I am not really learning anything.
I just know how to search the vulnerability and know why that vulnerability exists. I did not learn how to "acquire" that vulnerability.
Please guide me.
@@KizukiKotataki Trying to look for vulnerabilities without any prior knowledge is like looking for a needle in a haystack. Even professional hackers spend their time trying to find out vulnerabilities in systems. The most obvious tool to use is experience, sometimes even the wildest hunch might get you quite far. I'd recommend doing basic ctf to build experience and searching about vulnerabilities related to those ctf so that the difficulty doesn't spike too much. At the end of the day, doing something for the first time is always going to be hard, so don't stress about it and instead try to learn more
@@Dazed_04 Thanks, I've been slowly doing ctfs when i can. i hope i still have time for it once i graduate tho.
i kinda regret not doing ctfs during pandemic. that was a lot of free time to boost my skill yet i wasted it.
It's refreshing watching a video where someone says they didn't know something. Very relatable! Like i know what CTF is but have never tried it so it was interesting to hear your perspective of giving it a go. Nice video!
hey grant ! i'm watching you almost for 3 years ..since your "Finals Week" and "Day in the life of CS student" videos those were really legendary videos....and you really inspired me in my CS career ....and just Thank You So Much buddy
i think you should make more videos like those
Thank you for the kind words! You have probably seen me evolve from a cringy script kiddie to a refined script kiddie 😂 Those older videos are hard to watch. Thank you for the support and keep up the great work 💪
@@collinsinfosec yohh man ...appreciate that...thank you ..❤❤👍👍and believe me those videos are really awesome, there were lot of great stuff in those videos
Bruh can work with as unpaid internship i wanna learn from you since you gain from him
@@system0015 broda that's totally depends on you....but the thing is if you don't have any type of financial issues or if you have enough time to test your skills....you can go for that...but in my case i had't had that much time for unpaid internship...and Unpaid internship is the best thing to know yourself and your security skills.... usually in country like India (i'm from India) being an unpaid intern you have to face a loṭs of problems...but you can improve your skills..and also you can get so much in back instead of your time not financially but after that you will become a experienced asset for any company.👍👍
I’m glad you spoke about documentation. Nothing else says you can do something better than recording yourself doing it.
watching you for the last 3-4 years, 2022 you look so mature and knowledgeable! Great to learn something new :)
Thank you NootRoot. You have seen me since my cringy video days back a few years ago 😂 I appreciate the support.
This is great!
Happy to see you learn 😄
Awesome, cool that you were just honest, and practical about using all the good resources to just get it done, rather than racking your brain through the night attempting the puzzle on your own. Just get it done!
Gamification simplifies the concepts and makes them fun or engaging even if they are not entirely "true to life". Our brains thrive on the engagement and context that games provide. Do not underestimate that.
IT WORKED, THANKS I'VE BEEN LOOKING FOR THIS FOREVER, BUT NO TUTORIAL COULD EXPLAIN IT AS YOU DID
Great content!
I recently also start learning about ethical hacking, but I did not dive in headfirst into CTFs. I took a more conservative approach, but completed relevant learning paths (mostly on Try Hack Me) and once I felt that I understood the labs and all, then switched to its CTFs
Note-taking (at least for me) is crucial, and is the sole reason I started to publish write-ups! It helped me better understand what I am doing in each step of each CTF.
Hope that you are still practicing!
I think alot of us are hard on our selfs when it comes to referring to writeups on some of these challenges. I don't consider it "cheating" anymore, I used to feel this way when I started ctf challenges but in reality these write ups just expand your knowledge and ability pool. You look at the bigger picture, not just being unable to crack challenge X, but now next time you come to a similar situation you may already know how to tackle that problem because of a previous write up, or at very least know how to find the solution. I've used techniques I learnt in write-ups in real world situations, that I wouldn't be able to have solved with out having prior knowledge of a similar situation and the real world situation doesn't have a write up or solution available.
I think its good to set boundaries on how and when you refer to a write up, just to give your self a chance to experiment and learn, and avoid tapping out as soon as you are confronted with a difficult problem.. Documentation of your progress is also an amazing skill to learn. Not only is it required for reporting purposes in the real world but being able to re-trace your steps incase you need to regain access to a system, try different approaches at different stages or repeat the process as evidence. Good note taking and documentation is a valuable discipline.
Questions can come in ⬆️
Well done! I see using write ups as learning by a more experienced mentor.
Totally agree, the more you do CTF, the easier it becomes as you get to understand what they are expecting.
However, CTF really zap your time, when in reality you are doing the same sort of probing over and over again.
You certainly need to weight up time spent on CTF against learning some other topic.
Questions can come in ⬆️
You really show how to do things! Keep it up amazing !!!
CTFs are a great way to learn and I find the knowledge you gain to really build on itself.
Questions can come in ⬆️
This was so helpful!! Thank you
You can use wpsscan tool when you are facing against wp, can be used to bruteforce logins too
Thanks for the honest edit. 👏
Good job bud, you'll get there. It's only time and experience
do more of this!! this is amazing
This is super interesting , I'm curious about these topic, maybe try to resolve one of challenges
Hi Grant, good to see you again :)
It's good to be back, making videos.
I am an absolute noob and didn't even know about CTFs. This looks like a lot of fun. I couldn't finish the video, though, since it felt too much like a spoiler on the Mr Robot challenge. I'll give it a shot and then finish watching.
Questions can come in ⬆️
CTF is the popular cybersecurity competition or game that involves participants solving a variety of challenges to find hidden "flags". In the context of cybersecurity, a flag is typically a specific piece of text or code that represents a successful solution to a challenge.
i might try this while i have summer brake, nice idea.
Questions can come in ⬆️.
Keep up good realistic content 😊
Nice keep up, i recommend you do Hack the Box starring point
Geezus. I have no idea what you’re talking about, but I love it.
Can you recommend a 30 day challenge to get a newb, like myself, to the point of understanding what you’re talking about in order to do the challenge you did in this video?
Questions can come in ⬆️
Your video quality is getting very crisp. Nice one
I appreciate you noticing Chukwumaijem - I have been trying to improve and refine my editing style moving forward.
@@collinsinfosec and the improvements aren't going unnoticed ☺️
Keep it up.
I like the honesty 😊
Questions can come in ⬆️.
Don’t feel guilty for using write ups brother, that’s how we all learn! Awesome video btw!!
Thank you so much you really help me :)
Questions can come in ⬆️.
This is awesome! i wish i came across this bout a year and half ago lol
another great option to bruteforce WordPress login is using wpscan tool much easier than hydra
Lol. I always felt like i was cheating when using write-ups. Good to know the community thinks its acceptable to use write-ups as a learning tool
Questions can come in ⬆️
Tell me what editing software you use for making the gui like graphs and like explaining the ansers or theory tell me?
creds for being honest about when you had to get help.
Questions can come in ⬆️.
I have been looking into some CTFs what is to best place to start with Beginner-Level CTS and how much to sites like picoCTF cost?
You are best ;) Thank You !!!!!!!!!!!!!!!!
thanks for the help it help my every thing i need to install
Questions can come in ⬆️.
Loved the first one, looking forward to trying this one out too.
Questions can come in ⬆️
Can you do this without knowledge? Just started my undergraduate in cybersecurity and wanted to learn more!
you are a gem 💎
What are those screens man, they are perfffff
Nice man ty
Where do I even start in hacking? I wanna explore web-based exploitation, and some hardware/OS-level stuff.
Used to be a CS student, but have since switched majors. This makes me want to get back into it for shits and gigs but my general knowledge is so lacking now :/ great video though!!
I saved 10k (and had a partner that could financially support me, but did not need too), left my job, got on udemy and took courses till I was advanced in python, automation, they have a math class that only covers the calculus and linear algebra concepts that A.I. uses. torn through pytorch and tensor flow courses.
been about 2 months of 12-16 hour study shifts without one day off yet. I have an automation engineer interview. for a multi-million dollar financial form. in 2 months I went from a basic machinist job to lining. up a 130k a year job. no degree.
a degree.... just might not be the way for this field... I wanted to get into it and found a cornucopia of educational content that can take me to a level equal of a masters degree... yes, I. have. the knowledge of core concepts of cs that I needed, yes there are slight gaps in knowledge compared to if I spent years learning it in a proper class. but with work experience I will fill those gaps quickly. grind hard. one time. GRIND!
@@aggressivereindeer3200 Hello, can you please link some of the courses that you took? If your comment doesn’t send because it has links, try going to my profile and go to about and do the “am I a robot” check to see my email and email me. That is, if you are up to it. If so, thanks, and if not peace be upon you regardless :)
@@aggressivereindeer3200 to be honest, in my country (Germany), if u apply without a degree in the sector you've applied for, they won't even consider inviting you to a job interview (at least if we are talking about companies that pay as much as the one you've described)
Getting a reverse shell in WP is actually very easy when you know how **SPOILER** - copy-paste your reverse shell script to the 404 error page (delete the default page code) under Appearance - Theme File Editor and save. Force an error on the site with a listener running on your computer, job done.
you've tought me something i didn't like at all in this industry, the truth is that you have to buid before destroying, you should understand code and build some projects from scratch and learn how things actually work so you can get the bigger picture of what are you tweaking on, then your gonna fly like new born bird, in other words then you can mine your own way into breaching that machine. you are like me when i was doing these repetitive web app machines, but the reality of this industry is the big picture without it your nothing, thanks for this ved
do u need to know alot of linux or will u learn as u move along.
Nice video. I would advise you not to be time limited when working on ctfs. That's, don't say "l'm going to spend X hours on this, and after that l will look at the write-up if l ain't still got the flag". Write-ups are good, but should be used when you really get stuck for a while. In a real life scenario, there won't necessarily be a write-up with a detailed solution to your problem. That's why CTFs are good in developing the mindset of trying harder. You try now, but get stuck? go for a walk, rest for some time then come back and try again. It's not always about how fast you solve a task.
Anyways, l understand you had to proceed as such for the purpose of this video)
Cheers, and keep it up.
I love your video !nice
If you're learning, it's not cheating. I kept getting told to figure things out myself and not look anything up when I was learning C++, and that was miserable and I learned literally nothing. That mentality is childish and petty, it usually comes from people who are bitter that the information is freely available now, but wasn't when they learned it. If you're doing it for fun as a challenge, fine, don't look anything up, but if your goal is to learn, use every resource available.
Questions can come in ⬆️.
thank god i'm not the only one whose dump when it comes to pentesting a chain vuln machine
You are doing great and you don’t suck gosh 😂
I mean hacking is about information so technically... you never cheated man lol.
All hackers have to go back in their notes or look at a write up if they step away from the computer for awhile to take a break.
In my eyes, you never cheated, you just needed information, which again... is hacking for the most part.
I have no idea what this is about, but it makes me wanna know🥺
Could you send me the link of documents "CTF series"? Please I am a cybersecurity student in Vietnam.
That is exactly why I quit learning cybersecurity. I make software but I wanted to learn to pen test and I would get past a few ctf boxes but then I would hit some where I would end up hours later looking up the answer, I felt guilty and stupid and quit
Questions can come in ⬆️
This is sterling content. A book I read with similar insights was a critical juncture in my journey. "Game Theory and the Pursuit of Algorithmic Fairness" by Jack Frostwell
Question, why Windows? Not hatin just curious.
2:15 whenever I see people using "cat x | grep y" instead of directly "grep y x", I want to smash my screen.
What's is ur setup
I love the honesty! I did my first ctf last night and it was the trivial one on hackerone. And I was so stumped and felt so dumb. But I have to remember that I’m learning and not to get discouraged.
bro its insane
using this and never lagging
this video is about how to go on youtube to find youtube videos to solutions when making a youtube video about a problem to then share on youtube
Questions can come in ⬆️.
I am unable to see the write up through the link in bio. Am I missing something?
Questions can come in ⬆️
I am anood and have zero knowledge on this. Does this cost money and does it walk you through how to do it?
Questions can come in ⬆️
ty
Questions can come in ⬆️.
I present to you: "Hacking with Frodo"
not sure why, but I expected Call of Duty content!
Same lol
Nice
Surprised to see hex editing here. Is th at filed under binary exploitation?
Edit: nvm, it is under forensics.
Didn't stabilize the python shell after importing it @11:44 ...
#In rev shell
$ python -c 'import pty; pty.spawn("/bin/bash")'
ctrl-Z
# In Kali
$ stty raw -echo; fg
# In rev shell
$ reset
$ export SHELL=bash
$ export TERM=xterm-256color
$ stty rows columns
:)
Good to know - Thanks for the info :)
Questions can come in⬆️..
I play capture the flag all the time its great
Wish there was a CTB (Capture The Babes) video on this channel 😔
Spending all night writing code, fixing bugs and reading-up on security issues won't help me get a girlfriend
Just go to chill bars or lounges near tech hubs. You'll do just fine. 👍
Ha! I understand how you feel. You just got to put yourself out there. It will work out eventually.
i felt that, i feel the same way, being in this field work/university has shifted me from the social life and left an impact...
Please can I work with you as unpaid internship since you already have those experience I wanna learn 🙏🙏🙏
@@system0015 I'm sorry, but we don't have any more vacancies at my company.
GOAT
Respect
bruh is on some mad meds
Sorry, I didn't watch the whole video. Huge info right off the bat though. Thank you. 🙏
In 18 days, there is a national Moroccan CTF organized by the Akasec club, and I know nothing about CTFs. Let the challenge begin! 3... 2... 1... go.
I haven't watched your videos in years and you look different now. Time has gone, you must be on senior year by now?
Elliott is that you?
*There are only two types of coders:*
Those who write on a web based word app with white background
Only terminals, Linux based, with Vim writing in markdown on a transparent nature background.
Questions can come in ⬆️
It’s ok I suck too only was able to get first flag on mr robot without cheating
i thought i was the only one cheating from another writeup for other machine, sheeesh
Thought this was about COD
I always have to use write ups for vulnhub boxes. These guys make it difficult. I am currently in college for Cyber Security Engineering as well.
Questions can come in ⬆️.
use hack the box
Ooga booga
I need a good mentor anyone who could help I mean a personal mentor who will teach me more about networking and this CTF stuff 🥺
Who creates ctfs anyways(can you imagine how smart they are)
Questions can come in⬆️
Average focusrite solo user
Questions can come in ⬆️
Well done young grasshopper. Now go forth and use your knowledge for evil!! 😂 Just kidding, don't do that.
Not me thinking this is a cod video
Questions can come in ⬆️