๐ฏ Mastering CRTO? This Resource is Pure Gold!
If you're preparing for Certified Red Team Operator (CRTO) or want to sharpen your adversary emulation skills, Iโve found something invaluable for you!
๐ Check here : https://m4lici0u5.com/notes/crto-notes/
๐ Whatโs inside?
๐ดโโ ๏ธ Cobalt Strike โ Beacons, pivoting & advanced tactics.
๐ดโโ ๏ธ AD Attacks โ Lateral movement, Kerberoasting, DCSync & more.
๐ดโโ ๏ธ Bypassing Defenses โ EDR evasion, AMSI bypass, OPSEC tricks.
๐ดโโ ๏ธ Persistence & PrivEsc โ Staying stealthy like real APTs.
If you're preparing for Certified Red Team Operator (CRTO) or want to sharpen your adversary emulation skills, Iโve found something invaluable for you!
๐ Check here : https://m4lici0u5.com/notes/crto-notes/
๐ Whatโs inside?
๐ดโโ ๏ธ Cobalt Strike โ Beacons, pivoting & advanced tactics.
๐ดโโ ๏ธ AD Attacks โ Lateral movement, Kerberoasting, DCSync & more.
๐ดโโ ๏ธ Bypassing Defenses โ EDR evasion, AMSI bypass, OPSEC tricks.
๐ดโโ ๏ธ Persistence & PrivEsc โ Staying stealthy like real APTs.
๐ฅ11๐4๐ฟ4๐ซก3
CVE-2024-13918, -13919: XSS in Laravel Framework, 8.0 ratingโ๏ธ
The vulnerabilities allow an attacker to execute code in the victim's browser via Reflected XSS if the victim clicks on a decoy link.
More then 770k instances at Netlas.io:
๐ Link: https://nt.ls/95OAY
๐ Dork: http.headers.set_cookie:"laravel_session="
Read more: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
The vulnerabilities allow an attacker to execute code in the victim's browser via Reflected XSS if the victim clicks on a decoy link.
More then 770k instances at Netlas.io:
๐ Link: https://nt.ls/95OAY
๐ Dork: http.headers.set_cookie:"laravel_session="
Read more: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
๐5โค3๐ฑ1๐จโ๐ป1
function rappidns() {
curl -s "https://rapiddns.io/subdomain/$1?full=1" | grep -oE "[\.a-zA-Z0-9-]+\.$1" | tr '[:upper:]' '[:lower:]' | sort -u
}Please open Telegram to view this post
VIEW IN TELEGRAM
rapiddns.io
$1 Subdomain - RapidDNS Rapid DNS Information Collection
RapidDNS is a domain name information query system that supports querying information about websites, subdomains and the same ip website. RapidDNS supports A, AAAA, CNAME, CERTIFICATE and MX types.
๐17๐ข2
Get Windows Domain Information:
C:\> nltest /DCLIST:DomainName
C:\> nltest /DCNAME:DomainName
C:\> nltest /DSGETDC:DomainName
These commands utilize nltest, a command-line tool included with Windows Server and some client versions (when Remote Server Administration Tools, RSAT, are installed).
Below is a detailed breakdown:
1. nltest /DCLIST:DomainName
Purpose: Lists all domain controllers for the specified domain (DomainName).
Output: Displays a list of domain controllers with their names, IP addresses, and site information.
Example:
C:\> nltest /DCLIST:EXAMPLE
DC: \\https://DC01.example.com [192.168.1.10] Site: Default-First-Site-Name
DC: \\https://DC02.example.com [192.168.1.11] Site: Default-First-Site-Name
The command completed successfully
2. nltest /DCNAME:DomainName
Purpose: Retrieves the name of a domain controller for the specified domain.
Output: Returns a single DC name, often the one the workstation is communicating with.
Example:
C:\> nltest /DCNAME:EXAMPLE
DC: \\https://DC01.example.com
The command completed successfully
3. nltest /DSGETDC:DomainName
Purpose: Queries and returns detailed information about a domain controller for the specified domain, including its name, IP, site, and more.
Output: Provides a verbose output with attributes like DC name, IP address, domain GUID, and forest details.
Example:
C:\> nltest /DSGETDC:EXAMPLE
DC: \\https://DC01.example.com
Address: 192.168.1.10
Dom Guid: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
Site: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE
The command completed successfully
C:\> nltest /DCLIST:DomainName
C:\> nltest /DCNAME:DomainName
C:\> nltest /DSGETDC:DomainName
These commands utilize nltest, a command-line tool included with Windows Server and some client versions (when Remote Server Administration Tools, RSAT, are installed).
Below is a detailed breakdown:
1. nltest /DCLIST:DomainName
Purpose: Lists all domain controllers for the specified domain (DomainName).
Output: Displays a list of domain controllers with their names, IP addresses, and site information.
Example:
C:\> nltest /DCLIST:EXAMPLE
DC: \\https://DC01.example.com [192.168.1.10] Site: Default-First-Site-Name
DC: \\https://DC02.example.com [192.168.1.11] Site: Default-First-Site-Name
The command completed successfully
2. nltest /DCNAME:DomainName
Purpose: Retrieves the name of a domain controller for the specified domain.
Output: Returns a single DC name, often the one the workstation is communicating with.
Example:
C:\> nltest /DCNAME:EXAMPLE
DC: \\https://DC01.example.com
The command completed successfully
3. nltest /DSGETDC:DomainName
Purpose: Queries and returns detailed information about a domain controller for the specified domain, including its name, IP, site, and more.
Output: Provides a verbose output with attributes like DC name, IP address, domain GUID, and forest details.
Example:
C:\> nltest /DSGETDC:EXAMPLE
DC: \\https://DC01.example.com
Address: 192.168.1.10
Dom Guid: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
Site: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE
The command completed successfully
๐15โค6๐ฅ1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ซก12๐3๐ฅ3
Vespa is an open-source big data serving engine used for building applications that require real-time processing and serving of large datasets. The Vespa configuration server typically runs on port 19071. This server is responsible for managing the configuration of Vespa nodes and can sometimes expose sensitive information or be vulnerable to misconfigurations.
1. Open Port: Ensure that port 19071 is not exposed to the public internet without proper authentication and authorization mechanisms in place.
2. Configuration Files: Check if the configuration files are accessible or if there are any misconfigurations that could lead to information disclosure.
3. Authentication: Verify that the configuration server requires proper authentication and that default credentials have been changed.
4. Access Control: Ensure that access to the configuration server is restricted to only authorized personnel.
5. Logging and Monitoring: Look for any logging or monitoring issues that could expose sensitive information.
To check if port 19071 is open, you can use
nmap:nmap -p 19071 <target_ip>
If the port is open, you can try to access it using a web browser or tools like
curl:curl https://<target_ip>:19071
โญIf you find any vulnerabilities or misconfigurations, document them thoroughly and report them to the bug bounty program. Good luck!
Please open Telegram to view this post
VIEW IN TELEGRAM
๐9๐ฅ7โค3
โข LOLBAS [Windows LOLBins abuse ] โ https://lolbas-project.github.io/
โข GTFOBins [Linux privilege escalation] โ https://gtfobins.github.io/
โข IppSec Rocks [HTB attack walkthroughs] โ https://ippsec.rocks/?#
โข WADComs [Windows AD enumeration] โ https://wadcoms.github.io/
Please open Telegram to view this post
VIEW IN TELEGRAM
โค19๐ฅ2
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ8
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ41โค6๐จโ๐ป2
CVE-2024-10441: RCE in Synology products, 9.8 rating ๐ฅ
Synology DSM and BSM are vulnerable to Improper Encoding or Escaping of Output, which could potentially lead to remote execution of arbitrary code.
Search at Netlas.io:
๐ Link: https://nt.ls/KOa1N
๐ Dork: http.favicon.hash_sha256:b8f4bb2e2ba81cb86875fb89db4571278d6e23fd888313d0f4152b1adbc8bd08
Vendor's advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
Synology DSM and BSM are vulnerable to Improper Encoding or Escaping of Output, which could potentially lead to remote execution of arbitrary code.
Search at Netlas.io:
๐ Link: https://nt.ls/KOa1N
๐ Dork: http.favicon.hash_sha256:b8f4bb2e2ba81cb86875fb89db4571278d6e23fd888313d0f4152b1adbc8bd08
Vendor's advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
๐ฅ7๐3
๐ต๏ธโโ๏ธ Bug Bounty Hunters, Hereโs a Hidden Gem! ๐
๐ Grab it now : https://gowsundar.gitbook.io/book-of-bugbounty-tips
---------------------------------------------------------
๐ ๐๐๐ฏ๐๐ฅ ๐๐ฉ ๐๐จ๐ฎ๐ซ ๐๐ฒ๐๐๐ซ๐๐๐ ๐๐๐ฆ๐! ๐ฅ
๐ brutsec.com
๐ฑ ๐๐๐ฅ๐๐ ๐ซ๐๐ฆ: t.iss.one/brutsecurity
๐ผ ๐: x.com/brutsecurity
๐ ๐๐ญ๐ก๐ข๐๐๐ฅ ๐๐๐๐ค๐ข๐ง๐ ๐๐จ๐๐๐ฆ๐๐ฉ: topmate.io/saumadip/1391531
๐ ๐๐จ๐ฎ๐ซ๐ฌ๐ ๐๐ง๐ซ๐จ๐ฅ๐ฅ๐ฆ๐๐ง๐ญ: wa.link/brutsecurity
โญ ๐๐ข๐ค๐ ๐ญ๐ก๐ข๐ฌ ๐ฉ๐จ๐ฌ๐ญ? โ ๐ ๐จ๐ฅ๐ฅ๐จ๐ฐ, ๐๐จ๐ข๐ง, ๐๐ฎ๐๐ฌ๐๐ซ๐ข๐๐ & ๐๐๐ง๐ ๐๐ญ๐๐ซ๐ฌ ๐ญ๐จ ๐ฌ๐ก๐จ๐ฐ ๐ฒ๐จ๐ฎ๐ซ ๐ฌ๐ฎ๐ฉ๐ฉ๐จ๐ซ๐ญ!
๐ Grab it now : https://gowsundar.gitbook.io/book-of-bugbounty-tips
---------------------------------------------------------
๐ ๐๐๐ฏ๐๐ฅ ๐๐ฉ ๐๐จ๐ฎ๐ซ ๐๐ฒ๐๐๐ซ๐๐๐ ๐๐๐ฆ๐! ๐ฅ
๐ brutsec.com
๐ฑ ๐๐๐ฅ๐๐ ๐ซ๐๐ฆ: t.iss.one/brutsecurity
๐ผ ๐: x.com/brutsecurity
๐ ๐๐ญ๐ก๐ข๐๐๐ฅ ๐๐๐๐ค๐ข๐ง๐ ๐๐จ๐๐๐ฆ๐๐ฉ: topmate.io/saumadip/1391531
๐ ๐๐จ๐ฎ๐ซ๐ฌ๐ ๐๐ง๐ซ๐จ๐ฅ๐ฅ๐ฆ๐๐ง๐ญ: wa.link/brutsecurity
โญ ๐๐ข๐ค๐ ๐ญ๐ก๐ข๐ฌ ๐ฉ๐จ๐ฌ๐ญ? โ ๐ ๐จ๐ฅ๐ฅ๐จ๐ฐ, ๐๐จ๐ข๐ง, ๐๐ฎ๐๐ฌ๐๐ซ๐ข๐๐ & ๐๐๐ง๐ ๐๐ญ๐๐ซ๐ฌ ๐ญ๐จ ๐ฌ๐ก๐จ๐ฐ ๐ฒ๐จ๐ฎ๐ซ ๐ฌ๐ฎ๐ฉ๐ฉ๐จ๐ซ๐ญ!
๐ฅ7โค3๐ฟ1
๐The ultimate 403 Bypass wordlists and tester notes by JHaddix
๐ฑ Github: ๐ Link
---------------------------------------------------------
๐ ๐๐๐ฏ๐๐ฅ ๐๐ฉ ๐๐จ๐ฎ๐ซ ๐๐ฒ๐๐๐ซ๐๐๐ ๐๐๐ฆ๐! ๐ฅ
๐ brutsec.com
๐ฑ ๐๐๐ฅ๐๐ ๐ซ๐๐ฆ: t.iss.one/brutsecurity
๐ผ ๐: x.com/brutsecurity
๐ ๐๐ญ๐ก๐ข๐๐๐ฅ ๐๐๐๐ค๐ข๐ง๐ ๐๐จ๐๐๐ฆ๐๐ฉ: topmate.io/saumadip/1391531
๐ ๐๐จ๐ฎ๐ซ๐ฌ๐ ๐๐ง๐ซ๐จ๐ฅ๐ฅ๐ฆ๐๐ง๐ญ: wa.link/brutsecurity
โญ ๐๐ข๐ค๐ ๐ญ๐ก๐ข๐ฌ ๐ฉ๐จ๐ฌ๐ญ? โ ๐ ๐จ๐ฅ๐ฅ๐จ๐ฐ, ๐๐จ๐ข๐ง, ๐๐ฎ๐๐ฌ๐๐ซ๐ข๐๐ & ๐๐๐ง๐ ๐๐ญ๐๐ซ๐ฌ ๐ญ๐จ ๐ฌ๐ก๐จ๐ฐ ๐ฒ๐จ๐ฎ๐ซ ๐ฌ๐ฎ๐ฉ๐ฉ๐จ๐ซ๐ญ!
#bugbounty #bugbountytips #cybersecurity #infosec #brutsecurity
๐ฑ Github: ๐ Link
---------------------------------------------------------
๐ ๐๐๐ฏ๐๐ฅ ๐๐ฉ ๐๐จ๐ฎ๐ซ ๐๐ฒ๐๐๐ซ๐๐๐ ๐๐๐ฆ๐! ๐ฅ
๐ brutsec.com
๐ฑ ๐๐๐ฅ๐๐ ๐ซ๐๐ฆ: t.iss.one/brutsecurity
๐ผ ๐: x.com/brutsecurity
๐ ๐๐ญ๐ก๐ข๐๐๐ฅ ๐๐๐๐ค๐ข๐ง๐ ๐๐จ๐๐๐ฆ๐๐ฉ: topmate.io/saumadip/1391531
๐ ๐๐จ๐ฎ๐ซ๐ฌ๐ ๐๐ง๐ซ๐จ๐ฅ๐ฅ๐ฆ๐๐ง๐ญ: wa.link/brutsecurity
โญ ๐๐ข๐ค๐ ๐ญ๐ก๐ข๐ฌ ๐ฉ๐จ๐ฌ๐ญ? โ ๐ ๐จ๐ฅ๐ฅ๐จ๐ฐ, ๐๐จ๐ข๐ง, ๐๐ฎ๐๐ฌ๐๐ซ๐ข๐๐ & ๐๐๐ง๐ ๐๐ญ๐๐ซ๐ฌ ๐ญ๐จ ๐ฌ๐ก๐จ๐ฐ ๐ฒ๐จ๐ฎ๐ซ ๐ฌ๐ฎ๐ฉ๐ฉ๐จ๐ซ๐ญ!
#bugbounty #bugbountytips #cybersecurity #infosec #brutsecurity
๐ฅ8โค2
Please open Telegram to view this post
VIEW IN TELEGRAM
HackerOne
HackerOne disclosed on HackerOne: Domain highlighting on External...
There have been multiple issues with External Link Warning in the past. Sometimes it's Homograph, sometimes more than 2 slashes in link, sometimes domain highlighting and/or weird markdown. And...
๐คฃ9๐ซก1
Please open Telegram to view this post
VIEW IN TELEGRAM
1๐ฅ17๐ฑ4โค3
โกThe Ultimate PNPT Study Guide โ Master Pentesting & Crush the Exam!
๐Link: https://github.com/TrshPuppy/PNPT-study-guide
๐Link: https://github.com/TrshPuppy/PNPT-study-guide
โค10๐ฅ4๐3