Hello friend š
This week in the cyber landscape has been another interesting one. Mostly centred around Distributed Denial-of-Service (DDoS) attacks. If you donāt know, DDoS attacks are when lots of computers are under a bad guyās control and they send LOTS of requests to a server (like a website server for example). If it becomes too much for the server to handle, the server crashes and the website is inaccessible. This week there were two notable events in the DDoS world: Google and Estonia.
Google blocked the biggest DDoS ever
Google blocked the largest-ever DDoS attack that peaked at 46 million requests per second. Making it 75% larger than the previous record. Satya Konduru from Google said, "to give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia in just 10 seconds." Hats off to Google for being able to block this one! Source:Ā GoogleĀ Cloud.
ā
The Estonian government were targeted by the KillNet group
The Estonian government was hit with the largest wave of attacks it has experienced since 2007. Why? Because the government removed a load of Russian monuments from the city of Narva, where the majority of the population speaks Russian. The Prime Minister said that the monuments represented a symbol of Russiaās aggression, which opened up old wounds after Russia invaded Ukraine. A group called KillNet claimed responsibility for the attacks, which were largely ineffective according to Estoniaās Chief Information Officer, Luukas Ilves:
ā
New āultimateā guides on my website
Iām in the process of writing a handful of āultimateā guides. Meaning, guides that I will always keep up-to-date. The first is on my tech stack. Itās called Tools of the Trade. I posted a shortened list of my tech stack to LinkedIn a few weeks ago and it was well received, with lots of questions in my DMs. So I figured it was a good place to start.
If there is something youād like me to write about or make a video on, let me know by simply replying to this email.
Until next week,
Gary āļø
Fun Things This Week
š½ My New Videos
The Ping Command: Ping is one of the most useful commands for testing your network connectivity. A command you simply must know!
ā
How to Take Notes Like a Hacker: Taking notes is really important to consolidate your knowledge, make it accessible and searchable, share it easily, and prepare for hacking exams like OSCP and beyond. Weāll avoid Notion and Slack and I'll show you how I use GitBook to achieve all of that.
ā
š½ My New Articles
How to pass the OSCP first time: I passed mine the first time through, you can too. The advice here applies to any long-form exam with a few OSCP specifics throughout. Read the article ->
ā
Ultimate Guide - Tools of the Trade: If you want to see how the sauce is made, check out my complete list of tech and tools that I used as part of my weekly workflow. Read the article ->
ā
š Podcasts
You may have heard about the Apple bugs which means if you visit a malicious website, an attacker can gain full control over your device. Itās a combination of two bugs: arbitrary code execution and privilege escalation. Rare and very cool. Patches are available. Johannes briefed it and the Google Chrome zero-day on an episode of the SANS Internet Storm Centre this week.
ā
āļø Gear
I mostly keep my notes and to-do lists in digital form, but I also like to unplug and lay out my bigger plans on paper, before then breaking them down into smaller chunks in digital form. The notebook Iām holding in the GitBook video thumbnail is my favourite: an A5 soft-skin Moleskine notebook and I pair it with an awesome (but cheap) Uni Shalaku 05 pencil. Itās a lovely setup to help me do a bit of digital detox and put pencil to paper.
ā
š¾ Cool Tools
- OffensiveNotion: did you know that you can use Notion as a C2?!
- āRedGuard: a C2 facility pre-flow control tool that can avoid Blue Team, AVS, and EDR checks.
- āhoaxshell: an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions as it is solely based on http(s) traffic.
ā
P.S. Some of the links in this newsletter are affiliate links and help support my content. Thank you for your support! āļø
.svg){kind=small}
.svg){kind=small}