I just popped a SYSTEM shell on a Windows 7 machine using my own penetration testing framework written entirely in Rust.

Amatsumara is a full exploitation framework including dynamic module loading via C FFI, interactive console, session management, 154 exploit modules, all built in Rust. Tonight I finished implementing EternalBlue (MS17-010) from scratch. Heap grooming, the SrvOs2FeaListToNt integer overflow, kernel shellcode, SrvNet buffer corruption, OS detection to automatically route between Win7 and Win8 exploit paths.

Now I have to try to find a way to sleep and not keep messing around in excitement.

#Rust #RustLang #Infosec #Cybersecurity #PenTesting #EternalBlue #MS17010 #ExploitDevelopment #CTF #TryHackMe #RedTeam #Hacking #OpenSource

SEC0 from @RealTryHackMe done.

I know it’s a fundamental's certification, but I treated it like it wasn’t. Went back over weak areas. I completed the exam.

Next step: SEC1.

#CyberSecurity #TryHackMe #100DaysOfCybersecurity #Day52

Hello, again 

Today is officially the worst day of this month, no electricity whole day, I wasn't able to get much done, I did do a little bit of packet analysis.

I can confidently identify common nmap scans. It all boils down to the TCP three way handshake for the TCP connect scan, and Stealth scan.

UDP scan utilizes the icmp protocol to scan the open ports.

#Day48 #100daysofCybersecurity #CS50 #TryHackMe

Hello, again 

Today is a special day because two great things happened to me. First, I reached the top one percent of @RealTryHackMe. That was one of my goals for this year, so congratulations to me! Now, I have set my sights higher. I want to reach the top one thousand rank on TryHackMe.

Something extraordinary happened today. I was in the GingerHacker Initiative Discord community chatting with the founder. Since I spent my savings on the TryHackMe premium annual subscription, I told him how I'm preparing for SEC1 because it's practical and more affordable than Security+. He immediately offered to sponsor my certification to help me progress in my career. He decided to sponsor both SEC0 and SEC1. Shout out to the #GingerHacker!

It was a crazy and wonderful day! Also, I submitted the speller problem, and now I'm moving to week six.

Python rocks! 💪

#Day47 #100DaysOfCybersecurity #CS50 #TryHackMe

Hack w/ Me - Episode 2 is LIVE

Check it out on all major platforms (Substack preferred 😉)

https://digitaldopaminellc.substack.com/p/hack-w-me-episode-2-search-skills

#hackwithme #tryhackme #cybersecurity #learning #fyp #explorepage #digitaldopamine #podcast

Hello, again 

Today, I started working through the network analysis rooms on TryHackMe. I used Wireshark to analyze PCAP files, which went smoothly since I have experience with it. However, I learned how to use statistics more effectively.

Lastly, I found a way to reduce collisions using a better hashing function. Instead of using just the first character to build the hash table, I multiplied the characters to increase entropy. I'm only six seconds behind the staff algorithm.

I also found a way to handle the apostrophe. Since I subtract 65 from the characters, the result is negative, which leads to a segmentation fault. I simply used a conditional statement to handle it.

#100DaysOfCybersecurity #CS50 #TryHackMe #Day46

Hello, again 

Today, I finished the remaining rooms in the Pre-Security Pathway. I reviewed programming concepts and the CIA triad, and I can finally focus on the network analysis rooms.

I also solved several interactive challenges involving the Caesar cipher to demonstrate symmetric encryption, and they were genuinely fun to work through.

Next, I was almost able to complete the speller code, but it still suffers from low performance because I have not yet improved the hash function, which I will work on tomorrow.

I am using a hash table with linked lists for collision handling. Currently, it takes O(n) time in practice due to poor distribution. Collisions are handled using chaining, where each bucket stores a linked list. However, I am only using 26 buckets, and the hash function returns a value based solely on the first character of the word. Each new node is prepended to the list.

As a result, lookups require linear traversal through long linked lists, which significantly impacts performance. Tomorrow, I will work on improving the hash function and compare the results.

#100DaysOfCybersecurity #CS50 #TryHackMe #Day45

Hello, again 

TryHackMe recently introduced new rooms to their pre-security pathway, and I went through some of them today. The rooms mostly focus on operating systems, hardware, and basics, which I'm already familiar with, so I finished most of them. I'll work on the rest tomorrow so I can continue the SOC L1 pathway. Lastly, I achieved a milestone: I was not only able to create linked lists in C, but also visualize how I was using the pointers and how the chain of nodes was being stitched together perfectly while working on the speller problem from CS50.

#100DaysOfCybersecurity #TryHackMe #Day44

New CTF walkthrough for TryHackMe's RootMe. This is a fun one!

I just published RootMe (CTF Walkthrough) https://medium.com/p/rootme-ctf-walkthrough-efe69ef73510?source=social.tw

#TryHackMe #Cybersecurity #ReverseShell #CTF #PenetrationTesting