Search Engines for #DataBreach
https://start.me/p/wMrA5z/cyber-threat-intelligence
http://breachchecker.com
http://haveibeenpwned.com
http://leak-lookup.com
http://leakcheck.io
http://leakcheck.net
http://leakpeek.com
http://snusbase.com
https://breachalarm.com/
https://cryptome.org/
https://intelx.io/
https://leak.sx/
https://leakcheck.io/
https://monitor.firefox.com/
https://one.google.com/about/security
https://scatteredsecrets.com/
https://wikileaks.org/
https://www.globaleaks.org/

@Engineer_Computer

مستندی خواندنی از FireEye
@Engineer_Computer

#MyNote

چند روز پیش به یک پروژه در گیتهاب برخوردم، کتابخانه ای برای ایجاد BSOD در Rust با استفاده از توابع Undocumented.
حالا صرف نظر از اینکه چرا نویسنده همچین کتابخانه ای نوشته بریم یکم تحلیل کنیم.

ابتدا با استفاده از تابع بومی RtlAdjustPrivilige سطح دسترسی های لازم را برای پروسس فراهم میکنه، این تابع بخش از NTDLL.DLL هست.

در مرحله دوم با استفاده از تابع بومی NtRaiseHardError اقدام به ایجاد BSOD میکنه. این تابع هم بخشی از NTDLL.DLL هست.

توضیحات بیشتر :
به پارامتر های ورودی دقت کنید.
اینکار رو میشه با تابع بومی ZwRaiseHardError هم انجام داد.
الان میدونید که یکی از دلایل رخ دادن BSOD در یوزر مد چی میتونه باشه.

@Engineer_Computer

🔏Looney Tunables: POC for CVE-2023-4911
Local Privilege Escalation
🔗https://github.com/RickdeJager/CVE-2023-4911

#CVE
@Engineer_Computer

🎖Network Security
Best Practices

#Network #Book
@Engineer_Computer

👁 Sans OSINT Summit 2023.

اخیراً یکی از محبوب ترین اجلاس ها برای علاقه مندان و متخصصان OSINT برگزار شد - Sans OSINT Summit 2023 که در آن گزارش های مفید و اطلاعات منحصر به فردی ارائه شد.

• اما امروز صحبت از گزارش ها و سخنرانی ها نیست، بلکه صحبت از منابع و ابزارهایی است که در جریان مراسم ذکر شد.

• با دنبال کردن لینک می توانید نرم افزار مفید، وبلاگ متخصصان OSINT، و سایر اطلاعات منحصر به فرد را بیابید. :

🔗https://github.com/ranlo/osintsummit-2023-resources

#OSINT
@Engineer_Computer

هشدار در خصوص آسیب‌پذیری بحرانی در وب‌سرور IIS

✅ اولویت رسیدگی: فوری

آسیب‌پذیری افزایش سطح دسترسی در وب سرور IIS شرکت مایکروسافت، با شناسه: CVE-2023-36434 شناسایی شده است.

جزئیات به‌روز‌رسانی امنیتی در لینک زیر ارائه شده است:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434

مرکز مدیریت راهبردی افتا
@Engineer_Computer

📚Free Offensive Security Notes (OSCP, OSWE, OSEP, OSED)

1️⃣OSCP NOTES AD: google drive

2️⃣OSCP Notes : google drive

3️⃣OSWE Notes: google drive

4️⃣OSEP Notes: google drive

5️⃣OSED Notes: google drive

#Offensive_security
@Engineer_Computer

python noscripts #کتاب
#python #noscripts
@Engineer_Computer

Threat Advisory: Zero-Day Vulnerabilities Detected On Winrar

These vulnerabilities require user interaction for exploitation.

Remote attackers, with malicious intent, can execute arbitrary code on systems where WinRAR is installed.

The software’s functionality, which includes archive creation in RAR or ZIP file formats, displays and unpacks numerous archive file formats.

This further amplifies the potential for compromise as WinRAR’s ability to support the creation of encrypted archives, multi-part files, and self-extraction adds to the complexity of the situation.

Furthermore, file integrity is verified using CRC32 or BLAKE2 checksums for each file within an archive, highlighting the significance of these gaps in the system.


@Engineer_Computer

Social Engineering Attacks Target OKTA Customers To Achieve a Highly Privileged Role

Threat actors appeared to either have passwords to privileged user accounts or be able to manipulate the delegated authentication flow via Active Directory (AD) prior to calling the IT service desk.

The threat actor targeted Okta customers’ users assigned with Super Administrator permissions.

The attackers were spotted using anonymizing proxy services and an IP and device not previously associated with the user account to access the compromised account.


@Engineer_Computer

How to Conduct a Cloud Security Assessment

A cloud security assessment evaluates an organization's cloud infrastructure for the following:

- Overall security posture
- Identity and access management (IAM) policies
- Service provider security features
- Compliance
- Documentation
- Exposure to future threats

Threat modeling reviews should test against possible attacks and threats to the cloud environment, ease of attacks based on exposure and susceptibility, and the state of preventive and detective controls in place.

Organizations with multi-cloud deployments should expect to conduct separate threat modeling sessions for each respective cloud service.


@Engineer_Computer

What is Encrypted DNS Traffic?

The Trouble With Traditional DNS

Before diving into a denoscription of encrypted DNS traffic, we should probably talk about DNS traffic in general.

The Domain Name System (DNS) stands as a linchpin in our digital realm.

Think of it as an intricate directory for the Internet; its role is not just making online navigation intuitive for users but also augmenting the resilience of online services.

Universal DNS Traffic Encryption

The majority of encryption methods hinge on DNS resolvers that are configured for encryption.

However, these encryption-supporting resolvers comprise only a tiny fraction of the total.

Centralization or consolidation of DNS resolvers is a looming issue.

With limited options, this centralization creates tempting targets for malevolent entities or intrusive surveillance.


@Engineer_Computer

Mason Tenders’ District Council data breach class action settlement

The Mason Tenders’ District Council is a labor organization based in New York, serving more than 17,000 members, including construction workers, asbestos and hazardous materials handlers, Catholic high school teachers, and recycling and waste handlers, according to the council’s website.


@Engineer_Computer