Injecting Payload In Phone Numbers field !
#infosec #bugbountytip #cybersecuritytips
@Engineer_Computer
#infosec #bugbountytip #cybersecuritytips
@Engineer_Computer
⚠️ Urgent: A new critical RCE security #vulnerability (CVE-2023-27997) in FortiGate firewalls has been discovered. Update to the latest versions to secure your network against potential remote code execution.
Read details:
https://thehackernews.com/2023/06/critical-rce-flaw-discovered-in.html…
#infosec #cybersecurity
@Engineer_Computer
Read details:
https://thehackernews.com/2023/06/critical-rce-flaw-discovered-in.html…
#infosec #cybersecurity
@Engineer_Computer
Infosec Standards
NIST SP 800-124 r2:
Guidelines for Managing the Security of Mobile Devices in the Enterprise May 2023
-Business Secure Continuity-
1402.03.29
#DiyakoSecureBow
#businessanalyst #infosec #securitymanagement #security #business
@Engineer_Computer
NIST SP 800-124 r2:
Guidelines for Managing the Security of Mobile Devices in the Enterprise May 2023
-Business Secure Continuity-
1402.03.29
#DiyakoSecureBow
#businessanalyst #infosec #securitymanagement #security #business
@Engineer_Computer
#DiyakoSecureBow
Analytics
2023 Data Breach Investigations Report:
Hello, and welcome first-time readers! Before you get started on the 2023 Data Breach Investigations Report (DBIR), it might be a good idea to take a look at this section first. (For those of you who are familiar with the report, please feel free to jump over to the introduction.) We have been doing this report for a while now, and we appreciate that the verbiage we use can be a bit obtuse at times. We use very deliberate naming conventions, terms and definitions and spend a lot of time making sure we are consistent throughout the report. Hopefully this section will help make all of those more familia
Breaking the string of end-of-year InfoSec milestones set in 2020 with SolarWinds Orion and in 2021
by Log4j, December 2022 was comparatively boring. Intelligence indicated several threat actors were abusing Microsoft developer accounts to get malicious drivers signed through their profiles to be used
in cyberattacks, including ransomware incidents and SIM swapping operations. The streak of months with attacks exploiting zero-day vulnerabilities was extended with reports of successful attacks on Microsoft, Apple, Fortinet and Citrix products. OWASSRF is a new attack chain exploiting on-premises Exchange Servers using the URL rewrite mitigations provided by Microsoft responding to September’s ProxyNotShell attack chain. The Play ransomware threat actors had exploited OWASSRF to attack at least eight victims. Among the best intelligence collections was a virtual order of battle of TA subordinate to Bureau 121 in the Reconnaissance General Bureau (RGB), North Korea’s military intelligence agency.
Special thanks to Dave Kennedy of the Verizon Threat Research Advisory Center (VTRAC) for his continued support and yearly contribution to this report.
#developerslife #data #research #infosec #help #intelligence #military #analytics #microsoft
@Engineer_Computer
Analytics
2023 Data Breach Investigations Report:
Hello, and welcome first-time readers! Before you get started on the 2023 Data Breach Investigations Report (DBIR), it might be a good idea to take a look at this section first. (For those of you who are familiar with the report, please feel free to jump over to the introduction.) We have been doing this report for a while now, and we appreciate that the verbiage we use can be a bit obtuse at times. We use very deliberate naming conventions, terms and definitions and spend a lot of time making sure we are consistent throughout the report. Hopefully this section will help make all of those more familia
Breaking the string of end-of-year InfoSec milestones set in 2020 with SolarWinds Orion and in 2021
by Log4j, December 2022 was comparatively boring. Intelligence indicated several threat actors were abusing Microsoft developer accounts to get malicious drivers signed through their profiles to be used
in cyberattacks, including ransomware incidents and SIM swapping operations. The streak of months with attacks exploiting zero-day vulnerabilities was extended with reports of successful attacks on Microsoft, Apple, Fortinet and Citrix products. OWASSRF is a new attack chain exploiting on-premises Exchange Servers using the URL rewrite mitigations provided by Microsoft responding to September’s ProxyNotShell attack chain. The Play ransomware threat actors had exploited OWASSRF to attack at least eight victims. Among the best intelligence collections was a virtual order of battle of TA subordinate to Bureau 121 in the Reconnaissance General Bureau (RGB), North Korea’s military intelligence agency.
Special thanks to Dave Kennedy of the Verizon Threat Research Advisory Center (VTRAC) for his continued support and yearly contribution to this report.
#developerslife #data #research #infosec #help #intelligence #military #analytics #microsoft
@Engineer_Computer
⭕️ The #ASIS #CTF Final 2023 is set for December 29-30! 🗓️ Calling all CTFers to join in for an epic showdown and compete against each other in the last CTF of the year!
asisctf.com
💻🏆 #ASISCTF #CTF2023 #CaptureTheFlag #InfoSec
https://twitter.com/ASIS_CTF/status/1737872564372885928?t=ZpU8ITLKi2erAfRB2-tjCQ&s=19
@Engineer_Computer
asisctf.com
💻🏆 #ASISCTF #CTF2023 #CaptureTheFlag #InfoSec
https://twitter.com/ASIS_CTF/status/1737872564372885928?t=ZpU8ITLKi2erAfRB2-tjCQ&s=19
@Engineer_Computer
JShunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for developers and security researchers.
#infosec #cybersecurity #bugbounty #pentest #bugbountyTips #bugbountyTools
Please open Telegram to view this post
VIEW IN TELEGRAM
THE BEST SOC ANALYST TOOLS.pdf
3.4 MB
ابزار های مهم برای SOC
#infosec #cybersecurity #SOC #pentest #SOCTools
Please open Telegram to view this post
VIEW IN TELEGRAM
🎉1
State of Physical Security 2025.pdf
8.9 MB
Strategizing, planning, and investing wisely
The integration of artificial intelligence (AI) into physical security systems is promising development and one end users are eager to explore (10% did in 2024 and 37% plan to in 2025)
Analytics and Al techniques will continue to usher in new possibilities, allowing businesses to capitalize on existing physical security data, infrastructure, and sensors to automate mundane tasks and drive higher levels of operational efficiency company-wide.
#infosec #cybersecurity #SOC #pentest #SOCTools
Please open Telegram to view this post
VIEW IN TELEGRAM
👍1
🚀 We’re Hiring Cybersecurity Interns! Launch Your Career with Us 🚀
Are you passionate about cybersecurity and eager to learn in a real-world environment? We’re looking for driven interns who want to grow their skills and make an impact.
What We’re Looking For:
🔹 Basic Linux skills – Comfortable using the terminal, basic shell commands, and understanding file permissions
🔹 Web security fundamentals – Awareness of OWASP Top 10, HTTP/HTTPS, and common web vulnerabilities
🔹 Networking basics – Understanding TCP/IP, DNS, ports, firewalls, and proxies
🔹 Familiarity with security tools like Nmap, Wireshark, or Burp Suite
🔹 Analytical mindset – Love solving problems and reverse-engineering challenges
🔹 Self-motivated learner – Willing to learn independently and absorb new concepts quickly
🔹 Strong communicator – Able to document findings clearly and work well in a team
Internship begins on July 1st, 2025.
Location: Remote
Duration: 3 months
Opportunity to convert to a full-time employee after successful completion of the internship.
Who Can Apply:
🎓 3rd and 4th year engineering students
🎓 Students from BSc, BCA and BBA backgrounds with computer knowledge
🎓 Freshers interested in cybersecurity
If you’re ready to step into the world of cybersecurity, develop hands-on technical skills, and collaborate with passionate professionals, we want to hear from you!
Apply now and take the first step toward your cybersecurity career.
Contact us at: one@fncyber
#Cybersecurity #Internship #Hiring #Linux #Networking #WebSecurity #CareerStart #InfoSec #JoinOurTeam #fnCyber
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Are you passionate about cybersecurity and eager to learn in a real-world environment? We’re looking for driven interns who want to grow their skills and make an impact.
What We’re Looking For:
🔹 Basic Linux skills – Comfortable using the terminal, basic shell commands, and understanding file permissions
🔹 Web security fundamentals – Awareness of OWASP Top 10, HTTP/HTTPS, and common web vulnerabilities
🔹 Networking basics – Understanding TCP/IP, DNS, ports, firewalls, and proxies
🔹 Familiarity with security tools like Nmap, Wireshark, or Burp Suite
🔹 Analytical mindset – Love solving problems and reverse-engineering challenges
🔹 Self-motivated learner – Willing to learn independently and absorb new concepts quickly
🔹 Strong communicator – Able to document findings clearly and work well in a team
Internship begins on July 1st, 2025.
Location: Remote
Duration: 3 months
Opportunity to convert to a full-time employee after successful completion of the internship.
Who Can Apply:
🎓 3rd and 4th year engineering students
🎓 Students from BSc, BCA and BBA backgrounds with computer knowledge
🎓 Freshers interested in cybersecurity
If you’re ready to step into the world of cybersecurity, develop hands-on technical skills, and collaborate with passionate professionals, we want to hear from you!
Apply now and take the first step toward your cybersecurity career.
Contact us at: one@fncyber
#Cybersecurity #Internship #Hiring #Linux #Networking #WebSecurity #CareerStart #InfoSec #JoinOurTeam #fnCyber
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1🔥1🤩1🗿1
🚨 We're Hiring: Security Consultant (Penetration Testing)
📍 Location: Bangalore
💼 Work Mode: Hybrid
🛡 Experience Level: 3–5 years
Are you passionate about cybersecurity and penetration testing? Join our team as a Security Consultant, where you'll lead hands-on engagements, work with global and regulated industry clients, and play a key role in strengthening their security posture.
🔍 What You'll Do:
> Lead network, application, API, and cloud penetration testing
> Conduct Red & Purple Team assessments
> Identify vulnerabilities and provide expert remediation guidance
> Collaborate with clients and internal teams to deliver actionable security insights
> Mentor junior team members and contribute to research & tool development
🛠 What We're Looking For:
> 3–5 years of hands-on pen testing experience
> Strong scripting and problem-solving skills
> Certifications like OSCP, GPEN, GWAPT, GXPN, CREST (preferred)
> Excellent communication and project leadership skills
> Experience with Cobalt Strike is a plus
If you're self-driven, detail-oriented, and thrive in a collaborative and fast-paced environment, we want to hear from you!
🔗 Scan the below QR code and apply now or DM us to learn more.
Let’s build a safer digital world together.
#CyberSecurityJobs #PenetrationTesting #InfoSec #SecurityConsultant #Hiring #RedTeam #PurpleTeam #OSCP #InfosecCareers
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
📍 Location: Bangalore
💼 Work Mode: Hybrid
🛡 Experience Level: 3–5 years
Are you passionate about cybersecurity and penetration testing? Join our team as a Security Consultant, where you'll lead hands-on engagements, work with global and regulated industry clients, and play a key role in strengthening their security posture.
🔍 What You'll Do:
> Lead network, application, API, and cloud penetration testing
> Conduct Red & Purple Team assessments
> Identify vulnerabilities and provide expert remediation guidance
> Collaborate with clients and internal teams to deliver actionable security insights
> Mentor junior team members and contribute to research & tool development
🛠 What We're Looking For:
> 3–5 years of hands-on pen testing experience
> Strong scripting and problem-solving skills
> Certifications like OSCP, GPEN, GWAPT, GXPN, CREST (preferred)
> Excellent communication and project leadership skills
> Experience with Cobalt Strike is a plus
If you're self-driven, detail-oriented, and thrive in a collaborative and fast-paced environment, we want to hear from you!
🔗 Scan the below QR code and apply now or DM us to learn more.
Let’s build a safer digital world together.
#CyberSecurityJobs #PenetrationTesting #InfoSec #SecurityConsultant #Hiring #RedTeam #PurpleTeam #OSCP #InfosecCareers
Please open Telegram to view this post
VIEW IN TELEGRAM
بعضیها رسماً به مرحلهای رسیدن که دارن «چیزهای رایگان» رو هم میفروشن!
این روزها نسخه آماده #Nessus از طریق #Docker رایگان و در دسترس همهست… ولی دیدم بعضیها همین رو بستهبندی کردن و با قیمت بالا میدن به ملت 🤦♂️
هیچ جادوی خاصی پشتش نیست، فقط یک docker pull سادهست!
واقعاً حیفه که وقت و پول مردم صرف چیزی بشه که با یک خط دستور میشه آورد بالا.
📂 لینک نسخه آماده روی Docker Hub:
https://hub.docker.com/r/sakurashiro/nessus
#nessus #docker #vulnerability_assessment #cybersecurity #infosec #soc #securitytools #redteam #blueteam #hide01
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
این روزها نسخه آماده #Nessus از طریق #Docker رایگان و در دسترس همهست… ولی دیدم بعضیها همین رو بستهبندی کردن و با قیمت بالا میدن به ملت 🤦♂️
هیچ جادوی خاصی پشتش نیست، فقط یک docker pull سادهست!
واقعاً حیفه که وقت و پول مردم صرف چیزی بشه که با یک خط دستور میشه آورد بالا.
📂 لینک نسخه آماده روی Docker Hub:
https://hub.docker.com/r/sakurashiro/nessus
#nessus #docker #vulnerability_assessment #cybersecurity #infosec #soc #securitytools #redteam #blueteam #hide01
Please open Telegram to view this post
VIEW IN TELEGRAM
❤3👍3👏1🕊1
از کجا امنیت سایبری را در سازمان آغاز کنیم؟
بزرگترین اشتباه: شروع مستقیم با ISO 27001 یا مدلهای بلوغ سنگین مثل C2M2.
نتیجه؟ هزینه بالا، کاغذبازی زیاد، و در نهایت بهبود واقعیِ اندک.
رویکرد هوشمندانه: شروع با استانداردهایی که مخصوص منابع محدود طراحی شدهاند.
سه گام مؤثر و عملی:
1️⃣ NIST CSF 2.0 – Small Business Quick-Start Guide
برای ساخت «چارچوب مدیریت ریسک» و زبان مشترک امنیت.
2️⃣ CISA Cybersecurity Performance Goals (CPGs)
برای تعیین مجموعهای از کنترلهای اولویتدار با بیشترین تأثیر.
3️⃣ CIS Controls IG1
برای استقرار حداقل سطح دفاع پایه (Essential Cyber Hygiene).
این سه مورد، پایه واقعی امنیت را میسازند؛
گواهینامهها و استانداردهای سنگین را وقتی سراغشان بروید که بلوغ کافی ایجاد شده باشد.
نظر شما چیست؟
آیا استانداردهای بزرگ برای تیم کوچک، در شروع مسیر، ضربهزننده نیستند؟
#CyberSecurity #InfoSec #SmallBusiness #NISTCSF #CISControls #CISA #SecurityRoadmap
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
بزرگترین اشتباه: شروع مستقیم با ISO 27001 یا مدلهای بلوغ سنگین مثل C2M2.
نتیجه؟ هزینه بالا، کاغذبازی زیاد، و در نهایت بهبود واقعیِ اندک.
رویکرد هوشمندانه: شروع با استانداردهایی که مخصوص منابع محدود طراحی شدهاند.
سه گام مؤثر و عملی:
1️⃣ NIST CSF 2.0 – Small Business Quick-Start Guide
برای ساخت «چارچوب مدیریت ریسک» و زبان مشترک امنیت.
2️⃣ CISA Cybersecurity Performance Goals (CPGs)
برای تعیین مجموعهای از کنترلهای اولویتدار با بیشترین تأثیر.
3️⃣ CIS Controls IG1
برای استقرار حداقل سطح دفاع پایه (Essential Cyber Hygiene).
این سه مورد، پایه واقعی امنیت را میسازند؛
گواهینامهها و استانداردهای سنگین را وقتی سراغشان بروید که بلوغ کافی ایجاد شده باشد.
نظر شما چیست؟
آیا استانداردهای بزرگ برای تیم کوچک، در شروع مسیر، ضربهزننده نیستند؟
#CyberSecurity #InfoSec #SmallBusiness #NISTCSF #CISControls #CISA #SecurityRoadmap
Please open Telegram to view this post
VIEW IN TELEGRAM
❤3❤🔥1👍1🔥1
وقتی یک باتنت رکورد میشکنه: ۲۹.۷ ترابیت بر ثانیه!
اگر فکر میکنین حملات DDoS دیگه خبرساز نمیشن، این آمار Cloudflare نظرتون رو عوض میکنه:
باتنت Aisuru در Q3-2025 موفق شد:
حملات DDoS با پیک ≈29.7 Tbps و ≈14.1 Bpps بسازه
بین 1 تا 4 میلیون دستگاه IoT رو به ارتش زامبی خودش تبدیل کنه
بیش از 1,300 حمله hyper-volumetric رو در یک فصل اجرا کنه
تکنیک جالبش چی بود؟ UDP carpet-bombing - همزمان هزاران پورت رو بمباران میکنه و با randomization توی packet attributes از فیلترها فرار میکنه. یک نوع "حملهای که قابل پیشبینی نیست" طراحی شده.
چرا این مهمه؟ دستگاههای IoT همچنان ضعیفترین حلقه زنجیره امنیت سایبری هستن. از دوربینهای مداربسته گرفته تا روترهای خانگی - هر دستگاه متصل به اینترنت که امنیتش نادیده گرفته بشه، میتونه بخشی از یک سلاح سایبری بشه.
حالا سوال اینجاست: اگر یک باتنت میتونه با 1-4 میلیون دستگاه IoT چنین قدرت ویرانگری داشته باشه، وقتی تعداد دستگاههای متصل به اینترنت تا سال 2030 به بیش از 29 میلیارد میرسه، چه انتظاری باید از نسل بعدی حملات داشته باشیم؟ 🤔
#Cybersecurity #DDoS #Cloudflare #NetworkSecurity #InfoSec
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
اگر فکر میکنین حملات DDoS دیگه خبرساز نمیشن، این آمار Cloudflare نظرتون رو عوض میکنه:
باتنت Aisuru در Q3-2025 موفق شد:
حملات DDoS با پیک ≈29.7 Tbps و ≈14.1 Bpps بسازه
بین 1 تا 4 میلیون دستگاه IoT رو به ارتش زامبی خودش تبدیل کنه
بیش از 1,300 حمله hyper-volumetric رو در یک فصل اجرا کنه
تکنیک جالبش چی بود؟ UDP carpet-bombing - همزمان هزاران پورت رو بمباران میکنه و با randomization توی packet attributes از فیلترها فرار میکنه. یک نوع "حملهای که قابل پیشبینی نیست" طراحی شده.
چرا این مهمه؟ دستگاههای IoT همچنان ضعیفترین حلقه زنجیره امنیت سایبری هستن. از دوربینهای مداربسته گرفته تا روترهای خانگی - هر دستگاه متصل به اینترنت که امنیتش نادیده گرفته بشه، میتونه بخشی از یک سلاح سایبری بشه.
حالا سوال اینجاست: اگر یک باتنت میتونه با 1-4 میلیون دستگاه IoT چنین قدرت ویرانگری داشته باشه، وقتی تعداد دستگاههای متصل به اینترنت تا سال 2030 به بیش از 29 میلیارد میرسه، چه انتظاری باید از نسل بعدی حملات داشته باشیم؟ 🤔
#Cybersecurity #DDoS #Cloudflare #NetworkSecurity #InfoSec
Please open Telegram to view this post
VIEW IN TELEGRAM
❤🔥3❤1👍1👏1