![Matthew Toussain](/img/default-banner.jpg)
- 38
- 162 584
Matthew Toussain
Приєднався 30 чер 2011
OpenSec believes in building an elite community of cybersecurity veterans who use their passion and knowledge of the latest tactics, techniques, and procedures to aid clients in achieving their cybersecurity goals and contribute to the open source community for the benefit of all.
Studying for GIAC with Voltaire
Studying for GIAC certification exams has never been easier. Voltaire is a free tool that has helped over 12,000 professionals achieve their certification objectives.
Переглядів: 218
Відео
2021 | The Worst Year In Hacking History
Переглядів 1,4 тис.2 роки тому
Will update soon Credits: Jhonti ua-cam.com/video/U2Q6-S-GYcg/v-deo.html @seytonic CNET ua-cam.com/video/qJM5zG9XhZ8/v-deo.html
Log4j | Why Your Scanners Can't Find It
Переглядів 7882 роки тому
It's tough to find vulnerabilities. Especially when our vulnerability scanners fail. Let's explore why. Nmap scripting engine remains an outstanding and equivalent example of general purpose vulnerability scanners such as qualys and tenable. Basic. Flawed, and disingenuous. Diving into the LUA source code we can see this third party module's reliance on DNS. This is confusing even to security p...
OSINT | Breach Data KNOWS You!
Переглядів 7303 роки тому
Organization gets hacked, you get exposed. What’s really inside of a data breach and what does it mean?
PowerShell | The 3 Key Cmdlets
Переглядів 4603 роки тому
Today scripting is as much a right of passage for those in the information security community as it is becoming a required set of skills. For many of us, PowerShell is the answer. PowerShell is unique in that it is native to Windows and has a set of three key cmdlets that can guide your adventure. Thank you for joining us in yet another installment of Tactics Tuesday. If you enjoyed this be sur...
Tactics Tuesday | Bash History Tricks
Переглядів 2963 роки тому
Efficiency is a key skillset for operators looking to kick things up a level. For those of us living by the shell, its history can erase frustration and unlock untold potential. Tips Discussed in this Video History Navigation - CTRL-p/n - CTRL-r History Replay - !! - ![Command] - !n - !-n Parameter Expansion - !:n Example: mv /song.mp3 /Users/oz/Music mv /Users/oz/song.mp3 !:2 - !#:1.bak Exampl...
The C2 Matrix | Golden Age of C2
Переглядів 3374 роки тому
I traveled out to Pentest Hackfest in Washington DC to chat with Jorge Orchilles and Bryson Bort to talk C2. Their perspectives were awesome, and I'm so glad I got to do this interview! Checkout the rest of the Golden Age of C2 series for more or stay tuned for the next installment!
Hactivism | Black Lives Matter
Переглядів 4464 роки тому
This video is the first segment of a new series I'm starting where we'll talk about ethics, hacktivism, and what you can do to help. In the next video, we'll do a teardown of some of the attack tools being distributed by Anonymous right now. #BlackLivesMatter
Get Certified! All You Need to Know to Rock GIAC Exams
Переглядів 20 тис.4 роки тому
Voltaire is a web-based indexing tool for GIAC certification examinations. Creating an index with Voltaire is a simple three phase process involving: documentation/note-taking, sorting & normalization, and word processing. Voltaire Website: voltaire.publickey.io
The Cyber Predators of COVID-19
Переглядів 1704 роки тому
The COVID-19 epidemic has become a breeding ground of chaos where misinformation dominates the spectrum. Cyber attackers have taken advantage of our situation and begun to prey upon the desperate. For more information including examples of phishing campaigns and cyber-attacks related to COVID-19: www.opensecurity.com/blog/covid19 Scams and cyber-attacks based around COVID-19 misinformation are ...
Vulnerability Scanning with Cloudflare's FlanScan
Переглядів 1,8 тис.4 роки тому
Vulnerability Scanning with Cloudflare's FlanScan
Tactics Tuesday | DDE All The Things
Переглядів 1,6 тис.6 років тому
Tactics Tuesday | DDE All The Things
Tactics Tuesday | Mass Meterpreter Single Channel
Переглядів 2386 років тому
Tactics Tuesday | Mass Meterpreter Single Channel
Rocking the GIAC Exam with Voltaire
Переглядів 38 тис.6 років тому
Rocking the GIAC Exam with Voltaire
Subterfuge Kali Linux 2.0 Install and Walkthrough
Переглядів 8 тис.8 років тому
Subterfuge Kali Linux 2.0 Install and Walkthrough
Building a GIAC Index /Survival Traits
Переглядів 11 тис.8 років тому
Building a GIAC Index /Survival Traits
(Official) How to Install Subterfuge 1.0 on Kali Linux
Переглядів 9 тис.10 років тому
(Official) How to Install Subterfuge 1.0 on Kali Linux
Combining Subterfuge with Armitage Adversaries Beware!
Переглядів 20 тис.11 років тому
Combining Subterfuge with Armitage Adversaries Beware!
Installing Subterfuge on Kali Linux
Переглядів 3,2 тис.11 років тому
Installing Subterfuge on Kali Linux
DEFCON 20: Subterfuge - The Automated Man-in-the-Middle Attack Framework
Переглядів 4,8 тис.11 років тому
DEFCON 20: Subterfuge - The Automated Man-in-the-Middle Attack Framework
i’m sorry but there’s to much smacking and snickering maybe consider some speech courses
I have used Voltaire successfully on multiple occasions. However last year it would not accept a Microsoft Excel import of my created information. As a result I had to manually copy and paste into Voltaire over 1,000 cell entries. Not fun. Hopefully that kind of issue has been tested and fixed. The good news is that I passed last year's test even though the manual work of copying and pasting added about 3 hours to the overall effort.
Yep, the JavaScript library that the old version used went out of support (it was built in 2014). The new version has been completely rewritten which brings new issues while dispensing with the old! Congrats on your success!
Think you need to update the link here since you've added a redirect and require discord to log into your open security site.
WAIT A SECCOND!! this is LEGIT me. fr #giac
this was so much fun to watch. thank you for the laughs.
Is there a new way of doing it the page looks totally different and this didnt work
i am unable to login to the web app
Thanks Matthew for this great tool! it helped me in my first GIAC Cert and I am preparing for the second. However, when I restarted my PC and logged in to Voltaire again, I couldnt find my saved indexes. Can you help in this? very appreciated
Hello. I tried adding to my index for GSEC but when I try to edit, it's blank. Is there a way to recover it?
HI, I have tried to updload a csv file with all commas in text removed and the 4 required labeled columns, and nothing gets loaded into the index. suggestions?
Hi Matthew, amazing tool. I was wondering if I can also use it on IPad? I can’t get it to work on it. So was wondering if it’s just me or it just doesn’t work. 😅 thank you in advance and thank you for making Voltaire
Hi, Tried everything to import a .csv. ( built a sample one with only 3 lines). Is it possible that you put a sample online that works? Then I can use this to check or use for my index. Thank yo in advance.
Great tool! but I can't seem to login with firefox or safari, only Edge. I must have some setting blocking it but I don't know where to start. Any advice?
Saw someone had the same issue, Cleared cache with no effect. I'll just use a different browser on my other device.
Use edge?
Hi! I am trying to upload my index and I am not seeing the screen as it is in this video. When I click edit my index, there is no import option. I am using Chrome. Safari didn't work either. I was told maybe if I comment you could help.Thank you! I am making an index for the GFACT.
Very useful information. Thanks. It does appear to be choppy on my end. Not sure if there is an issue with my connection.
im doing internal pentest meanwhile i found csv inject point in there.. but problem is if there are any payloads starts with = + - @ sign they append quotes to it.. is there any way I could execute formulas without = + - @ symbols??
Off topic: looks like you have quite a few GIAC certs, do you actually still renew all your certs? Kind of pricey!
Nope! I don’t think a single one of my certifications is still valid. I rejoiced when my CEH expired and I’m fortunate that I don’t need to maintain these for employment purposes.
Hi Matthew, Ty for making this! What do you usually put in description? Would it be good to just put keywords related to the title/topic instead of a short summary?
You can absolutely do that! The description is 100% up to you and what you find most valuable to jog your memory. The goal of the description field is for it to sometimes (all be it rarely) jog our memory such that we don’t even need to reach for the books at all.
Hey Matthew, I wanted to use this tool but the it does not handle google users not having a last name.
I have tried to log in with three different emails and just end up with an error message "Unable to process request due to missing initial state. This may happen if browser sessionStorage is inaccessible or accidentally cleared." Have tried with Firefox and Microsoft Edge.
Try with Chrome or with another device if possible. Firefox generally works as well. The issue is that your browser’s local storage has cached something from a different site that is conflicting with the session cookie of Voltaire.
@@MatthewToussain Thanks. I tried clearing cache and cookies just to be sure, didn't help. The new browser was able to log in.
Really appreciate the effort here; but I can't use this tool at all. The import CSV doesn't work. I tried making a separate index manually. Spent hours doing it then tried to Export and it didn't work. I've spent so much time trying to use this tool and have gotten no value from it at all. I'm so frustrated with it at this point I'm just completely giving up on it.
I’m sorry to hear that. Did you ever try using the Discord support channel? It’s linked on every page for a reason.
@@MatthewToussain I hadn't. Part of my issue is that I don't understand GitHub structure. I'll take a look at that. Thanks for the reply!
I understand alphabetizing everything but Do you take the pages out of each book and sort them alphabetically?
I don’t personally. I’m actually not sure how that would even work as each page could have any number of topics In it’s notes section. Let us know if you come up with a cool strategy though! I’m always looking for new tricks to improve!
@@MatthewToussain that was my thought. I just wasn’t sure how you kept your tabs in order? I probably am doing a poor job of explaining what I’m trying to ask lol sorry
@@William-Welch Oh! I might have a tip for that actually. What your describing sounds a bit similar to a technique I’ve seen Lesley Carhart use. On the Voltaire site there’s a page called “Resources” with links to a bunch of things like this video. One of those is a blog called hacksforpancakes. Lesley tabs out her actual books with content markings. Her blog post on the topic even has a bunch of pictures to show how she goes about doing it.
@@MatthewToussain thank you! I’ll definitely be trying this out for my upcoming courses
Link is not working
I just checked. Everything is working fine. Note that mobile browsers aren’t supported.
@@MatthewToussain thank you for your reply, yeah I was trying to access it by my phone. It is working fine on my laptop. Thank you Matthew
@@m7mzz epic! I love it when the solution is ez!
Hey Matthew, I just completed a SANS course CloudSecurity and our Instructor gave us the Voltaire link, but it is not letting us in to the platform. Can you help me out?
Sorry, I’ve been on Australia time lately so I’ve been out of touch. Are you still having trouble? I just checked and it appears to be online.
Any idea what you used for tabbing your books in this video? I know it's fairly old, but I really like those tabs and haven't had a lot of success finding anything similar yet. What I ordered ended up not looking anything like it.
Sure I just use the three ring binder tabs that you can buy at any office supply store (like Office Depot). The binding machine can punch straight through so the three ring holes don’t matter.
Haha, "I'm colorblind, so i might be wrong...", glad to see I'm not the only one in this field 😃
It’s the WORST my friend! I keep trying to do UI design and people are all… “you know that’s not red right? Matt???”
Thanks Matthew, I just finished the SEC401 and this indexing method using your tool will save me valuable time. Thank you for taking the time to build it.
Thanks Matt, about to prepare for 560. Gonna be an intense few weeks :(
Hell yeah! You got this my friend!
I guess we can just use nmap with the right flags and skip Flan Scan altogether.
I don't know if this is qualified as "automation" but text manipulation and text editors like the ones mentioned, make life easier for treating text and using it elsewhere.
thanks so much - this made all the difference in my passing my first certification !
Hell, yeah!
Hey! Great video! Is your tool still there? The link is not working 😢
I'm not able to log into Voltaire using the link above - it takes me to the login page repeatedly - using Firefox regular mod. I tried Chrome incognito with no luck as well. Help? Also, should the labs be indexed as well? TIA!
It’s an issue with your local browser cash using another browser like Firefox or another computer generally fixes it.
Thank you for putting this together, Matthew. I was trying to format my index using the tool, but the export option was not working for me. Are you making any changes? I imported it from a cvs file and then exported it using the build index option. Do you have any suggestions for what I should do? Thanks!
Love it, Matt. Keep it up!
I really hated this one as I was making it. I just didn’t feel like it had that special “pop”… I like how it turned out in the end though! It was just a matter of forcing it through.
Very nice)
Thanks so much!
Thanks for the video, it was interesting! Could you make a video about the BOT token? I have been watching the dynamics for a long time, in my opinion it looks quite promising, now they have a lot of new services and products that were quite difficult for me to figure out, so I would like to hear your opinion)
I Agree)
Sure! Im not sure what that is though… do you mean the tokens used to control bots for things like Discord?
dont see the goggle doc
What google doc?
@@MatthewToussain Hey, I think they are referencing this part, 22:46 / 41:02
@@zainlakhani6074 oh wow that’s interesting. The video is from a live screen so I never considered that. Good catch. That docs a bit legacy after all these years though 😅
@@MatthewToussain Haha yeah I figured, I am building my index right now with Voltaire for my CEVA Attempt. In honesty i forgot I had scheduled and i just realized its on Tuesday so ive been cramming for the last few days. I do have quick question if you do not mind. I have already gone through all of the SEC 460 Ondemand Video and the Books Once. Im not able to copy text directly from the Ondemand Course book. That privilege would make it significantly faster in building the index. Is that by design?
Personally I tell staff to make their passwords out of favourite quotes or lines from books and to use the special characters that are in that quote or line
I’d drop the special character part of that. It doesn’t help much and makes it harder for the user to remember and easier to forget. For the rest I completely agree. I tell people the same thing. Culture is an overwhelming source of entropy that computers simply cannot comprehend.
@@MatthewToussain Been ages since I last had to reset password for staff. They all have to submit a password document to me (Yeah I hear you screaming and pulling out hair) which has always been a standard code of practice where I work so happy to say all of them have taken the mandate I issued when it comes to passwords except for one person who has an alright password but she uses it for everything. For the record once the password sheet is sent to me via a file share folder they are removed from it on to 3 hard drives and all are encrypted with passwords and biometrics and all 3 are held in my work safe.
@@MatthewSwartIreland yeah that’s not ideal… really not possible to secure that and guaranteed that your users have them stored locally as well. If you really need to see people’s plaintext creds you can enable “reversible encryption” on the DC (but that only works for Active Directory). There’s just a TON of attack surface in the methodology you described.
The strongest password is the biggest prime number
Funny story... passwords get stored as fixed length hashes (dd02c7c2232759874e1c205587017bed - for example) creating a password of a length greater than the stored hash is irrelevant as the selected credential is likely to collide (hash collision) before it cracks.
Great video Matthew!
Great tips! +1 for professional binding. My first two indexes were in 3-ring binders and were really clunky. The wire binding made flipping through much easier last time and definitely saved me precious time during the exam.
Do you think would be possible to DDE a JSON file?
Sort of. DDE is an Microsoft Office feature so it only works in file formats opened by those tools. Some of them like OneNote can support embedded file types. If JSON is supported like that then, theoretically, there might be some play there.
It looks like the video and the current version are different. The copy and paste from notepad isn't working. Was this capability removed? I am unable to import a file with descriptions, it appears the default template only allows for Title, Book, Page. However, this schema does work better for a traditional looking index.
Sure is! There's an updated version here: ua-cam.com/video/mm4MQfy7D98/v-deo.html
This looks great but I am having problems accessing this page with a mac. Safari appears to be a no-go and there Firefox loops me back to the home page when I click on the Login button. Do you have any recommendations for me? Thank you!
Absolutely. I’m not sure about Safari, but I know what’s up with FF. It’s a google authentication issue. Generally, swapping systems / browsers does the trick. Eventually the broken session will expire, and then you can go back to the previous browser as well. I’d also recommend Chrome. That browser and FF are what I designed it in so I know that (baring Google auth issues like you’re having) those work.
@@MatthewToussain Thanks Matt! It does work from my Windows machine. The problem I am having now is the Build Index button creates an empty file. I removed the commas, saved the spreadsheet to a .csv file, and imported. The current import feature looks different and the process seems to be different. I am unable to configure my tool bar, copy and paste from the .csv file with notepad to a text window in Voltaire (no text window appears, no import button when editing). When I use the import index button it reads the file in and appears fine. But when I click on build index, the application generates an index file but it is blank. Any suggestions? Many thanks!
@@michaelrodriguez4588certainly! So this video is rather old there are actually three newer Voltaire tutorials on UA-cam. Build index now handles everything for you. No janky copy/paste necessary. There’s also a full support system built into the tool. You can access that from the discord link in the top right. I’m certain that you can find answers and support there for questions you may not even have known to ask! On to the issue. When that happens it’s typically because you’ve got some very weird character in your index and that can be hard to identify. First, I’d try checking to see if you can build an index at all. Create a new one, add five lines, and build it. See if it works without the complexity. If it does we know that there’s something wrong with your data. Two ways to fix that. The easiest way is to just highlight everything in your index and paste it into excel. Then import it back with the import xlsx feature. That will often sanitize your input. If that doesn’t work, just go chunk by chunk until it stops working and you’ll know where the issue is. Rectify that across your data and bam! Good luck with your index/exam. Again, I highly recommend the discord. It’s much easier to answer your questions than in the UA-cam comment section.
Also, if you head to the discord, you’ll see a more in depth version of the above as that question comes up every now and again.
@@MatthewToussain Got it, I'll give this a go - Thanks!
Hey Matt, you are an absolute God send. I realized after creating my excel sheet that it was going to be a pain to try and alphabetize and then print and this solved that completely. One thing I did want to ask, how do you handle topics that are mentioned across multiple pages and multiple books. For example the "ls" command is mentioned in GCIH 2:33, 2:90, 3:70, 3:73, 3:88 etc. I tried separating by commas, but I ended up with a format of b2,2,3,3,3,3 /p33,90,70,73,88. Is there a better way to tackle this? I'd hate to get my pages / books mixed up in the chaos of the exam. Creating a new listing for each individual term isn't really feasible for me since I already have 1800+ entries... In any case thank you again for this tool. It is amazing.
Hi John! I’m glad this is helping! Personally… I do create an entry for each reused term normally I do it like this: Metasploit Metasploit - Encoders Metapsloit - PSExec Metapsloit - etc That helps me always know which one I want to look up. 1800 entries is a lot. In my experience you start to get diminishing returns pretty quickly, and eventually if your index gets too large adding to it might actually be counter productive. It’s never terrible, but it certainly takes a lot of time for little if any benefit if you go too pedantic on the indexing. Good luck!
Is there a difference between books from SANS (blue books) and books from sans technology institute That book you showed at 4:47, how do I get it? Because it is different from the blue books of SANS
I made the book at 4:47 myself. This video is a tutorial on how to do that.
how do I get those books?
I’m happy to answer your question, but I’m not sure I understand. Which books do you mean? The courseware or the indexes that this video walks you through making?
@@MatthewToussain Thanks. I got the answer I was looking for. Is there any age limit for this exam ?
@@bhuvanavinuth7554 not as far as I’m aware.
Matt, I test for SEC 503 on Wednesday and my index of over 2000 entries is all of the sudden gone. Is there any way to resurrect it? Any help is greatly appreciated. What's to best way to contact you?
Sure happy to help. If you go to Voltaire there is a discord link on the search bar. Could you join that and message me through there? There are three tiers of backups that I built into Voltaire, and I can walk you through them if you message me there.
THANK YOU!!
Thank you! Those are rare words on the Internet. Cheers, mate! And good luck on your upcoming exam!