Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
AMA with Spirit or Spirited Wolf episode 2
#1
Hello and welcome to our  second episode of AMA with spiritedwolf
 
[Image: YbuLXlP.png]

https://mobile.twitter.com/pwsecspirit

 can you please introduce yourself?

 Hello, I am Spirited Wolf as most of the folks out there call me. I have started my infosec journey in web app pentesting, so it's the one I am little good at. Apart from that I use to write writeups for various machines of HackTheBox and Vulnhub. In my free time I usually just sleep lol.
 
Which CTF you like the most?

PicoCTF was the first ever CTF I played and as it is organized every year. It is one of my favorite CTF because it always contain Easy to Hard category challenges. So there is always something to learn.

 Which programming languages you know?
    I know Python, C/C++ , little bit of assembly and powershell.

Could you please tell us about your education background?

I am currently pursuing my bachelor's degree.


Were you taught programming at school, or you learnt it yourself?

 No. I learned it myself with a lot of googling and by reading books , documentation , YouTube videos and by reading public exploits/scripts.

 What job you do every day, and which field is your expertise in?

Well I am not working anywhere as I am currently a student but I am looking for a job. And I'm not an expert but I mostly do web application pentesting.
 
How did your YouTube journey start?

Ahh.. So it was late 2015 and I was member of a Facebook group where people used to post different web pentest related challenges (SQLI usually). So in that group there was a guy name "Ratna" and his skills were insane. So I started talking with him and he had a YouTube channel too where he use to post the challenge solutions. One day he asked me if I want to make video for his channel and post it there. I agreed and after watching my video he said bro you should open your own YouTube channel. People might like it. Well then I though yeah that's a great idea. So I created a channel for my future self and other people. And that's how it all began.
 
How much does it take to record your videos?

 I was in school back then, and it usually took 2 or 3 hours to record 1 video. But as I was still in school I had to go to school and coaching institute as well. I still remember I used to wake up at 4 in the morning and wait for my dad to leave for his morning walk and then I used to quickly turn on the laptop and start recording my videos. Because he was so strict back then as I was just a kid.
 
 You've made a lot of YouTube videos, but which one is your personal favorite?

 Well that's difficult, I would say the cookie based SQL Injection maybe  Big Grin and blind based SQL injection parts.
 
Which series would you like to cover on your YouTube channel?

I would like to start making videos on hackthebox retired machines , binary exploitation, and maybe something related to AD security too.

Which CTF sites you would suggest for beginners?

CTFTime.org
 
Could you please tell me about your pentesting strategies?

Well sure, there is actually nothing fancy , I use very basic one but I would recommend if you are doing it in some organization then you should at least follow the checklist and then test extra whatever you can. But right now in a nutshell, I start with port scanning, By running masscan and then running nmap default script on the ports that masscan found. Then I start by enumerating different services like -> smb -> check smb share, accessing FTP with anonymous creds, any http/https service then I will try to enumerate the web application you can follow some checklists here like OWASP web testing checklist. Apart from that we should always check the service version and look for some public exploits. Some times these are some organization who are using older version[s] etc. this list will ever end as there are so many services to enumerate. and for each service there are different ways. So I usually just google about the service and start digging.

What do like the most about hacking? And why?

Well I don't know why I really liked it and chose this path. But I always get inspired by people who do some amazing researches.
 
Why did you choose OSCP?

I met a guy online, "trickster" from hackthebox and he had OSCP,OSCE,OSWP and now he has OSEE too lol (Freaking insane). He told me that the OSCP is like HTB machine , well I thought about giving it a try because I was in zone at that time haha.
 
Would you mind telling us about your OSCP journey? Many at ic0de are future students of OSCP ?

 It was pretty great, people would learn a lot in OSCP labs , so there was some machines which take an hour to get the root on the system and some takes 1-2 days. Well before that I never had done pivoting, haha now I know it's just too basic thing but at that time it was new to me. From pivoting from one network to another. And there were three machine suffer, pain and humble which were really fun. I believe now there is already so many reviews on the internet related to OSCP which ic0de guys can easily find. You should check tulpa OSCP journey blog.
Which categories of CTF do you like? Is it reversing, forensics, crypto, web, or something else? And why?

 I like web application and pwn category challenges. (Hell no to crypto unless it has to do something with RSA lol)
 
 If you are given a chance to Collab with a famous hacker of your choice, who would it be?

 Well there are a lot, like ahmedsec , rootxharsh , thedawgyg and B1twis3 etc.
 
 Does OSCP get you girls?
I am glad that you asked and the answer is "NO!!" haha.
 
 Could you tell me about your post exploitation techniques?

Well here also nothing fancy one I get into the machine, If it's *nix based machine then I run our traditional LinEnum script and look for some interesting files like web config etc. , check cron job or the files with SUID permission. and if it's windows based machine I just run JAWS , Bloodhound to check where I am in the domain currently or use Metasploit's exploit suggestor or same finding some interesting files which contain some password or something.
 
How do you keep yourself updated to latest security trends?

Twitter and thehackernews.
[Image: BezlSXT.gif]
[-] The following 3 users Like admin's post:
  • 0v0, Professor, Xyt0
Reply
#2
O boy that's a very nice ama hoping to see third episode coming out soon Shy
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)