[What security precautions do you take?]

Don't forget, if the government want to watch your traffic, they will just put a tap on the VPN end point. Sure you get it but a lot of people miss that their traffic has to emerge from the VPN somewhere and at that point it becomes visible to anyone who is on the route or can request traffic.

Do you stream movies through the VPN? If so, that is likely to eat up your allotted bandwidth pretty quickly.

[What security precautions do you take?]

You say any network, do you do all these at home as well? VPN and hardware locks as well? If you do VPN all the time, what are you defending against, your ISP? Do you trust the VPN endpoint more than them?

[Open VPN Client for Amazon Firestick]

Unlikely. I'd set the VPN up on an access point and have the firestick connect to that.

[Hacking phone that connect to my wifi]

Are the phones company ones or private? In a few countries it is illegal to monitor private devices even if they are connected to a corporate network as there is an expected level of privacy.

If they are corporate phones then you can get monitoring software to install on the phone but doing this without informing the user is again considered a beach of their privacy even if they signed an agreement.

[TETRA as WiFi proxi?]

If you have the keys, why do you need to forward the traffic on?

[TETRA as WiFi proxi?]

Without the keys you couldn't decrypt any traffic so you might be and to do it but it would be worthless. You would also have the problem of you having to be able to talk to the real AP while stopping the victim from doing it.

The only real situation I see this working in is where you have an open network in a different geographic region that you want traffic going through so you listen in your region, tunnel the traffic to a transmitter in the target thin the then play it out.

[Access Point and default html page]

Honk, wrong answer. We don't teach techniques for illegal activities on these forums.

[Access Point and default html page]

What is it you are trying to achieve once you get this HTML page up?

[CURL PHP Login problem]

Sounds like you are trying to write a password brute forcer for Netflix to me. We don't allow illegal activity on these forums so please, don't ask questions like this.

[GSM hacking]

Some stuff is possible, some stuff isn't and depending on your location, a lot of it is illegal.

There is a lot of published work on weaknesses in things like S7 and GSM. Defcon 19 or 21 had a relatively famous talk on GSM hacking where they had a no mobile phones restriction round the talk area, search their archives and you should find that. It is old but will give you some ideas.

[How to get started in Cyber Security?]

Sounds like a Challenge Anneka or 321 clue if you have to work it out like that.

[How to get started in Cyber Security?]

Are some of your posts done by a bot as this makes no sense at all.

[How to get started in Cyber Security?]

27 minutes ago, r3plic4tor said:

The only thing installing them for yourself will teach you is.......yep!

That is true, it will teach you how to install them which involves understanding dependencies, versioning, using repos such as GitHub or such as PPA, permissions and all sort of other stuff which is really helpful. If you know how to install all the key tools you use then when you pop a shell on a client's network and need to pivot through it you don't have a sudden learning curve.

It also makes you focus on the tools you actually need. If you are going to spend time installing a tool you may as well be installing the correct one for the job, so do some research, work out what will do what you need, then install that, rather than just looking in a pre-selected list of tools other people use and picking one at random because you need something for X and it is in the X category.

You also need to remember that not all tools are Linux based, I use a lot of Windows tools when I'm testing Windows networks, at that point, if all you've learned to use is Kali you are screwed.

In the DVWA support  team we get loads of people asking how to get it working, the vast majority of the time it is because they are missing a really obvious library or have missed setting the permissions on a file. If you can't install the app that you are trying to hack, it doesn't bode well for your changes on actually hacking it.

[How to get started in Cyber Security?]

The recommendation is the same to everyone, learn as much as you can in as many areas as you can and show your enthusiasm for the subject by blogging, tweeting and getting involved.

As for Kali Vs Parrot Vs anything else, they are just Linux distros with pre installed tools. You don't learn Kali, you learn the tools. My recommendation is to pick a standard distro such as Debian, and install the tools yourself. That way you improve you sys admin skills, understand how the tool works and get to pick the tools you want to use rather than fumbling through a raft of them picked by someone else.

[42.zip bomb]

It is only a problem if you do a recursive decompress. Pick a single file and just pull that out, that will be a compressed file. Repeat the process. If you are worried about crashing the computer, create a fixed size drive and mount that so it can't escape beyond it and kill things.

[42.zip bomb]

extract a single file

[42.zip bomb]

The easiest way would be to grab a copy of 42.zip and have a look how it is made:

http://www.unforgettable.dk/

[acceesing network from outside]

That will probably just be a problem with NAT or open ports. Do some research, it's well documented.

[acceesing network from outside]

There is no difference in exploiting a box based on its location, the difference is in post exploitation as you might not have direct access between the boxes. You can stimulate this locally with virtual machines, no need to use internet based hosts.

[acceesing network from outside]

Not everything can be compromised, unless you've installed a deliberately vulnerable versions of software or deliberately configured them with weaknesses. If you have, then get them off the internet now otherwise someone else will compromise them and you'll lose your box.

Why are you wanting to attack something over the internet? What are you trying to achieve with it? Attacking a service is the same regardless of whether it is local or remote and you can very easily build a VM environment to simulate a remote network if you really want to.

[changing header host to view content behind a login]

That has absolutely nothing to do with the original question which was about failure to correctly check authenticated.

I would disagree with them even if we were talking about input validation.

[changing header host to view content behind a login]

What are you talking about? No one mentioned quotes and what is rule 3?

[changing header host to view content behind a login]

The weirdest one like that I've seen was you could put a . in front of the domain name the requests bypassed authentication, ie https://.hak5.org would bypass things, https://hak5.org would get restricted.

Didn't work with any other messing with the host or domain so I suspect a slightly broken regular expression somewhere but could never prove it.

[changing header host to view content behind a login]

Sounds like they've just messed up their vhost configuration and the authentication is only checking on the site.com vhost but the server returns the same content regardless of whatever vhost is requested.

[Is it right to start as a script kitty?]

And it is script KIDDY not kitty.