🚨 Urgent alert! Critical zero-day flaw (CVE-2023-2868) exploited for 7 months!
Backdoor access, data exfiltration, and 3 potent malware strains discovered targeting Barracuda's Email Security Gateways.
Learn more: https://thehackernews.com/2023/05/alert-hackers-exploit-barracuda-email.html
@Engineer_Computer
Backdoor access, data exfiltration, and 3 potent malware strains discovered targeting Barracuda's Email Security Gateways.
Learn more: https://thehackernews.com/2023/05/alert-hackers-exploit-barracuda-email.html
@Engineer_Computer
DNS_Sec_Guide.pdf
3 MB
PURPOSE OF THIS GUIDE.
The aim of this guide is to offer an overview of the DNS service, to describe the principal attacks to which this protocol is subject through inappropriate use being made of it, and to provide guidelines for good practice for application in making it more secure.
The guide is intended for operators and administrators of systems and networks and has the purpose of aiding them in implementing and reinforcing the service.
Although the focus of this document is on the DNS in general, particular emphasis is laid on the open-code software BIND for the examples and implementations suggested, since this is by far the most widely used package
This document is made up of five principal sections:
I. Basics of DNS.
II. Security in the DNS.
III. Vulnerabilities and Threats in the DNS.
IV. Fortifying DNS.
V. DNSSEC.
@Engineer_Computer
The aim of this guide is to offer an overview of the DNS service, to describe the principal attacks to which this protocol is subject through inappropriate use being made of it, and to provide guidelines for good practice for application in making it more secure.
The guide is intended for operators and administrators of systems and networks and has the purpose of aiding them in implementing and reinforcing the service.
Although the focus of this document is on the DNS in general, particular emphasis is laid on the open-code software BIND for the examples and implementations suggested, since this is by far the most widely used package
This document is made up of five principal sections:
I. Basics of DNS.
II. Security in the DNS.
III. Vulnerabilities and Threats in the DNS.
IV. Fortifying DNS.
V. DNSSEC.
@Engineer_Computer
Top Incident Response Exercises for Common Cyber Attacks.pdf
281.7 KB
TOP INCIDENT RESPONSE EXERCISES FOR COMMON CYBER ATTACKS
Ransomware
A type of malware that encrypts files and requests for a ransom(money) from the victim in order to decrypt the files.
● Isolate the infected systems and remove them from the network to prevent the spread of the ransomware.
● Backup any important data to prevent the loss of data.
● Do not pay the ransom, as there is no guarantee that the attacker will actually provide the decryption key
● Clean up the infected systems and restore them to
their original state.
● Implement a plan to detect and respond to similar
incidents in the future.
@Engineer_Computer
Ransomware
A type of malware that encrypts files and requests for a ransom(money) from the victim in order to decrypt the files.
● Isolate the infected systems and remove them from the network to prevent the spread of the ransomware.
● Backup any important data to prevent the loss of data.
● Do not pay the ransom, as there is no guarantee that the attacker will actually provide the decryption key
● Clean up the infected systems and restore them to
their original state.
● Implement a plan to detect and respond to similar
incidents in the future.
@Engineer_Computer
یک ابزار هوشمند، هدف آن انجام وظایف #OSINT و موارد دیگر اما بدون هیچ کلید API است.
https://github.com/j3ssie/metabigor
@Engineer_Computer
https://github.com/j3ssie/metabigor
@Engineer_Computer
GitHub
GitHub - j3ssie/metabigor: OSINT tools and more but without API key
OSINT tools and more but without API key. Contribute to j3ssie/metabigor development by creating an account on GitHub.
Find out the IP address through a call to Telegram
📖 Read
https://github.com/n0a/telegram-get-remote-ip
#OSINT #Telegram #ip
@Engineer_Computer
📖 Read
https://github.com/n0a/telegram-get-remote-ip
#OSINT #Telegram #ip
@Engineer_Computer
Medium
Find out the IP address through a call to Telegram…
1️⃣ Download Wireshark (https://www.wireshark.org/download.html), open it and be sure to specify the protocol we need in the filter — STUN…
Attention WhatsApp New Vunerbality
WhatsApp crash after entering this following code
If you paste this code in any WhatsApp group or chat , you will crash that group for all members . The only fix is use web WhatsApp and delete that message .
The code is wa.me/settings
#whatsapp #vulnerability #crash
@Engineer_Computer
WhatsApp crash after entering this following code
If you paste this code in any WhatsApp group or chat , you will crash that group for all members . The only fix is use web WhatsApp and delete that message .
The code is wa.me/settings
#whatsapp #vulnerability #crash
@Engineer_Computer
🗒 SSRF bible Cheatsheet
https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit
@Engineer_Computer
https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit
@Engineer_Computer
Google Docs
SSRF bible. Cheatsheet
SSRF bible. Cheatsheet Revision 1.03 26 Jan 2017 Authors: @Wallarm @d0znpp research team Wallarm.com|lab.wallarm.com Try our new product. Wallarm FAST: security tests from traffic https://wallarm.com/wallarm-fast/ Table of contents Table of contents Basics…
Building a Red Team Infrastructure in 2023:
Intro
The infrastructure of a red team engagement might be poetically described as the beating heart of an engagement. It is the central point where everything is connected and runs together. All the data is stored here and when it crashes (or is crashed), it might as well end the whole engagement. This leads to several requirements that have to be met, rooting from different perspectives like functionality, stability, but also security and deception of the blue team.
The topic of building a red team infrastructure is not a new one and although several blog posts on this topic exist, I tried to let my insights and struggle flow into this post, which will hopefully help you to make better decisions and avoid potential pitfalls.
The following questions are drawing the outline for this blog post:
What requirements have to be met?
What are the components a red team infrastructure consists of?
What software can be used?
How are these components set up?
https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023
Links
[1]: https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
[2]: https://medium.com/geekculture/an-nginx-apache-alternative-for-c2-redirecting-61e92a917101
[3]: https://medium.com/@maxime.durand.54/add-the-geoip2-module-to-nginx-f0b56e015763
[4]: https://www.cobaltstrike.com/blog/simple-dns-redirectors-for-cobalt-strike/
[5]: https://labs.withsecure.com/publications/detecting-exposed-cobalt-strike-dns-redirectors
[6]: https://github.com/BishopFox/sliver/wiki/DNS-C2
[7]: https://docs.getgophish.com/user-guide/documentation/sending-profiles
[8]: https://www.wireguard.com/
@Engineer_Computer
Intro
The infrastructure of a red team engagement might be poetically described as the beating heart of an engagement. It is the central point where everything is connected and runs together. All the data is stored here and when it crashes (or is crashed), it might as well end the whole engagement. This leads to several requirements that have to be met, rooting from different perspectives like functionality, stability, but also security and deception of the blue team.
The topic of building a red team infrastructure is not a new one and although several blog posts on this topic exist, I tried to let my insights and struggle flow into this post, which will hopefully help you to make better decisions and avoid potential pitfalls.
The following questions are drawing the outline for this blog post:
What requirements have to be met?
What are the components a red team infrastructure consists of?
What software can be used?
How are these components set up?
https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023
Links
[1]: https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
[2]: https://medium.com/geekculture/an-nginx-apache-alternative-for-c2-redirecting-61e92a917101
[3]: https://medium.com/@maxime.durand.54/add-the-geoip2-module-to-nginx-f0b56e015763
[4]: https://www.cobaltstrike.com/blog/simple-dns-redirectors-for-cobalt-strike/
[5]: https://labs.withsecure.com/publications/detecting-exposed-cobalt-strike-dns-redirectors
[6]: https://github.com/BishopFox/sliver/wiki/DNS-C2
[7]: https://docs.getgophish.com/user-guide/documentation/sending-profiles
[8]: https://www.wireguard.com/
@Engineer_Computer
GitHub
GitHub - bluscreenofjeff/Red-Team-Infrastructure-Wiki: Wiki to collect Red Team infrastructure hardening resources
Wiki to collect Red Team infrastructure hardening resources - bluscreenofjeff/Red-Team-Infrastructure-Wiki
Offensive Security
Top 10 Payloads: Highlighting Notable and Trending Techniques
https://blog.delivr.to/delivr-tos-top-10-payloads-highlighting-notable-and-trending-techniques-fb5e9fdd9356
@Engineer_Computer
Top 10 Payloads: Highlighting Notable and Trending Techniques
https://blog.delivr.to/delivr-tos-top-10-payloads-highlighting-notable-and-trending-techniques-fb5e9fdd9356
@Engineer_Computer
Medium
delivr.to’s Top 10 Payloads: Highlighting Notable and Trending Techniques
With so much available in delivr.to, we’ve put together a ‘Top 10’ campaign; highlighting the current notable and trending techniques.
دامنه هايي با پسوند zip كه اخيرا گوگل ارائه كرده يك مشكل امنيتي جدي دارند كه سو استفاده از اون توسط #فيشينگ شروع شده. در اين نمونه، شخص يك ايميل از داخل شركت دريافت ميكند و در آن اشاره ميشود كه فلان فايل zip رو از اون مسير كپي كن و در صورتي كه فايل وجود نداشته باشد سيستم به صورت خودكار، كاربر را به سايت آلوده كه همنام فايل zip هست ميبرد
@Engineer_Computer
@Engineer_Computer
👍1
⭕️ در این مقاله محقق یک تکنیک جدید برای کشف دامنه را شرح میده و نحوه استفاده از اون رو در تست نفوذ، باگ بانتی و ... نشون میده.
https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack/
#Recon #BugBounty #Pentest
@Engineer_Computer
https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack/
#Recon #BugBounty #Pentest
@Engineer_Computer
PT SWARM
Discovering Domains via a Time-Correlation Attack on Certificate Transparency
New attack on certificate transparency reveals previously unknown domains!
🐞 What's security flaws with this code? How to fix it?
نقص امنیتی این کد چیه؟ اصلا نقص امنیتی داره؟ چنتا و به چه صورت؟ نحوه فیکس کردنش به چه صورت هست؟
#AppSec #code_challenge #vulnerable_code #web_security #FastAPI
@Engineer_Computer
نقص امنیتی این کد چیه؟ اصلا نقص امنیتی داره؟ چنتا و به چه صورت؟ نحوه فیکس کردنش به چه صورت هست؟
#AppSec #code_challenge #vulnerable_code #web_security #FastAPI
@Engineer_Computer
tools
Sec code review
Code Query - universal code security scanning tool
https://github.com/nccgroup/cq
tools
Offensive security
1. Cymulate - framework to help red team construct fully customizable/automated APT attacks
https://github.com/opabravo/cymulate-framework#usage
2. Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
https://github.com/Maldev-Academy/EntropyReducer
@Engineer_Computer
Sec code review
Code Query - universal code security scanning tool
https://github.com/nccgroup/cq
tools
Offensive security
1. Cymulate - framework to help red team construct fully customizable/automated APT attacks
https://github.com/opabravo/cymulate-framework#usage
2. Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
https://github.com/Maldev-Academy/EntropyReducer
@Engineer_Computer
GitHub
GitHub - nccgroup/cq
Contribute to nccgroup/cq development by creating an account on GitHub.
Malware analysis
1. AceCryptor Technical analysis
https://www.welivesecurity.com/2023/05/25/shedding-light-acecryptor-operation
2. DogeRAT Android Malware Campaign
https://cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries
3. FlowCloud malware infection via USB Flash Drive
https://insight-jp.nttsecurity.com/post/102ifpu/flowcloud-malware-infection-via-usb-flash-drive
@Engineer_Computer
1. AceCryptor Technical analysis
https://www.welivesecurity.com/2023/05/25/shedding-light-acecryptor-operation
2. DogeRAT Android Malware Campaign
https://cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries
3. FlowCloud malware infection via USB Flash Drive
https://insight-jp.nttsecurity.com/post/102ifpu/flowcloud-malware-infection-via-usb-flash-drive
@Engineer_Computer
WeLiveSecurity
Shedding light on AceCryptor and its operation
ESET researchers reveal details about a prevalent cryptor that operates as a cryptor-as-a-service and is used by tens of malware families.