Cobalt Strike Profiles for EDR #Evasion
https://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion

@Engineer_Computer

9 Best SOC Tools to Strengthen Your Security Posture

This article will explore the most effective SOC solutions to help you make well-informed cybersecurity decisions and strengthen business defenses.

@Engineer_Computer

Cybersecurity Skills Gap Rises. Impacted Businesses Urged to Attract Talent With Education and Embrace AI

This could also mean that more cybersecurity professionals are available for hire.

But do they have the skills companies need?

Among respondents to the survey, 92% reported skills gaps at their organization, a gap that includes cloud computing security.

An inability to find people with the right skills, the struggle to keep employees who have those skills, and a shrinking hiring budget are the biggest causes cited for these skills gaps.

Indeed, 54% of respondents said that the cybersecurity skills shortage situation has been getting worse in recent years.

@Engineer_Computer

Reports of Data Breach on Class Charts Platform

Class Charts is used by more than 180,000 teachers, its website states.

The company says it can “save teachers time and reduce workload with our data rich seating plans” and “improve pupil behaviour with our fast and effective behaviour management”.

@Engineer_Computer

JetBrains Warns of New TeamCity Auth Bypass Vulnerability

JetBrains strongly advises all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability.

Tracked as CVE-2024-23917, this critical severity flaw impacts all versions of TeamCity On-Premises from 2017.1 through 2023.11.2 and can be exploited in remote code execution (RCE) attacks that don't require user interaction.
@Engineer_Computer

OpenAI's ChatGPT Breaches Privacy Rules, Says Italian Watchdog

Italy was the first West European country to curb ChatGPT, whose rapid development has attracted attention from lawmakers and regulators.

Under the EU's General Data Protection Regulation (GDPR) introduced in 2018, any company found to have broken rules faces fines of up to 4% of its global turnover.
@Engineer_Computer

🔖Google Dorks for recon

site:*.domain.*

site:domain.*

site:*.domain.com

site:*.domain.-*.*

🔎 Top Google dorks for bugbounty : Link

#bugbounty #bugbountytips
@Engineer_Computer

New bug bounty tools are coming.
Follow me on GitHub: https://github.com/0xspidey

@Engineer_Computer

🔖Who, What, Where, When, Wordlist

A detailed guide on how to create wordlists for different #cybersecurity tasks in 30 slides from twitter.com/TomNomNom.

📚PDF : https://tomnomnom.com/talks/wwwww.pdf

Do you want to create target specific wordlist for fuzzing backup files? you can use fback

#BugBounty #BugBountyTools
@Engineer_Computer

🔖Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focused on offensive and defensive security.

01. The Introduction to Axiom tool
02. Axiom Bug Bounty Tool Core Functionality
03. Managing AXIOM Instances
04. Creating Custom AXIOM Modules
05. Mass Hunting For Misconfigured S3 Buckets (AXIOM)
06. Mass Cross Site Scripting Hunting (AXIOM)
07. Mass Hunting for Leaked Sensitive Documents (AXIOM)
08. Hunting Blind XSS on the Large Scale Part1 — Practical Techniques
09. Hunting Blind XSS on the Large Scale Part2 — Practical Techniques
10. Top 5 Red Flags of Bug Bounty Programs

#bugbountytips #axiom #bugbounty
@Engineer_Computer

♦️ Collection of #UAC #Bypass Techniques Weaponized as BOFs

🌐 https://github.com/icyguider/UAC-BOF-Bonanza?tab=readme-ov-file

🔺 A single module which integrates all techniques has been provided to use the BOFs via the Havoc C2 Framework

🔱 https://github.com/HavocFramework/Havoc

@Engineer_Computer

With PPLDescribe, you can retrieve information about processes that are protected by PPL. The tool parses PS_PROTECTION, PS_PROTECTED_TYPE and PS_PROTECTED_SIGNER structures to retrieve the information
#Credential_access
https://github.com/MzHmO/PPLDescribe

@Engineer_Computer

Remote buffer overflow over wifi_stack in wpa_supplicant binary in android 11, platform:samsung a20e, stock options so like works out of the box
https://github.com/SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack-in-wpa_supplicant-binary-in-android-11-platform-samsung-a20e

@Engineer_Computer

Simulate the behavior of AV/EDR for malware development training.

https://github.com/Helixo32/CrimsonEDR/tree/main

@Engineer_Computer

Collection of #UAC #Bypass Techniques Weaponized as BOFs

https://github.com/icyguider/UAC-BOF-Bonanza

@Engineer_Computer

👁‍🗨 When the hacker gets hacked 👁‍🗨

🔺 https://aceresponder.com/blog/exploiting-empire-c2-framework

🚩 https://github.com/ACE-Responder/Empire-C2-RCE-PoC

@Engineer_Computer

⭕️ اطلاعایه فوری!

اگر مالباخته #کوروش_کمپانی هستید، شرکت جرج اینوست آمریکا برای جبران خسارت شما طرح حمایتی تهیه کرده لذا تنها طی یکماه هم جبران خسارت کنید هم سود کنید.

Https://jorjinvest.com

لطفا فقط مالباخته ها از این طرح استفاده کنند و دست به دست کنید برسه به دست مالباختگان واقعی.

🆔 @Webamoozir

microsoft February patch Tuesdays
This month we got patches for 80 vulnerabilities. Of these, 5 are critical, and 2 are being exploited according to Microsoft.


Internet Shortcut Files Security Feature Bypass Vulnerability (CVE-2024-21412)

Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2024-21351)

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21413)

https://isc.sans.edu/diary/rss/30646

@Engineer_Computer

خیلی عجیبه که یک هکر وسط عملیات تو شبکه مقصد از chatgpt سوال کنه چی کار کنم الان 🤔 ولی طبق گزارش هوش تهدید مایکروسافت کشورهای روسیه چین کره شمالی و ایران از LLM در عملیات‌های نفوذ خود استفاده می‌کنند
https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/

@Engineer_Computer