Hacking ICS Historians: The Pivot Point from IT to OT
https://claroty.com/team82/research/hacking-ics-historians-the-pivot-point-from-it-to-ot
@Engineer_Computer

Graphicator - A GraphQL Enumeration And Extraction Tool
https://github.com/cybervelia/graphicator
https://www.kitploit.com/2023/03/graphicator-graphql-enumeration-and.html
@Engineer_Computer

Producing a POC for CVE-2022-42475 (Fortinet RCE)
https://blog.scrt.ch/2023/03/14/producing-a-poc-for-cve-2022-42475-fortinet-rce/
@Engineer_Computer

- بعد از در قابلمه کرونا یاب زدن تو کار کوانتوم من فقط موندم چطوری اینا رو می اندازند به اینا 🫠

CVE-2023-23397: Microsoft Outlook - Elevation of Privilege ( Powershell POC )
POC : https://github.com/api0cradle/CVE-2023-23397-POC-Powershell

@Engineer_Computer

🔴 سورس کد Keygen برای ویندوز XP و سرور 2003

https://github.com/Neo-Desktop/WindowsXPKg

#windows #windowsXP #windows_xp #xp #server #server2003 #server_2003 #keygen #source #code #sourcecode #source_code
@Engineer_Computer

🚨Vulnerability in Microsoft Windows NFS Protocol⚠️⚠️
--
📣📣Microsoft CVE-2023-24941: Windows Network File System Remote Code Execution Vulnerability
--
Severity 10
--
Description:-

Microsoft CVE-2023-24941: Windows Network File System Remote Code Execution Vulnerability
--
Mitigations:-

This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability,
you can mitigate an attack by disabling NFSV4.1. This could adversely affect your ecosystem and should only be used as a temporary mitigation.

#Warning:-
You should NOT apply this mitigation unless you have installed the May 2022 Windows security updates.
Those updates address CVE-2022-26937 which is a Critical vulnerability in NFSV2.0 and NFSV3.0.

@Engineer_Computer

Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem
@Engineer_Computer

🚨 Heads up, Chrome users! Google has released a security update to fix a new high-severity zero-day vulnerability in its web browser that is being actively exploited by hackers in the wild.

Update your browsers now: https://thehackernews.com/2023/06/zero-day-alert-google-issues-patch-for.html

@Engineer_Computer

PowerDrop, the malware designed to fly under the radar, is targeting the U.S. aerospace industry. Learn how it leverages ICMP messages and WMI services to compromise networks undetected.
Learn more:
https://thehackernews.com/2023/06/new-powerdrop-malware-targeting-us.html

@Engineer_Computer

#گزارش threatmon از apt به نام SharpPanda
@Engineer_Computer

Investigate FakeGPT
#Fake #GPT #LetsD3fend
@Engineer_Computer

Linux file systems hierarchy
#prerequisite #ubuntu #linux
@Engineer_Computer

Windows Security Log Quick Reference
#Windows #Log
@Engineer_Computer

Barracuda customers, take note! If you've been affected by the zero-day flaw (CVE-2023-2868) in their Email Security Gateway appliances, it's time to replace them ASAP!
Learn more:
https://thehackernews.com/2023/06/barracuda-urges-immediate-replacement.html

@Engineer_Computer

Red Team Tactics
1. From DA to EA with ESC5
https://posts.specterops.io/from-da-to-ea-with-esc5-f9f045aa105c

2. Attacking MS Configuration Manager (SCCM/MECM)
https://www.securesystems.de/blog/active-directory-spotlight-attacking-the-microsoft-configuration-manager

@Engineer_Computer

tools
Red Team Tactics
Windows Secrets Extraction: A Summary, 2023

@Engineer_Computer

اگر لاگها پاک شوند ، چطور حرکت عرضی هکر در سازمان را تشخیص دهیم ؟

در ویدئوی زیر از زبان مدرس سنز، پاسخ را داشته باشیم


https://www.youtube.com/watch?v=H8ybADELHzk

@Engineer_Computer