Forwarded from Mikrotik Ninja
Наисвежайщий доклад от Павла Одинцова с прошедшего FOSDEM
DDoS attack detection with open source FastNetMon
https://www.youtube.com/watch?v=FUXkBA8Fw-c
#FastNetMon #DDoS
DDoS attack detection with open source FastNetMon
https://www.youtube.com/watch?v=FUXkBA8Fw-c
#FastNetMon #DDoS
YouTube
DDoS attack detection with open source FastNetMon Community FOSDEM 2023
In my presentation I'll provide complete overview of tool called FastNetMon Community. I'm original author of tool and current project leader.
It has focus on DDoS detection for Telco / ISPs networks and works with majority of well known telemetry protocols…
It has focus on DDoS detection for Telco / ISPs networks and works with majority of well known telemetry protocols…
#redteam #T1110
https://github.com/knavesec/CredMaster
Launch a password spray / brute force attach via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays.https://github.com/knavesec/CredMaster
GitHub
GitHub - knavesec/CredMaster: Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses…
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling - knavesec/CredMaster
#redteam #OSEP #evasion
📖 Сертификация OSEP, и с чем ее едят
https://habr.com/ru/company/angarasecurity/blog/580078/
📖 Сертификация OSEP, и с чем ее едят
https://habr.com/ru/company/angarasecurity/blog/580078/
Хабр
Сертификация OSEP, и с чем ее едят
Привет, Хабр! Относительно недавно (в масштабах вечности) я сдал экзамен Offensive Security Experienced Penetration Tester в рамках курса PEN-300 от Offensive Security. В этой публикации я постараюсь...
🫡1
Forwarded from PT SWARM
PortSwigger's Top 10 web hacking techniques of 2022
Welcome to the Top 10 Web Hacking Techniques of 2022, community-powered effort to identify the most important and innovative web security research published in the last year.
🥇 Account hijacking using dirty dancing in sign-in OAuth-flows
🥈 Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
🥉 Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
4️⃣ Hacking the Cloud with SAML
5️⃣ Bypassing .NET Serialization Binders
6️⃣ Making HTTP header injection critical via response queue poisoning
7️⃣ Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes
8️⃣ Psychic Signatures in Java
9️⃣ Practical client-side path-traversal attacks
🔟 Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library
The entire nomination list you can find here: https://portswigger.net/research/top-10-web-hacking-techniques-of-2022-nominations-open
Welcome to the Top 10 Web Hacking Techniques of 2022, community-powered effort to identify the most important and innovative web security research published in the last year.
🥇 Account hijacking using dirty dancing in sign-in OAuth-flows
🥈 Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
🥉 Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
4️⃣ Hacking the Cloud with SAML
5️⃣ Bypassing .NET Serialization Binders
6️⃣ Making HTTP header injection critical via response queue poisoning
7️⃣ Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes
8️⃣ Psychic Signatures in Java
9️⃣ Practical client-side path-traversal attacks
🔟 Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library
The entire nomination list you can find here: https://portswigger.net/research/top-10-web-hacking-techniques-of-2022-nominations-open
#redteam #MITRE #userexecution #T1204
✍️ Redteam with OneNote
https://blog.sevagas.com/IMG/pdf/redteam_with_onenote.pdf
In a nutshell, OneNote:
Is not affected by Protected View/ MOTW
Allows embedding Malicious Excel/Word/PPT files that will be played without protected view
Allows embedding HTA, LNK, EXE files and spoof extensions
Allows formatting document in a way user are tricked into opening a malicious file or a link
Can be automated using OneNote.Application and XML
Is supported by BallisKit MacroPack Pro toolhttps://blog.sevagas.com/IMG/pdf/redteam_with_onenote.pdf
Please open Telegram to view this post
VIEW IN TELEGRAM
#cryptography #ippsec
🔑 Deep Dive into Parsing SSH Keys To Exploit Improperly Sanitized Screenshots
https://youtu.be/4F1XGsvB2iA
🔑 Deep Dive into Parsing SSH Keys To Exploit Improperly Sanitized Screenshots
https://youtu.be/4F1XGsvB2iA
YouTube
Deep Dive into Parsing SSH Keys To Exploit Improperly Sanitized Screenshots
00:00 - Intro
00:55- Generating our SSH Key and Base64 Decoding it
02:15 - Opening the SSH Key in Bless
03:45 - Showing information from the SSH RFC which will tell us what we are parsing
04:25 - Start of parsing the SSH Key
07:00 - Opening an Encrypted Key…
00:55- Generating our SSH Key and Base64 Decoding it
02:15 - Opening the SSH Key in Bless
03:45 - Showing information from the SSH RFC which will tell us what we are parsing
04:25 - Start of parsing the SSH Key
07:00 - Opening an Encrypted Key…
#itsecurity #certifications
Choose your destiny!
https://pauljerimy.com/security-certification-roadmap/
Choose your destiny!
https://pauljerimy.com/security-certification-roadmap/
Paul Jerimy Media
Security Certification Roadmap - Paul Jerimy Media
IT Security Certification Roadmap charting security implementation, architecture, management, analysis, offensive, and defensive operation certifications.
Я думаю все как и я с интересом наблюдали как open source проекты от ProjectDiscovery наступали на пятки коммерческим продуктам таким как Nessus.
Ребята переходят на новый уровень и сделали анонс Nuclei cloud beta, а сегодня вышло официальное видео Introduction to Nuclei.
https://youtu.be/b5qMyQvL1ZA
Ребята переходят на новый уровень и сделали анонс Nuclei cloud beta, а сегодня вышло официальное видео Introduction to Nuclei.
https://youtu.be/b5qMyQvL1ZA
YouTube
Introduction to Nuclei
This is the first video in the Nuclei Foundation Series, a series dedicated to the community powered vulnerability scanner, Nuclei.
🔗 Links
Nuclei GitHub: https://nux.gg/nuclei
Nuclei Templates GitHub: https://nux.gg/templates
Docs: https://nux.gg/nuclei…
🔗 Links
Nuclei GitHub: https://nux.gg/nuclei
Nuclei Templates GitHub: https://nux.gg/templates
Docs: https://nux.gg/nuclei…
🔥1
Очередной ахтунг случился у Fortinet. Всем сетевым админам с торчащей наружу веб мордой Fortigate салам!👋
Forwarded from APT
💥 Fortinet FortiNAC Unauthenticated RCE
On Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.
PoC:
https://github.com/horizon3ai/CVE-2022-39952
Research:
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
#fortinet #fortinac #rce #cve
On Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.
PoC:
https://github.com/horizon3ai/CVE-2022-39952
Research:
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
#fortinet #fortinac #rce #cve
Password cracking 101+1 course (Free)
#redteam #pentest #cracking
https://in.security/technical-training/password-cracking/
#redteam #pentest #cracking
https://in.security/technical-training/password-cracking/
In.security
Password Cracking 101+1 | Password Hacking Course - In.security
Learn password cracking techniques, how to tailor these to the hashes you have, and more during this free intensive 4-hour training course.
🔥1
🕷 Writing Malware With ChatGPT
#AIOPS #DarkGPT
https://moohax.substack.com/p/writing-malware-with-chatgpt
#AIOPS #DarkGPT
https://moohax.substack.com/p/writing-malware-with-chatgpt
moohax blog
Writing Malware With ChatGPT
There are a lot of articles floating around about how ChatGPT can or can't write malware, and I tend to avoid them. But having been in this blended ML Security space for a while now, I thought I might have something useful to share. In this post I'll write…
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from artmine
Саундтрек последних 370 дней, каждое слово. Одну часть чувствую, вторую заставляю себя не забывать.
Всегда нуждою других себя занимая
Всегда что-то красивое творя
Мы движемся в сторону рая
Через ненависти моря
https://www.youtube.com/watch?v=W7li-_sDQKg
Всегда нуждою других себя занимая
Всегда что-то красивое творя
Мы движемся в сторону рая
Через ненависти моря
https://www.youtube.com/watch?v=W7li-_sDQKg
YouTube
Дельфин - 520
Альбом «442»
Слушать в AppleMusic: http://goo.gl/caeFh2
Режиссёр: Валентин Блох
Музыка: Дельфин
Оператор: Олег Шел
Механик камеры и фокуспуллер: Павел Смоляков
Гафер: Игорь Винокуров
Постпродакшн: студия "НОС"
Монтаж: Владислав Гаитов
Ассистент монтажа:…
Слушать в AppleMusic: http://goo.gl/caeFh2
Режиссёр: Валентин Блох
Музыка: Дельфин
Оператор: Олег Шел
Механик камеры и фокуспуллер: Павел Смоляков
Гафер: Игорь Винокуров
Постпродакшн: студия "НОС"
Монтаж: Владислав Гаитов
Ассистент монтажа:…