Sign up to save your podcasts
Or
Share Hack w/ Me Episode 2: Search Skills
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Hack w/ Me Episode 2: Search Skills
Intro
Sup folks! Today, we will be discussing what was learned after finishing the Search Skills room in TryHackMe. Honestly, I went into this room thinking, “This is gonna be a bunch of filler that I already know, I should just skim through it.” But I quickly realized that there were plenty of VERY useful tips, tricks, and resources that I never knew. So with that, here’s a quick overview of the learning material within this room:
* Evaluation of information sources
* The use of search engines efficiently
* Exploring specialized search engines
* Reading technical documentation
* Making use of social media
* Checking news outlets
Most of these topics are things I do regularly, especially reading technical documentation, considering that’s a required skill as a software engineer. But others, like the use of specialized search engines, were topics I’ve never really touched (or maybe I have in the past and didn’t realize it). Even some of the tips and tricks with search queries for the typical search engines like Google or DuckDuckGo were new to me, so I definitely learned a good amount from this section, aka “room”. I’ll try to make this article a quick read and sum up everything I went over and learned.
Evaluation of Search Results
For this task, we just went over how to effectively evaluate the information we ingest from our searches. Here are a handful of things to consider when evaluating information:
* Source: Identify the author or organization publishing the information. Consider whether they are reputable and authoritative on the subject matter. Publishing a blog post does not make one an authority on the subject.
* Evidence and reasoning: Check whether the claims are backed by credible evidence and logical reasoning. We are seeking hard facts and solid arguments.
* Objectivity and bias: Evaluate whether the information is presented impartially and rationally, reflecting multiple perspectives. We are not interested in authors pushing shady agendas, whether to promote a product or attack a rival.
* Corroboration and consistency: Validate the presented information by corroboration from multiple independent sources. Check whether multiple reliable and reputable sources agree on the central claim
Search Engines
Most people reading this will be familiar with Google or Bing, and some will be keen on DuckDuckGo, like myself. However, I found out about the many search operators that you can use to refine your search results. Each browser has its own set of operators, and some do overlap. It’s not isolated only to browsers either; many operating systems have their own subset of search operators as well. Here is a GitHub repo that has collected a ton of direct links to platform documentation of their respective search operators → https://github.com/cipher387/Advanced-search-operators-list.
Since I use DuckDuckGo, let’s take a peek at a screenshot of that one:
Here, you can see a variety of search operators that may come in handy for searching for specific items. One I find particularly useful is the filetype parameter. This will be extremely useful when trying to search for research papers and whitepapers. This actually partially disproves a statement I made in my latest article/podcast, which was that search queries these days were starting to produce less and less valuable results. Now that I’m no longer ingnorant to more advanced ways to search for information, I might be able to limit the trash articles I get in my queries 😅. I encourage people to play around with some of these search operators and confirm if your results are more refined and useful for what you’re searching for.
Specialized Search Engines
Completing this task was my “oh, word?!” moment when completing the room. There are SO many very specific search engines that provide fantastic information and context depending on what you’re looking for. I find that this is more useful for IT and Cyber Security engineers/enthusiasts, though. The example engines presented seem to be focused that way, at least. The first one we cover is Shodan.
Shodan
Shodan is a search engine for devices connected to the Internet. It allows you to search for specific types and versions of servers, networking equipment, industrial control systems, and IoT devices. For example, you may want to see how many servers are still running Apache 2.4.1 and the distribution across countries. To find the answer, we can search for apache 2.4.1, which will return the list of servers with the string “apache 2.4.1” in their headers.
Censys
Next up is Cynsys.
Cynsys is similar to Shodan but focuses on Internet-connected hosts, websites, certificates, and other Internet assets. Some of its use cases include enumerating domains in use, auditing open ports and services, and discovering rogue assets within a network. They have a good doc on Introductory Use Cases that’s worth checking out. Some key use cases are:
* Investigate indicators of compromise (IoCs): Find and track threat actors on the internet via the infrastructure they set up.
* Enrich internal threat feeds with host and certificate data: Augment network logs with the most accurate, up-to-date public profile of the entities within and connecting to your network.
* Create a timeline of adversary infrastructure: Investigate how and when an adversary weaponized infrastructure. See the history of a compromised or suspicious host.
* Understand the global impact of vulnerabilities across the Internet: Conduct security research to understand the global impact of vulnerabilities across the Internet from CVEs to zero-days like SolarWinds or Microsoft Exchange.
* Map your external attack surface: Investigate and view your attack surface from an external perspective by finding your Internet-facing assets and evaluating them for vulnerabilities.
The Introductory Use Cases doc goes into deeper detail of the key use cases with some examples as well, but I won’t go over that in this article. I’m sure we will be utilizing this tool in the future for assignments.
VirusTotal
VirusTotal is a website that provides a virus-scanning service for files using multiple antivirus engines. It allows users to upload files or provide URLs to scan them against numerous antivirus engines and website scanners in a single operation. They can even input file hashes to check the results of previously uploaded files.
The screenshot above shows the result of checking the submitted file against 67 antivirus engines. Moreover, one can check the community's comments for additional insights. From time to time, a file might be flagged as a virus or a Trojan; however, this might not be accurate for various reasons, and that's when community members can provide a more in-depth explanation.
Have I Been Pwned
Last but certainly not least, is “Have I Been Pwned” (HIBP). HIBP does one thing: it tells you if an email address has appeared in a leaked data breach. I’ve used this a couple of times over the past couple of years due to the increased data breach reports that have been sprouting up with apps I used, like Discord and the National Data Breach that exposed 3 BILLION PEOPLE!!
Finding one’s email within leaked data indicates leaked private information and, more importantly, passwords. Many users use the same password across multiple platforms; if one platform is breached, their password on other platforms is also exposed. So please, for the love of god start using a password generator and manager lol. While passwords are usually stored in an encrypted format, many passwords are not that complex and can be recovered using a variety of attacks.
Vulnerabilities & Exploits
This task was pretty damn cool. We went over 2 main tools/databases: The Common Vulnerabilities and Exposures (CVE) program and the Exploit Database.
Common Vulnerabilities and Exposures (CVE)
It’s said to think of CVE as a dictionary of vulnerabilities. It provides a standardized identifier for vulnerabilities and security issues in software and hardware products. Each vulnerability is assigned a CVE ID with a standardized format like CVE-2024-29988. This unique identifier (CVE ID) ensures that everyone from security researchers to vendors and IT professionals is referring to the same vulnerability, CVE-2024-29988 in this case. The MITRE Corporation maintains the CVE system. For more information and to search for existing CVEs, we can visit the CVE Program website. Alternatively, we can visit the National Vulnerability Database (NVD) website. The screenshot below shows CVE-2014-0160, also known as Heartbleed.
The Heartbleed bug is a critical security vulnerability in the OpenSSL cryptographic software library that allows attackers to exploit improperly implemented TLS heartbeat functions to access sensitive data in memory, such as private keys and passwords. This vulnerability was publicly disclosed in April 2014 and has since been patched in newer versions of OpenSSL.
Exploit Database
There are many reasons why you would want to exploit a vulnerable application; one would be assessing a company’s security as part of its red team. Needless to say, we should not try to exploit a vulnerable system unless we are given permission, usually via a legally binding agreement.
Once we have permission to exploit a vulnerable system *wink wink*, we might need to find a working exploit code. One resource is the Exploit Database. The Exploit Database lists exploit codes from various authors; some of these exploit codes are tested and marked as verified.
Technical Documentation & Social Media
I want to combine these two tasks as they are pretty straightforward
Technical Docs
From coding languages & Framework docs like Python and Svelte to hardware ecosystem docs for Apple hardware, you will find well-organized documentation of its software or hardware. These official docs provide a reliable source of information about the software or product features and functions. These docs should be the first stop shop for getting started with new software or a new piece of hardware. You can typically expand what you learn within those docs by supplementing them with 3rd part resources if you need a different point of view in explaining what’s already in the official docs.
Social Media
There are billions of users registered on social media platforms such as Facebook, Twitter, and LinkedIn. At this point, it’s expected to be familiar with these popular platforms, and if you aren’t, I highly recommend you get up to speed. Ideally, one would want to explore a platform without creating an official account; however, this severely limits your experience with diving into the app. Instead, a recommendation is to use a temporary email address to learn about these platforms without linking them to your real email addresses; once done, you can terminate the accounts and associated email addresses. One reason for not using your primary account is that you don’t want your contacts to start connecting with you there when you are only temporarily exploring a platform.
Conclusion
This lesson focused on the most common sources of information for cyber security professionals. There are plenty more. As the information landscape keeps changing, it is impossible to cover all the sources. However, by subscribing to relevant cyber security groups, you can stay ahead and be aware whenever new interesting sources arise.
If you want to keep up with my work or want to connect as peers, check out my social links below and give me a follow!
* 🦋 Bluesky
* ▶️ Youtube
* 💻 Github
* 👾 Discord
Get full access to Digital Dopamine at digitaldopaminellc.substack.com/subscribe
View all episodes
By Digital DopamineIntro
Sup folks! Today, we will be discussing what was learned after finishing the Search Skills room in TryHackMe. Honestly, I went into this room thinking, “This is gonna be a bunch of filler that I already know, I should just skim through it.” But I quickly realized that there were plenty of VERY useful tips, tricks, and resources that I never knew. So with that, here’s a quick overview of the learning material within this room:
* Evaluation of information sources
* The use of search engines efficiently
* Exploring specialized search engines
* Reading technical documentation
* Making use of social media
* Checking news outlets
Most of these topics are things I do regularly, especially reading technical documentation, considering that’s a required skill as a software engineer. But others, like the use of specialized search engines, were topics I’ve never really touched (or maybe I have in the past and didn’t realize it). Even some of the tips and tricks with search queries for the typical search engines like Google or DuckDuckGo were new to me, so I definitely learned a good amount from this section, aka “room”. I’ll try to make this article a quick read and sum up everything I went over and learned.
Evaluation of Search Results
For this task, we just went over how to effectively evaluate the information we ingest from our searches. Here are a handful of things to consider when evaluating information:
* Source: Identify the author or organization publishing the information. Consider whether they are reputable and authoritative on the subject matter. Publishing a blog post does not make one an authority on the subject.
* Evidence and reasoning: Check whether the claims are backed by credible evidence and logical reasoning. We are seeking hard facts and solid arguments.
* Objectivity and bias: Evaluate whether the information is presented impartially and rationally, reflecting multiple perspectives. We are not interested in authors pushing shady agendas, whether to promote a product or attack a rival.
* Corroboration and consistency: Validate the presented information by corroboration from multiple independent sources. Check whether multiple reliable and reputable sources agree on the central claim
Search Engines
Most people reading this will be familiar with Google or Bing, and some will be keen on DuckDuckGo, like myself. However, I found out about the many search operators that you can use to refine your search results. Each browser has its own set of operators, and some do overlap. It’s not isolated only to browsers either; many operating systems have their own subset of search operators as well. Here is a GitHub repo that has collected a ton of direct links to platform documentation of their respective search operators → https://github.com/cipher387/Advanced-search-operators-list.
Since I use DuckDuckGo, let’s take a peek at a screenshot of that one:
Here, you can see a variety of search operators that may come in handy for searching for specific items. One I find particularly useful is the filetype parameter. This will be extremely useful when trying to search for research papers and whitepapers. This actually partially disproves a statement I made in my latest article/podcast, which was that search queries these days were starting to produce less and less valuable results. Now that I’m no longer ingnorant to more advanced ways to search for information, I might be able to limit the trash articles I get in my queries 😅. I encourage people to play around with some of these search operators and confirm if your results are more refined and useful for what you’re searching for.
Specialized Search Engines
Completing this task was my “oh, word?!” moment when completing the room. There are SO many very specific search engines that provide fantastic information and context depending on what you’re looking for. I find that this is more useful for IT and Cyber Security engineers/enthusiasts, though. The example engines presented seem to be focused that way, at least. The first one we cover is Shodan.
Shodan
Shodan is a search engine for devices connected to the Internet. It allows you to search for specific types and versions of servers, networking equipment, industrial control systems, and IoT devices. For example, you may want to see how many servers are still running Apache 2.4.1 and the distribution across countries. To find the answer, we can search for apache 2.4.1, which will return the list of servers with the string “apache 2.4.1” in their headers.
Censys
Next up is Cynsys.
Cynsys is similar to Shodan but focuses on Internet-connected hosts, websites, certificates, and other Internet assets. Some of its use cases include enumerating domains in use, auditing open ports and services, and discovering rogue assets within a network. They have a good doc on Introductory Use Cases that’s worth checking out. Some key use cases are:
* Investigate indicators of compromise (IoCs): Find and track threat actors on the internet via the infrastructure they set up.
* Enrich internal threat feeds with host and certificate data: Augment network logs with the most accurate, up-to-date public profile of the entities within and connecting to your network.
* Create a timeline of adversary infrastructure: Investigate how and when an adversary weaponized infrastructure. See the history of a compromised or suspicious host.
* Understand the global impact of vulnerabilities across the Internet: Conduct security research to understand the global impact of vulnerabilities across the Internet from CVEs to zero-days like SolarWinds or Microsoft Exchange.
* Map your external attack surface: Investigate and view your attack surface from an external perspective by finding your Internet-facing assets and evaluating them for vulnerabilities.
The Introductory Use Cases doc goes into deeper detail of the key use cases with some examples as well, but I won’t go over that in this article. I’m sure we will be utilizing this tool in the future for assignments.
VirusTotal
VirusTotal is a website that provides a virus-scanning service for files using multiple antivirus engines. It allows users to upload files or provide URLs to scan them against numerous antivirus engines and website scanners in a single operation. They can even input file hashes to check the results of previously uploaded files.
The screenshot above shows the result of checking the submitted file against 67 antivirus engines. Moreover, one can check the community's comments for additional insights. From time to time, a file might be flagged as a virus or a Trojan; however, this might not be accurate for various reasons, and that's when community members can provide a more in-depth explanation.
Have I Been Pwned
Last but certainly not least, is “Have I Been Pwned” (HIBP). HIBP does one thing: it tells you if an email address has appeared in a leaked data breach. I’ve used this a couple of times over the past couple of years due to the increased data breach reports that have been sprouting up with apps I used, like Discord and the National Data Breach that exposed 3 BILLION PEOPLE!!
Finding one’s email within leaked data indicates leaked private information and, more importantly, passwords. Many users use the same password across multiple platforms; if one platform is breached, their password on other platforms is also exposed. So please, for the love of god start using a password generator and manager lol. While passwords are usually stored in an encrypted format, many passwords are not that complex and can be recovered using a variety of attacks.
Vulnerabilities & Exploits
This task was pretty damn cool. We went over 2 main tools/databases: The Common Vulnerabilities and Exposures (CVE) program and the Exploit Database.
Common Vulnerabilities and Exposures (CVE)
It’s said to think of CVE as a dictionary of vulnerabilities. It provides a standardized identifier for vulnerabilities and security issues in software and hardware products. Each vulnerability is assigned a CVE ID with a standardized format like CVE-2024-29988. This unique identifier (CVE ID) ensures that everyone from security researchers to vendors and IT professionals is referring to the same vulnerability, CVE-2024-29988 in this case. The MITRE Corporation maintains the CVE system. For more information and to search for existing CVEs, we can visit the CVE Program website. Alternatively, we can visit the National Vulnerability Database (NVD) website. The screenshot below shows CVE-2014-0160, also known as Heartbleed.
The Heartbleed bug is a critical security vulnerability in the OpenSSL cryptographic software library that allows attackers to exploit improperly implemented TLS heartbeat functions to access sensitive data in memory, such as private keys and passwords. This vulnerability was publicly disclosed in April 2014 and has since been patched in newer versions of OpenSSL.
Exploit Database
There are many reasons why you would want to exploit a vulnerable application; one would be assessing a company’s security as part of its red team. Needless to say, we should not try to exploit a vulnerable system unless we are given permission, usually via a legally binding agreement.
Once we have permission to exploit a vulnerable system *wink wink*, we might need to find a working exploit code. One resource is the Exploit Database. The Exploit Database lists exploit codes from various authors; some of these exploit codes are tested and marked as verified.
Technical Documentation & Social Media
I want to combine these two tasks as they are pretty straightforward
Technical Docs
From coding languages & Framework docs like Python and Svelte to hardware ecosystem docs for Apple hardware, you will find well-organized documentation of its software or hardware. These official docs provide a reliable source of information about the software or product features and functions. These docs should be the first stop shop for getting started with new software or a new piece of hardware. You can typically expand what you learn within those docs by supplementing them with 3rd part resources if you need a different point of view in explaining what’s already in the official docs.
Social Media
There are billions of users registered on social media platforms such as Facebook, Twitter, and LinkedIn. At this point, it’s expected to be familiar with these popular platforms, and if you aren’t, I highly recommend you get up to speed. Ideally, one would want to explore a platform without creating an official account; however, this severely limits your experience with diving into the app. Instead, a recommendation is to use a temporary email address to learn about these platforms without linking them to your real email addresses; once done, you can terminate the accounts and associated email addresses. One reason for not using your primary account is that you don’t want your contacts to start connecting with you there when you are only temporarily exploring a platform.
Conclusion
This lesson focused on the most common sources of information for cyber security professionals. There are plenty more. As the information landscape keeps changing, it is impossible to cover all the sources. However, by subscribing to relevant cyber security groups, you can stay ahead and be aware whenever new interesting sources arise.
If you want to keep up with my work or want to connect as peers, check out my social links below and give me a follow!
* 🦋 Bluesky
* ▶️ Youtube
* 💻 Github
* 👾 Discord
Get full access to Digital Dopamine at digitaldopaminellc.substack.com/subscribe