🚨OneDorkForAll🚨
👉An insane list of all dorks taken from everywhere from various different sources. Google, Shodan, Github. Bug bounty dorks (includes private programs), shodan, github, CCTV, CMS dorks, lfi, sqli, xss, more vulns + an extra 1Mil+ dorks.
🔗https://github.com/HackShiv/OneDorkForAll
👉An insane list of all dorks taken from everywhere from various different sources. Google, Shodan, Github. Bug bounty dorks (includes private programs), shodan, github, CCTV, CMS dorks, lfi, sqli, xss, more vulns + an extra 1Mil+ dorks.
🔗https://github.com/HackShiv/OneDorkForAll
👍1
Mobile Pentest Like a Pro.
• IOS Jailbreak Methods;
• Android Root Methods;
• Important Folders & Files;
• Static Analytics;
• Hooking;
• SSL Pin;
• Root Detection;
• Insecure Logging;
• Insecure Storage;
• Content Provider;
• Static Scanner;
• Resources.
#IOS #Android #Pentest
• IOS Jailbreak Methods;
• Android Root Methods;
• Important Folders & Files;
• Static Analytics;
• Hooking;
• SSL Pin;
• Root Detection;
• Insecure Logging;
• Insecure Storage;
• Content Provider;
• Static Scanner;
• Resources.
#IOS #Android #Pentest
⚡1👍1
Forwarded from Spot.uz – бизнес и технологии
ONESEC готовит специалистов по кибербезопасности для рынка Узбекистана
По итогам обучающего проекта компании 500 желающих прошли трехмесячный курс по работе в системе Linux и веб-уязвимостям. Сегодня 9 участников, прошедших итоговый отбор, работают в ONESEC, а 6 — зарекомендованы в Security Operation Center (реклама).
https://www.spot.uz/ru/2024/06/07/onesec/
По итогам обучающего проекта компании 500 желающих прошли трехмесячный курс по работе в системе Linux и веб-уязвимостям. Сегодня 9 участников, прошедших итоговый отбор, работают в ONESEC, а 6 — зарекомендованы в Security Operation Center (реклама).
https://www.spot.uz/ru/2024/06/07/onesec/
👍5
🚨CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server
👉It allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches, ransomware attacks, and complete system compromise.
💥PoC: https://github.com/rapid7/metasploit-framework/pull/19240
💥Dorks:
Hunter: /product.name="HTTP File Server" and web.body="Rejetto"
FOFA: product="HFS"
SHODAN: product:"HttpFileServer httpd"
#Rejetto #HFS #bugbounty #bugbountytips #cybersecurity #pentesting
👉It allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches, ransomware attacks, and complete system compromise.
💥PoC: https://github.com/rapid7/metasploit-framework/pull/19240
💥Dorks:
Hunter: /product.name="HTTP File Server" and web.body="Rejetto"
FOFA: product="HFS"
SHODAN: product:"HttpFileServer httpd"
#Rejetto #HFS #bugbounty #bugbountytips #cybersecurity #pentesting
👍1
#xxe #sharepoint
SharePoint XML eXternal Entity (XXE) Injection Vulnerability
‼️ CVE-2024-30043 ‼️
https://cybersecuritynews.com/poc-exploit-xxe-injection-vulnerability/
SharePoint XML eXternal Entity (XXE) Injection Vulnerability
‼️ CVE-2024-30043 ‼️
https://cybersecuritynews.com/poc-exploit-xxe-injection-vulnerability/
🔥1
🚨CVE-2024-29849~29852: Veeam’s Backup Nightmare, Full System Access Exposed
⚠Veeam Backup Enterprise Manager has been issued 4 critical vulnerabilities, allowing unauthorized access, account takeover, and data exposure.
💥PoC: https://github.com/sinsinology/CVE-2024-29849
💥Dorks:
Hunter:/product.name="Veeam Backup Enterprise Manager"
FOFA:app="Veeam-Backup-Enterprise-Manager"
SHODAN:http.title:"Veeam Backup Enterprise Manager"
#Veeam #backup #infosec #infosecurity #Infosys #Vulnerability #bugbounty #bugbountytips
⚠Veeam Backup Enterprise Manager has been issued 4 critical vulnerabilities, allowing unauthorized access, account takeover, and data exposure.
💥PoC: https://github.com/sinsinology/CVE-2024-29849
💥Dorks:
Hunter:/product.name="Veeam Backup Enterprise Manager"
FOFA:app="Veeam-Backup-Enterprise-Manager"
SHODAN:http.title:"Veeam Backup Enterprise Manager"
#Veeam #backup #infosec #infosecurity #Infosys #Vulnerability #bugbounty #bugbountytips
🔥1
Cloudflare Resolver
Free online tool. Enter the name of the domain protected by CloudFlare and the service will find subdomains that are not protected by CloudFlare.
https://www.skypeipresolver.net/cloudflare.php
Free online tool. Enter the name of the domain protected by CloudFlare and the service will find subdomains that are not protected by CloudFlare.
https://www.skypeipresolver.net/cloudflare.php
🔥2
🚨cloud_enum🚨
👉Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
🔗https://github.com/initstring/cloud_enum
#bugbounty #bugbountytips
👉Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
🔗https://github.com/initstring/cloud_enum
#bugbounty #bugbountytips
GitHub
GitHub - initstring/cloud_enum: Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. - initstring/cloud_enum
🔥1
Forwarded from CYBER-BRO Kiberxavfsizlik kompaniyasi
O‘zbekiston Respublikasi "Huquqni muhofaza qilish" akademiyasi negizida "Raqamli kriminalistika ilmiy-tadqiqot" institutini tashkil etish nazarda tutilgan. Institut raqamli kriminalistika sohasida innovatsion tadqiqot va ishlanmalar markaziga aylanishni maqsad qilgan.
Qarorning asosiy jihatlari:
1. Institutga raqamli kriminalistika sohasida sud-tibbiy ekspertiza va tadqiqotlar o‘tkazish vakolati berish;
2. Kiberjinoyatlarni tergov qilish jarayonlariga zamonaviy texnologiyalarni joriy etish. Huquqni muhofaza qilish organlari faoliyati samaradorligini oshirishda “katta hajmli ma’lumotlar” (Big Data) tahlili, sun’iy intellekt va boshqa ilg‘or texnologiyalardan foydalanishga alohida e’tibor qaratish;
3. Huquqni muhofaza qiluvchi organlarga jinoyatlarning raqamli izlarini aniqlash, olib qo‘yish, saqlash va tadqiq etishda amaliy yordam ko‘rsatish;
4. Raqamli kriminalistika bo‘yicha sud ekspertizalarini o‘tkazish usullarini ishlab chiqish va takomillashtirish;
5. Kripto-aktivlar va blokcheyn texnologiyalaridan foydalangan holda sodir etilgan jinoyatlarni aniqlash va tergov qilish usullarini ishlab chiqish;
6. Raqamli kriminalistika sohasida yuqori malakali kadrlar tayyorlash;
7. Kiberjinoyatchilikka qarshi kurashish sohasida xalqaro ilmiy-texnikaviy hamkorlikni kengaytirish.
https://uza.uz/oz/posts/raqamli-kriminalistika-ilmiy-tadqiqot-instituti-tashkil-etiladi_609757
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥1
CVE-2024-34470: An Unauthenticated Path Traversal vulnerability in HSC Mailinspector!
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
PoC: https://lnkd.in/gK4NHJ4C
Video POC: https://youtube.com/shorts/Ij8nWAZQ978?feature=share
Dorks:
Hunter: web.title=="..:: HSC MailInspector ::.."
FOFA: title=="..:: HSC MailInspector ::.."
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
PoC: https://lnkd.in/gK4NHJ4C
Video POC: https://youtube.com/shorts/Ij8nWAZQ978?feature=share
Dorks:
Hunter: web.title=="..:: HSC MailInspector ::.."
FOFA: title=="..:: HSC MailInspector ::.."
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
🔥1
Forwarded from Turan Security
📢 99% chegirma bilan eng yaxshi Kiber xavfsizlik kurslaridan birini sotib oling❗️
Kurs orqali:
🔍 Veb ilovalar xavfsizligini tekshirish va ularni xavfsizligini ta'minlash;
💻 4 xil labaratoriya orqali amaliy ko'nikmaga ega bo'lish;
🏆 Dars ohirida Pentester yoki Bug bounty hunter kabi xodim bo'lib yetishib chiqish mumkin.
Ushbu kurs Pentest 101, Offensive SQL, Burp Suite 101 darsliklari jamlanmasi hisoblanadi...
O'quvchilar tomonidan natijalar:
☕️ Amazon, Alibaba kabi kompaniyalardan Bug Bounty;
🏆 eWPT, CAP kabi xalqaro sertifikatlar;
Narx:1,200,000 so'm 12,600 so'm
Chegirma muddati: 27-iyun, 11:00 gacha
Kursni chegirma narxida olish uchun bizning Telegram, Youtube kanallarimizga obuna bo'ling va bizga murojaat qiling!
Bog'lanish: @turan_admin
Telegram | Linkedin | Youtube
Kurs orqali:
🔍 Veb ilovalar xavfsizligini tekshirish va ularni xavfsizligini ta'minlash;
💻 4 xil labaratoriya orqali amaliy ko'nikmaga ega bo'lish;
🏆 Dars ohirida Pentester yoki Bug bounty hunter kabi xodim bo'lib yetishib chiqish mumkin.
Ushbu kurs Pentest 101, Offensive SQL, Burp Suite 101 darsliklari jamlanmasi hisoblanadi...
O'quvchilar tomonidan natijalar:
☕️ Amazon, Alibaba kabi kompaniyalardan Bug Bounty;
🏆 eWPT, CAP kabi xalqaro sertifikatlar;
Narx:
Chegirma muddati: 27-iyun, 11:00 gacha
Kursni chegirma narxida olish uchun bizning Telegram, Youtube kanallarimizga obuna bo'ling va bizga murojaat qiling!
Bog'lanish: @turan_admin
Telegram | Linkedin | Youtube
🔥3