How to Reset Admin Password in Splunk?


1) Login as Splunk user

sudo su - splunk


2) Check the if you have the ability to write to the underlying password file ($SPLUNK_HOME/etc/passwd)

ll /opt/splunk/etc/passwd


3) Navigate to the bin directory

cd /opt/splunk/bin/


4) Execute below command to reset the "admin" user password

./splunk cmd splunkd rest --noauth POST /services/admin/users/admin "password=MynewPassword34"


5) Restart Splunk to make the changes work.

./splunk restart


Once the Splunk is restarted, you can login to Splunk with new password.
@Engineer_Computer

#Mission #Impossible #ML #Offensive
سری فیلم های ماموریت غیر ممکن که در ژانر ماجراجویی با رویکرد انجام ماموریت های اطلاعاتی را همگی میشناسید.

در سری جدید این فیلم یعنی نسخه Dead Reckoning داستان فیلم میپردازد به یک ماشین هوش مصنوعی که مجهز به استفاده از تکنیک های علوم سایبری است و بواسطه مسلط بودن بر این تکنیک ها امکان نفوذ به دستگاه های مختلف را پیدا میکند.

شاید برای ما از منظر فنی، این فیلم صرفا یک قسمت تخیلی است که موضوع ترکیب دو علوم هوش مصنوعی و امنیت سایبری را بسیار بزرگ نمایی کرده است، اما در طول چند دهه اخیر بارها ثابت شده که فناوری ها و موضوعاتی که در فیلم ها مطرح میشود، در آینده به عرصه زندگی ما پا باز کرده است.

از نگاه فنی آیا میشود ماشینی را طراحی کرد که به عنوان مثال، از ابتدایی ترین مراحل یک حمله مداوم پیشرفته را کاملا مبتنی بر هوش مصنوعی پیاده سازی کرد؟

با توجه به رشد زبان های برنامه نویسی در عرصه اتوماسیون سازی و گسترش کتابخانه های متعدد و همچنین به بلوغ رسیدن این کتابخانه ها، امکان ساخت این ماشین از منظر فنی قابل رد نیست.

SharpML
@Engineer_Computer

تزریق دستور از راه دور؛ منتج از آسیب پذیری جدید در Openss
@Engineer_Computer

https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html?m=1

یک هانتر خوب کیست ؟
نگاه از زاویه ای دیگر
@Engineer_Computer

https://www.phillipkittelson.com/cybersecurity,/threat/hunting/2023/07/24/what-makes-a-good-threat-hunter.html

تمپلیت گزارش ممیزی ISO 27001

@Engineer_Computer

نحوه پیاده سازی ISO 27001

@Engineer_Computer

دوره مقدماتی و رایگان دیجیتال فارنزیک

@Engineer_Computer
https://www.open.edu/openlearn/science-maths-technology/digital-forensics?active-tab=description-tab

کشف دوربین های جاسازی شده در محل هایی چون هتل ها با گوشی های اندرویید و آیفون

با استفاده از پی جویی شبکه وای فای و قابلیت دید در شب
@Engineer_Computer

https://hakin9.org/detect-hidden-surveillance-cameras-with-your-phone-by-anastasis-vasileiadis/#login

CVE-2023-29489 : Finding XSS in a million websites (cPanel -Reflected Cross-Site Scripting)
POC : https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/
Link : https://blog.assetnote.io/2023/04/26/cpanel-xss-advisory/

@Engineer_Computer

CVE-2023–23410 : Analysis and Summary of HTTP Elevation of Privilege Vulnerability
Link : https://medium.com/numen-cyber-labs/analysis-and-summary-of-cve-2023-23410-http-elevation-of-privilege-vulnerability-6893c3a44775
POC : https://github.com/numencyber/Vulnerability_PoC/blob/main/CVE-2023-23410

@Engineer_Computer

CVE-2023-28231 : DHCP Server Service Remote Code Execution
POC : https://github.com/numencyber/Vulnerability_PoC/blob/main/CVE-2023-28231/CVE-2023-28231-DHCP-VUL-PoC.cpp

@Engineer_Computer

XSSI (Cross Site Script Inclusion) to Steal AccessToken and More
Link : https://github.com/AnkitCuriosity/Write-Ups/blob/main/XSSI%20(Cross%20Site%20Script%20Inclusion)%20to%20Steal%20AccessToken%20and%20More.md

@Engineer_Computer

DFIR
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor
https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally

@Engineer_Computer

Malware analysis
1. Bahamut Android Malware
https://www.cyfirma.com/outofband/apt-bahamut-targets-individuals-with-android-malware-using-spear-messaging

2. DangerousPassword attacks/malware
https://blogs.jpcert.or.jp/en/2023/07/dangerouspassword_dev.html

@Engineer_Computer

Alarming news for industrial control systems: 34% of reported vulnerabilities have no patch or remediation, up from last year's 13%.

Read: https://thehackernews.com/2023/08/industrial-control-systems.html

SynSaber data shows that CISA received reports of 670 ICS product flaws in H1 2023. Among them, 88 were critical and 227 had no available fixes.

@Engineer_Computer

⭕️Analytics
A Year in Review of 0-days Exploited In-the-Wild in 2022
Maddie Stone, Security Researcher, Threat Analysis Group (TAG)

This is Google’s fourth annual year-in-review of 0-days exploited in-the-wild [2021, 2020, 2019] and builds off of the mid-year 2022 review. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a whole, looking for trends, gaps, lessons learned, and successes.
Executive Summary
41 in-the-wild 0-days were detected and disclosed in 2022, the second-most ever recorded since we began tracking in mid-2014, but down from the 69 detected in 2021. Although a 40% drop might seem like a clear-cut win for improving security, the reality is more complicated. Some of our key takeaways from 2022 include:

N-days function like 0-days on Android due to long patching times. Across the Android ecosystem there were multiple cases where patches were not available to users for a significant time. Attackers didn’t need 0-day exploits and instead were able to use n-days that functioned as 0-days.

0-click exploits and new browser mitigations drive down browser 0-days. Many attackers have been moving towards 0-click rather than 1-click exploits. 0-clicks usually target components other than the browser. In addition, all major browsers also implemented new defenses that make exploiting a vulnerability more difficult and could have influenced attackers moving to other attack surfaces.

Over 40% of the 0-days discovered were variants of previously reported vulnerabilities. 17 out of the 41 in-the-wild 0-days from 2022 are variants of previously reported vulnerabilities. This continues the unpleasant trend that we’ve discussed previously in both the 2020 Year in Review report and the mid-way through 2022 report. More than 20% are variants of previous in-the-wild 0-days from 2021 and 2020.

Bug collisions are high. 2022 brought more frequent reports of attackers using the same vulnerabilities as each other, as well as security researchers reporting vulnerabilities that were later discovered to be used by attackers. When an in-the-wild 0-day targeting a popular consumer platform is found and fixed, it's increasingly likely to be breaking another attacker's exploit as well

https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html

@Engineer_Computer

#vulnerability #zerotrust #zeroday #threatintelligence #threathunting

تست نفوذ فیزیکی
این مرحله :
embedded reconnaissance.

@Engineer_Computer

https://covertaccessteam.substack.com/p/spot-the-spy

گزارش های ممیزی ISMS را چطور بنویسیم
@Engineer_Computer

شغل شما بعنوان تستر نفوذ فیزیکی این است هرچه بیشتر آسیب پذیری در لایه فیزیکال پیدا کنید

حالا از یک زاویه دیگر این موضوع رو بررسی می‌کنیم: انجام عملیات در روز یا شب
پارامتر های موثر

@Engineer_Computer

https://covertaccessteam.substack.com/p/day-vs-night