👺TotalRecall

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

https://github.com/xaitax/TotalRecall

#cybersecurity #pentesting #redteam

https://github.com/kljunowsky/CVE-2024-27348

Usage:
python3 CVE-2024-27348.py -t https://target.tld:8080 -c "command to execute"


#Apache #RCE

#OSINT #Telegram

Полезные утилиты для поиска аккаунта через номер телефона и просто поиск людей в телеграм.

Ссылка на статью

🚨OneDorkForAll🚨

👉An insane list of all dorks taken from everywhere from various different sources. Google, Shodan, Github. Bug bounty dorks (includes private programs), shodan, github, CCTV, CMS dorks, lfi, sqli, xss, more vulns + an extra 1Mil+ dorks.

🔗https://github.com/HackShiv/OneDorkForAll

Mobile Pentest Like a Pro.

•  IOS Jailbreak Methods;
•  Android Root Methods;
•  Important Folders & Files;
•  Static Analytics;
•  Hooking;
•  SSL Pin;
•  Root Detection;
•  Insecure Logging;
•  Insecure Storage;
•  Content Provider;
•  Static Scanner;
•  Resources.

#IOS #Android #Pentest

ONESEC готовит специалистов по кибербезопасности для рынка Узбекистана

По итогам обучающего проекта компании 500 желающих прошли трехмесячный курс по работе в системе Linux и веб-уязвимостям. Сегодня 9 участников, прошедших итоговый отбор, работают в ONESEC, а 6 — зарекомендованы в Security Operation Center (реклама).

https://www.spot.uz/ru/2024/06/07/onesec/

🚨CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server

👉It allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches, ransomware attacks, and complete system compromise.

💥PoC: https://github.com/rapid7/metasploit-framework/pull/19240

💥Dorks:
Hunter: /product.name="HTTP File Server" and web.body="Rejetto"
FOFA: product="HFS"
SHODAN: product:"HttpFileServer httpd"

#Rejetto #HFS #bugbounty #bugbountytips #cybersecurity #pentesting

#xxe #sharepoint

SharePoint XML eXternal Entity (XXE) Injection Vulnerability

‼️ CVE-2024-30043 ‼️

https://cybersecuritynews.com/poc-exploit-xxe-injection-vulnerability/

🚨CVE-2024-29849~29852: Veeam’s Backup Nightmare, Full System Access Exposed

⚠Veeam Backup Enterprise Manager has been issued 4 critical vulnerabilities, allowing unauthorized access, account takeover, and data exposure.

💥PoC: https://github.com/sinsinology/CVE-2024-29849

💥Dorks:
Hunter:/product.name="Veeam Backup Enterprise Manager"

FOFA:app="Veeam-Backup-Enterprise-Manager"

SHODAN:http.title:"Veeam Backup Enterprise Manager"

#Veeam #backup #infosec #infosecurity #Infosys #Vulnerability #bugbounty #bugbountytips

#Cloud #Attacks

Cloudflare Resolver

Free online tool. Enter the name of the domain protected by CloudFlare and the service will find subdomains that are not protected by CloudFlare.

https://www.skypeipresolver.net/cloudflare.php

POC — CVE-2024–4956 -Unauthenticated Path Traversal

https://medium.com/@verylazytech/poc-cve-2024-4956-unauthenticated-path-traversal-f24b1a595e0e

Eid al-Adha muborak frends.

🚨cloud_enum🚨

👉Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

🔗https://github.com/initstring/cloud_enum

#bugbounty #bugbountytips