SecList for CyberStudents
@SecListForCyberStudents
240 subscribers
598 photos
24 videos
211 files
909 links
Think outside the box
Download Telegram
About
Blog
Apps
Platform
Join
SecList for CyberStudents
240 subscribers
SecList for CyberStudents
🔖php-jpeg-injector - Injects php payloads into jpeg images. Related to this repo: 📱 GitHub

This script injects PHP code into a specified jpeg image. The web application will execute the payload if it interprets the image. Make sure your input jpeg is uncompressed!


Use Case⤵️
You have a web application that runs a jpeg image through PHP's GD graphics library.

👀 Discover additional commands and options on GitHub page 👇

📱Github: Link
#BugBounty #BugBountyTools #pentest
🔥3
166 views
SecList for CyberStudents
ffiec_it_handbook_information_security_booklet.pdf
572.5 KB
FFIEC IT Examination Handbook

AQShdagi banklar uchun, axborot texnologiyalari xavfsizligi auditini o‘tkazish bo‘yicha qo‘llanma.

#Audit #BlueTeam
135 views
SecList for CyberStudents
EEAS-DataTeam-OsintGuidelines-04-Digital.pdf
6.7 MB
#OSINT #Guide
140 views
SecList for CyberStudents
Analyzing logs with Suricata

#HTB #BlueTeam #Suricata
127 views
SecList for CyberStudents
#XSS #BugBounty
111 views
SecList for CyberStudents
OPEN SOURCE INTELLIGENCE FOR COUNTERTERRORISM.pdf
967.1 KB
#OSINT #CT
96 views
SecList for CyberStudents
afrog - A Security Tool for Bug Bounty, Pentest and Red Teaming.

afrog is a high-performance vulnerability scanner that is fast and stable. It supports user-defined PoC and comes with several built-in types, such as CVE, CNVD, default passwords, information disclosure, fingerprint identification, unauthorized access, arbitrary file reading, and command execution. With afrog, network security professionals can quickly validate and remediate vulnerabilities, which helps to enhance their security defense capabilities.


Installation
go install -v github.com/zan8in/afrog/v3/cmd/afrog@latest


Github: Link

#BugBounty #Tools
1
107 views
SecList for CyberStudents
https://youtu.be/G4Pb7jn0c7A?si=RqdpY56kW4x4nDdO

#Standoff
YouTube
Standoff 14. Everything you need to know before Standoff CyberBattle.
105 viewsedited  
SecList for CyberStudents
https://owasp.org/www-chapter-pune/meetups/2023/Jan/File-upload-Vulnerability-Praveen-Sutar.pptx.pdf

#Pentesing #BugBounty #FileUpload
81 views
SecList for CyberStudents
Burp + Elastic Logging (RU only lang)

https://blog.hackinone.click/burp_and_elk
Teletype
Burp + Elastic = Куча логов(багов?)
Периодически сталкиваюсь с тем, что мне нужны запросы из Burp которые я делал когда-то давно или необходимо посмотреть среди множества...
104 views
SecList for CyberStudents
OSINT Tools Uzbekistan

- Open Data portals
- Legal Entities
- Cadastral Maps
- Vehicles
- Phones
- Public procurements

https://github.com/paulpogoda/OSINT-Tools-Uzbekistan

Contributor https://t.iss.one/pavelbannikov

#osint #geoint
👍2
160 views
SecList for CyberStudents
netacad.sadlab.su/
🗿1
83 viewsedited  
SecList for CyberStudents
urldna.io – A Free OSINT Tool for URL Analysis

urldna.io offers detailed information about any URL, including:

Screenshots
SSL certificates
IP addresses
Title/body text
Cookies
Technologies
HTTP requests
Headers
Console messages
Meta tags

#OSINT
97 viewsedited  
SecList for CyberStudents
https://cvexploits.io/

#CVE
102 views
SecList for CyberStudents
https://github.com/streaak/keyhacks?tab=readme-ov-file

#Pentest #API_KEY
GitHub
GitHub - streaak/keyhacks: Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can…
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. - streaak/keyhacks
101 viewsedited  
SecList for CyberStudents
https://github.com/arainho/awesome-api-security

#Pentest #API_KEY
GitHub
GitHub - arainho/awesome-api-security: A collection of awesome API Security tools and resources. The focus goes to open-source…
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community. - arainho/awesome-api-security
109 views
SecList for CyberStudents
New room in HTB
Topic: Malicious Document Analysis

#HTB
132 views
SecList for CyberStudents
A bug bounty hunting journey.pdf
1.3 MB
121 views
SecList for CyberStudents
System Monitor (Sysmon) – Windows tizim xizmati va qurilma drayveri bo‘lib, tizim qayta yuklanishlari davomida ishlashni davom ettiradi va Windows event logga tizim faoliyatini kuzatib, qayd qiladi. Sysmon jarayon yaratilishi, tarmoq ulanishlari, fayl yaratilish vaqtidagi o‘zgarishlar va boshqa ko‘p narsalar haqida batafsil ma’lumot beradi.

Sysmon’ning asosiy tarkibiy qismlari quyidagilardan iborat:

- Tizim faoliyatini kuzatish uchun Windows xizmati.
- Tizim faoliyati ma’lumotlarini yig‘ishda yordam beruvchi qurilma drayveri.
- Kuzatilgan faoliyat ma’lumotlarini ko‘rsatish uchun event log.

Sysmon’ning noyob imkoniyati shundaki, u odatda Security Event loglarda paydo bo‘lmaydigan ma’lumotlarni qayd qilish imkonini beradi, bu esa uni tizimni chuqur kuzatish va kiberxavfsizlik bo‘yicha sud ekspertizasi (Forensic) tahlili uchun kuchli vositaga aylantiradi.

Sysmon turli xil tizim faoliyatlarini event ID'lar orqali tasniflaydi, har bir ID ma’lum bir event turiga mos keladi. Masalan, Event ID 1 "Process Creation" (jarayon yaratilishi) eventlariga, Event ID 3 esa "Network Connection" (tarmoq ulanishi) eventlariga tegishli. Sysmon event ID'larining to‘liq ro‘yxatini quyidagi link orqali topishingiz mumkin.

https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon

Sysmon configuration file: https://github.com/SwiftOnSecurity/sysmon-config

Sysmon For Linux: https://github.com/microsoft/SysmonForLinux


#BlueTeam #Log_Analyse #Sysmon
Docs
Sysmon - Sysinternals
Monitors and reports key system activity via the Windows event log.
👍2🔥1
127 viewsedited  
SecList for CyberStudents
JavaScript for Hackers.pdf
987.7 KB
#Book
👍1
93 viewsedited