Suryaj CJ’s Post

🚀 Exciting News! 🚀 We've just released a new Python tutorial that explains how to create Two-Factor Authentication (2FA) codes using Time-Based One-Time Passwords (TOTP). 🔐 This is perfect for enhancing the security of your applications. It generates TOTPs and creates setup URLs that can be used with any authenticator app like Google Authenticator. 📱 Whether you're a developer looking to add an extra layer of security to your projects or just curious about how 2FA works, this step-by-step guide will walk you through everything you need to know. Check out our website for the code and detailed instructions: https://lnkd.in/gAA_y-Rv #Python #2FA #TOTP #Cybersecurity #OpenSource #TechTutorial #BasselTech

😅 I realize I haven't been posting as much lately, but I've been studying some really important topics and techniques to improve my abilities and maximize my productivity at work. Academically, I'm finishing off my university studies with excitement ( 😬 )! In addition, I've been developing a playful Python application to assist my son with his spelling. When he spells a word correctly (or incorrectly), he gets feedback that is tailored specifically to him (using the pyttsx3 library), and his happiness is priceless! Right now, I'm working on a GUI for it with vivid colors to make it more interesting for him. I’ve also been exploring some intriguing labs on Cyberdefenders. By utilizing Wireshark and VirusTotal, I was able to gather crucial information about malicious activities occurring on the network. The sheer volume of both benign and adverse events that can happen across a network is astounding. While this is just one aspect of security, without appropriate monitoring tools and configurations, we risk seriously damaging our infrastructure and, for most businesses, their reputation. Looking forward to sharing more of my journey with you all! 😄 #lifelonglearning #cyberdefenders #pythonprogramming

Regular expressions from TryHackMe Learn and practise using regular expressions Days of 128 #365daysofinfosec #tryhackme

Excited to share my latest Medium post where I dive into the 'Dead End?' challenge on TryHackMe! In this walkthrough, I guide you through the investigation of memory and disk images, using tools like Volatility, FTK Imager and Registry Explorer, showcasing some essential digital forensics tools and techniques. #infosec #digitalforensics #blueteaming

🔐 HackTheBox Challenge Completed! 🔐 I recently completed another challenge on HackTheBox, and this time, the experience was extremely enriching. While the last machine I solved (Cap) was relatively simple, the new machine pushed me to the limit, requiring the use of several techniques and tools. I used Burp Suite, Pivot Chisel, scripts in Java, Python, PHP, and exploited a critical vulnerability CVE-2024-XXXX, with a severity score of 9.1, which made the challenge even more exciting! 🚩 The meticulous analysis of every detail was essential to follow the right path. It took several hours of intense work, but in the end, all the effort was worth it. Here is the result: another valuable learning experience that I add to my CyberSecurity background. I thank the HackTheBox - Dr. AITH platform for these practical and realistic challenges that help me to continually improve my skills. Now it's time to move forward, because learning never stops! 💡🔍 #HackTheBox #Metasploit #Kali #Redteam #Ctf #Flag #Github #exploit #payload #CyberSecurity #Hacking #CVE2024 #BurpSuite #Python #PHP #Java #PivotChisel #Vulnerabilities #InformationSecurity #Challenges

Metasploit by TryHackMe Modules: Introduction to Metasploit Main Components of Metasploit Msfconsole Working with modules

This Hacktoberfest was an attempt to dive into the open-source contribution world, where I made three contributions that were accepted out of four attempts. The experience has been great, and I learned a lot while working with amazing maintainers. 1. radare2: Added support for the V flag in 'rafind2' for value-range searches, enhancing data manipulation capabilities. 2. yazi: Modified folder renaming functionality to append indexes correctly for duplicates. 3. martin: Introduced a validation method in 'PgConfig' to ensure pool sizes and connection strings are set properly. You can check out the details of my contributions in this gist: https://lnkd.in/gqTzHPt8. There’s still so much to learn, but I’m eager to continue contributing. #Hacktoberfest2024 #OpenSource #Rust #C #DeveloperCommunity #SoftwareDevelopment

This fantastic article provides a technical analysis of the CVE-2024-38080 vulnerability in Microsoft Hyper-V (From the Host, this is not a VM Escape). Here's a summary of the key technical points: 1. Vulnerability Type: Integer Overflow leading to Elevation of Privilege (EoP) 2. Affected Components: - Hyper-V Virtualization Infrastructure Driver (Vid.sys) in Windows 11 versions prior. 3. Vulnerability Details: - Located in the Vid!VidExoBrokerIoctlReceive function - Involves manipulation of data structures passed between VidExoBrokerIoctlSend and VidExoBrokerIoctlReceive 4. Exploitation Path: a. Integer overflow occurs when calculating buffer sizes based on user-controlled input b. This leads to bypassing length checks c. Results in potential buffer overflow and out-of-bounds write in non-paged pool memory 5. Key Vulnerable Code: - Calculations involving Source->NumHandles and Source->DataLen can cause integer overflows - Insufficient checks allow bypassing size validations 6. Proof of Concept: - Utilizes Windows Hypervisor Platform API to obtain a handle to \Device\VidExo - Crafts a malicious payload to trigger the integer overflow - Uses DeviceIoControl to send the payload and receive the response 7. Patch: Microsoft added additional integer overflow checks in the vulnerable function 8. Technical Depth: - The analysis includes detailed reverse engineering of the vulnerable function - Provides insights into Hyper-V's internal structures and IRP handling 9. Exploitation Impact: - Successful exploitation could lead to SYSTEM privilege escalation - Demonstrated to cause a Blue Screen of Death (BSOD) in the proof of concept This is pretty amazing. We don't see Hyper-V exploits often. I personally didn't see any since Nicolas Joly & Joe Bialek work

🚀 Ready to Automate Your Reports? 🚀 Imagine cutting down hours of manual work into just a few lines of code! In my latest guide, I walk you through a real-world use case where we automate report generation using Python and Playwright. 📊 Here's what you’ll learn: How to fetch data from an API How to process the data effectively How to generate a polished, professional PDF report By the end of this tutorial, you'll have the skills to automate regular report creation, making it perfect for developers who handle recurring data analysis tasks. ➡️ Say goodbye to repetitive reporting tasks and hello to efficient, automated workflows! 💼 Read the full guide here: https://lnkd.in/guhMWCht #Python #Automation #ReportGeneration #Playwright #DataAnalysis #PDF #Cybersecurity #Cyberknowns

I have just completed this room and learnt about new commands for metasploit (msfconsole). I learnt how to set RHOSTS, LPORT and Payloads and how to unset a Payload and any required options. Zacrac Learning Christopher E.