⭕️اگر داخل ایران فورتی وب استفاده میکنید بروزرسانی فوری انجام بدید.
آسیب پذیری RCE که امروز خبر فیکس شدنش منتشر شد, طبق بررسی ها در موتور جستجوی shodan در ایران تارگت های آسیب پذیری با تعداد بالا هنوز وجود دارد.

لینک خبر
#fortinet #fortiweb
@Engineer_Computer

FREE TRAINING ALERT : TCM Security - Practical Ethical Hacking

till Wednesday, April 19th at 11:59 PM EST
We are bringing back our Pay What You Can pricing model for our Practical Ethical Hacking course! Between now and Wednesday, April 19th at 11:59 PM EST, you can pick up our best-selling hacking course for as low as $0.

Should you choose the $0 option, we just ask that you pay it forward later. Gift a course, lend some knowledge, help your fellow peers.

Come learn to hack with us here:

https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course

If miss it, you know where to get it 😅😅

@Engineer_Computer

𝐓𝐡𝐞𝐬𝐞 𝐒𝐤𝐢𝐥𝐥𝐬 𝐜𝐨𝐮𝐥𝐝 𝐞𝐥𝐞𝐯𝐚𝐭𝐞 𝐲𝐨𝐮𝐫 𝐁𝐮𝐠 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐆𝐚𝐦𝐞:-

[+] SQL Injection Attack
[+] Hibernate Query Language Injection
[+] Direct OS Code Injection
[+] XML Entity Injection
[+] Broken Authentication and Session Management
[+] Cross-Site Scripting (XSS)
[+] Insecure Direct Object References
[+] Security Misconfiguration
[+] Sensitive Data Exposure
[+] Cross-Site Request Forgery (CSRF)
[+] Using Components with Known Vulnerabilities
[+] Invalidated Redirects and Forwards
[+] Cross Site Scripting Attacks
[+] Click Jacking Attacks
[+] DNS Cache Poisoning
[+] Cross Site Request Forgery Attacks
[+] Remote Code Execution Attacks
[+] Remote File inclusion
[+] Local file inclusion
[+] Denial of Service Attack
[+] Cookie Eviction
[+] PHPwn
[+] NAT Pinning
[+] XSHM
[+] MitM DNS Rebinding SSL/TLS Wildcards
[+] Improving HTTPS Side Channel Attacks
[+] Side Channel Attacks in SSL
[+] Turning XSS into Clickjacking
[+] Bypassing CSRF protections with ClickJacking
[+] HTTP Parameter Pollution
[+] URL Hijacking
[+] Stroke Jacking
[+] MySQL Stacked Queries with SQL Injection.
[+] Posting Raw XML cross-domain
[+] Attacking HTTPS with Cache Injection
[+] XSS - Track
[+] XSSing Client-Side Dynamic HTML.
[+] Stroke triggered XSS and Stroke Jacking
[+] Lost in Translation
[+] Chronofeit Phishing
[+] Tabnabbing
[+] Cookie Poisoning
[+] SSRF
[+] Bruteforce of PHPSESSID
[+] Cross-Site Port Attacks
[+] CAPTCHA Re-Riding Attack
[+] Arbitrary file access
[+] Blind SQL Injection
[+] Blind XPath Injection
[+] Brute force attack
[+] Buffer overflow attack
[+] Cache Poisoning
[+] Clickjacking
[+] Command injection attacks
[+] Comment Injection Attack
[+] Content Spoofing
[+] Credential stuffing
[+] Cross Frame Scripting
[+] Cross Site History Manipulation (XSHM)
[+] Cross Site Tracing
[+] Cross-Site Request Forgery (CSRF)
[+] Cross Site Port Attack (XSPA)
[+] Cross-Site Scripting (XSS)
[+] Cross-User Defacement
[+] Denial of Service
[+] Direct Dynamic Code Evaluation (‘Eval Injection’)
[+] Execution After Redirect (EAR)
[+] Exploitation of CORS
[+] Forced browsing
[+] Form action hijacking
[+] Full Path Disclosure
[+] Host Header injection
[+] HTTP Response Splitting
[+] HTTP verb tampering
[+] HTML injection
[+] LDAP injection
[+] Log Injection
[+] Man-in-the-browser attack
[+] Man-in-the-middle attack
[+] Mobile code: invoking untrusted mobile code
[+] Mobile code: non-final public field
[+] Mobile code: object hijack
[+] Parameter Delimiter
[+] Page takeover
[+] Path Traversal
[+] Reflected DOM Injection
[+] Regular expression Denial of Service – ReDoS
[+] Server-Side Includes (SSI) Injection
[+] Session hijacking attack
[+] Special Element Injection
[+] SMTP injection
[+] SQL Injection
[+] SSI injection
[+] Web Parameter Tampering
[+] XPATH Injection
[+] XSRF or SSRF
[+] Subdomain

@Engineer_Computer

🔐 URGENT: Google releases out-of-band updates for a new actively exploited zero-day vulnerability (CVE-2023-2033) in Chrome browser.

Read details: https://thehackernews.com/2023/04/google-releases-urgent-chrome-update-to.html

First one addressed this year! Update to version 112.0.5615.121 ASAP!

@Engineer_Computer

GitHub - aboul3la/Sublist3r: Fast subdomains enumeration tool for penetration testers
https://github.com/aboul3la/Sublist3r

@Engineer_Computer

Wazuh 4.4 has been released!

Wazuh is a free, open-source security monitoring and threat detection platform that helps organizations protect their IT environments from cyber threats.

It provides various security capabilities, including log management, file integrity monitoring, intrusion detection, vulnerability detection, and compliance management!

Wazuh 4.4 new support additions are as follows:

• Enhanced security
• Improved performance
• Increased flexibility

More new features: https://lnkd.in/gK5aXJmZ

@Engineer_Computer

#راهنمای شروع شکار تهدیدات با استفاده از #MITRE
@Engineer_Computer

💣 هشدار!

اولین آسیب پذیری 0day مرورگر گوگل در سال 2023

دقایقی پیش، آسیب پذیری با درجه اهمیت بالا و شناسه CVE-2023-2033 گزارش شده توسط Clément Lecigne که مربوط به موتور جاوا اسکریپت این مرورگر محبوب است، باعث شده تا گوگل کاربران را مجبور به بروزرسانی اورژانسی نماید.

گوگل به کاربرانی که از نسخه دسکتاپ مرورگر کروم استفاده می نمایند، تاکید کرده تا به نسخه 112.0.5615.121 بروزرسانی نمایند.
گوگل در حال حاضر جزئیات دقیق حمله و اکسپلویت این آسیب پذیری را منتشر نکرده است اما به استفاده گسترده از این ضعف امنیتی توسط مهاجمان آگاه است.

جزئیات بیشتر: https://bit.ly/CVE-2023-2033
@Engineer_Computer

#راهنمای cyberchef به زبان ساده
@Engineer_Computer

Israeli spyware vendor QuaDream is reportedly shutting down its operations after its REIGN hacking toolset was exposed by Citizen Lab and Microsoft.
Read details: https://thehackernews.com/2023/04/israeli-spyware-vendor-quadream-to-shut.html

@Engineer_Computer

#Report #M_Trends #Mandiant
@Engineer_Computer

Two critical flaws (CVE-2023-29199 / CVE-2023-30547) have been discovered in vm2 JavaScript library that could allow attackers to break out of sandbox protections, potentially leading to RCE attacks.

Read details: https://thehackernews.com/2023/04/critical-flaws-in-vm2-javascript.html

@Engineer_Computer

Iranian govt-linked hackers have been identified as responsible for cyberattacks on critical infrastructure in the United States — targeting energy companies, transit systems, as well as a major utility and gas companies.

Details: https://thehackernews.com/2023/04/iranian-government-backed-hackers.html

@Engineer_Computer

Cloud Security
AWS Security Incident Response Guide: AWS Technical Guide 2022.

@Engineer_Computer

tools
1. Awesome Bug Bounty Tools
https://github.com/vavkamil/awesome-bugbounty-tools
2. Bug Bounty Beginner's Roadmap
https://github.com/bittentech/Bug-Bounty-Beginner-Roadmap

@Engineer_Computer

🔥 Attention IT teams! Critical security flaws have been found in Cisco and VMware products that could allow attackers to execute arbitrary code on affected systems.

Details here: https://thehackernews.com/2023/04/cisco-and-vmware-release-security.html

Make sure to patch your systems immediately.

@Engineer_Computer

#مقاله در خصوص حملات fileless از گروه امنیتی HADESS
@Engineer_Computer

#دورکاری #پاره_وقت #استخدام
@Engineer_Computer