Training & Learning

I realized while attending my first Dallas Hackers of 2020 and meeting some veterans (@ApolloDev0 & @teufelsec75) in the Vet Tec program, a newer VA initiative to get Veterans filling IT and Information Security roles to fill the gap we have right now in the world, that I have access to recruiters and the ability to possibly employ (at least interview and assist in steering) young veterans in their career.

I also realized on the way home, and after a tweet, that a lot of people want to know about free and even paid resources for Infosec, IT, etc. So I’m creating a 2 part list:
1. A list for everyone of free and paid resources
2. A list for Veterans


(Metasploitable v1),29/
(Metasploitable v2)
(Metasploitable v3)
(Metasploitable v4)
OSCP Write-up (Blade Soriano)
OSCP Write-up (John J Hacking)

@g0tmi1k’s Blog
Access Cyber Resources List
Acunetix Blog
aGupieWare Online
Applied Network Defense
AWS Training
Automate The Boring Stuff
Azeria Labs
Application Security Beginner Guide

BHIS (Black Hills Information Security) Cyber Range
CISA Training
Coalfire – Basics of Exploit Development
Code7 (Text based adventure game)
Corelan Team Training
CrucialExams Practice Exams
Cyber Fast Track
Data Camp
Danger Zone
DFIR Madness – IR Training
Educba Online Training
Ehacking Academy
eLearn Security
Eloquent Javascript
Evasion Techniques Checkpoint
ExamCompass Practice Exams
Explain Shell
Exploit DB
Exploit Development
Foxglove Security
Free Code Camp
FRSecure’s CISSP Mentor Program
Future Learn
GoCertify Practice Exams
Google’s IT Professional Certificate
Hack In The Class Labs
Hack The Box
Harvard University’s CS50 Introduction to Computer Science
Incident Response Challenge
Incident Response Consortium
Infosec Resources
Internet Archive
IronGeek’s Blog
John J Hacking Blog
Lains Space – Exploit Exercises
Learn Code The Hard Way
Learn Ruby
Lifehacker’s List of Free Computer Science College Courses
Lifehacker’s List of Free Educational Apps & Sites (Covid-19 response)
Machine Learning & Data Books
Malware Unicorn
Malware Must Die
Many Hats Club
Microsoft Learn
Minded Security
MIT Free Courses
Nessus Training
NICCS Education and Training Catalog
NIST Resources
Npower Tech Fundamentals Program
Open Culture
Open Learn University
Open Security Training
Palo Alto Networks
Pentest Geek
Praetorian Security Blog
Professor Messer
Project Nayuki
Project Python
Python Programming
Qualys Training
Reverse Engineering Training
Reverse Engineering Malware Training
Root Me
SANS Cyber Aces
SANS CyberSecurity Career Seekers
^^^^(Veteran specific program included)
SANS TryHackMe Xmas
Samurai WTF (Web Testing Framework)
Security & Pentest Resources
Security Blue Team
She Hacks Purple
Social Engineering
Splunk Fundamentals Part 1
Standford University Advanced Computer Security Material
Sundowndev / Hacker Roadmap
Swift Playground (Mac & iPad)
Tenable Training
The Cyber Mentor
Thor Teaches
University of Cincinnati Malware RE Course
Web Hacking
Wild West Hackin Fest
Windows Images (Legal)
Women in Cyber Security


AWS Educate
CBT Nuggets
Cisco Networking Academy Training
Cisco Veterans Cyber Scholarship Program
CyberVets USA
Facebook Cybersecurity University
Fortinet FortiVet Program
Hack For Troops
Microsoft Software and Systems Academy
Milton Security Veteran Job Program
MWR Online Resources
NICCS Education and Training Catalog
O20 (Onward to Opportunity)
Palo Alto
Second Watch Veteran Training Program

Splunk Fundamentals 2
SANS CyberAces
SANS CyberTalent
Immersion Academy

Tech For Troops
USO Pathfinder
USO Skillsoft
Warrior 2 Cyber Warrior
Women in Cyber Security
With You With Me

Social Engineering 101 or The Art of How You Got Owned By The Random Stranger

So it’s been forever since I have posted. I have been busy between leaving the military, school, and having a REAL job now. Today I had the privilege of speaking at the Second Annual Cyber Security Conference for Collin College hosted by North Texas ISSA. Below is a copy of my presentation from that conference.

Also, I was able to speak last month at NAISG DFW on this same topic. The talk was set for a somewhat less professional environment, as it was a lot of friends, and that version of the talk is below.

Comments Off on Social Engineering 101 or The Art of How You Got Owned By The Random Stranger Posted in Uncategorized

John the Ripper Intro

First off, thanks to @hacktalkblog and @nberthaume with all the help they have given me with JtR and Hashcat. This post will be a basic rundown (with a couple of advanced parts) for people just starting in the world of hash cracking.

Let me start off with saying I use cygwin because I run Windows 7 since I fail and refuse to throw a linux OS as my main. Meh. You only have to slightly alter these commands, I believe, to not incorporate cygwin.

cat *dictionaryfilelocation* | ./john –stdin –format:raw-*format* –pot=*filename*.pot –session=*name* –crack-status *hashfilelocation*

The above command should be pretty simple to understand but I will break it down just in case. Everything inside the ** is what you must set yourself.

For me, I use cat /cygdrive/b/*. That means I’m catting everything on my b drive (which is reserved for my wordlists). You only need to do this if you have MULTIPLE dictionary files that you want JtR to run through and test against.

Next is –stdin which is just saying to accept that information is being piped into JtR.

Format:raw-*format* is you inputting whatever format the hashes you want to crack are in. In most cases they will be MD5 or Sha1 from what I’ve seen in the past few months from dumps.

Your pot file is where the cracked hashes will be output to. These will be put to the same directory as JtR. The output will look something like:


The session=*name* is used for a couple reasons:

  1. So that you can pause the cracking session and resume it later
  2. So that you can run multiple JtR sessions without a hassle

Crack-status will output as such:

guesses: 3  time: 0:00:07:58  c/s: 127406M  trying: EHARMONY1Wannabethe1 – EHARMONY1azreal

Lastly for this command is the *hashfilelocation*. In my case it is:

/cygdrive/c/Users/username/Desktop/Pass\ Cracking/crackme/filename.txt

I keep all of the dumps I gather in that crackme directory for ease.

There is a few other ways to run JtR. I’ll touch on running rules with the same general command above:

cat *dictionarylocation* | ./john –pipe –format:raw-*format* –pot=*filename*.pot –session=*name* –rules=*rule* –crack-status *hashfilelocation*

The change to the above command is –pipe. I’m not sure why you have to run pipe instead of stdin when running rules, but that’s the only way I’ve been able to get it to working.

Along with that, you also have the rules=*rule* command now. If you look here than you’ll see a quick rundown of rules. The easiest rule to use is of course rules=Single. I have found it extremely useful to also create your own rules based off the website name and run those. For me, I add rules to the john.ini file located in the run folder of JtR. I’ll give an example below:


# Nvidia Passwords



If you do a quick glance through the john.ini file you will see where you can add these rules. To create your own follow the same basic guide above. List.Rules:*rulename* must be put as whatever you want it to be typed as in the command. The # is of course just a comment about what the rule is. A0 is to append everything and Az prepends. What word is being played with is Nvidia. It will adjust everything with every possible combination you see per bracket. I’ll show how I did my Linkedin rules for the recent Linkedin dump:


# Linkedin Passwords



The same principal applies to the Linkedin rule we create with the above.