🥳 #Celebrate this Milestone with us! 🍾
We couldn't have achieved it without you all.
The more we grow, the more we incorporate more promising projects into our profile/channel news desk. Don't forget to;
Follow, like and retweet our pinned tweet.
Lfg! 🚀
#Telegram#airdrop
Switched from VirtualBox to VMware to escape those annoying UI freezes in v7.x (didn’t want to downgrade to 6.x)… but that move came with its own chaos 😅
After exporting my VMs and importing into VMware, my lab Kali (Ethical Hacker build – 2023) started acting up:
- Network icon showed “Not Connected”
- But I could still ping external sites 🤔
- Then apt update started failing with GPG key errors
Here’s how I broke it down and fixed EVERYTHING 👇
Step 1: Network Troubleshooting (Don’t trust the icon)
Even though the UI said “no connection”:
- ping 8.8.8.8 was successful
- ping https://t.co/z6QLKjBIOl was successful
- ping https://t.co/xzTS0gwjxd was also successful
Conclusion:
- Network was actually fine because I could ping external servers.
- Just a NetworkManager/UI desync issue
Quick fix:
sudo systemctl restart NetworkManager
Step 2: (The real Problem) APT GPG Key Error
NO_PUBKEY ED65462EC8D5E4C5
This happened due to one of the following reasons:
- Old Kali image (mine was 2023)
- Repo signing keys may have been rotated
- System no longer trusts updates
Step 3: Manual Key Fix (What finally worked for me)
Since APT itself couldn’t fix it automatically, I manually injected the key:
- sudo mkdir -p /usr/share/keyrings
- sudo curl -fsSL 'https://t.co/8MvpFl4G8d | sudo gpg --dearmor -o /usr/share/keyrings/kali-archive-keyring.gpg'
Then I updated sources.list with this entry:
'deb [signed-by=/usr/share/keyrings/kali-archive-keyring.gpg] https://t.co/QVy9YOa6d0 kali-rolling main contrib non-free non-free-firmware'
Step 4: Back to normal
- sudo apt update
- sudo apt full-upgrade -y (optional, if you want to keep things as-it-is for lab VMs)
No more GPG errors. Clean updates again.
Lessons learned:
- Don’t trust UI indicators, always verify with CLI
- Always isolate the layer (Network vs Package Manager) to identify the root cause.
- Old/outdated VM images are hidden time bombs (keys, repos, deps)
- Sometimes you need to manually restore trust (GPG)
This started as a simple “switch hypervisor” move but ended up being a full stack troubleshooting exercise 😄
Save this post, incase you ever experience this signature verification/NO_PUBKEY issue.
#CyberSecurity #KaliLinux #VMware #VirtualBox #Linux #Troubleshooting #100DaysOfCybersecurity
Took things a step further with GVM.
I didn’t just find vulnerabilities, actually exploited one to understand the real impact.
This lab focused on bridging the gap between identifying vulnerabilities and taking advantage of them in a controlled environment.
Here’s what I worked on:
I started by scanning an intentionally vulnerable host (Metasploitable) using GVM
- Identified 21 high-severity vulnerabilities
Then I proceeded to analyze the discovered critical findings such as:
- rexec service exposure (CVSS: High, low complexity)
- OS End-of-Life risks
- TWiki XSS & Command Execution vulnerabilities
Interpreted the scan results, including CVEs, ports, and mitigation strategies
Instead of stopping at detection, I moved forward with exploitation which is necessary to reduce false positives in a real pentest:
- Used Nmap (smb-brute script) to enumerate valid credentials
- Discovered weak/default credentials: msfadmin:msfadmin
- Leveraged the rexec service (port 512) for remote access
- Successfully gained a shell on the target system
- Escalated privileges to root access using sudo
Important lesson:
The vulnerability itself wasn’t complex, the real issue was:
- Weak/default credentials
- Exposed legacy services (rexec)
- Poor system hardening
Vulnerability scanners don’t “hack systems” per say, they point you in the right direction.
Real penetration testing comes from:
- Leveraging weak credentials
- Being able to chain misconfigurations
- Understanding how services interact
By completing this lab I demostrated:
- Service Exposure Risk: Legacy services like rexec/rsh still running on open ports (512/514) create immediate attack surfaces.
- Credential Reuse: Credentials obtained via SMB enumeration were reused to gain remote shell access.
- Insecure Protocols: rsh/rexec transmit data without encryption, making them highly exploitable.
- Lateral Movement: With valid credentials and exposed services, moving across systems becomes easy.
This is exactly how attackers pivot inside poorly secured internal networks, demonstrating how small weaknesses, when chained together, can lead to full system compromise.
#CyberSecurity #Pentesting #EthicalHacking #VulnerabilityManagement #GVM
🚀 Starting a new milestone project: Distributed Pentesting Lab
As I conclude my Ethical Hacking course, I’m building a two-machine lab environment to simulate real-world internal network penetration testing scenarios.
My setup includes:
- Segmented network architecture
- Dedicated attacker system (Kali)
- Vulnerable targets hosted separately
- End-to-end workflow: Pre-engagement, Recon, Scanning, Enumeration, Exploitation, and Reporting.
This project is focused on practical execution, structured methodology, and proper documentation of each phase.
For early lab notes and documentation, here’s my ongoing workspace:
🔗https://t.co/1M2waANt8o
Looking forward to documenting each phase. 🏗️
#CyberSecurity #PentestLab #EthicalHacker #Infosec #HandsOnLearning
🚀 Excited to share that I’ve been selected for the ShadowFox Virtual Internship Program!
This 1-month experience (Aug 1 - Aug 31) will give me the opportunity to work on real-world cybersecurity projects, strengthen my hands-on skills, and continue building toward a career in security.
Looking forward to:
- Gaining practical experience
- Solving real-world challenges
- Connecting with other learners in the field
No better way to keep the momentum going.
#Cybersecurity #Internship #LearningByDoing #ShadowFox #InfosecJourney
Found vulnerabilities? Good.
But do you actually understand them?
I worked on a lab focused on investigating vulnerability intelligence sources, and it completely changed how I look at vulnerabilities.
Instead of just identifying CVEs, I went deeper into understanding what they actually mean.
Here’s what I explored:
- CVE (Common Vulnerabilities and Exposures) - Unique identifiers for publicly disclosed vulnerabilities
- CWE (Common Weakness Enumeration) - The underlying weakness causing the vulnerability
- NVD (National Vulnerability Database) - Enriched vulnerability data with detailed analysis
- CVSS (Common Vulnerability Scoring System) - Severity scoring based on exploitability and impact
For example:
CVE-2019-6111
- Linked to CWE-22 (Path Traversal)
- Enables Man-in-the-Middle attacks via malicious SCP servers
- Severity classified using CVSS scoring
I also analyzed CVSS vectors like:
AV:L / AC:H / PR:L / UI:N / S:U / C:H / I:H / A:H, which scored: 7.0 (High) using the FIRST CVSS calculator.
Lesson learnt:
Vulnerability scanning is only the beginning.
Understanding the relationship between CVE, CWE, NVD, and CVSS is what allows you to:
- Assess real-world risk
- Prioritize vulnerabilities
- Think like an attacker and a defender
In simple terms:
CVE tells you what the issue is
CWE tells you why it exists
NVD gives you enriched context
CVSS tells you how dangerous it is
This is a critical step toward effective vulnerability analysis and penetration testing.
#CyberSecurity #EthicalHacking #VulnerabilityManagement #CVE #CWE #CVSS #NVD
I’ve officially submitted my application for the CyBlack September 2026 Internship 🚀
This time, I’m coming in more prepared, more consistent, and more intentional about my growth in cybersecurity. Over the past months, I’ve put in the work, learning, practicing, building, and refining my skills.
No matter the outcome, I’m proud of the progress and discipline it took to get here. Now, we wait.
#Cybersecurity #CyBlack #GrowthMindset #InfosecJourney #KeepLearning
Tested XSS across Low - Medium - High security levels in DVWA.
Over the night, I completed a hands-on lab focused on Cross-Site Scripting (XSS) using DVWA, where I tested and bypassed defenses across multiple security levels.
(Low, Medium, High)
This lab covered both Reflected XSS and Stored XSS, simulating real-world web application vulnerabilities.
Here’s what I worked on:
- Performed Reflected XSS attacks by injecting malicious scripts into user input fields
- Observed how input is reflected directly into the page source, enabling script execution
- Successfully executed payloads like:
<script>alert("You are hacked!")</script>
As security controls increased (low, medium, high), I adapted my approach:
- Bypassed basic filters using case variations (<ScRipt>)
- Analyzed backend sanitization methods (e.g., str_replace, regex filtering)
Then I switched attack vectors to bypass restrictions:
– <img src=x onerror=alert()>
– <svg onload=alert()>
For Stored XSS, I demonstrated persistence:
- Injected payloads into application storage (guestbook)
- Payload executed automatically whenever the page was loaded
- Showed how attackers can maintain long-term access to user sessions
Finally, I explored advanced implications:
- Cookie exposure via JavaScript (document.cookie)
- Iframe injection to redirect users to malicious sites
- Client-side manipulation (bypassing maxlength restrictions via browser dev tools)
Lesson:
Blocking specific tags like <script> is not enough.
Effective defense requires:
- Proper input validation
- Output encoding
- Context-aware sanitization
This lab reinforced how attackers think:
When one payload fails, they adapt, and eventually succeed if defenses are weak.
#CyberSecurity #WebSecurity #XSS #OWASP #EthicalHacking
I’m excited to share that I’ve successfully passed the ISC2 Certified in Cybersecurity (CC) exam.
From planning, to consistent studying, to execution, the journey was intentional, and the outcome is a reflection of that effort.
This milestone reinforces my commitment to building a solid foundation in cybersecurity and continuing to grow in this field.
I’m deeply grateful to everyone who supported me in one way or another throughout this process. Special thanks to @ISC2NIGChapter for this opportunity and the cybersecurity community at large for the knowledge sharing, encouragement, and inspiration.
This is another step forward as I continue building my career in cybersecurity.
On to the next challenge!
#Cybersecurity #ISC2 #CC #CertifiedInCybersecurity #CareerGrowth
Day 92 - #100DaysOfCybersecurity
Today I continued Module 3 of my Ethical Hacker course, focusing on an important phase of active reconnaissance: Enumeration.
Enumeration goes beyond simple scanning.
While scanning identifies open ports and services, enumeration extracts detailed information from those services, helping a penetration tester better understand the target environment.
Types of Enumeration I Learned Today
🔎 Host Enumeration
This involves identifying systems on a network. Tools like Nmap or Masscan can perform host discovery scans to determine which devices are active within a subnet.
👤 User Enumeration
Attackers attempt to discover valid usernames within a system. For example, using SMB (Server Message Block) over TCP port 445, tools like Nmap scripts can enumerate user accounts from Windows systems.
👥 Group Enumeration
This technique identifies user groups and their memberships within a system. Understanding group roles helps attackers determine privileged accounts or administrative groups.
📁 Network Share Enumeration
Shared folders and network resources can expose sensitive data. Tools such as Nmap SMB scripts, smbclient, or enum4linux can reveal shared directories and permissions.
🌐 Web Application Enumeration
Once a web server is discovered, the next step is mapping the web application’s attack surface. Tools like Nmap http-enum scripts or Nikto help identify directories, admin panels, and potential vulnerabilities.
⚙️ Service Enumeration
This process identifies services running on a host and gathers additional details such as software versions, configurations, and authentication mechanisms.
Exploring Packet Crafting with Scapy
I also explored Scapy, a powerful Python-based framework used for packet crafting and network experimentation.
With Scapy, penetration testers can:
- Craft custom packets
- Send probes to target systems
- Analyze network responses
- Build custom scanning scripts
For example, a simple ICMP packet can be crafted and sent to a host to observe how the system responds.
Key lesson 💡
Enumeration is where reconnaissance becomes deep intelligence gathering. By combining tools like Nmap, enum4linux, smbclient, Nikto, and Scapy, a penetration tester can reveal users, services, shares, and system configurations that may later lead to exploitation.
Next step: Hands-on labs to practice the enumeration techniques I just learnt.
@jay_hunts@ireteeh@segoslavia
#RedTeamer #Cybersecurity #EthicalHacking #PenetrationTesting #Nmap #Scapy
Day 88 - #100DaysOfCybersecurity
Today I completed a lab on Advanced Search Techniques for Passive Reconnaissance, where I explored Google Dorking, the Google Hacking Database (GHDB), and the Wayback Machine.
Google Dorking
Google can be far more powerful than a simple search engine. By using advanced search operators, ethical hackers can perform targeted searches to discover information that may have been unintentionally exposed online.
Some useful operators I practiced include:
- site: restricts results to a specific domain
- filetype: searches for specific document types (PDF, DOC, etc.)
- intitle: finds pages containing keywords in the title
- inurl: searches for keywords within URLs
- allintext: returns pages containing all specified words in the text
Using these operators, investigators can uncover items such as login portals, exposed documents, employee information, and other publicly indexed resources.
Google Hacking Database (GHDB)
I also explored the Google Hacking Database, a community-driven repository of specialized Google search queries (known as dorks). These queries help uncover potentially sensitive information that has been accidentally exposed online.
GHDB entries include details such as:
- Dork ID
- Author
- Description of the search query
- Date of submission
Some dorks can reveal sensitive directories, vulnerable systems, login portals, or configuration files indexed by search engines.
Wayback Machine
Another tool I explored was the Wayback Machine, an internet archive that stores historical snapshots of websites.
Archived pages can reveal information that may no longer be publicly visible on the current website, including:
- older site structures
- outdated technologies
- legacy systems
- Previously exposed files or directories
This historical information can sometimes provide valuable insights into an organization’s infrastructure or technology evolution.
Community Learning Session
Later today, I also joined a knowledge session hosted within our Guardians of the Cyber Realm community, where the facilitator, Mr. Nuel, spoke about Writing Professional Reports & Emails.
Clear and professional reporting is a critical skill in cybersecurity because technical findings must often be communicated effectively to management, clients, and non-technical stakeholders.
@jay_hunts@ireteeh@segoslavia
#RedTeamer #Cybersecurity #EthicalHacking #OSINT #GoogleDorking
Day 86 - #100DaysOfCybersecurity
I have just now completed my studies on Cryptographic Flaws during the reconnaissance phase and also completed a lab focused on extracting information from SSL/TLS certificates.
Many people think encryption only protects communication, but during reconnaissance, attackers can actually analyze public certificate information to learn more about an organization.
Digital certificates often reveal valuable details such as:
- Certificate serial numbers
- Domain and subdomain names
- Organization name
- Certificate validity dates
- Public key information
- OCSP and CRL endpoints
This information can help attackers map parts of an organization's infrastructure before launching any active attacks.
One concept I learned was Certificate Transparency (CT).
Certificate Transparency was introduced after major certificate authority compromises (such as the DigiNotar breach) to ensure that all SSL/TLS certificates issued by trusted Certificate Authorities are logged publicly.
These logs help detect fraudulent or unauthorized certificates.
However, attackers can also use CT logs for OSINT reconnaissance.
Using tools like https://t.co/9NTR2nzOrZ, attackers can discover hidden subdomains associated with an organization.
These subdomains often reveal development, staging, or internal environments that may not be publicly advertised.
In the lab - Finding Information from SSL Certificates, I:
- Examined SSL certificate details directly from a browser
- Explored locally stored certificates in the operating system
- Used https://t.co/9NTR2nzOrZ to enumerate certificate transparency records and discover additional subdomains
- Investigated several SSL analysis tools available in Kali Linux
Some of the tools I studied include:
- sslscan: scans SSL services to identify supported ciphers and protocols
- ssldump: captures and analyzes SSL/TLS traffic
- sslsplit: used for SSL/TLS man-in-the-middle interception
- sslyze: analyzes SSL/TLS server configurations for weaknesses
- sslh: allows multiple protocols to share a single port
One interesting observation from the lab was that certificate transparency logs revealed several subdomains not visible through normal browsing, including development and staging environments.
Key lesson from today’s study:
Even public security mechanisms like SSL certificates can unintentionally reveal infrastructure details, which is why organizations must carefully manage exposed assets and implement layered security controls.
@jay_hunts@ireteeh@segoslavia
#RedTeamer #Cybersecurity #EthicalHacking #OSINT #Cryptography
Over the coming days, I’ll be starting a new series where I share things I’ve learned throughout my cybersecurity journey.
These posts will be separate from my ongoing #100DaysOfCybersecurity challenge. Instead, they’ll focus on various topics, concepts, tools, and ideas I’ve come across while studying and building projects in cybersecurity.
My goal is simple:
- To document my learning journey
- To revisit and reinforce concepts I’ve studied over time
- To share insights from projects and labs I’ve worked on
- To break down technical topics in a way that is easy to understand
Writing about what I learn helps me retain knowledge better, and it also creates a record of my progress as I continue growing in this field.
If you’re also learning cybersecurity, I hope some of these posts will be useful to you as well.
Looking forward to sharing more soon.
#Cybersecurity #LearningJourney
I know two Apple security features I can explain to both OS users, then allow them to choose based on their security posture.
The first one is called Apple Secure Enclave; a hardware-based encryption system built directly into Apple chips.
What this mean is that instead of relying only on software encryption, Apple embeds encryption functionality inside the processor itself, which is a core part of how data is protected across their devices be it iPhone, iPad, or Mac.
The second one is the presence of a dedicated AES engine built into the chip, which performs real-time disk encryption; encrypting and decrypting data without affecting the device performance.
The interesting part is that, encryption keys, Face ID, Touch ID, and cryptographic operations are all protected inside the Secure Enclave (hardware level) separate from the operating system, which protects them from OS level compromise.
Similar hardware rooted security are used in Trusted Platform Module (TPM) on modern PCs, and Google Titan Security Chip on Pixel phones.
Day 64 - #100DaysOfCybersecurity
Today I completed a lab on comparing penetration testing methodologies, which are structured frameworks used by security professionals to conduct ethical hacking assessments in a systematic and repeatable way.
I researched four widely used methodologies:
1. OSSTMM (Open Source Security Testing Methodology Manual):
Developed by Institute for Security and Open Methodologies, this framework focuses on scientific security testing and operational security measurement.
Its goal is to produce quantifiable, consistent, and repeatable results during security assessments.
2. PTES (Penetration Testing Execution Standard):
Provides a clear end-to-end penetration testing process.
This standard helps organizations and security teams share a common understanding of how penetration tests should be conducted.
3. OWASP Web Security Testing Guide (WSTG)
Published by OWASP, this methodology focuses specifically on web application security testing.
The framework includes 12 testing categories.
4. MITRE ATT&CK
Developed by MITRE, this is a knowledge base of real-world attacker tactics and techniques rather than a testing methodology.
Penetration testers and defenders use it for:
- Adversary emulation
- Red teaming
- Threat intelligence, and
- Defensive gap analysis
While exploring the ATT&CK matrix, I also learned about the Lazarus Group, a North Korean state-sponsored threat group attributed to a popular attack in 2020, in which they leveraged the technique referenced in T1589.002 - Gather Victim Identity Information, which falls under the Reconnaissance phase of the cyber kill chain to gather employee email addresses to launch spear-phishing attacks and gain initial access to victim networks.
Important lessons I learnt doing this lab:
I understood that following a recognized pentesting methodology is important because it:
- Provides a structured testing process
- Ensures results are consistent and repeatable
- Improves credibility and professionalism
- Helps reduce legal and operational risks
I also understand these frameworks is an important step toward conducting professional and responsible penetration tests.
On to Day 65. 🔐
@jay_hunts@ireteeh@segoslavia
#RedTeamer #Cybersecurity #PenTesting #EthicalHacking #100DaysOfCybersecurity
Certificate Update 🎉
Following up on my previous post where I mentioned taking the Network Technician Career Pathway exam and passing it, with a promise to share the certificate once it was released.
Well, it’s officially here! 🏆
I’m excited to share that I’ve successfully earned the Network Technician Career Pathway certificate. This was a great way to test and validate my grounding in networking fundamentals, which are essential for anyone building a career in cybersecurity.
Grateful to @MOBA_CyberSafty for the challenge and the continuous learning journey through my mentorship program.
On to the next milestone in my #100DaysOfCybersecurity journey. 🔐🚀
Day 61 – #100DaysOfCybersecurity
Today I started Module 1 of the Ethical Hacking course on Cisco NetAcad.
What I studied:
- Ethical Hacking & Penetration Testing
Ethical hackers use the same tools and techniques as malicious hackers, but with permission, to find vulnerabilities and report them so organizations can fix them before attackers exploit them.
Penetration Testing Methodologies
By using a structured framework you avoid scope creep and ensure consistent testing using tried and trusted methods.
Some examples include:
- MITRE ATT&CK
- OWASP WSTG
- NIST SP 800-115
- OSSTMM
- PTES
- ISSAF
Types of Penetration Tests
- Network infrastructure testing
- Application testing
- Cloud penetration testing
Testing Perspectives
- Black box (unknown environment)
- White box (known environment)
- Gray box (partially known environment)
Building a Pentesting Lab
A proper lab is important for safely testing tools and techniques before using them on real systems.
Key lab requirements include:
- Closed network
- Virtualized environment
- Multiple operating systems
- Practice targets
- Recovery methods if something breaks
Today I focused on the theoretical foundation.
Tomorrow I’ll begin working on the labs in this module.
On to Day 62. 🔐
@jay_hunts@ireteeh@segoslavia
#RedTeamer #Cybersecurity #EthicalHacking #PenetrationTesting #NetAcad #InfoSec #CyberSecurityLearning #100DaysOfCybersecurity
Day 62 - #100DaysofCybersecurity
Today I completed the first lab in Module 1 of the Ethical Hacking course: Researching PenTesting Careers.
The goal of this lab was to analyze real job postings for penetration testers and understand what companies actually look for in ethical hackers.
Here are some key insights from my research:
🔎 Common Duties
- Conduct authorized penetration tests on networks, systems, and applications
- Identify and exploit vulnerabilities in a controlled environment
- Document findings and recommend remediation strategies
- Work with IT and development teams to strengthen security posture.
These responsibilities reflect the core role of a penetration tester: simulating cyberattacks to discover weaknesses before malicious actors do.
🛠 Common Skills Required
- Networking fundamentals (TCP/IP, protocols)
- Linux and Windows operating systems
- Web application security (OWASP Top 10)
- Tools like Nmap, Burp Suite, Metasploit, and Wireshark
- Scripting languages such as Python or Bash
📜 Most Frequently Mentioned Certifications
- CompTIA Security+
- CompTIA PenTest+
- Certified Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
These certifications are commonly used by employers to validate penetration testing knowledge and practical skills.
📊 Another interesting observation
Many penetration testing roles are concentrated in major tech hubs, but remote opportunities are becoming increasingly common.
This lab helped me understand the skills, experience, and certifications required to progress toward a penetration testing career.
As I continue learning through Cisco Networking Academy and hands-on labs, I’m building the foundation needed to move from
Network security -> penetration testing -> red teaming.
On to Day 63. 🔐
@jay_hunts@ireteeh@segoslavia
#RedTeamer #Cybersecurity #EthicalHacking #PenTesting #100DaysOfCybersecurity #CyberSecurityLearning