یک ابزار هوشمند، هدف آن انجام وظایف #OSINT و موارد دیگر اما بدون هیچ کلید API است.
https://github.com/j3ssie/metabigor
@Engineer_Computer
https://github.com/j3ssie/metabigor
@Engineer_Computer
GitHub
GitHub - j3ssie/metabigor: OSINT tools and more but without API key
OSINT tools and more but without API key. Contribute to j3ssie/metabigor development by creating an account on GitHub.
Find out the IP address through a call to Telegram
📖 Read
https://github.com/n0a/telegram-get-remote-ip
#OSINT #Telegram #ip
@Engineer_Computer
📖 Read
https://github.com/n0a/telegram-get-remote-ip
#OSINT #Telegram #ip
@Engineer_Computer
Medium
Find out the IP address through a call to Telegram…
1️⃣ Download Wireshark (https://www.wireshark.org/download.html), open it and be sure to specify the protocol we need in the filter — STUN…
Attention WhatsApp New Vunerbality
WhatsApp crash after entering this following code
If you paste this code in any WhatsApp group or chat , you will crash that group for all members . The only fix is use web WhatsApp and delete that message .
The code is wa.me/settings
#whatsapp #vulnerability #crash
@Engineer_Computer
WhatsApp crash after entering this following code
If you paste this code in any WhatsApp group or chat , you will crash that group for all members . The only fix is use web WhatsApp and delete that message .
The code is wa.me/settings
#whatsapp #vulnerability #crash
@Engineer_Computer
🗒 SSRF bible Cheatsheet
https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit
@Engineer_Computer
https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit
@Engineer_Computer
Google Docs
SSRF bible. Cheatsheet
SSRF bible. Cheatsheet Revision 1.03 26 Jan 2017 Authors: @Wallarm @d0znpp research team Wallarm.com|lab.wallarm.com Try our new product. Wallarm FAST: security tests from traffic https://wallarm.com/wallarm-fast/ Table of contents Table of contents Basics…
Building a Red Team Infrastructure in 2023:
Intro
The infrastructure of a red team engagement might be poetically described as the beating heart of an engagement. It is the central point where everything is connected and runs together. All the data is stored here and when it crashes (or is crashed), it might as well end the whole engagement. This leads to several requirements that have to be met, rooting from different perspectives like functionality, stability, but also security and deception of the blue team.
The topic of building a red team infrastructure is not a new one and although several blog posts on this topic exist, I tried to let my insights and struggle flow into this post, which will hopefully help you to make better decisions and avoid potential pitfalls.
The following questions are drawing the outline for this blog post:
What requirements have to be met?
What are the components a red team infrastructure consists of?
What software can be used?
How are these components set up?
https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023
Links
[1]: https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
[2]: https://medium.com/geekculture/an-nginx-apache-alternative-for-c2-redirecting-61e92a917101
[3]: https://medium.com/@maxime.durand.54/add-the-geoip2-module-to-nginx-f0b56e015763
[4]: https://www.cobaltstrike.com/blog/simple-dns-redirectors-for-cobalt-strike/
[5]: https://labs.withsecure.com/publications/detecting-exposed-cobalt-strike-dns-redirectors
[6]: https://github.com/BishopFox/sliver/wiki/DNS-C2
[7]: https://docs.getgophish.com/user-guide/documentation/sending-profiles
[8]: https://www.wireguard.com/
@Engineer_Computer
Intro
The infrastructure of a red team engagement might be poetically described as the beating heart of an engagement. It is the central point where everything is connected and runs together. All the data is stored here and when it crashes (or is crashed), it might as well end the whole engagement. This leads to several requirements that have to be met, rooting from different perspectives like functionality, stability, but also security and deception of the blue team.
The topic of building a red team infrastructure is not a new one and although several blog posts on this topic exist, I tried to let my insights and struggle flow into this post, which will hopefully help you to make better decisions and avoid potential pitfalls.
The following questions are drawing the outline for this blog post:
What requirements have to be met?
What are the components a red team infrastructure consists of?
What software can be used?
How are these components set up?
https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023
Links
[1]: https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
[2]: https://medium.com/geekculture/an-nginx-apache-alternative-for-c2-redirecting-61e92a917101
[3]: https://medium.com/@maxime.durand.54/add-the-geoip2-module-to-nginx-f0b56e015763
[4]: https://www.cobaltstrike.com/blog/simple-dns-redirectors-for-cobalt-strike/
[5]: https://labs.withsecure.com/publications/detecting-exposed-cobalt-strike-dns-redirectors
[6]: https://github.com/BishopFox/sliver/wiki/DNS-C2
[7]: https://docs.getgophish.com/user-guide/documentation/sending-profiles
[8]: https://www.wireguard.com/
@Engineer_Computer
GitHub
GitHub - bluscreenofjeff/Red-Team-Infrastructure-Wiki: Wiki to collect Red Team infrastructure hardening resources
Wiki to collect Red Team infrastructure hardening resources - bluscreenofjeff/Red-Team-Infrastructure-Wiki
Offensive Security
Top 10 Payloads: Highlighting Notable and Trending Techniques
https://blog.delivr.to/delivr-tos-top-10-payloads-highlighting-notable-and-trending-techniques-fb5e9fdd9356
@Engineer_Computer
Top 10 Payloads: Highlighting Notable and Trending Techniques
https://blog.delivr.to/delivr-tos-top-10-payloads-highlighting-notable-and-trending-techniques-fb5e9fdd9356
@Engineer_Computer
Medium
delivr.to’s Top 10 Payloads: Highlighting Notable and Trending Techniques
With so much available in delivr.to, we’ve put together a ‘Top 10’ campaign; highlighting the current notable and trending techniques.
دامنه هايي با پسوند zip كه اخيرا گوگل ارائه كرده يك مشكل امنيتي جدي دارند كه سو استفاده از اون توسط #فيشينگ شروع شده. در اين نمونه، شخص يك ايميل از داخل شركت دريافت ميكند و در آن اشاره ميشود كه فلان فايل zip رو از اون مسير كپي كن و در صورتي كه فايل وجود نداشته باشد سيستم به صورت خودكار، كاربر را به سايت آلوده كه همنام فايل zip هست ميبرد
@Engineer_Computer
@Engineer_Computer
👍1
⭕️ در این مقاله محقق یک تکنیک جدید برای کشف دامنه را شرح میده و نحوه استفاده از اون رو در تست نفوذ، باگ بانتی و ... نشون میده.
https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack/
#Recon #BugBounty #Pentest
@Engineer_Computer
https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack/
#Recon #BugBounty #Pentest
@Engineer_Computer
PT SWARM
Discovering Domains via a Time-Correlation Attack on Certificate Transparency
New attack on certificate transparency reveals previously unknown domains!
🐞 What's security flaws with this code? How to fix it?
نقص امنیتی این کد چیه؟ اصلا نقص امنیتی داره؟ چنتا و به چه صورت؟ نحوه فیکس کردنش به چه صورت هست؟
#AppSec #code_challenge #vulnerable_code #web_security #FastAPI
@Engineer_Computer
نقص امنیتی این کد چیه؟ اصلا نقص امنیتی داره؟ چنتا و به چه صورت؟ نحوه فیکس کردنش به چه صورت هست؟
#AppSec #code_challenge #vulnerable_code #web_security #FastAPI
@Engineer_Computer
tools
Sec code review
Code Query - universal code security scanning tool
https://github.com/nccgroup/cq
tools
Offensive security
1. Cymulate - framework to help red team construct fully customizable/automated APT attacks
https://github.com/opabravo/cymulate-framework#usage
2. Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
https://github.com/Maldev-Academy/EntropyReducer
@Engineer_Computer
Sec code review
Code Query - universal code security scanning tool
https://github.com/nccgroup/cq
tools
Offensive security
1. Cymulate - framework to help red team construct fully customizable/automated APT attacks
https://github.com/opabravo/cymulate-framework#usage
2. Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
https://github.com/Maldev-Academy/EntropyReducer
@Engineer_Computer
GitHub
GitHub - nccgroup/cq
Contribute to nccgroup/cq development by creating an account on GitHub.
Malware analysis
1. AceCryptor Technical analysis
https://www.welivesecurity.com/2023/05/25/shedding-light-acecryptor-operation
2. DogeRAT Android Malware Campaign
https://cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries
3. FlowCloud malware infection via USB Flash Drive
https://insight-jp.nttsecurity.com/post/102ifpu/flowcloud-malware-infection-via-usb-flash-drive
@Engineer_Computer
1. AceCryptor Technical analysis
https://www.welivesecurity.com/2023/05/25/shedding-light-acecryptor-operation
2. DogeRAT Android Malware Campaign
https://cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries
3. FlowCloud malware infection via USB Flash Drive
https://insight-jp.nttsecurity.com/post/102ifpu/flowcloud-malware-infection-via-usb-flash-drive
@Engineer_Computer
WeLiveSecurity
Shedding light on AceCryptor and its operation
ESET researchers reveal details about a prevalent cryptor that operates as a cryptor-as-a-service and is used by tens of malware families.
Splunk Enterprise Admin Troubleshooting Use Cases - Part-1.pdf
3.9 MB
Hello, Splunkies
As we got many suggestions from our community members, to create content on the troubleshooting side.
We have prepared some of the use cases in this document as a first step, please go through the same and share your inputs, if you have/feel any, which can be valuable to others
@Engineer_Computer
As we got many suggestions from our community members, to create content on the troubleshooting side.
We have prepared some of the use cases in this document as a first step, please go through the same and share your inputs, if you have/feel any, which can be valuable to others
@Engineer_Computer
👍2
CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE
https://blog.aquasec.com/jenkins-server-vulnerabilities
@Engineer_Computer
https://blog.aquasec.com/jenkins-server-vulnerabilities
@Engineer_Computer
Digital Forensics Tools(iDeFense).pdf
213.3 KB
Digital Forensics Tools.pdf
@Engineer_Computer
@Engineer_Computer