# Table of Contents - [Hacker's Rest | Hackers Rest](#hacker-s-rest-hackers-rest) - [Zweilosec's Blog | Home](#zweilosec-s-blog-home) - [Cybersecurity YouTube Channels | Hackers Rest](#cybersecurity-youtube-channels-hackers-rest) - [Hands-on Practice | Hackers Rest](#hands-on-practice-hackers-rest) - [Tools & Cheatsheets | Hackers Rest](#tools-cheatsheets-hackers-rest) - [PowerShell Administration Tools | Sysadmin Solutions](#powershell-administration-tools-sysadmin-solutions) - [Python for Pentesters | Python Pearls](#python-for-pentesters-python-pearls) - [Hack the Box Write-ups | HTB Writeups](#hack-the-box-write-ups-htb-writeups) --- # Hacker's Rest | Hackers Rest These are my publicly accessible notes from various sources for penetration testing, red-teaming, OSCP, Capture the Flag (CTF) challenges, and my [Vulnhub](https://www.vulnhub.com/) / [Hack the Box](https://hackthebox.eu/) machine [write-ups](https://zweilosec.github.io/) . Warning - These notes are largely unformatted right now. They are based on my way of learning things - by reading, doing, studying, exploring, and taking notes. Cleaning up and formatting comes later. * Do not assume anything from these notes. * Do not expect the notes to be exhaustive, or to cover the techniques or the output they produce in full. * Expect mistakes in the notes. * Feel free to ask questions! * Always consult additional resources. If possible I will try to link to outside resources. _If I have shared something of yours and you want credit, please let me know!_ [](https://zweilosec.gitbook.io/hackers-rest#contribution) Contribution ---------------------------------------------------------------------------- **If you would like to add to, modify, or improve anything in my notes, PLEASE DO!** If you would like to give suggestions or even commit changes to these pages feel free to head to my GitHub page at: [![Logo](https://zweilosec.gitbook.io/hackers-rest/~gitbook/image?url=https%3A%2F%2Fgithub.com%2Ffluidicon.png&width=20&dpr=4&quality=100&sign=9c0dbf95&sv=2)GitHub - zweilosec/Infosec-Notes: Notes from various sources for preparing to take the OSCP, Capture the Flag challenges, and Hack the Box machines.GitHub](https://github.com/zweilosec/Infosec-Notes) ### [](https://zweilosec.gitbook.io/hackers-rest#how-to-contribute) How to contribute 1. [Create an Issue Request](https://github.com/zweilosec/Infosec-Notes/issues) describing your changes/additions. 2. Fork [this repository](https://github.com/zweilosec/Infosec-Notes) . 3. Push some code to your fork. 4. Come back to this repository and [open a pull request](https://github.com/zweilosec/Infosec-Notes/pulls) . 5. After reviewing your changes, I will merge your pull request to the master repository. 6. Make sure to update your Issue Request so that I can credit you! Thank you so much! Feel free to also open an issue with any questions, help wanted, or requests! Throughout these notes I have put `TODO:` notes that indicate that I know a certain section needs work. Focus on these if you can! Copy TODO: Change all code examples to use variables (e.g. $host_ip) rather than fill-in-the-blank format (e.g. ). This will help greatly with copying code directly into scripts. [](https://zweilosec.gitbook.io/hackers-rest#contents) Contents -------------------------------------------------------------------- The following sub-pages of these notes will explore some of the common offensive and defensive security techniques including gaining shells, code execution, lateral movement, persistence, scripting, tools and much more. I also cover techniques for dealing with CTF-type challenges such as cryptography, reverse engineering, steganography and more. Hack Responsibly. Always ensure you have **explicit** permission to access any computer system **before** using any of the techniques contained in these documents. You accept full responsibility for your actions by applying any knowledge gained here. ### [](https://zweilosec.gitbook.io/hackers-rest#unix-linux) Unix/Linux * [Unix Fundamentals](https://zweilosec.gitbook.io/hackers-rest/linux-1/unix-fundamentals) * [Hardening & Configuration Guide](https://zweilosec.gitbook.io/hackers-rest/linux-1/linux-hardening) * [TMUX/Screen Cheatsheet](https://zweilosec.gitbook.io/hackers-rest/linux-1/linux-hardening/tmux-screen-cheatsheet) * [Red Team Notes](https://zweilosec.gitbook.io/hackers-rest/linux-1/linux-redteam) * [Enumeration](https://zweilosec.gitbook.io/hackers-rest/linux-1/linux-redteam/enumeration) * [Getting Access](https://zweilosec.gitbook.io/hackers-rest/linux-1/linux-redteam/getting-access) * [Privilege Escalation](https://zweilosec.gitbook.io/hackers-rest/linux-1/linux-redteam/privilege-escalation) * [Exfiltration](https://zweilosec.gitbook.io/hackers-rest/linux-1/linux-redteam/exfiltration) * [Persistence](https://zweilosec.gitbook.io/hackers-rest/linux-1/linux-redteam/persistance) * [Vim](https://zweilosec.gitbook.io/hackers-rest/linux-1/vim) ### [](https://zweilosec.gitbook.io/hackers-rest#windows) Windows * [Windows Basics](https://zweilosec.gitbook.io/hackers-rest/windows-1/windows-basics) * [Hardening & Configuration Guide](https://zweilosec.gitbook.io/hackers-rest/windows-1/windows-hardening) * [Red Team Notes](https://zweilosec.gitbook.io/hackers-rest/windows-1/windows-redteam) * [Enumeration](https://zweilosec.gitbook.io/hackers-rest/windows-1/windows-redteam/enumeration) * [Getting Access](https://zweilosec.gitbook.io/hackers-rest/windows-1/windows-redteam/getting-access) * [Privilege Escalation](https://zweilosec.gitbook.io/hackers-rest/windows-1/windows-redteam/privilege-escalation) * [Persistence](https://zweilosec.gitbook.io/hackers-rest/windows-1/windows-redteam/persistence) * [Active Directory](https://zweilosec.gitbook.io/hackers-rest/windows-1/windows-redteam/active-directory) * [PowerShell](https://zweilosec.gitbook.io/hackers-rest/windows-1/powershell) ### [](https://zweilosec.gitbook.io/hackers-rest#macos) MacOS * [MacOS Basics](https://zweilosec.gitbook.io/hackers-rest/macos/macos-basics) * [Hardening & Configuration Guide](https://zweilosec.gitbook.io/hackers-rest/macos/macos-hardening) * [Red Team Notes](https://zweilosec.gitbook.io/hackers-rest/macos/macos-redteam) * [Enumeration](https://zweilosec.gitbook.io/hackers-rest/macos/macos-redteam/enumeration) * [Getting Access](https://zweilosec.gitbook.io/hackers-rest/macos/macos-redteam/getting-access) * [Privilege Escalation](https://zweilosec.gitbook.io/hackers-rest/macos/macos-redteam/privilege-escalation) * [Persistence](https://zweilosec.gitbook.io/hackers-rest/macos/macos-redteam/persistence) ### [](https://zweilosec.gitbook.io/hackers-rest#web) Web * [DNS](https://zweilosec.gitbook.io/hackers-rest/web/dns) * [Subdomain/Virtual Host Enumeration](https://zweilosec.gitbook.io/hackers-rest/web/web-notes/subdomain-virtual-host-enumeration) * [Web Apps](https://zweilosec.gitbook.io/hackers-rest/web/web-notes) * [Web Application Hacker's Handbook Task Checklist](https://zweilosec.gitbook.io/hackers-rest/web/web-notes/the-web-application-hackers-handbook) ### [](https://zweilosec.gitbook.io/hackers-rest#mobile) Mobile * [iOS](https://zweilosec.gitbook.io/hackers-rest/mobile/ios) * [Android](https://zweilosec.gitbook.io/hackers-rest/mobile/android) ### [](https://zweilosec.gitbook.io/hackers-rest#os-agnostic) OS Agnostic * [Cryptography & Encryption](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/password-cracking) * [Network Hardware](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/network-hardware) * [OS Agnostic](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/os_agnostic) * [OSINT](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/osint) * [Password Cracking](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/password-cracking) * [Gathering the Hashes](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/password-cracking/gathering-the-hashes) * [Wordlist Generation](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/password-cracking/wordlist-manipulation) * [Cracking the Hashes](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/password-cracking/cracking-the-hashes) * [Reverse Engineering & Binary Exploitation](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/reverse-engineering-and-binary-exploitation) * [Buffer Overflow](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/reverse-engineering-and-binary-exploitation/buffer-overflow) * [Scripting](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/scripting) * [Scripting Language Syntax Comparison](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/scripting/script-language-comparison) * [SQL](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/sql) * [SSH & SCP](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/ssh-and-scp) * [Steganography](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/steganography) * [Wireless](https://zweilosec.gitbook.io/hackers-rest/os-agnostic/wifi) ### [](https://zweilosec.gitbook.io/hackers-rest#unsorted) Unsorted * [Unsorted Notes](https://zweilosec.gitbook.io/hackers-rest/untitled) [](https://zweilosec.gitbook.io/hackers-rest#oscp-ctf-tools-and-cheatsheets) OSCP/CTF Tools and Cheatsheets ---------------------------------------------------------------------------------------------------------------- See my [list of outside sources](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets) ! If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec) ! [NextTools & Cheatsheets](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets) Last updated 15 days ago --- # Zweilosec's Blog | Home [![Logo](https://zweilosec.gitbook.io/home/~gitbook/image?url=https%3A%2F%2Ffirebasestorage.googleapis.com%2Fv0%2Fb%2Fgitbook-28427.appspot.com%2Fo%2Fspaces%252F-MA6m3cVikIPDudqayqo%252Favatar-1599441444546.png%3Fgeneration%3D1599441445000652%26alt%3Dmedia&width=20&dpr=4&quality=100&sign=4039ed90&sv=2)Hacker's RestHackers Rest](https://zweilosec.gitbook.io/hackers-rest/) [![Logo](https://zweilosec.gitbook.io/home/~gitbook/image?url=https%3A%2F%2Ffirebasestorage.googleapis.com%2Fv0%2Fb%2Fgitbook-28427.appspot.com%2Fo%2Fspaces%252F-MA7zFtkdm8aZR_ujQOq%252Favatar-1602199936883.png%3Fgeneration%3D1602199937231333%26alt%3Dmedia&width=20&dpr=4&quality=100&sign=d1c97eb1&sv=2)Hack the Box Write-upsHTB Writeups](https://zweilosec.gitbook.io/htb-writeups/) [![Logo](https://zweilosec.gitbook.io/home/~gitbook/image?url=https%3A%2F%2Fapp.gitbook.com%2Fpublic%2Femojis%2F1f3a8.png%3Fv%3D6.0.0&width=20&dpr=4&quality=100&sign=d222cd6&sv=2)PowerShell Administration ToolsSysadmin Solutions](https://zweilosec.gitbook.io/sysadmin-solutions/) [![Logo](https://zweilosec.gitbook.io/home/~gitbook/image?url=https%3A%2F%2Fapp.gitbook.com%2Fpublic%2Femojis%2F1f4c8.png%3Fv%3D6.0.0&width=20&dpr=4&quality=100&sign=4a323e79&sv=2)Python for PentestersPython Pearls](https://zweilosec.gitbook.io/python-pearls/) If you like this content and would like to see more, please consider supporting me through Patreon at [https://www.patreon.com/zweilosec](https://www.patreon.com/zweilosec) . Last updated 5 years ago Was this helpful? --- # Cybersecurity YouTube Channels | Hackers Rest [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets/cybersecurity-youtube-channels#information-security-youtube-channels) Information Security YouTube Channels ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- A collection of Cybersecurity Youtube channels I have come across. Not all have been vetted for content or quality at this time. ### [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets/cybersecurity-youtube-channels#offensive-cybersecurity-pentesting-red-team-youtube-channels) Offensive Cybersecurity/Pentesting/Red Team YouTube channels * [IppSec](https://www.youtube.com/c/ippsec) * [The Cyber Mentor](https://www.youtube.com/c/TheCyberMentor) * [John Hammond](https://www.youtube.com/c/JohnHammond010) * [HackerOne](https://www.youtube.com/c/HackerOneTV) * [Hak5](https://www.youtube.com/c/hak5) * [Null byte](https://www.youtube.com/c/NullByteWHT) * [Hackersploit](https://www.youtube.com/c/HackerSploit) * [STOK](https://www.youtube.com/c/STOKfredrik) * [David Bombal](https://www.youtube.com/c/DavidBombal) * [Black Hat](https://www.youtube.com/c/BlackHatOfficialYT) * [DEFCONConference](https://www.youtube.com/channel/UC6Om9kAkl32dWlDSNlDS9Iw) * [Troy Hunt](https://www.youtube.com/c/troyhuntdotcom) * [Beau Bullock](https://www.youtube.com/user/dafthackblog) * [Wild West Hackin' Fest](https://www.youtube.com/c/WildWestHackinFest/featured) * [Antisyphon Training](https://www.youtube.com/c/AntisyphonTraining/videos) * [Black Hills Information Security](https://www.youtube.com/c/BlackHillsInformationSecurity/featured) * [Active Countermeasures](https://www.youtube.com/c/ActiveCountermeasures/featured) * [SANS Offensive Operations](https://www.youtube.com/c/SANSOffensiveOperations/featured) ### [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets/cybersecurity-youtube-channels#defensive-cybersecurity-blue-team-youtube-channels) Defensive Cybersecurity/Blue Team YouTube channels * [SANS Cyber Defense](https://www.youtube.com/c/SANSBlueTeamOps/featured) * [MITRE](https://www.youtube.com/user/mitrecorp/featured) ### [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets/cybersecurity-youtube-channels#malware-analysis) Malware Analysis * [hasherezade](https://www.youtube.com/c/hasherezade/videos) * [Josh Stroschein](https://www.youtube.com/user/jstrosch) * [Wyatt Roersma](https://www.youtube.com/channel/UCpc1mKoBvmyZyjdHLB6bXEw/featured) * [0xf0x](https://www.youtube.com/channel/UCCnZXAoXRb6GDLjuFo0dmIg) * [MalwareAnalysisForHedgehogs](https://www.youtube.com/channel/UCVFXrUwuWxNlm6UNZtBLJ-A) * [dist67](https://www.youtube.com/channel/UC5-rNGe-OhG_KxwYN4DuNVQ) * [L!NK](https://www.youtube.com/channel/UCv6i6WVf-KeUeXFmp9oy29w/videos) * [OALabs](https://www.youtube.com/channel/UC--DwaiMV-jtO-6EvmKOnqg) * [Colin Hardy](https://www.youtube.com/channel/UCND1KVdVt8A580SjdaS4cZg) * [AGDC Services](https://www.youtube.com/channel/UCnpn999NpDMMPxZXW8sgZLA) * [MalwareAficionado](https://www.youtube.com/channel/UC6JUjjZRFCcwCrVj7a_iozg) ### [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets/cybersecurity-youtube-channels#digital-forensics-and-incident-response-dfir-youtube-channels) Digital Forensics & Incident Response (DFIR) YouTube channels * [SANS Digital Forensics and Incident Response](https://www.youtube.com/channel/UCwSo89W3KgPrid41vskBDYA) * [13Cubed](https://www.youtube.com/user/davisrichardg) * [BlackPerl](https://www.youtube.com/c/BlackPerl) * [Magnet Forensics](https://www.youtube.com/user/MagnetForensics1) * [Learn Forensics with David Cowen](https://www.youtube.com/user/LearnForensics) * [DFIR.Science](https://www.youtube.com/user/dforensics) * [DFIR Podcast](https://www.youtube.com/channel/UCKmuN1F24jWLTa7woFYvYKg) * [Forensic Focus](https://www.youtube.com/user/ForensicFocusVideos) * [Mobile Forensic Investigations](https://www.youtube.com/channel/UCc-bl6Z-Eqy1nC8N5aVl7zQ) * [FIRST](https://www.youtube.com/channel/UCK3_z6YyWvfqrOuCmrfxsTw) * [Ryan Chapman](https://www.youtube.com/channel/UCpccBuBTcHp0pDZexcVMtXQ) * [Sam Bowne](https://www.youtube.com/channel/UCC2OBhIt1sHE4odV05RYP1w) * [Alexis Brignoni](https://www.youtube.com/channel/UCdss8CLyyNGgrXgzFaF9rNw) * [SecHubb](https://www.youtube.com/channel/UC3GAQgCfYbqbfKuZm9JZPCw) * [BlueMonkey 4n6](https://www.youtube.com/channel/UCQwZ8mSSBN3x8nAWuqLsVjg) * [Cover6 Solutions](https://www.youtube.com/channel/UCzT_Rj36cZjqkxJKz4iONtQ) * [Ali Hadi](https://www.youtube.com/channel/UCnGqqX9vefQV0d68ktNblrQ/featured) * [James Duffy](https://www.youtube.com/channel/UC7h14B6cLEAv0w3xqXw6aRg) * [Michael Taggart](https://www.youtube.com/channel/UCBXBbjx1k340RJC0a3OAgxQ/featured) * [I.T Security Labs](https://www.youtube.com/channel/UCXPdZsu8g1nKerd-o5A75vA) ### [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets/cybersecurity-youtube-channels#osint) OSINT * [Trace Labs](https://www.youtube.com/channel/UCezKbcbnYtrwRXfGzgQMI3w) * [The OSINT Curious Project](https://www.youtube.com/channel/UCjzceWf-OT3ImIKztzGkipA) * [OSINT Dojo](https://www.youtube.com/channel/UChbp7r-Lezl1CBNQWBDYGeQ) * [Bendobrown](https://www.youtube.com/channel/UCW2WOgSiMr216a27KWG_aqg) * [conINT](https://www.youtube.com/channel/UCBtSOceclpKcvunVNw82tFQ) * [Layer 8 Conference](https://www.youtube.com/channel/UCynWOUeHAOflEQtJnrZpkNA) ### [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets/cybersecurity-youtube-channels#other-it-cybersecurity-related-youtube-channels) Other IT/Cybersecurity-related YouTube channels * [SANS Institute](https://www.youtube.com/user/TheSANSInstitute) * [Professor Messer](https://www.youtube.com/c/professormesser) * [NetworkChuck](https://www.youtube.com/c/NetworkChuck) * [CBT Nuggets](https://www.youtube.com/channel/UClIFqsmxnwVNNlsvjH1D1Aw) * [Gerald Auger – Simply Cyber](https://www.youtube.com/c/GeraldAuger/featured) * [I.T. Career Questions](https://www.youtube.com/channel/UCt-Pwe2fODjH4Wuwf5VqE7A) * [I.T. Career Skills](https://www.youtube.com/channel/UChJLXGlP37TEoqzU8Ae17bA/videos) * [Du’An Lightfoot](https://www.youtube.com/channel/UCeXMAP0cZ-VZ0VHX9ZV2Abw) * [Ask Nato Riley](https://www.youtube.com/channel/UCdOIZ5EmDmJb0cZQYl21WxA) * [Alpha Cyber Security](https://www.youtube.com/channel/UCJVQ4X0olUFq0nrxS8Xvijg) * [Cyber Warrior Studios](https://www.youtube.com/c/CyberWarriorStudios/featured) * [Cybersecurity Meg](https://www.youtube.com/c/CybersecurityMeg/featured) * [Dion Training](https://www.youtube.com/channel/UCEJy7bKsMJqyb_z75V1fAsg/videos) * [Cyber Secrets](https://www.youtube.com/channel/UCVjF2YkyJ8C9HUIGgdMXybg) * [Codenstein](https://www.youtube.com/channel/UCO51Z4c1R8EPHZioGwgBmDw/featured) * [Infosec](https://www.youtube.com/channel/UC4TAjYDpNggDwictUA180LA) * [danscourses](https://www.youtube.com/channel/UCwjafl4RJa6st6caneVWHkQ) * [IT Certification and Training](https://www.youtube.com/channel/UCl6TwuDRf0yuC5XkzohFGlw) * [CYBERINSIGHT](https://www.youtube.com/channel/UCmJJUewPWfnyzvZRrFHlykA) * [InfoSec Pat](https://www.youtube.com/channel/UCYuizWN2ac4L7CZ-WWHZQKw/videos) * [GynvaelEN](https://www.youtube.com/user/GynvaelEN) * [IT Dojo](https://www.youtube.com/channel/UCwUkAunxT1BNbmKVOSEoqYA) * [SecKC](https://www.youtube.com/user/SecKCVids) * [JackkTutorials](https://www.youtube.com/user/JackkTutorials/featured) * [Mark E.S. Bernard](https://www.youtube.com/channel/UCAOKkwIa7ZnwxM77G2gvhQQ/feed) * [NetSecNow](https://www.youtube.com/user/NetSecNow/featured) * [SheHacksPurple](https://www.youtube.com/channel/UCyxbNw11fMUgoR3XpVYVPIQ/videos) * [SSTec Tutorials](https://www.youtube.com/channel/UCHvUTfxL_9bNQgqzekPWHtg) * [The Shadow Brokers](https://www.youtube.com/channel/UCkpwPf2B4FphjqVcozDym0A/featured) * [Yes, I Know IT !](https://www.youtube.com/channel/UCyseO4nxaTQdlKWKfNA1DIA/videos) * [Free Training](https://www.youtube.com/channel/UC3RYdKzMQmdz8I8IU2iQDZA/videos) * [Technocalypse Now](https://www.youtube.com/channel/UCoYl1rZrUdc4vM1IjMCTanA) * [Master I.T.](https://www.youtube.com/channel/UC2Z25Xk9sHpIUv9eNC9IKVg) * [RSA Conference](https://www.youtube.com/user/RSAConference) [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets/cybersecurity-youtube-channels#to-be-reviewed-and-sorted) To be reviewed & sorted ----------------------------------------------------------------------------------------------------------------------------------------------------- * [InsiderPHD](https://www.youtube.com/c/InsiderPhD) * [Rana Khalil](https://www.youtube.com/c/RanaKhalil101) * [Spin the hack](https://www.youtube.com/c/SpinTheHack) * [PwnFunction](https://www.youtube.com/c/PwnFunction) * [Cyber Sec Village](https://www.youtube.com/c/CyberSecVillage) * [Farah Hawa](https://www.youtube.com/channel/UCq9IyPMXiwD8yBFHkxmN8zg) * [Stefan Rows](https://www.youtube.com/c/StefanRows) * [I.T Security Labs](https://www.youtube.com/c/ITSecurityLabs) * [Cybr](https://www.youtube.com/c/Cybrcom) * [The XSS Rat](https://www.youtube.com/c/TheXSSrat) * [Cristi Vlad](https://www.youtube.com/c/CristiVladZ) * [PinkDraconian](https://www.youtube.com/c/PinkDraconian) * [Elevate Cyber](https://www.youtube.com/channel/UCcHAyzVBPtV6i_rhqBPoA6w) * [Forensic Tech](https://www.youtube.com/c/ForensicTech) * [ScriptKiddieHub - Tadi](https://www.youtube.com/c/ScriptKiddieHub) * [zSecurity](https://www.youtube.com/c/zSecurity) * [Jon Good](https://www.youtube.com/c/JonGoodCyber) * [Ankit Chauhan](https://www.youtube.com/channel/UCnSYKuocC7_EyBVTvhLT6vg) * [Cybersecurity Web](https://www.youtube.com/c/CybersecurityWeb) * [247CTF](https://youtube.com/channel/UCtGLeKomT06x3xZ2SZp2l9Q) * [Motasem Hamdan](https://www.youtube.com/c/MotasemHamdaninfosec) * [I.T. Career Questions](https://www.youtube.com/c/ITCareerQuestions) * [Hacksplained](https://www.youtube.com/channel/UCyv6ItVqQPnlFFi2zLxlzXA) * [Bug Bounty Reports Explained](https://www.youtube.com/c/BugBountyReportsExplained) * [TechChip](https://www.youtube.com/c/TechChipNet) * [Technical Navigator](https://www.youtube.com/c/TechnicalNavigator) * [Beau Knows Tech... Stuff](https://www.youtube.com/c/BeauKnowsTechStuff) * [CyberSecurityTV](https://www.youtube.com/c/CyberSecurityTV) * [CYBER EVOLUTION](https://www.youtube.com/c/indianblackhats) * [Nahamsec](https://www.youtube.com/c/Nahamsec) * [The cyber expert](https://www.youtube.com/results?search_query=The+cyber+expert) * [Loi Liang Yang](https://www.youtube.com/c/LoiLiangYang) * [DarkSec](https://www.youtube.com/c/DarkSec) * [superhero1](https://www.youtube.com/channel/UCm2SwKmx3Ya1HG5RmHR7SCA) * [CrytoCar](https://www.youtube.com/c/CryptoCat23) * [Cybercdh](https://www.youtube.com/channel/UCND1KVdVt8A580SjdaS4cZg) * [Zanidd](https://www.youtube.com/c/devnull1337) * [Seytonic](https://www.youtube.com/c/Seytonic) * [LiveOverflow](https://www.youtube.com/c/LiveOverflow) * [SecurityFWD](https://www.youtube.com/c/SecurityFWD) * [CryptoKnight](https://www.youtube.com/c/TheHeraneVlogs5) * [Computerphile](https://www.youtube.com/user/Computerphile) * [FindingUrPasswd](https://www.youtube.com/c/FindingUrPasswd) * [Bitten tech](https://www.youtube.com/c/BittenTech) * [Busra Demir](https://www.youtube.com/channel/UCksdNO8hAiOQoWZhEXhyyZA) * [Cyber Academy](https://www.youtube.com/c/CyberAcademyHindi) * [Cyberspatial](https://www.youtube.com/c/Cyberspatial) * [Techlore](https://youtube.com/c/Techlore) * [Derek Rook](https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA) * [GynvaelEN](https://www.youtube.com/c/GynvaelEN) * [Ethical Hacking School](https://www.youtube.com/c/SheshTheCyberSecurity) * [Pratik Dabhi](https://www.youtube.com/c/impratikdabhi) * [MrTurvey](https://www.youtube.com/c/MrTurvey) * [BugCrowd](https://www.youtube.com/c/Bugcrowd) * [MurmusCTF](https://www.youtube.com/c/MurmusCTF) * [EC Council](https://www.youtube.com/user/eccouncilusa) * [Pentest-Tools Com](https://www.youtube.com/c/PentestToolscom) * [The Hackers World](https://www.youtube.com/c/TheHackersWorld) * [Grant Collins](https://www.youtube.com/channel/UCTLUi3oc1-a7dS-2-YgEKmA) * [Infinite Logins](https://www.youtube.com/c/InfiniteLogins) * [Hacking Simplified](https://www.youtube.com/c/HackingSimplifiedAS) * [Calle Svensson](https://www.youtube.com/c/ZetaTwo) * [ehacking](https://www.youtube.com/c/EhackingNet) * [Masters in I.T](https://www.youtube.com/c/MastersinIT) * [Info CK](https://www.youtube.com/c/InfoCk) * [PhD Security](https://www.youtube.com/channel/UCAndnmvdiphDqLLDrGnBuhA) * [Cyber Insecurity](https://www.youtube.com/c/CyberInsecurity) * [Tech69](https://www.youtube.com/c/Tech69YT) * [Cloud Security Podcast](https://www.youtube.com/c/CloudSecurityPodcast) * [Hussein Nasser](https://www.youtube.com/c/HusseinNasser-software-engineering) [PreviousTools & Cheatsheets](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets) [NextHacking Methodology](https://zweilosec.gitbook.io/hackers-rest/hacking-methodology) Last updated 2 years ago --- # Hands-on Practice | Hackers Rest [](https://zweilosec.gitbook.io/hackers-rest/hands-on-practice#capture-the-flag-ctf) **Capture The Flag (CTF)** -------------------------------------------------------------------------------------------------------------------- In **cybersecurity**, a **Capture The Flag (CTF)** is a **hands-on competition** designed to simulate real-world hacking scenarios. Participant, who are often **security professionals, ethical hackers, students, or red teams**, attempt to solve technical challenges that test their **offensive and/or defensive skills**. ### [](https://zweilosec.gitbook.io/hackers-rest/hands-on-practice#types-of-ctf-competitions) **Types of CTF Competitions** CTFs can vary in format but typically fall into three main categories: 1. **Jeopardy-Style** – Players solve challenges in categories like **cryptography, reverse engineering, web exploitation, and forensics** to earn points. 2. **Attack-Defense** – Teams defend their own systems while attacking others, simulating **real-world red vs. blue team scenarios**. 3. **Boot2Root / Puzzle-Based** – Participants must gain root access to a vulnerable machine or solve multi-step hacking challenges. ### [](https://zweilosec.gitbook.io/hackers-rest/hands-on-practice#ctfs-for-cyber-training) **CTFs for Cyber Training** For cybersecurity professionals, CTFs provide an opportunity to: * **Practice offensive security** techniques like **privilege escalation, exploit development, and lateral movement**. * **Learn real-world tactics** used by adversaries in penetration tests. * **Improve technical agility** in areas like **reverse engineering malware, bypassing security controls, and social engineering**. * **Enhance teamwork** in scenarios that mimic **cybercriminals** and **advanced persistent threats (APT)**. CTFs are also widely used for **cybersecurity education**, **hiring assessments**, and **upskilling professionals**. Many competitions, such as **DEFCON CTF, Hack The Box, and PicoCTF**, provide an immersive experience to sharpen security expertise. Here is a list of some of the more popular platforms for hands-on CTF training: **Site** **Description** **CTF Type** [247CTF](https://247ctf.com/) Provides unique challenge instances for each player, eliminating the need for VPNs or shared environments. Players can start, stop, and restart challenges at any time. **Jeopardy-Style** [CTFtime](https://ctftime.org/) A comprehensive archive of past and upcoming **Capture The Flag (CTF)** competitions, including team rankings, statistics, and event details. **CTF Aggregator** (Tracks multiple formats) [OverTheWire Wargames](http://overthewire.org/wargames/) Offers a variety of **security wargames** to help players learn and practice cybersecurity concepts in a structured, gamified environment. **Puzzle-Based / Boot2Root** [OverTheWire Warzone](https://overthewire.org/warzone/) A simulated **IPv4 Internet environment** where all connected devices are targets for hacking. Players can connect their own vulnerable systems for testing. **Attack-Defense** [UnderTheWire](https://www.underthewire.tech/) Focuses on **Windows PowerShell** training through interactive wargames, helping users develop scripting and automation skills. **Jeopardy-Style** [Challenges.re](https://challenges.re/) Created by Dennis Yurichev, this site focuses on **reverse engineering challenges**, complementing his book _Reverse Engineering for Beginners_. **Jeopardy-Style (Reverse Engineering)** [ROP Emporium](https://ropemporium.com/) Teaches **Return-Oriented Programming (ROP)** through structured challenges designed to improve exploit development skills. **Puzzle-Based / Exploit Development** [PicoCTF](https://picoctf.com/) A beginner-friendly **CTF competition** designed for students, featuring challenges in **reverse engineering, cryptography, and web security**. **Jeopardy-Style** [CTF365](https://ctf365.com/) A **cyber range** where users build and defend their own servers while attacking others, simulating real-world cybersecurity scenarios. **Attack-Defense** [Hack The Box](https://www.hackthebox.eu/) An **interactive penetration testing lab** with constantly updated challenges, including **real-world scenarios and CTF-style puzzles**. **Boot2Root / Puzzle-Based** [VulnHub](https://www.vulnhub.com/) Provides **vulnerable virtual machines** for hands-on security training, allowing users to practice penetration testing techniques. **Boot2Root / Puzzle-Based** [Root Me](https://www.root-me.org/en/Challenges) Offers a wide variety of **security challenges**, including **web exploitation, cryptanalysis, forensic analysis, and reverse engineering**. **Jeopardy-Style** [Exploit Education](https://exploit.education/) Formerly _Exploit Exercises_, this site provides **virtual machines and challenges** focused on **privilege escalation, exploit development, and debugging**. **Boot2Root / Exploit Development** [Hack This](https://www.hackthis.co.uk/) A platform for learning **hacking and network security**, featuring challenges that simulate real-world vulnerabilities. **Jeopardy-Style** [W3Challs](https://w3challs.com/) A **real-world hacking challenge** platform with no guessing or simulation, covering multiple offensive security topics. **Jeopardy-Style** [Pwnable.kr](http://pwnable.kr/) A **pwn-focused wargame** site offering challenges related to **binary exploitation, reverse engineering, and system hacking**. **Boot2Root / Exploit Development** [Pwnable.tw](https://pwnable.tw/) Similar to Pwnable.kr, this site provides **binary exploitation challenges** with a scoring system based on difficulty. **Boot2Root / Exploit Development** [](https://zweilosec.gitbook.io/hackers-rest/hands-on-practice#certifications-for-offensive-security-professionals) Certifications for Offensive Security Professionals ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Certifications are also available from many vendors to validate penetration testing, ethical hacking, and exploit development skills. These certifications help professionals demonstrate their expertise in network security, red teaming, and vulnerability assessment, making them valuable challenges to pursue. These can often help "get you in the door" when applying for jobs. Below is a table comparing some of the popular offensive security certifications: **Vendor** **Certification** **Description** **Price** **Pros** **Cons** **Offensive Security** **OSCP (Offensive Security Certified Professional)** A **hands-on pentesting certification** requiring a **24-hour practical exam** and report writing. Focused on **real-world attack scenarios** using Kali Linux. ~$1,599 Highly respected, strong industry recognition, hands-on exam Extremely challenging, steep learning curve, only "entry level" **Offensive Security** **OSCE3 (Offensive Security Certified Expert)** Advanced certification covering **exploit development, red teaming, and advanced pentesting techniques**. ~$5,499 Deep focus on **exploit development**, highly respected Extremely difficult, requires OSCP-level expertise **Offensive Security** **OSWE (Offensive Security Web Expert)** Focuses on **white-box web application security**, requiring candidates to analyze source code and exploit vulnerabilities. The exam is **48 hours long**. ~$1,499 Highly specialized in **web app security**, strong industry recognition Requires deep knowledge of **web application security and coding** **TCM Security** **PNPT (Practical Network Penetration Tester)** A **real-world pentesting exam** covering **Active Directory exploitation, lateral movement, and report writing**. ~$399 Affordable, realistic pentesting scenarios, includes reporting Less recognized than OSCP, limited advanced exploitation **Pentester Academy** **CRTP (Certified Red Team Professional)** Specializes in **Active Directory attacks, privilege escalation, and lateral movement techniques**. ~$249 Strong Windows AD exploitation focus, affordable Limited coverage of web and network pentesting **Hack The Box** **CPTS (Certified Penetration Testing Specialist)** A **hands-on pentesting certification** covering **network security, Active Directory exploitation, and web application attacks**. ~$299 Affordable, practical exam, good for beginners Less recognized than OSCP, newer certification **GIAC (Global Information Assurance Certification)** **GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)** Covers **exploit development, buffer overflows, and reverse engineering**. ~$8,000 Deep focus on **exploit development**, highly technical Extremely expensive **eLearnSecurity (INE Security)** **CPTS (Certified Penetration Testing Specialist)** Covers **network security, web exploitation, and privilege escalation** with a **practical exam**. ~$350 Well-rounded pentesting coverage, hands-on exam Less industry recognition compared to OSCP **eLearnSecurity (INE Security)** **eJPT (eLearnSecurity Junior Penetration Tester)** Entry-level pentesting certification covering **network security, web exploitation, and basic enumeration**. ~$200 Beginner-friendly, practical exam Not recognized for senior pentesting roles **Mile2** **CPTC (Certified Penetration Testing Consultant)** Focuses on **enterprise-level pentesting**, including **report writing and compliance**. ~$1,500 Strong emphasis on **consulting and reporting**, good for senior roles Less technical than OSCP, geared toward **business-oriented pentesting** **International Council of E-Commerce Consultants (EC-Council)** **CEH (Certified Ethical Hacker)** Covers **ethical hacking fundamentals**, tools, and methodologies via a **multiple-choice exam**. ~$1,199 Well-known globally, only for beginners Not a practical exam, focuses more on theory than hands-on skills, terrible course material, not worth the price [](https://zweilosec.gitbook.io/hackers-rest/hands-on-practice#thanks) Thanks ---------------------------------------------------------------------------------- If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec) ! [PreviousHacking Methodology](https://zweilosec.gitbook.io/hackers-rest/hacking-methodology) [NextNetwork Fundamentals](https://zweilosec.gitbook.io/hackers-rest/fundamentals/networking) Last updated 3 months ago --- # Tools & Cheatsheets | Hackers Rest Hack Responsibly. Always ensure you have **explicit** permission to access any computer system **before** using any of the techniques contained in these documents. You accept full responsibility for your actions by applying any knowledge gained here. [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets#useful-tools) Useful Tools ---------------------------------------------------------------------------------------------- * [https://app.diagrams.net/](https://app.diagrams.net/) * Network Diagramming (Free Online Visio Replacement) [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets#oscp-cheatsheets) OSCP Cheatsheets ------------------------------------------------------------------------------------------------------ * [https://github.com/s0wr0b1ndef/OSCP-Biggest-Reference-Bank/blob/master/Cheatsheet\_PenTesting.txt](https://github.com/s0wr0b1ndef/OSCP-Biggest-Reference-Bank/blob/master/Cheatsheet_PenTesting.txt) * [https://github.com/so87/OSCP-PwK/blob/master/Penetration%20Testing%20Tools.pdf](https://github.com/so87/OSCP-PwK/blob/master/Penetration%20Testing%20Tools.pdf) * [https://securism.wordpress.com/oscp-notes-information-gathering/](https://securism.wordpress.com/oscp-notes-information-gathering/) * [https://github.com/Elinpf/OSCP-survival-guide](https://github.com/Elinpf/OSCP-survival-guide) * [https://oscp.infosecsanyam.in/cheatsheet-short](https://oscp.infosecsanyam.in/cheatsheet-short) * [https://github.com/slyth11907/Cheatsheets](https://github.com/slyth11907/Cheatsheets) * [https://oscp.infosecsanyam.in/one-page-methodology](https://oscp.infosecsanyam.in/one-page-methodology) * [https://github.com/The-Lynx-Team/OSCP](https://github.com/The-Lynx-Team/OSCP) [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets#ctf-cheatsheats) CTF Cheatsheats ---------------------------------------------------------------------------------------------------- * [https://github.com/Ganapati/RsaCtfTool](https://github.com/Ganapati/RsaCtfTool) <-- RSA cracking tools //"un-cipher" data from weak public key and try to recover 5KFB6 private key * [https://www.capturetheflags.com/tools-for-ctf/](https://www.capturetheflags.com/tools-for-ctf/) <--Has both linux and windows * [https://github.com/apsdehal/aWEsoMe-cTf](https://github.com/apsdehal/aWEsoMe-cTf) * [https://github.com/zardus/ctf-tools](https://github.com/zardus/ctf-tools) * [https://dvd848.github.io/CTFs/](https://dvd848.github.io/CTFs/) * [https://github.com/ryanking13/ctf-cheatsheet](https://github.com/ryanking13/ctf-cheatsheet) * [https://github.com/w181496/Web-CTF-Cheatsheet](https://github.com/w181496/Web-CTF-Cheatsheet) [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets#infosec-cheatsheets) Infosec Cheatsheets ------------------------------------------------------------------------------------------------------------ * [https://nikolaskama.me/infosec-cheat-sheets/](https://nikolaskama.me/infosec-cheat-sheets/) * [https://www.peerlyst.com/posts/the-complete-list-of-infosec-related-cheat-sheets-claus-cramon](https://www.peerlyst.com/posts/the-complete-list-of-infosec-related-cheat-sheets-claus-cramon) [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets#scripting-cheatsheets) Scripting Cheatsheets ---------------------------------------------------------------------------------------------------------------- * [https://pequalsnp-team.github.io/cheatsheet/socket-basics-py-js-rb](https://pequalsnp-team.github.io/cheatsheet/socket-basics-py-js-rb) [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets#cryptography-cheatsheets) Cryptography Cheatsheets ---------------------------------------------------------------------------------------------------------------------- * [https://pequalsnp-team.github.io/cheatsheet/crypto-101](https://pequalsnp-team.github.io/cheatsheet/crypto-101) [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets#steganography-cheatsheets) Steganography Cheatsheets ------------------------------------------------------------------------------------------------------------------------ * [https://georgeom.net/StegOnline/checklist](https://georgeom.net/StegOnline/checklist) [](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets#misc) MISC ------------------------------------------------------------------------------ [https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/](https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/) If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec) ! [PreviousHacker's Rest](https://zweilosec.gitbook.io/hackers-rest) [NextCybersecurity YouTube Channels](https://zweilosec.gitbook.io/hackers-rest/tools-cheatsheets/cybersecurity-youtube-channels) Last updated 4 years ago --- # PowerShell Administration Tools | Sysadmin Solutions PowerShell scripts for automating common system administration tasks. Suggestions, submissions, updates, and requests are always welcome! Script Name Description [Clear-ExcessCertificates](https://github.com/zweilosec/PowerShell-Administration-Tools/blob/master/Clear-ExcessCertificates.ps1) Clears all PIV certificates from the local store except for the current user's [Create-ADUserFromCsv](https://github.com/zweilosec/PowerShell-Administration-Tools/blob/master/Create-ADUserFromCsv.ps1) Batch creates users in Active Directory from a .csv file. [Get-Computer\_Inventory](https://github.com/zweilosec/PowerShell-Administration-Tools/blob/master/Get-Computer_Inventory_toCSV.ps1) Searches a domain for the computers specified (by computer name) and reports a list of inventory-related information for those computers. IP, MAC, Make, Model, Serial, and Last User. [Get-Monitor\_Inventory](https://github.com/zweilosec/PowerShell-Administration-Tools/blob/master/Get-Monitor_Inventory.ps1) Searches a domain for the computers specified (by computer name) and reports a list of inventory-related information for the attached Monitors. Make, Model, Serial [Get-User\_Profile](https://github.com/zweilosec/PowerShell-Administration-Tools/blob/master/Get-User_Profile.ps1) Searches a domain for the user ID specified. Returns a list of all of the computers that user has signed into. [Add-Printer](https://github.com/zweilosec/PowerShell-Administration-Tools/blob/master/add-printer.ps1) Adds a printer to the computer specified (by computer name). Requires some information such as printer IP, Driver long name, and the name you want the printer to be displayed as. [](https://zweilosec.gitbook.io/sysadmin-solutions/#network-tools) Network Tools ------------------------------------------------------------------------------------- Script Name Description [Renew-DHCP](https://github.com/zweilosec/PowerShell-Administration-Tools/blob/master/Network/Renew-DHCP.ps1) Releases DHCP reservations for all active interfaces and renews them. Fully PowerShell equivilent to running `ipconfig /release; ipconfig /renew`. [Scan-TCPPorts](https://github.com/zweilosec/PowerShell-Administration-Tools/blob/master/Network/Scan-TCPPorts.ps1) A simple TCP port scanner. Takes in a comma separated list of IPs, and of ports. An output file (csv or txt) can be specified as well. #### [](https://zweilosec.gitbook.io/sysadmin-solutions/#more-content-from-zweilosec) More content from Zweilosec: [](https://zweilosec.gitbook.io/sysadmin-solutions/#oscp-prep-and-ctf-notes) [OSCP prep and CTF notes](https://zweilosec.gitbook.io/hackers-rest/) -------------------------------------------------------------------------------------------------------------------------------------------------------- If you like this content and would like to see more, please consider supporting me through Patreon at [https://www.patreon.com/zweilosec](https://www.patreon.com/zweilosec) . Last updated 3 years ago Was this helpful? --- # Python for Pentesters | Python Pearls [](https://zweilosec.gitbook.io/python-pearls/#python-for-pentesters) Python for Pentesters ------------------------------------------------------------------------------------------------ ### [](https://zweilosec.gitbook.io/python-pearls/#overview) Overview ## Getting started with Python for pentesting and red team engagements is fairly easy! This repo is just a small collection of random scripts from various sources. This code is provided purely for educational purposes. All responsibility for any potential damage or unethical/illegal behavior is solely on the user. [](https://zweilosec.gitbook.io/python-pearls/#my-scripts) My scripts -------------------------------------------------------------------------- * bludit-3.9.2\_pwd-bruteforce\_multi.py: Multithreaded password brute-force tool to get valid password for exploiting CVE-2019-17240 [](https://zweilosec.gitbook.io/python-pearls/#scripts-from-other-sources) Scripts from other sources ---------------------------------------------------------------------------------------------------------- **Many scripts written by: Mike Felch (@ustayready) and Joff Thyer (@joff\_thyer) of:** ![](https://zweilosec.gitbook.io/python-pearls/~gitbook/image?url=https%3A%2F%2Fwww.blackhillsinfosec.com%2Fwp-content%2Fuploads%2F2016%2F03%2FBHIS-logo-L-300x300.png&width=768&dpr=4&quality=100&sign=2c6e8065&sv=2) Black Hills Information Security * pivot\_winrm.py: shows how to use Python with winrm to execute commands on a remote machine * cloud\_aws\_s3.py: search AWS S3 buckets for sensitive filenames * cloud\_aws\_secrets.py: Dump all the secrets in AWS Secrets Manager * cloud\_azure\_ad.py: Dumping AzureAD users * cloud\_gsuite\_backdoor.py: Backdooring G Suite accounts for full access * cloud\_gsuite\_email.py: Reading GMail emails * crack\_jwt.py: Cracking JSON web tokens * live\_host\_discovery.py: Discovering live hosts on a network * live\_port\_discovery.py: Discovering open ports on a host * passwords\_attack.py: Trying username/password combinations on a web authentication portal * pivot\_psremoting.py: Pivoting in a Windows environment using PSRemoting * pivot\_wmi.py: Pivoting in a Windows environment using WMI * shodan\_search.py: Searching for internet connected devices on Shodan * socket\_c2\_client.py: C2 socket client * socket\_c2\_server.py: C2 socket server * web\_brute.py: Brute forcing web paths for unknown attack surfaces * web\_robots.py: Downloading the robots.txt for URLs * web\_sniff.py: Sniffing HTTP packets * web\_spa.py: Interacting with a single page app with a headless browser then copying session cookies to the requests library * pymeta.py: Read all files in a directory recursively and extracts metadata from any office documents, and PDFs discovered * powerstrip.py: Strips comments out of a PowerShell script, and writes a file with -stripped as part of the filename * pyinjector.py: Using ctypes to execute shellcode within the same process or inject into a remote process using thread manipulation Last updated 5 years ago Was this helpful? --- # Hack the Box Write-ups | HTB Writeups ⚠️ I am in the process of moving my writeups to a better looking site at [https://zweilosec.github.io!](https://zweilosec.github.io!/) Please check it out! ⚠️ [](https://zweilosec.gitbook.io/htb-writeups/#hack-the-box-machines) Hack the Box Machines ----------------------------------------------------------------------------------------------- A listing of all of the machines I have completed on Hack the Box. Click on the name to read a write-up of how I completed each one. Write-ups are only posted for retired machines (per the Hack the Box terms of service). ### [](https://zweilosec.gitbook.io/htb-writeups/#windows-machines) Windows Machines Machine Name Date Owned Difficulty IP Creator Bankrobber 08Mar2020 Hard 10.10.10.154 [Gioo](https://www.hackthebox.eu/home/users/profile/623) & [Cneeliz](https://www.hackthebox.eu/home/users/profile/3244) [Resolute](https://zweilosec.gitbook.io/htb-writeups/windows-machines/medium/resolute-write-up) 24May2020 Medium 10.10.10.169 [egre55](https://www.hackthebox.eu/home/users/profile/1190) [Monteverde](https://zweilosec.gitbook.io/htb-writeups/windows-machines/medium/monteverde-write-up) 30May2020 Medium 10.10.10.172 [egre55](https://www.hackthebox.eu/home/users/profile/1190) [Nest](https://zweilosec.gitbook.io/htb-writeups/windows-machines/medium/nest-write-up) 31May2020 Medium 10.10.10.178 [Vbscrub](https://www.hackthebox.eu/home/users/profile/158833) [Sauna](https://zweilosec.gitbook.io/htb-writeups/windows-machines/easy/sauna-write-up) 03Jun2020 Easy 10.10.10.175 [egotisticalSW](https://www.hackthebox.eu/home/users/profile/94858) [Servmon](https://zweilosec.gitbook.io/htb-writeups/windows-machines/easy/servmon-write-up) 21Jun2020 Easy 10.10.10.184 [dmw0ng](https://www.hackthebox.eu/home/users/profile/82600) [Remote](https://zweilosec.gitbook.io/htb-writeups/windows-machines/easy/remote-write-up) 06Jul2020 Easy 10.10.10.180 [mrb3n](https://www.hackthebox.eu/home/users/profile/2984) [Multimaster](https://zweilosec.gitbook.io/htb-writeups/windows-machines/insane/multimaster) 25Jul2020 Insane 10.10.10.179 [MinatoTW](https://www.hackthebox.eu/home/users/profile/8308) & [egre55](https://www.hackthebox.eu/home/users/profile/1190) [Cascade](https://zweilosec.gitbook.io/htb-writeups/windows-machines/medium/cascade-write-up) 28July2020 Medium 10.10.10.182 [Vbscrub](https://www.hackthebox.eu/home/users/profile/158833) [Buff](https://zweilosec.gitbook.io/htb-writeups/windows-machines/easy/buff-write-up) 29Aug2020 Easy 10.10.10.198 [egotisticalSW](https://www.hackthebox.eu/home/users/profile/94858) [Fuse](https://zweilosec.gitbook.io/htb-writeups/windows-machines/medium/fuse-write-up) 26Sep2020 Medium 10.10.10.193 [egre55](https://www.hackthebox.eu/home/users/profile/1190) [Blackfield](https://zweilosec.gitbook.io/htb-writeups/windows-machines/hard/blackfield-write-up) 04Oct2020 Hard 10.10.10.192 [aas](https://www.hackthebox.eu/home/users/profile/6259) [Omni](https://zweilosec.gitbook.io/htb-writeups/windows-machines/easy/omni) 30Oct2020 Easy 10.10.10.204 [egre55](https://www.hackthebox.eu/home/users/profile/1190) [Worker](https://zweilosec.gitbook.io/htb-writeups/windows-machines/medium/worker) 13Dec2020 Medium 10.10.10.203 [ekenas](https://app.hackthebox.eu/users/222808) [Reel2](https://zweilosec.gitbook.io/htb-writeups/windows-machines/hard/reel2) 16Feb2021 Hard 10.10.10.210 [cube0x0](https://app.hackthebox.eu/users/9164) [APT](https://zweilosec.gitbook.io/htb-writeups/windows-machines/insane/apt) 1Apr2021 Insane 10.10.10.213 [cube0x0](https://app.hackthebox.eu/users/9164) ### [](https://zweilosec.gitbook.io/htb-writeups/#linux-machines) Linux Machines Machine Name Date Owned Difficulty IP Creator Traverxec 29Feb2020 Easy 10.10.10.165 [jkr](https://www.hackthebox.eu/home/users/profile/77141) Postman 3Mar2020 Easy 10.10.10.160 [TheCyberGeek](https://www.hackthebox.eu/home/users/profile/114053) OpenAdmin 8Mar2020 Easy 10.10.10.171 [dmw0ng](https://www.hackthebox.eu/home/users/profile/82600) Mango 17Apr2020 Medium 10.10.10.162 [MrR3boot](https://www.hackthebox.eu/home/users/profile/13531) Obscurity 19Apr2020 Medium 10.10.10.168 [clubby789](https://www.hackthebox.eu/home/users/profile/83743) [Book](https://zweilosec.gitbook.io/htb-writeups/linux-machines/medium/book-write-up) 08Jun2020 Medium 10.10.10.176 [MrR3boot](https://www.hackthebox.eu/home/users/profile/13531) [Oouch](https://zweilosec.gitbook.io/htb-writeups/linux-machines/hard/oouch-write-up) 11Jun2020 Hard 10.10.10.177 [qtc](https://www.hackthebox.eu/home/users/profile/103578) [Traceback](https://zweilosec.gitbook.io/htb-writeups/linux-machines/easy/traceback-write-up) 23Jun2020 Easy 10.10.10.181 [Xh4H](https://www.hackthebox.eu/home/users/profile/21439) [PlayerTwo](https://zweilosec.gitbook.io/htb-writeups/linux-machines/insane/playertwo-write-up) 26Jun2020 Insane 10.10.10.170 [MrR3boot](https://www.hackthebox.eu/home/users/profile/13531) & [bl4ckh34rt](https://www.hackthebox.eu/home/users/profile/64903) [ForwardSlash](https://zweilosec.gitbook.io/htb-writeups/linux-machines/hard/forwardslash-write-up) 06Jul2020 Hard 10.10.10.183 [InfoSecJack](https://www.hackthebox.eu/home/users/profile/52045) & [chivato](https://www.hackthebox.eu/home/users/profile/44614) [Magic](https://zweilosec.gitbook.io/htb-writeups/linux-machines/medium/magic-write-up) 04Aug2020 Medium 10.10.10.185 [TRX](https://www.hackthebox.eu/home/users/profile/31190) [Admirer](https://zweilosec.gitbook.io/htb-writeups/linux-machines/easy/admirer-write-up) 06Aug2020 Easy 10.10.10.187 [polarbearer](https://www.hackthebox.eu/home/users/profile/159204) & [GibParadox](https://www.hackthebox.eu/home/users/profile/125033) [Blunder](https://zweilosec.gitbook.io/htb-writeups/linux-machines/easy/blunder-write-up) 09Aug2020 Easy 10.10.10.191 [egotisticalSW](https://www.hackthebox.eu/home/users/profile/94858) [Cache](https://zweilosec.gitbook.io/htb-writeups/linux-machines/medium/cache-write-up) 10Aug2020 Medium 10.10.10.188 [ASHacker](https://www.hackthebox.eu/home/users/profile/23227) [Quick](https://zweilosec.gitbook.io/htb-writeups/linux-machines/hard/quick-write-up) 20Aug2020 Hard 10.10.10.186 [MrR3boot](https://www.hackthebox.eu/home/users/profile/13531) [Travel](https://zweilosec.gitbook.io/htb-writeups/linux-machines/hard/travel-write-up) 19Sep2020 Hard 10.10.10.189 [xct](https://www.hackthebox.eu/home/users/profile/13569) & [jkr](https://www.hackthebox.eu/home/users/profile/77141) [Dyplesher](https://zweilosec.gitbook.io/htb-writeups/linux-machines/insane/dyplesher-write-up) 12Oct2020 Insane 10.10.10.190 [felamos](https://app.hackthebox.eu/users/27390) & [yuntao](https://app.hackthebox.eu/users/12438) [Tabby](https://zweilosec.gitbook.io/htb-writeups/linux-machines/easy/tabby-write-up) 12Oct2020 Easy 10.10.10.194 [egre55](https://app.hackthebox.eu/users/1190) [SneakyMailer](https://zweilosec.gitbook.io/htb-writeups/linux-machines/medium/sneakymailer-writeup) 12Nov2020 Medium 10.10.10.197 [sulcud](https://app.hackthebox.eu/users/106709) [OpenKeyS](https://zweilosec.gitbook.io/htb-writeups/linux-machines/medium/openkeys) 14Nov2020 Medium 10.10.10.199 [polarbearer](https://www.hackthebox.eu/home/users/profile/159204) & [GibParadox](https://www.hackthebox.eu/home/users/profile/125033) [Intense](https://zweilosec.gitbook.io/htb-writeups/linux-machines/hard/intense-write-up) 15Nov2020 Hard 10.10.10.195 [sokafr](https://app.hackthebox.eu/users/19014) [Unbalanced](https://zweilosec.gitbook.io/htb-writeups/linux-machines/hard/unbalanced) 15Nov2020 Hard 10.10.10.200 [polarbearer](https://www.hackthebox.eu/home/users/profile/159204) & [GibParadox](https://www.hackthebox.eu/home/users/profile/125033) [Feline](https://zweilosec.gitbook.io/htb-writeups/linux-machines/hard/feline) 13Dec2020 Hard 10.10.10.205 [MinatoTW](https://www.hackthebox.eu/home/users/profile/8308) & [MrR3boot](https://www.hackthebox.eu/home/users/profile/13531) [Laser](https://zweilosec.gitbook.io/htb-writeups/linux-machines/insane/laser) 19Dec2020 Insane 10.10.10.201 [MrR3boot](https://www.hackthebox.eu/home/users/profile/13531) & [R4J](https://app.hackthebox.eu/users/13243) [Compromised](https://zweilosec.gitbook.io/htb-writeups/linux-machines/hard/compromised) 27Dec2020 Hard 10.10.10.207 [D4nch3n](https://app.hackthebox.eu/users/103781) [Doctor](https://zweilosec.gitbook.io/htb-writeups/linux-machines/easy/doctor) 13Feb2021 Easy 10.10.10.209 [egotisticalSW](https://app.hackthebox.eu/users/94858) [Jewel](https://zweilosec.gitbook.io/htb-writeups/linux-machines/medium/jewel) 15Feb2021 Medium 10.10.10.211 [polarbearer](https://app.hackthebox.eu/users/159204) Academy 28Feb2021 Easy 10.10.10.215 [egre55](https://app.hackthebox.eu/users/1190) & [mrb3n](https://app.hackthebox.eu/users/2984) Bucket 15Mar2021 Medium 10.10.10.212 [MrR3boot](https://www.hackthebox.eu/home/users/profile/13531) [Time](https://zweilosec.gitbook.io/htb-writeups/linux-machines/medium/time) 16Mar2021 Medium 10.10.10.214 [0xc45](https://app.hackthebox.eu/users/73268) Laboratory 19Mar2021 Easy 10.10.10.216 [egotisticalSW](https://app.hackthebox.eu/users/94858) & [felamos](https://app.hackthebox.eu/users/27390) [Crossfit](https://zweilosec.gitbook.io/htb-writeups/linux-machines/insane/crossfit) 19Mar2021 Insane 10.10.10.208 [polarbearer](https://app.hackthebox.eu/users/159204) & [GibParadox](https://app.hackthebox.eu/users/125033) [Luanne](https://zweilosec.gitbook.io/htb-writeups/linux-machines/easy/luanne) 28Mar2021 Easy 10.10.10.218 [polarbearer](https://app.hackthebox.eu/users/159204) [](https://zweilosec.gitbook.io/htb-writeups/#hack-the-box-challenges) Hack the Box Challenges --------------------------------------------------------------------------------------------------- No Challenges have been retired as of yet...TODO:Check on this and see if still true Challenge Name Challenge Type Points Creator If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec) ! [NextMachines](https://zweilosec.gitbook.io/htb-writeups/machines) Last updated 4 years ago Was this helpful? ---