Join our Haxcellent Adventure!

It’s been roughly 6 months since I started doing Haxcellent Adventures videos and I have received a lot of feedback, questions, and support. I thought it might be time to answer some reoccurring questions and clarify how this all came to be a thing. I really enjoy teaching and that is the main reason why I started creating these videos. I previously made a small intro video to explain my original idea but here is some more clarification about why you should join us on this adventure!

What is Haxcellent Adventures?

Put simply Haxcellent Adventures is just videos of teaching and learning security topics. There are tons of people that do this way better than me. I feel however that one thing never gets captured which is the process of the process for learning. Most things are only filmed after everything has been figured out already. It’s mostly scripted and edited so that it comes out as a perfectly executed video.

I don’t edit the videos so you get the complete experience with all the mistakes. An example of this is I may start a video by saying I read this tweet, this led me to testing X, and then talking about the hurtles I faced. This avoids making videos where I show you what looks like magic due to the fact that everything was discovered before creation of the content.

How did you come up with the name?

It’s pretty simple. I chose an 80’s theme for our overall design. My nick is sneaker”hax” and it’s a bit of a play on “Bill and Ted’s Excellent Adventure”. Combine those 2 things and you get Haxcellent Adventures. Also I’m joined on this awesome journey by my close friend @n1c_fury. So it’s the Haxcellent Adventures of sneakerhax and n1cfury!

Why would I want to learn from you?

I took a nontraditional path of breaking into security. I don’t have a degree, certifications, or any formal education. I basically used freely available resources to learn everything and I feel like I’ve optimized the process of knowledge transfer and learning. Frequently when I teach people they say “Why didn’t somebody teach me it this way before”. I interpret this as having a skill for being able to distill out the most direct way of teaching a topic. I could be completely wrong about my approach but this is the value I hope to deliver in these videos.

What kinds of videos will you make?

There are a large number of basics topics I want to cover as a foundation for this series so that everybody can be on the same page. I have mentored what I would consider a large number of people over the years. Creating videos on fundamental topics allows me to capture what I teach in 1:1 mentoring sessions. This means I can record once and have an unlimited number of people benefit.

The videos will also consist of anything I’m learning that I consider a real world skill, resources I used to learn, and sessions that I have taught previously offline. This means you will see book reviews, security tool testing, lab building, penetration testing workflows, tips for learning, live sessions, career advice, and tons more!

How often will you release videos?

There is no set schedule for releasing content and that’s one of the best parts. As I figure out the best delivery mechanism to capture my vision for Haxcellent I hope to share more and more. This will cause a non-standard release cycle for all content. For now when I think something is valuable I’ll try to create a video.

What are the plans for the future?

Currently my plan is to keep firming up the foundational videos and then build on them gradually. I’ll be testing different deliver mechanisms including small clips, streaming, and short series on one topic. Hopefully in the future once we optimize our delivery we can share in a wide variety of ways. I’m considering streaming my raw process of just poking around and learning new things (If people consider this useful). I consider this sorta my secret sauce but I haven’t fully figured out how to capture it properly. Feedback however is always welcome and suggestions for videos are happily accepted.

Joining the Adventure!

If this all sounds like your sorta thing we are happy to have you along on this adventure. All the newest videos and updates are posted on our Haxcellent Twitter account.  All videos can also be found on YouTube for everyone to enjoy. Last but not least be excellent to each other!

 

Dockerizing EmailHarvester

I was just hanging out on a Saturday night and I stumbled onto this tool called EmailHarvester. It runs on Python 3 and I still use Python 2.7 and didn’t want to deal with virutualenv and whatnot. I decided it might be a good time to learn how to Dockerize tools. This is nothing mind blowing or new but I haven’t done this before.

Creating the Dockerfile

First thing that needs to be done is to build a Dockerfile that will used to build the image:

Here is the break down line by line:

  1. Grabs the Docker image for Python3
  2. Adds the folder containing EmailHarvester
  3. Runs a command. In this case it was necessary to install the dependencies of the tool
  4. Tells the docker image what to do when ran

The important point was that I used ENTRYPOINT and not CMD. When you use ENTRYPOINT it allows you to pass arguments which I will show later in the article

For more information the documentation can be found here

Building the Docker image

To build the image run  the following command:

docker build -t emailharvester .

Additionally you can add a label to the name (-t) by doing name:label. If you don’t add a label the default will be “latest”.

For more information the documentation can be found here

Running the Docker image

To run the Docker image do the following:

$ docker run -it emailharvester -d domain.com
[+] User-Agent in use: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1
[+] Searching everywhere
[+] Searching in ASK: 10 results
[+] Searching in ASK: 20 results
[+] Searching in ASK: 30 results
[+] Searching in ASK: 40 results
[+] Searching in ASK: 50 results

This runs the docker image in interactive mode and takes everything after the image name as an argument.

For more information the documentation can be found here

Conclusion

So there you go a Dockerized tool. This makes it really easy to deal with dependencies. For example you can send the image to a friend and they can run it with ease as long as they have Docker. It doesn’t matter what kind of system they are running. I think all tools should come with a Dockerfile to deal with dependency issues.