Forwarded from λ Temple of knowledge 0xff666
[udemy] Kali Linux.rar
946.4 MB
Kali Linux и взлом систем.[Hackers Academy]
#информационная_безопасность
#тестирование_на_проникновение #malware
#информационная_безопасность
#тестирование_на_проникновение #malware
CVE-2022-44268
ImageMagick Arbitrary File Read - Payload Generator.
https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC
#cve
ImageMagick Arbitrary File Read - Payload Generator.
https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC
#cve
👎1
📓 101 Labs – CompTIA Security+.
📌 Download.
#Eng #Security
• This is a brand new course for the latest SY0-601 exam, which was recently launched. It covers all the latest topics, including security attacks, threat types, and protocols. Using free tools and software you configure:• Kali Linux.• SQL Injection Attacks.• Implement IPSEC Site-to-Site VPN.• Using ARP for Network Reconnaissance.• Sniffing Network Attacks Using Wireshark.• Using Password Cracking Tools.• Scripting Using Bash and Python.• FTP Exploits.📌 Download.
#Eng #Security
Ипользование дорков в OSINT.pptx
3.6 MB
В этом докладе:
— Наиболее актуальные дорки для OSINT-расследования;
— Примеры использования сложных запросов.
Позже будет добавлена методология.
— Наиболее актуальные дорки для OSINT-расследования;
— Примеры использования сложных запросов.
Позже будет добавлена методология.
Dorks for OSINT Cheat sheet.pdf
111.1 KB
Шпаргалка для использования дорков.
— Здесь собраны работающие и актуальные дорки.
— В конце шпаргалки представлены ресурсы и статьи для дальнейшего изучения ремесла поиска.
— Сохрани иначе потеряешь ;)
— Здесь собраны работающие и актуальные дорки.
— В конце шпаргалки представлены ресурсы и статьи для дальнейшего изучения ремесла поиска.
— Сохрани иначе потеряешь ;)
Awesome Sentinel
Sentinel's mission satellite imagery are one of the most important info sources for #osint. Here is a list of resources to help make the most from it:
Data Hubs and Mirrors
Search, download and processing tools
Viewers & Portals
https://github.com/kr-stn/awesome-sentinel
Sentinel's mission satellite imagery are one of the most important info sources for #osint. Here is a list of resources to help make the most from it:
Data Hubs and Mirrors
Search, download and processing tools
Viewers & Portals
https://github.com/kr-stn/awesome-sentinel
Test Your XSS Skills Using Vulnerable Sites
https://www.acunetix.com/blog/web-security-zone/test-xss-skills-vulnerable-sites/
https://www.acunetix.com/blog/web-security-zone/test-xss-skills-vulnerable-sites/
Acunetix
Test Your XSS Skills Using Vulnerable Sites | Acunetix
We compiled a Top-10 list of web applications that were intentionally made vulnerable to Cross-site Scripting (XSS). They were created so that you can learn in practice how attackers exploit XSS vulnerabilities by testing your own malicious code.
XSS-Payloads
This repository holds all the list of advanced #XSS #payloads that can be used in penetration testing. These payloads can be loaded into XSS scanners as well.
https://github.com/pgaijin66/XSS-Payloads
This repository holds all the list of advanced #XSS #payloads that can be used in penetration testing. These payloads can be loaded into XSS scanners as well.
https://github.com/pgaijin66/XSS-Payloads
❤2💩1
TLDbrute
A simple utility to generate domain names with all possible TLDs
https://github.com/Sybil-Scan/TLDbrute
A simple utility to generate domain names with all possible TLDs
https://github.com/Sybil-Scan/TLDbrute
❤1👎1
/ Reddit was hacked
Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems..:
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems..:
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
Reddit
From the reddit community on Reddit
Explore this post and more from the reddit community
CVE-2023-0045.zip
13.4 KB
🔥🔥🔥Linux Kernel: Bypassing Spectre-BTI User Space Mitigations(CVE-2023-0045)
The Linux kernel does not correctly mitigate SMT attacks, as discovered through a strange pattern in the kernel API using STIBP as a mitigation, leaving the process exposed for a short period of time after a syscall. The kernel also does not issue an IBPB immediately during the syscall.
The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the
The behavior is only corrected after a reschedule of the task happens. Furthermore, the kernel entrance (due to the syscall itself), does not issue an IBPB in the default scenarios (i.e., when the kernel protects itself via retpoline or eIBRS).
🛡Security patch(Flush IBP in ib_prctl_set())
💥 PoC + writeup
The Linux kernel does not correctly mitigate SMT attacks, as discovered through a strange pattern in the kernel API using STIBP as a mitigation, leaving the process exposed for a short period of time after a syscall. The kernel also does not issue an IBPB immediately during the syscall.
The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the
SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.The behavior is only corrected after a reschedule of the task happens. Furthermore, the kernel entrance (due to the syscall itself), does not issue an IBPB in the default scenarios (i.e., when the kernel protects itself via retpoline or eIBRS).
🛡Security patch(Flush IBP in ib_prctl_set())
💥 PoC + writeup
👍1
收集分享一些AI工具(网站),持续更新
- Galileo AI 用AI设计生成UI设计
- README 生成器 用AI生成完整的GitHub readme
- ChatGPT for StackOverflow 查看 ChatGPT 对 StackOverflow 上每个问题的回复,甚至是未回答的问题
- 周报生成器 简单描述工作内容,帮你生成完整周报
- email-helper AI帮你写邮件
- animeai AI生成漫画风格图片
- autodraw AI辅助绘画
- bearly AI帮助你阅读、创作,撰写,提高你的工作效率
- poe quora出品的对话式AI工具
- latentlabs 根据文本生成 360 度全景图
- invideo 根据文本生成视频
- docuchat 上传文档,AI回答对应的问题
- tweetmonk AI帮你打理社交网络
- image-to-sound-fx 图片转换为相对应的声音内容
- murf AI生成真人演讲视频
- stockimg AI设计图标
- playgroudai 获取AI绘图提示词,帮助你编辑图片
- MetaVoice Studio AI声音编辑平台
- campbell AI生成评语
- penlope AI辅助markdown编辑器
- ChatGPT Detector 判断文本是否是AI生成
- humata 利用AI来分析论文内容
- tosummary 利用AI提取书籍、YouTube视频摘要
#AI #网站
- Galileo AI 用AI设计生成UI设计
- README 生成器 用AI生成完整的GitHub readme
- ChatGPT for StackOverflow 查看 ChatGPT 对 StackOverflow 上每个问题的回复,甚至是未回答的问题
- 周报生成器 简单描述工作内容,帮你生成完整周报
- email-helper AI帮你写邮件
- animeai AI生成漫画风格图片
- autodraw AI辅助绘画
- bearly AI帮助你阅读、创作,撰写,提高你的工作效率
- poe quora出品的对话式AI工具
- latentlabs 根据文本生成 360 度全景图
- invideo 根据文本生成视频
- docuchat 上传文档,AI回答对应的问题
- tweetmonk AI帮你打理社交网络
- image-to-sound-fx 图片转换为相对应的声音内容
- murf AI生成真人演讲视频
- stockimg AI设计图标
- playgroudai 获取AI绘图提示词,帮助你编辑图片
- MetaVoice Studio AI声音编辑平台
- campbell AI生成评语
- penlope AI辅助markdown编辑器
- ChatGPT Detector 判断文本是否是AI生成
- humata 利用AI来分析论文内容
- tosummary 利用AI提取书籍、YouTube视频摘要
#AI #网站
Stitch
Stitch - Design with AI
Stitch generates UIs for mobile and web applications, making design ideation fast and easy.
OFFENSIVE SECURITY & REVERSE ENGINEERING (OSRE) Course
https://github.com/ashemery/exploitation-course
https://github.com/ashemery/exploitation-course
GitHub
GitHub - ashemery/exploitation-course: Offensive Software Exploitation Course
Offensive Software Exploitation Course. Contribute to ashemery/exploitation-course development by creating an account on GitHub.
𝙊𝙋𝙎𝙀𝘾 in Adversary Simulation
Link 🔗:-
https://ristbs.github.io/2023/02/08/your-pocket-guide-to-opsec-in-adversary-emulation.html
Link 🔗:-
https://ristbs.github.io/2023/02/08/your-pocket-guide-to-opsec-in-adversary-emulation.html
ristbs’s blog
Your Pocket Guide to OPSEC in Adversary Emulation
Intro to OPSEC Our Ennemies Offensive Architecture Security Events OPSEC Tips Information Gathering Initial Access Kerberos Attacks Lateral Mouvement Pivoting Tooling & Malwares