Hackwekend
Info
This session is about me and you who sit and learn new things security in the weekend. Try best and have fun !!!
- Hackwekend Session 0 - QRCode Vulnerabilities (Malicious QRCode gain access to reverse shell level) - About the vulnerable with QRCode, How we can gain access to victim machine and bypass QRCode
- Hackwekend - Session 1 (Pentester web - Security Lab) - About the vulnerable machine is take a look and gain access to collecting flag (CTF)
- Hackwekend Session 2 - Information Security, Team and Phishing Attack - The session talk about what and why we have InfoSec and work like a team. Additional, Talk about Phishing Attack, Questions and how to reproduce
- Hackwekend - Session 3 Attack and Exploit GraphQL ? - Session is about GraphQL, Dangerous with technologies and some challenge to find flag with CTF style
- Hackwekend Session 4 - Cloud Security (AWS EKS) - Session is about AWS EKS Security, Vulnerable in K8s Cluster and Play CTF to figuring out what should need protected (EKS Cluster Game prod by Wiz.io)
- Hackwekend Session 5 - Cloud Security (AWS IAM Policy) - Session is about AWS IAM, How to authentication or bypass methodology to read and list contents inside the S3 bucket, learn more about
sns
,sqs
,cognito
services of AWS Cloud (Big IAM prod by Wiz.io) - Hackwekend Session 6 - Cloud Security (Network and Red Team) - Session is about more than cloud security, but more approach to networking and red team methodology to recon, attack the target with unique way like
lateral movement
,nfs
,tcpdump
,dnscan
andistio
,kyverno
onkubernetes
( K8slan prod by Wiz.io)
For 1st time
Info
This session which talk about the experience when you work and approach new technics or technologies for first time. Learn from the scratch, and do interesting things. βββ
DevOps - Tutorials from zero to hero
Info
This session which talk about my growth up from zero to hero in DevOps career path when I took a position from intern to official in company. About tutorial and some technologies which need to learn and control to become DevOps
- DevOps Training Session 1: The flag view with DevOps
- DevOps Training Session 2: Networking
- DevOps Training Session 3: OS - Scripting with powershell & bash
- DevOps Training Session 4: Docker
- DevOps Training Session 5: NGINX
- DevOps Training Session 6: Cloud - Azure
- DevOps Training Session 7: Terraform
- DevOps Training Session 8: Cloud - IAM
- DevOps Training Session 9 + 10: Cloud - Networking - AutoScaling VM
- DevOps Training Session 11: Cloud - Pipeline (Azure-Pipeline)
- DevOps Training Session 12: Cloud - Packer
- DevOps Training Session 13: Cloud - K8s Overview
- DevOps Training Session 14+15: Cloud - K8s Networking, Configuration, Security && Storage
- Devops Training Session 16: Setup Grafana and Prometheus (ONM Tools)
CTF - Write up and take some note
Info
Like you know about my profile, I start with in CTF player and Web Pentester. So CTF is field, games and contest which I gain my experience and figure out myself in Security. In this session, Itβs about the challenge which make me give a time to research and find the flag, cool stuff and not waste your time
- Flag Hoarding mapleCTF (2022) - (misc/forensic)
- Dode ascisCTF (2022) (Misc/Forensics)
- Hack The Boo (Hackthebox-Forensic-2022)
- ICTF August 2022
- Image Editing - CTFLearn (Crypto/Hard)
- Write up about IDOR
- Write up about SSTI
Vulnerable Research
Info
In this session, I will share and talk about web security and vulnerable which you need to interacted and figuring out how we can find it in real website
- Pentest Top 10 OWASP with Juice-Shop-OWASP
- SQL Injection - Part 1 (Practical PortSwigger)
- SQL Injection - Part 2 (Practical on PortSwigger)
- SQL Injection - Part 3 (Practical PortSwigger)
- Cross-site scripting (Practice on PortSwigger)
- Research about Top 10 OWASP
- Snyk vs Sonarqube - Securing your code
- Insecure Direct Object Reference (IDOR)
- Server Site Template Injection (SSTI)
- Authentication Bypass
- Content Discovery
- Subdomain Enumeration
- Walking An Application
- Top 10 OWASP
- Web fundamentals
- Cross Site Scripting ( XSS )
- SQL Injections
- GraphQL
- Command injection
Research
Info
In this session, About the shared research for community which i make and find out how to play with it, setup and make usage or tutorial for doing something
- NGINX vs Apache ? How does it work? Why is NGINX compared to Apache β> How is it stronger and weaker?
- Different btw CMD vs Entrypoint vs RUN in Docker
- Backup and Restore methodology for PostgreSQL
- Comment note in Shell Bash
- Reconfiguration for curl template output
- Redirect Output and Error
- Update the alternative version
DIY
Info
The session which bring the experience when I try to self hosted or making a cool things by myself. It can be deliver for people which need to figure out something πππ
- Selfhosted NAS with Raspberry Pi 4
- Setup the virtual machine Linux and Windows for Agents and Azure-Pipelines
- Deploy your alert with Grafana by Terraform and some common error with K8s
- Integration Performance Query for MySQL or PostgreSQL
- Setup MySQL with Wordpress in k8s - Easy migrate or not !!
- Ansible, Terraform and your first infrastructure
- Profiling applications with Pyroscope
- Do self-hosted analytics platforms for you website with automatically SSL domain
- Setup Environment for build android
- Setup Linux Profile
- Setup Window Profile
- NGINX and everything about it
- NTMA for anomalies detection and autoscaling
- Setup PostgreSQL with Ansible
- Monitoring with Portainer
- Create Free SSL with Letβs Encrypt and Certbot
- 0-downtime with Blue-Green Deployment
- Robust Scanner - Vulnerable Scanning
CI/CD Gallery
Info
More talk about CI/CD with multiple purpose, try to approach and gain the experience on multiple platform. Still update when have new things LOL π
Helpful Collections
Info
More about my collection which talk about multiple topics, and technologies in multiple field like AI, ML, DevOps, Security and moreover
- OS helpful Pages & Articles
- Docker and Kubernetes helpful Pages & Articles
- Developer Helpful Pages & Articles
- Database Helpful Pages & Articles
- Cyber & Info Security Helpful Pages & Articles
- AI & ML Helpful Pages & Articles
- DevOps & System Helpful Pages & Articles
- Softwares & Tools Helpful Pages & Articles
- Tech Contents & Articles
Command Snippets
Info
The snippets which most of useful tool that I have tried πππ