Open Source cyber security tools:

1. Zeek: https://zeek.org/
Network Security Monitoring
2. ClamAV: https://www.clamav.net/
Antivirus
3. OpenVAS: https://www.openvas.org/
Vulnerability Scanner
4. TheHive: https://lnkd.in/e7aVCRUZ
Incident Response
5. PFSense: https://www.pfsense.org/
Security appliance (firewall/VPN/router)
6. Elastic: https://www.elastic.co/de/
Analytics
7. Osquery: https://www.osquery.io/
Endpoint visibility
8. Arkime: https://arkime.com/
Packet capture and search
9. Wazuh: https://wazuh.com/
XDR and SIEM
10. Alien Vault Ossim: https://lnkd.in/eShQt29h
SIEM
11. Velociraptor: https://lnkd.in/eYehEaNa
Forensic and IR
12. MISP project: https://lnkd.in/emaSrT57
Information sharing and Threat Intelligence
13. Kali: https://www.kali.org/
Security OS
14. Parrot: https://www.parrotsec.org/
Security OS
15. OpenIAM: https://www.openiam.com/
IAM
16. Yara: https://lnkd.in/eEJegEak
Patterns
17. Wireguard: https://www.wireguard.com/
VPN
18. OSSEC: https://www.ossec.net/
HIDS
19. Suricata: https://suricata.io/
IDS/ips
20. Shuffler: https://shuffler.io/
SOAR
21. Phish Report: https://phish.report/
Anti Phishing
22. Graylog: https://lnkd.in/eAFuUmuw
Logmanagement
23. Trivy: https://lnkd.in/e7JxXStY
DevOps/IaC Scanning
24. OpenEDR: https://openedr.com/
EDR
25. Metasploit: https://lnkd.in/e4ECX-py
Pentest
26. NMAP: https://nmap.org/

@Engineer_Computer
@Engineer_Computer

What Is a Red Teamer?
A Red Teamer is a professional who simulates cyberattacks, physical security breaches, or other types of adversarial activity against a company or organization, in order to identify vulnerabilities and weaknesses in their security posture.
Red Teamers typically work alongside Blue Teamers to help them improve their defenses and ensure that they are adequately prepared to prevent and respond to real-world attacks.
Red Teamers use various techniques, such as social engineering, penetration testing, and physical security testing, to simulate attacks and provide feedback on how to improve security.
Their goal is to uncover weaknesses that an attacker might exploit and provide recommendations to address them.
As you probably already understand, red team member is someone, that in simple words, can compromise an organization using a large arsenal that includes many tactics and tools; and when choosing the wrong side, we get highly dangerous individuals.

@Engineer_Computer
@Engineer_Computer

What Job Titles Suite to a Red Teamer?
A red teamer can go through many types of titles and work positions. Given the ideal scenario where a red teamer only uses his/her power to do good, they can go through work jobs such as:
• Red Team OperatorThis one is pretty obvious by the name but nonetheless – A Red Team Operator is responsible for conducting offensive security operations and simulating adversarial attacks on an organization’s infrastructure, applications, and people.This is the more “classic” role for a red teamer, as the use tactics such as social engineering, penetration testing, and other techniques to identify vulnerabilities and weaknesses in an organization’s security landscape.
• Penetration Tester:A Penetration Tester, also known as a “pentester,” is a cybersecurity professional who performs simulated attacks on an organization’s network and applications to identify vulnerabilities and weaknesses that could be exploited by attackers.They use a variety of tools and techniques to simulate real-world attacks and provide detailed reports on their findings.At first glance, it seems that pentester and red teamer is the same position. However, this is not the case. Pentester is mostly focusing on specific software failpoints such as certain apps and services the organization use, while red teamer is in charge of the whole operation and is targeting not only vulnerabilites but also, as mentioned, people, by using social engineering techniques. In addition, red teamer simulate and ongoing attack and not just setting a foot in the victim’s infrastructure, but also in charge of other steps such as lateral movement and data exfiltration.Overall, we can look at red team operator as a more “broad” position than a pentester.
• Security Auditor:A Security Auditor is responsible for reviewing an organization’s security policies, procedures, and controls to ensure that they meet industry standards and regulatory requirements.They may also perform security assessments and audits to identify vulnerabilities and weaknesses in an organization’s security posture, and provide recommendations for improvements.

@Engineer_Computer
@Engineer_Computer

⭕️ RADAR: How DevSecOps is Revolutionizing Security at Snapp

در این مقاله یکی از AppSec Engineer های Snapp به بررسی جزئیات DevSecOps توی اسنپ پرداخته.

به طور خیلی خلاصه فریمورک رادار اسنپ که ترکیب Security Testing در CI/CD هست شامل ابزار های زیر میشه:
1. SAST:‌ semgrep
2. SCA, SBOM: Grype, Syft
3. Secret Detection: Gitleaks
4. IaC: KICS
5. Container Scanning: Trivy
6. DAST: ZAP
7. Vulnerability Management: DefectDojo, OWASP Dependency-Track

مقاله:
https://medium.com/@mohammadkamrani7/radar-how-devsecops-is-revolutionizing-security-at-snapp-5f496fd08e79

#DevSecOps #AppSec #DAST #SAST
@Engineer_Computer

#کتاب Phishing پیرامون موضوع مهندسی اجتماعی
@Engineer_Computer

Offensive security
1. burpgpt - Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type
https://github.com/aress31/burpgpt

2. LDAP shell - AD ACL abuse
https://github.com/PShlyundin/ldap_shell

@Engineer_Computer

DFIR
PowerShell script to help Incident Responders discover adversary persistence mechanisms
https://github.com/joeavanzato/Trawler

@Engineer_Computer

Malware analysis
1. ROKRAT Malware
https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link

2. Decoy Dog Malware
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic

@Engineer_Computer

Heads up, everyone!

CISA has issued an advisory warning of active exploitation of three known vulnerabilities, including CVE-2023-1389 (TP-Link Archer AX-21), CVE-2021-45046 (Apache Log4j2) and CVE-2023-21839 (Oracle WebLogic).
Details: https://thehackernews.com/2023/05/active-exploitation-of-tp-link-apache.html

Critical flaw affecting ME RTU remote terminal units!
CISA has issued an advisory about the security vulnerability tracked as CVE-2023-2131, which has received the highest severity rating of 10.0 on the CVSS scoring system.
Details: https://thehackernews.com/2023/05/cisa-issues-advisory-on-critical-rce.html

@Engineer_Computer

#راهنمای IR جهت تهیه playbook
@Engineer_Computer

🔥 Researchers have developed a new PoC exploit for a critical PaperCut server vulnerability that can bypass all current detections, allowing attackers to execute arbitrary code with SYSTEM privileges.
Learn details here: https://thehackernews.com/2023/05/researchers-uncover-new-exploit-for.html

Cisco has warned of a critical vulnerability (CVE-2023-20126) in SPA112 2-Port Phone Adapters that could allow remote attackers to execute arbitrary code.
Learn more: https://thehackernews.com/2023/05/cisco-warns-of-vulnerability-in-popular.html
Upgrade now to protect your devices!

@Engineer_Computer

‏هوش مصنوعی Bing در دسترس عموم قرار گرفتفقط لازم هست مرورگر اج رو نصب کنید تا تجربه استفاده از GPT-4 رو به صورت رایگان داشته باشید
bing.com‎

@Engineer_Computer