🔸Windows Internals Crash Course by Duncan Ogilvie the creator and maintainer ofx64dbg
ویدیو دوره ویندوز اینترنالز توسط Duncan Ogilvie نویسنده دیباگر x64dbg
دانلود به صورت مستقیم به همراه زیرنویس انگلیسی و فایل های اسلاید و متریال
@Engineer_Computer
ویدیو دوره ویندوز اینترنالز توسط Duncan Ogilvie نویسنده دیباگر x64dbg
دانلود به صورت مستقیم به همراه زیرنویس انگلیسی و فایل های اسلاید و متریال
@Engineer_Computer
⭕️معرفی Root EPP Server قلب مدیریت دامنههای اینترنتی
در اصل Root EPP Server یک سرور مرکزی هستش که تو ساختار مدیریت دامنههای اینترنتی نقش حیاتی ای داره. این سرور مسئولیت برقراری ارتباط با سایر سرورهای EPP دامنه و ارسال دستورات مدیریتی به آنها رو بر عهده داره. EPP به معنای Extensible Provisioning Protocol است و یک پروتکل استاندارد برای مدیریت دامنه هاست که توسط سازمان ICANN تعریف شده
اینجا سرورهای Root EPP مسئول دریافت و پردازش درخواستهای مختلف مربوط به دامنهها هستند. این درخواستها میتوانند شامل ثبت، تمدید، انتقال و حذف دامنه باشن. علاوه بر این سرورها نیز نقش اساسی در توزیع اطلاعات مربوط به دامنهها و مدیریت نسخههای مختلف دیتابیس دامنه، که به عنوان Root Zone Database شناخته میشود دارن و فقط رجیسترها و ریسلرهای مجاز دارای دسترسی به Root EPP Server هستند. جهت دسترسی به این سرور و ارسال دستورات مدیریتی، معمولاً از طریق رابط کاربری (API) یا ابزارهای مدیریتی خاصی که توسط ICANN یا رجیسترهای معتبر ارائه میشوند، اقدام میشود.
اهمیت Root EPP Server در مدیریت دامنههای اینترنتی بسیار بزرگ است. این سرورها نه تنها امکانات لازم برای انجام عملیات مدیریتی را فراهم میکنند، بلکه نقش کلیدی در حفظ امنیت و پایداری ساختار دامنههای اینترنتی دارند.
در این مقاله بر خلاف هک کردن ccTLD ها از طریق تنظیمات نادرست DNS، محقق با تمرکز بر طریق آسیبپذیریهایی که بر پروتکلهای زیرساختی و برنامههای وبی که رجیستر ها در اینترنت استفاده میکنن سعی کرده کنترل تمامی zone ها را بر عهده بگیرد:
https://hackcompute.com/hacking-epp-servers/
#web_security #network #XXE
@Engineer_Computer
در اصل Root EPP Server یک سرور مرکزی هستش که تو ساختار مدیریت دامنههای اینترنتی نقش حیاتی ای داره. این سرور مسئولیت برقراری ارتباط با سایر سرورهای EPP دامنه و ارسال دستورات مدیریتی به آنها رو بر عهده داره. EPP به معنای Extensible Provisioning Protocol است و یک پروتکل استاندارد برای مدیریت دامنه هاست که توسط سازمان ICANN تعریف شده
اینجا سرورهای Root EPP مسئول دریافت و پردازش درخواستهای مختلف مربوط به دامنهها هستند. این درخواستها میتوانند شامل ثبت، تمدید، انتقال و حذف دامنه باشن. علاوه بر این سرورها نیز نقش اساسی در توزیع اطلاعات مربوط به دامنهها و مدیریت نسخههای مختلف دیتابیس دامنه، که به عنوان Root Zone Database شناخته میشود دارن و فقط رجیسترها و ریسلرهای مجاز دارای دسترسی به Root EPP Server هستند. جهت دسترسی به این سرور و ارسال دستورات مدیریتی، معمولاً از طریق رابط کاربری (API) یا ابزارهای مدیریتی خاصی که توسط ICANN یا رجیسترهای معتبر ارائه میشوند، اقدام میشود.
اهمیت Root EPP Server در مدیریت دامنههای اینترنتی بسیار بزرگ است. این سرورها نه تنها امکانات لازم برای انجام عملیات مدیریتی را فراهم میکنند، بلکه نقش کلیدی در حفظ امنیت و پایداری ساختار دامنههای اینترنتی دارند.
در این مقاله بر خلاف هک کردن ccTLD ها از طریق تنظیمات نادرست DNS، محقق با تمرکز بر طریق آسیبپذیریهایی که بر پروتکلهای زیرساختی و برنامههای وبی که رجیستر ها در اینترنت استفاده میکنن سعی کرده کنترل تمامی zone ها را بر عهده بگیرد:
https://hackcompute.com/hacking-epp-servers/
#web_security #network #XXE
@Engineer_Computer
hackcompute
can I speak to your manager? hacking root EPP servers to take control of zones
Finding vulnerabilities in global domain infrastructure to take control of ccTLD zones. Vulnerabilities in EPP
⭕ Reversing Citrix Gateway for XSS
تو این مقاله از assetnote به ریورس کردن باینری critix gateway و پیدا کردن یه crlf injection پرداخته میشه که منجر به یه pre-auth xss میشه
https://blog.assetnote.io/2023/06/29/binary-reversing-citrix-xss/
#XSS #ghidra #research
@Engineer_Computer
تو این مقاله از assetnote به ریورس کردن باینری critix gateway و پیدا کردن یه crlf injection پرداخته میشه که منجر به یه pre-auth xss میشه
https://blog.assetnote.io/2023/06/29/binary-reversing-citrix-xss/
#XSS #ghidra #research
@Engineer_Computer
⚡️ Urgent security alert! Fortinet has released urgent updates to fix a critical vulnerability (CVE-2023-33299) in FortiNAC, exposing networks to arbitrary code execution.
Learn more: https://thehackernews.com/2023/06/new-fortinets-fortinac-vulnerability.html
Critical SQL injection vulnerabilities found in Gentoo Soko! Exploiting these flaws could lead to remote code execution (RCE) on affected systems.
Discover the details: https://thehackernews.com/2023/06/critical-sql-injection-flaws-expose.html
@Engineer_Computer
Learn more: https://thehackernews.com/2023/06/new-fortinets-fortinac-vulnerability.html
Critical SQL injection vulnerabilities found in Gentoo Soko! Exploiting these flaws could lead to remote code execution (RCE) on affected systems.
Discover the details: https://thehackernews.com/2023/06/critical-sql-injection-flaws-expose.html
@Engineer_Computer
💠 5 Ways I Bypassed Your Web Application Firewall (WAF)
🔗 https://hacklido.com/blog/504-5-ways-i-bypassed-your-web-application-firewall-waf
@Engineer_Computer
🔗 https://hacklido.com/blog/504-5-ways-i-bypassed-your-web-application-firewall-waf
@Engineer_Computer
HACKLIDO
5 Ways I Bypassed Your Web Application Firewall (WAF)
Introduction This article will explain the tools and techniques used by web application penetration testers and security researchers to successfully bypass...
tools
Offensive_security
1. ReconFTW - tool to perform automated recon on a target domain
https://github.com/six2dez/reconftw
]-> Exposing hidden risks through ACLs in AD:
https://labs.lares.com/securing-active-directory-via-acls
2. Scraping Kit - tool for scraping services for keywords, useful for initial enumeration of Domain Controllers
https://github.com/LaresLLC/ScrapingKit
@Engineer_Computer
Offensive_security
1. ReconFTW - tool to perform automated recon on a target domain
https://github.com/six2dez/reconftw
]-> Exposing hidden risks through ACLs in AD:
https://labs.lares.com/securing-active-directory-via-acls
2. Scraping Kit - tool for scraping services for keywords, useful for initial enumeration of Domain Controllers
https://github.com/LaresLLC/ScrapingKit
@Engineer_Computer
GitHub
GitHub - six2dez/reconftw: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of…
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities - six2dez/reconftw
AWS DeepRacer Student
Learn machine learning, win prizes by racing with students globally, and complete your application to the AWS AI & ML Scholarship program
https://student.deepracer.com
@Engineer_Computer
Learn machine learning, win prizes by racing with students globally, and complete your application to the AWS AI & ML Scholarship program
https://student.deepracer.com
@Engineer_Computer
Deepracer
DeepRacer Student League
DeepRacer Lite
Offensivesecurity
Obfuscated LSASS dump command:
A quick walkthrough for a obfuscated PowerShell LSASS dump command via comsvcs.dll
https://badoption.eu/blog/2023/06/21/dumpit.html
]-> https://github.com/powerseb/PowerExtract
@Engineer_Computer
Obfuscated LSASS dump command:
A quick walkthrough for a obfuscated PowerShell LSASS dump command via comsvcs.dll
https://badoption.eu/blog/2023/06/21/dumpit.html
]-> https://github.com/powerseb/PowerExtract
@Engineer_Computer
BadOption.eu
Obfuscated LSASS dump command
Obfuscated LSASS dumper command A quick walkthrough for a obfuscated PowerShell LSASS dump command via comsvcs.dll. tl;dr Malicious command detection for PowerShell is not easy. Pretty hard to tell, what the following command is going to do, huh? &$env:?…
exploit
1.CVE-2022-31696:
VMWare ESXI TCP Socket Keepalive Type Confusion LPE
https://www.zerodayinitiative.com/blog/2023/6/21/cve-2022-31696-an-analysis-of-a-vmware-esxi-tcp-socket-keepalive-type-confusion-lpe
2.FortiNAC - Just a few more RCEs
https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
@Engineer_Computer
1.CVE-2022-31696:
VMWare ESXI TCP Socket Keepalive Type Confusion LPE
https://www.zerodayinitiative.com/blog/2023/6/21/cve-2022-31696-an-analysis-of-a-vmware-esxi-tcp-socket-keepalive-type-confusion-lpe
2.FortiNAC - Just a few more RCEs
https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
@Engineer_Computer
Zero Day Initiative
Zero Day Initiative — CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE
Interestingly, in 2012, the Linux kernel fixed a very similar issue in the handling of RAW sockets - CVE-2012-6657 Kernel: net: guard tcp_set_keepalive against crash :
Offensive security
1. Primary Group Behavior, Reporting and Exploitation
https://www.hub.trimarcsecurity.com/post/primary-group-behavior-reporting-and-exploitation
2. Finding DNS vulnerabilities with Burp Suite
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite
@Engineer_Computer
1. Primary Group Behavior, Reporting and Exploitation
https://www.hub.trimarcsecurity.com/post/primary-group-behavior-reporting-and-exploitation
2. Finding DNS vulnerabilities with Burp Suite
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite
@Engineer_Computer
Trimarc Content Hub
Primary Group Behavior, Reporting and Exploitation
IntroductionIf you’ve administered Active Directory (AD) for any significant time, chances are you’ve come across the primaryGroupID attribute. Originally developed as a method for AD to support POSIX-compliant applications, the attribute has been better…
tools
Malware analysis
Hiding VMware virtual machines from malware
https://github.com/d4rksystem/VMwareCloak
@Engineer_Computer
Malware analysis
Hiding VMware virtual machines from malware
https://github.com/d4rksystem/VMwareCloak
@Engineer_Computer
GitHub
GitHub - d4rksystem/VMwareCloak: A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from…
A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analysis. - d4rksystem/VMwareCloak
awesome-symbolic-execution
Public
A curated list of awesome symbolic execution resources including essential research papers, lectures, videos, and tools.
https://github.com/ksluckow/awesome-symbolic-execution
@Engineer_Computer
Public
A curated list of awesome symbolic execution resources including essential research papers, lectures, videos, and tools.
https://github.com/ksluckow/awesome-symbolic-execution
@Engineer_Computer
GitHub
GitHub - ksluckow/awesome-symbolic-execution: A curated list of awesome symbolic execution resources including essential research…
A curated list of awesome symbolic execution resources including essential research papers, lectures, videos, and tools. - ksluckow/awesome-symbolic-execution
Strategic IT Asset Management (ITAM) Software
Ivanti Neurons for ITAM consolidates your IT asset data and lets you track, configure, optimize and strategically manage your assets through their full lifecycle. The solution's configurable design helps you define and follow your own workflows or implement out-of-the-box processes.
https://youtu.be/plo-Pk0qp2M
https://www.ivanti.com/products/ivanti-neurons-itam
@Engineer_Computer
Ivanti Neurons for ITAM consolidates your IT asset data and lets you track, configure, optimize and strategically manage your assets through their full lifecycle. The solution's configurable design helps you define and follow your own workflows or implement out-of-the-box processes.
https://youtu.be/plo-Pk0qp2M
https://www.ivanti.com/products/ivanti-neurons-itam
@Engineer_Computer
YouTube
Ivanti Neurons for ITAM in 140 seconds | Product Demo Overview: Using ITAM strategically
Learn more: https://www.ivanti.com/lp/itam/assets/s3/ivanti-neurons-for-itam?utm_source=Youtube&utm_medium=social&utm_campaign=2022-Global-Organic-Social-Youtube&utm_content=Youtube-links&elqCampaignId=2881
With Ivanti Neurons for ITAM, you gain comprehensive…
With Ivanti Neurons for ITAM, you gain comprehensive…
Zabbix Certified Specialist (ZCS)
You’ll learn how to deploy, configure, and maintain a Zabbix instance from scratch. You’ll also obtain practical knowledge required for configuring monitoring endpoints, learn a variety of metric collection and problem detection techniques, and become familiar with a variety of monitoring concepts.
Products covered
Zabbix 6.0
Format
Up to 12 students
Duration
5 days
Course requirements
None
Recommended skills
Basic experience in Linux operating systems
Next level
Zabbix Certified Professional
Level 3
Previous level
Zabbix Certified User
Level 1
https://www.zabbix.com/training_specialist
@Engineer_Computer
You’ll learn how to deploy, configure, and maintain a Zabbix instance from scratch. You’ll also obtain practical knowledge required for configuring monitoring endpoints, learn a variety of metric collection and problem detection techniques, and become familiar with a variety of monitoring concepts.
Products covered
Zabbix 6.0
Format
Up to 12 students
Duration
5 days
Course requirements
None
Recommended skills
Basic experience in Linux operating systems
Next level
Zabbix Certified Professional
Level 3
Previous level
Zabbix Certified User
Level 1
https://www.zabbix.com/training_specialist
@Engineer_Computer
Zabbix
Zabbix Certified Professional (ZCP)
Upgrade your skills and solve advanced monitoring issues with Zabbix Certified Professional training.
Iranian state-sponsored group, MuddyWater, deploys new PhonyC2 framework in targeted cyber attacks. New findings reveal connections to Technion breach and ongoing PaperCut server exploitation.
Details: https://thehackernews.com/2023/06/from-muddyc3-to-phonyc2-irans.html
Beware of proxyjacking! Vulnerable SSH servers are under attack in a financially motivated campaign, covertly ensnaring them into a proxy network.
Read details: https://thehackernews.com/2023/06/cybercriminals-hijacking-vulnerable-ssh.html
Discover how threat actors exploit unused bandwidth to run services and monetize it.
@Engineer_Computer
Details: https://thehackernews.com/2023/06/from-muddyc3-to-phonyc2-irans.html
Beware of proxyjacking! Vulnerable SSH servers are under attack in a financially motivated campaign, covertly ensnaring them into a proxy network.
Read details: https://thehackernews.com/2023/06/cybercriminals-hijacking-vulnerable-ssh.html
Discover how threat actors exploit unused bandwidth to run services and monetize it.
@Engineer_Computer
⚡ Attention all software developers and programmers! MITRE's Top 25 list of dangerous software weaknesses for 2023 is here.
Discover the crucial mistakes to avoid early in your product development process:
https://thehackernews.com/2023/06/mitre-unveils-top-25-most-dangerous.html
Build secure software from the ground up!
💪 WhatsApp rolls out an upgrade to its proxy feature! Share more than just texts - a step towards countering internet 🚫 censorship.
Learn more: https://thehackernews.com/2023/06/whatsapp-upgrades-proxy-feature-against.html
@Engineer_Computer
Discover the crucial mistakes to avoid early in your product development process:
https://thehackernews.com/2023/06/mitre-unveils-top-25-most-dangerous.html
Build secure software from the ground up!
💪 WhatsApp rolls out an upgrade to its proxy feature! Share more than just texts - a step towards countering internet 🚫 censorship.
Learn more: https://thehackernews.com/2023/06/whatsapp-upgrades-proxy-feature-against.html
@Engineer_Computer