Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Boot up a Linux live usb on a Windows machine, then rename cmd.exe to utilman.exe and after rebooting select accessibility options which now opens a command line and then 'net user username owned' to reset user 'username' password to 'owned'. Been using this for years..

I've recently red a blog post stating 'Google leaves x Million Android devices vulnerable to a new Exploit'
I don't really sympathize with Google, but it's simply the wrong message... It should be more like FUCK VENDORS, WHO WON'T SUPPLY UPDATES TO DEVICES OLDER THAN 1.5 YEARS
Seriously, it's them who make you stuck on outdated OS versions... Just imagine you could only install Windows Vista on your 2014 Lenovo ThinkPad, because it's considered outdated...
FUCK VENDORS (again, just in case)

I have a Kali Linux VM running on my Windows machine. I decide to try and exploit the Windows machine (THAT THE VM WAS RUNNING ON) because of a vulnerability with smb that requires NO user interaction. I decided to make my computer shoot its own legs and I thought "Hey, this is gonna be fine."

Aaaaand the whole system crashed on me.

While watching Computerphile's video on the new atom bombing exploit.

Actually, He is kinda right 😂

I just signed up to get this off my chest.
Dear Windows, you god damn moronic, ugly, unuseable abomination of an excuse for an OS. I wonder how we could end up here in this situation. You suck, in every way imaginable. I didnt choose Linux or Mac, you made me do it.
I know no other OS that can screw you up this bad when setting up. My friend is an experienced windows user and the last install took him 2 days. I just spend the last day trying to get this uncompatible sucker installed. I manage to set up an hackintosh quicker than I was able to install Windows the last three times I checked, you scumbag.
Your error messages suck ass, there is nothing I cant figure out given enough time, except your useless hints and pathetic attemps to get anything done on your own.
And you are fucking slow. Just why, do you keep installing stuff I didnt ask you to. Now I got this ugly ass Bing-Toolbar because I missed a damn checkbox in an .exe, which could have also been an exploit, you never know.
You are cluttered with useless stuff. I dont care about you lame ass app store, idc about your cortana annoying spy assistant and I certainly dont care about your forced updates.
Just sit back and feel your PC getting slower every day by background processes. Watch your productivity decline while dealing with their brain dead privilege and file system.
You ugly malformed mutation of software. When I look at your UI I feel disgust while wondering how you can fail with the most basic principles of UX.
How pathetic, badly supported, bug ridden and dangerously unsecure can an OS be you ask while trying to navigate through the settings, a pile of legacy software debt this garbage pile was build on. And your shell... what a sick joke.
I hate you Windows. For screwing other OS with your asshole boot manager, hardware driver requirements and making people send me .zip and .docx. You should be embarrassed to charge money for this unfunctional junk, but you do, a lot.
I really try to see the positive here. You got all the software, but thats not on you, thats because all those poor suckers are trapped with you and the effort to change is too big.
This OS is the most disappointing thing technology could come up with today. I would rather set myself on fire than work with this pain in the ass software professionally. I mean if you are a serious developer at some point you have to admit that you just cant develop on windows. You will get fucked 5 times as often as any Mac or Linux user. Fuck you, Windows.
Hey Microsoft, thanks for Typescript and VSCode and all the other good things you have done. But burn in hell for what you have done to all of us with this piece of shit OS.

I am learning exploit development on Windows and I have a problem with it, when I analyze the registers ESP and EIP.
I am able to overwrite both ESP and EIP.
The problem is that I can not make use of "mona.py". "Mona.py" keeps showing me that there are no pointers and any os dlls whereas that is not true.
Immunity Debugger is working completely fine.
I need "mona.py" to find pointers to ESP, but it says there is none.

Malwares are nasty applications, that can spy on you, use your computer as an attacker or encrypt your files and hold them on ransom.

The reason that malware exists, is because how the file system works. On Windows, everything can access everything. Of course, there are security measures, like needing administrator permissions to edit/delete a file, but they are exploitable.

If the malware is not using an exploit, nothing is there to stop a user from unknowingly clicking the yes button, when an application requests admin rights.

If we want to stop viruses, in the first place, we need to create a new file-sharing system.

Imagine, that every app has a partition, and only that app can access it.

Currently, when you download a Word document, you would go ahead, start up Word, go into the Downloads folder and open the file.

In the new file-sharing system, you would need to click "Send file to Word" in your browser, and the browser would create a copy of the file in a transfer-partition. Then, it would signal to Word, saying "Hey! Here's a file that I sent to you, copy it to your partition please!". After that, Word just copies the file to its own partition, signals "Ok! I'm done!", and then the browser deletes the file from the shared partition.

A little change in the interface, but a huge change in security.

The permission system would be a better UAC. The best way I can describe it is when you install an app on Android. It shows what permission the app wants, and you could choose to install it, or not to.

Replace "install" with "grant" and that's what I imagined.

Of course, there would be blacklisted permissions, that only kernel-level processes have access to, like accessing all of the partitions, modifying applications, etc.

What do you think?

Microsoft announced a new security feature for the Windows operating system.

According to a report of ZDNet: Named "Hardware-Enforced Stack Protection", which allows applications to use the local CPU hardware to protect their code while running inside the CPU's memory. As the name says, it's primary role is to protect the memory-stack (where an app's code is stored during execution).

"Hardware-Enforced Stack Protection" works by enforcing strict management of the memory stack through the use of a combination between modern CPU hardware and Shadow Stacks (refers to a copies of a program's intended execution).

The new "Hardware-Enforced Stack Protection" feature plans to use the hardware-based security features in modern CPUs to keep a copy of the app's shadow stack (intended code execution flow) in a hardware-secured environment.

Microsoft says that this will prevent malware from hijacking an app's code by exploiting common memory bugs such as stack buffer overflows, dangling pointers, or uninitialized variables which could allow attackers to hijack an app's normal code execution flow. Any modifications that don't match the shadow stacks are ignored, effectively shutting down any exploit attempts.