Looking to get some feedback from the Hacker News community.<p>I wrote the book with a focus on penetration testers and red teamers, but there are great examples for network admins, developers, and blue team defenders as well.<p>You can pick up a copy for free here through May 19, 2019: <a href="https://gumroad.com/l/the_cyber_plumbers_handbook/hackernews20190518" rel="nofollow">https://gumroad.com/l/the_cyber_plumbers_handbook/hackernews...</a><p>Please note, because it's hosted on Gumroad, it does require an email. If you don't want to give out your actual email, check out an anonymous email service. I give it away to students for free, so if you know of one that might like it, send them here to get instructions: <a href="https://cph.opsdisk.com" rel="nofollow">https://cph.opsdisk.com</a><p>About The Cyber Plumber's Handbook...<p>This book is packed with practical and real world examples of SSH tunneling and port redirection in multiple realistic scenarios. It walks you through the basics of SSH tunneling (both local and remote port forwards), SOCKS proxies, port redirection, and how to utilize them with other tools like proxychains, nmap, Metasploit, and web browsers.<p>Advanced topics included SSHing through 4 jump boxes, throwing exploits through SSH tunnels, scanning assets using proxychains and Metasploit's Meterpreter, browsing the Internet through a SOCKS proxy, utilizing proxychains and nmap to scan targets, and leveraging Metasploit's Meterpreter portfwd command.<p>Let me know if you have any questions! Looking forward to your comments/feedback.
Thanks for sharing and the effort put in so far. After a quick glance over I think you should consider giving at least a glancing mention in your intro section to the importance of hardening SSH itself vs the typical default install. It doesn't need to be much since it's somewhat out of scope of your specific focus here, but it'd be worth a few sentences mentioning the value of keys over passwords (and disabling passwords entirely), that keys can be kept on tokens as well (YubiKeys/NitroKeys for example), value of disabling ancient ciphers, that sort of thing. You say the book assumes "some experience with SSH", but given your stated audience includes admins/devs/blue team as well (and in another comment I see someone talking about using it with students) and I've seen a ton of really bad SSH setups used there, I think even a sentence or two about assuming hardening as well to get people into search engines (if you don't feel like more) would be valuable in the context of intrusion response.
This looks great. Though I must admit, 'SSH Tunnel Like a Boss' did make me intially doubtful. I wondered if it might be advice on how to find someone else to set up an ssh tunnel for you, while staring angrily at a command prompt and shouting.
Really nice to see the 'plumbing' mindset catching on. When the parallels to real-world utility work were first pointed out a lot of people were resistant to it because they felt insulted to have their high technology work compared to dirty low technology.
I am somewhat in tears now seeing this. I spent weeks at work trying to backwards analyze GCP IAP, which apparently uses this in the background (invoked via the gcloud CLI).<p>Almost like a lost art, it was impossible to find serious tutorials other than Michael W. Lucas’s book of a couple of years ago or the O’Reilly book from 2006.<p>Very much appreciated. Thank you for documentation on these very important systems that many of us sysadmins who came into the field later in life missed (other than when we connect to our cloud servers). Soon, even the cloud part I mentioned will be gone mostly to because of ‘kubectl’, as Kelsey Hightower has said.
This is great, thank you. I'm a big fan of socat for plumbing in pentesting environments, it's an amazing tool. Never had much luck with meterpreter's port forwarding as it seems to always eventually bug out.
Good topic and looks like some good examples. The formatting is nice, easy on the eyes but there is excessive whitespace in the book. Having large screenshots means when they don't fit on the page they get bumped to the next and a huge gapping whitespace appears. I can tell this is stretching out the length of the book. I'd peg it at really only about 50 pages of content instead of the 76. For an example just look at page 75/76 and how the content is distributed.
Wow, this looks great, thanks for sharing!<p>You mention this book as targetting pentesters. Do you have any advice on tools or skills to know for a software engineer to transition to a pentesting role?<p>I ask because there are many resources for pentesting, but not any that I have found to reflect what happens in industry.<p>Thank you again!
I looked at the table of contents and I am guessing it has many handy tricks and command line examples of already public tools. Doesn't look like its should be as costly as 19$. Would you like to bring it down to one-digit costs ?
This is great. I have just recently purchased access to a VPN service and also a proxy service and have been learning about SSH tunneling. Can't wait to dig into this.