#web_security #web_security_fundamental
#course
#wsf_6

06- dom(document object model) | sop(same origin policy) آشنایی با
🔉@infosectube
📌youtube channel
☣️instagram pageا

🔰سه ماه اشتراک Avast Ultimate

🖥 قابل استفاده در یک PC

شامل محصولات زیر :
• Premium Security
• SecureLine VPN
• AntiTrack
• Cleanup Premium

📍برای دریافت وارد لینک زیر بشید بعد از زدن دکمه دریافت اسم ، فایل ، ایمیل و کد پستی وارد کنید.

https://www.avast.com/fr-fr/lp-ultimate-download-01net


کد پستی و آدرس آمریکا 👇

https://fake-it.ws

🔉@infosectube
📌youtube channel
☣️instagram pageا

#Bug_Bounty_Tips_40 #BugBounty

🛡BugBounty_Tips
🌀XSS payload as an image filenameXSS payload as an image filename.

If you find a file upload function for an image, try introducing an image with XSS (Cross-Site Scripting) payload in the filename, like so:

<img src=x onerror=alert('XSS')>.png
"><img src=x onerror=alert('XSS')>.png
"><svg onmouseover=alert(1)>.svg
<<script>alert('xss')<!--a-->a.png

Note that this may only work on UNIX-based systems, because of the special characters not accepted as a filename on Windows. However, as a reflected XSS it should work universally.



📡@infosectube
📌youtube channel
☣️instagram page

#Academic #Paper #Malware
🛡GITCBot: A Novel Approach for the Next Generation of C&C Malware
🔰Link
Publisher: IEEE
ISBN:978-1-6654-2961-0
Abstract:

Online Social Networks (OSNs) attracted millions of users in the world. OSNs made adversaries more passionate to create malware variants to subvert the cyber defence of OSNs. Through various threat vectors, adversaries persuasively lure OSN users into installing malware on their devices at an enormous scale. One of the most horrendous forms of named malware is OSNs' botnets that conceal C&C information using OSNs' accounts of unaware users. In this paper, we present GITC (Ghost In The Cloud), which uses Telegram as a C&C server to communicate with threat actors and access targets' information in an undetectable way. Furthermore, we present our implementation of GITC. We show how GITC uses the encrypted telegram Application Programming Interface (API) to cover up records of the adversary connections to the target, and we discuss why current intrusion detection systems cannot detect GITC. In the end, we run some sets of experiments that confirm the feasibility of GITC.

📡@infosectube
📌youtube channel
☣️instagram page

#Academic #Research #CyberSecurity
مناسب افرادی که در حوزه های اکادمیک کار می کنند.
Some useful citation trackers

✂️https://www.scopus.com/
✂️https://www.webofknowledge.com/
✂️https://academic.research.microsoft.com/
✂️www.scholar.google.com
✂️https://www.ncbi.nlm.nih.gov/pubmed



📜از چه سایتی میتونم تمام مقالات پولی رو به رایگان و بدون هیچ محدودیتی و به سرعت دانلود کنم؟

جواب: سایت روسی زیر این امکان رو برای تمامی محققین جهان فراهم کرده
✂️https://sci-hub.tw/


سوال2: از چه سایتهایی میتونم به متن کامل پایان نامه ها دسترسی پیدا کنم؟

جواب: به سایتهای زیر مراجعه فرمایید
✂️search.proquest.com/dissertations/advanced?accountid=14511
✂️discovery.ucl.ac.uk/
✂️ethos.bl.uk/
✂️www.dart-europe.eu/basic-search.php
✂️www.ndltd.org/resources/find-etds


سوال3: از کجا میتونم ایمپکت فاکتور یک مجله رو پیدا کنم؟

جواب: برای دسترسی به ضریب تاثیر IF یک مجله می تونید به سایت های معتبری چون SJR , Bioxbio مراجعه کنید
SJR:
✂️www.scimagojr.com
Bioxbio:
✂️www.bioxbio.com
CiteFactor:
✂️www.citefactor.com


سوال4: چطور میتونم مقاله ام رو قبل از اینکه به ژورنالی بفرستم به لحاظ پلاجیاریزم چک کنم تا مطمئن بشم جملات مقاله ی من با هیچ یک از جملات سایر مقالات مشابهتی نداره؟

جواب: از سایتهای زیر جهت بررسی جملات مقاله قبل از سابمیت استفاده نمایید.
✂️www.turnitin.com
✂️www.ithenticate.com
✂️www.writecheck.com


سوال5: من مقاله ام رو نوشتم اما نمیدونم به کدوم ژورنال بفرستم؟

جواب: در سایت های زیر می توانید با وارد کردن عنوان مقاله، چکیده و کلید واژه ها ژورنال های مرتبط و نزدیک به موضوع خود را پیدا کنید.
✂️https://journalfinder.elsevier.com/#results
✂️https://www.springer.com/gp/authors-editors/journal-author/journal-author-helpdesk/preparation/1276
✂️https://www.edanzediting.com/journal-selector

📡@infosectube
📌youtube channel
☣️instagram page

Old Vs New Tools Command
📡@infosectube
📌youtube channel
☣️instagram page

🔰Reverse Engineering For Everyone!
✂️https://0xinfection.github.io/reversing/

📡@infosectube
📌youtube channel
☣️instagram page

#hacking #windows #linux
📡@infosectube
📌youtube channel
☣️instagram page

📡@infosectube
📌youtube channel
☣️instagram page

#Academic #Paper #Malicious_Domain_Detection
🛡Attributed Heterogeneous Graph Neural Network for Malicious Domain Detection

🔰Link
Publisher: IEEE
ISBN:978-1-7281-6597-4
Abstract:

Malicious activities on the Internet are one of the most dangerous threats to users and organizations. Because of the flexibility a nd accessibility of domains, cyber criminals often utilize them to launch cyber attacks such as phishing or malware. Most of traditional malicious domain detection methods rely on feature engineering to learn the patterns of malicious domains. However, these methods can be easily evaded by some sophisticated evasion techniques such as Domain-flux or Fast-flux. Some recent studies utilized graph-based models to infer malicious domains and achieved better performance, yet without a fine-grained modeling of DNS scenarios. In this paper, we propose an attributed heterogeneous graph neural network model, GAMD, to detect malicious domains in a semi-supervised learning paradigm. Concretely, we utilize attributed heterogeneous information network to model the DNS scenarios with different types of nodes including domain, host, resolved-IP and different types of relation, such as request and resolution relations. We then design a fine-grained node type-aware feature transformation and edge type-aware aggregation mechanism to fuse the node attributes and structure information simultaneously and complete the inference over DNS graphs. In the experiments, we evaluate the performance of our model on a large-scale realworld passive DNS data and show that the proposed method outperforms the state-of-the-art in most evaluation metrics.

📡@infosectube
📌youtube channel
☣️instagram page

#web_security #web_security_fundamental
#course
#wsf_7

07-front end and inspect in browser | آشنایی با طراحی سایت و مقدمات آن و کار با ابزار های مرورگر

🔉@infosectube
📌youtube channel
☣️instagram pageا

#Presentation #CyberSecurity
✂️The zero trust supply chain
✂️Security in sdn/nfv and 5 g network
✂️Android Penetration Testing(Android Security)
✂️اختلال و نفوذ در شبکه از طریق حفره های امنیتی
✂️انواع ارزیابی های امنیتی و مراحل تست و نفوذ
🔉@infosectube
📌youtube channel
☣️instagram pageا

🔰Dumping RDP Credentials

💢https://pentestlab.blog/2021/05/24/dumping-rdp-credentials/

🔉@infosectube
📌youtube channel
☣️instagram pageا

#معرفی_سایت
#Fake_Generator

ساخت چت جعلی تلگرام ،واتساپ ،وایبرو.. ، دایرکت توییتر  اینستاگرام  فیسیوک
ساخت پروفایل فیک  توییتر  اینستاگرام
ساخت لایو جعلی اینستا
ساخت کانال یوتیوبی جعلی

جنریت جیمیل (تبدیل جیمیل شخصی به هزاران جیمیل با صندوق ورودی مشترک )

🔰https://fakedetail.com/
🔉@infosectube
📌youtube channel
☣️instagram pageا

Bitdefender Total Security 6 months

Free for 6 months

LINK: Bitdefender Total Security

❎ برخی از قابلیت‌ها BitDefender Total Security ویندوز:

✅ نهایت قدرت آنتی ویروس و ضد جاسوس

✅ نگهبان حریم خصوصی شما در فیس بوک و توییتر

✅ محافظت در برابر سرقت ID

✅ گارد ضد سرقت برای لپ تاپ

✅ حفاظت از اتصال به اینترنت (فایروال)

✅ بهینه سازی سرعت و کارایی کامپیوتر

✅ به روز رسانی های سریع

✅ اسکن مداوم اما سریع و بهینه شده نسبت به نسخه قبلی

✅ سه مرحله کامل برای جلوگیری از ورود فایل های مخرب به سیستم

✅ استفاده از آخرین تکنولوژی ها در شناسایی فایل های مخرب

✅ 4 مجموعه کامل از نرم افزارهایی که در کنار هم برای برقراری امنیت جای گرفته اند

✅ امنیت بالا در شبکه

✅ فایروال قدرتمند

✅ مناسب برای لپ تاپ ها به منظور کاهش مصرف باتری

✅ کامل ترین ابزار موجود و ارائه شده از سوی Bitdefender

✅ و …

⚠️ میتونید همزمان از 5 دستگاه شامل کامپیوتر و گوشی استفاده کنید.
🔉@infosectube
📌youtube channel
☣️instagram pageا

#Academic #Paper #GameGan
🛡MC-GAN: A Reimplementation of GameGAN With a Gaming Perspective


🔰Link
Publisher: IEEE
ISBN:978-1-6654-0426-6
Abstract:

Creating games is a costly process involving tons of vigorous efforts, time, and resources. Different game engines were introduced to facilitate the game-making process, such as Unreal Engine, Unity, and Godot. However, despite the advent of game engines, the vacuum of automatically creating new games by computers was still felt. With artificial intelligence (AI) development and its growing presence in the industry, game developers made a new game development branch using AI. One of the essential steps in this context was the introduction of GameGAN, which inspired us for this article. Here we propose Multi-Class GamgeGan(MC-GAN), a starting point for the next generation of game engines based on GameGAN. In addition, MC-GAN is capable of classifying each desired game element and even changing its class to change the element’s nature (e.g., MC-GAN can change static elements to dynamic ones). Moreover, MC-GAN uses only one complex model trained once per game. Once it is trained for that specific game, there will be no need for training to produce a new level of that game, a considerable step in the developing industry. Considering that MC-GAN is only the beginning of this big journey; therefore, it is now the best choice for developing web games since they are compact and straightforward. This article first briefly introduces GamGAN and its features; afterward, we get through MC-GAN features and compare them to other similar works.

📡@infosectube
📌youtube channel
☣️instagram page

🦚 From Beginner to Expert Tryhackme Walkthrough 🦚


🦚 # Level 1 - Intro

- [ ] OpenVPN https://tryhackme.com/room/openvpn
- [ ] Welcome https://tryhackme.com/jr/welcome
- [ ] Intro to Researching https://tryhackme.com/room/introtoresearch
- [ ] Learn Linux https://tryhackme.com/room/zthlinux
- [ ] Crash Course Pentesting https://tryhackme.com/room/ccpentesting
Introductory CTFs to get your feet wet
- [ ] Google Dorking https://tryhackme.com/room/googledorking
- [ ] OHsint https://tryhackme.com/room/ohsint
- [ ] Shodan.io https://tryhackme.com/room/shodan

🦚 # Level 2 - Tooling

- [ ] Tmux https://tryhackme.com/room/rptmux
- [ ] Nmap https://tryhackme.com/room/rpnmap
- [ ] Web Scanning https://tryhackme.com/room/rpwebscanning
- [ ] Sublist3r https://tryhackme.com/room/rpsublist3r
- [ ] Metasploit https://tryhackme.com/room/rpmetasploit
- [ ] Hydra https://tryhackme.com/room/hydra
- [ ] Linux Privesc https://tryhackme.com/room/linuxprivesc
- [ ] Web Scanning https://tryhackme.com/room/rpwebscanning
More introductory CTFs
- [ ] Vulnversity - https://tryhackme.com/room/vulnversity
- [ ] Blue - https://tryhackme.com/room/blue
- [ ] Simple CTF https://tryhackme.com/room/easyctf
- [ ] Bounty Hacker https://tryhackme.com/room/cowboyhacker

🦚 # Level 3 - Crypto & Hashes with CTF practice

- [ ] Crack the hash https://tryhackme.com/room/crackthehash
- [ ] Agent Sudo https://tryhackme.com/room/agentsudoctf
- [ ] The Cod Caper https://tryhackme.com/room/thecodcaper
- [ ] Ice https://tryhackme.com/room/ice
- [ ] Lazy Admin https://tryhackme.com/room/lazyadmin
- [ ] Basic Pentesting https://tryhackme.com/room/basicpentestingjt

🦚 # Level 4 - Web

- [ ] OWASP top 10 https://tryhackme.com/room/owasptop10
- [ ] Inclusion https://tryhackme.com/room/inclusion
- [ ] Injection https://tryhackme.com/room/injection
- [ ] Vulnversity https://tryhackme.com/room/vulnversity
- [ ] Basic Pentesting https://tryhackme.com/room/basicpentestingjt
- [ ] Juiceshop https://tryhackme.com/room/owaspjuiceshop
- [ ] Ignite https://tryhackme.com/room/ignite
- [ ] Overpass https://tryhackme.com/room/overpass
- [ ] Year of the Rabbit https://tryhackme.com/room/yearoftherabbit
- [ ] DevelPy https://tryhackme.com/room/bsidesgtdevelpy
- [ ] Jack of all trades https://tryhackme.com/room/jackofalltrades
- [ ] Bolt https://tryhackme.com/room/bolt

🦚 # Level 5 - Reverse Engineering

- [ ] Intro to x86 64 https://tryhackme.com/room/introtox8664
- [ ] CC Ghidra https://tryhackme.com/room/ccghidra
- [ ] CC Radare2 https://tryhackme.com/room/ccradare2
- [ ] CC Steganography https://tryhackme.com/room/ccstego
- [ ] Reverse Engineering https://tryhackme.com/room/reverseengineering
- [ ] Reversing ELF https://tryhackme.com/room/reverselfiles
- [ ] Dumping Router Firmware https://tryhackme.com/room/rfirmware

🦚 # Level 6 - PrivEsc

- [ ] Sudo Security Bypass https://tryhackme.com/room/sudovulnsbypass
- [ ] Sudo Buffer Overflow https://tryhackme.com/room/sudovulnsbof
- [ ] Windows Privesc Arena https://tryhackme.com/room/windowsprivescarena
- [ ] Linux Privesc Arena https://tryhackme.com/room/linuxprivescarena
- [ ] Windows Privesc https://tryhackme.com/room/windows10privesc
- [ ] Blaster https://tryhackme.com/room/blaster
- [ ] Ignite https://tryhackme.com/room/ignite
- [ ] Kenobi https://tryhackme.com/room/kenobi
- [ ] Capture the flag https://tryhackme.com/room/c4ptur3th3fl4g
- [ ] Pickle Rick https://tryhackme.com/room/picklerick

🦚 # Level 7 - CTF practice

- [ ] Post Exploitation Basics https://tryhackme.com/room/postexploit
- [ ] Smag Grotto https://tryhackme.com/room/smaggrotto
- [ ] Inclusion https://tryhackme.com/room/inclusion
- [ ] Dogcat https://tryhackme.com/room/dogcat
- [ ] LFI basics https://tryhackme.com/room/lfibasics
- [ ] Buffer Overflow Prep https://tryhackme.com/room/bufferoverflowprep
- [ ] Overpass https://tryhackme.com/room/overpass
- [ ] Break out the cage https://tryhackme.com/room/breakoutthecage1
- [ ] Lian Yu https://tryhackme.com/room/lianyu
📡@infosectube
📌youtube channel
☣️instagram page

💎دوستان با یک سوپرایز جدید در خدمتتون هستیم از این به بعد یک پلی لیست جدید به عنوان InfoSecPod در کانال اضافه می شود که در آن پادکست های مرتبط با امنیت قرار میگیرد.
📌حتما در کانال یوتیوب subscribeکنید تا هر روز مطلبی جدید در رابطه با امنیت بیاموزید به زودی منتظر سوپرایز جدید در کانال یوتیوب باشید.
🔝Telegram channel:
https://t.iss.one/InfoSecTube