Forwarded from Sys-Admin InfoSec
/ Windows RDP Event IDs Cheatsheet
It is becoming more and more common for bad actors to manipulate or clear the security event logs on compromised machines, and sometimes RDP sessions don’t even register as just a type 10 logon, depending on the circumstance. RDP activities will leave events in several different logs as action is taken and various processes are involved.
https://www.socinvestigation.com/windows-rdp-event-ids-cheatsheet/
It is becoming more and more common for bad actors to manipulate or clear the security event logs on compromised machines, and sometimes RDP sessions don’t even register as just a type 10 logon, depending on the circumstance. RDP activities will leave events in several different logs as action is taken and various processes are involved.
https://www.socinvestigation.com/windows-rdp-event-ids-cheatsheet/
Security Investigation - Be the first to investigate
Windows RDP Event IDs Cheatsheet - Security Investigation
It is becoming more and more common for bad actors to manipulate or clear the security event logs on compromised machines, and sometimes RDP sessions don’t even register as just a type 10 logon, depending on the circumstance. RDP activities will leave events…
A technique to semi-automatically discover new vulnerabilities in WordPress plugins
https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html
https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html
kazet.cc
A technique to semi-automatically discover new vulnerabilities in WordPress plugins
How to semi-automatically find vulnerabilities in WordPress plugins installed on about 15 million websites.
Stealing and faking Azure AD device identities
How to steal identities of existing Azure AD joined devices, and how to fake identies of non-AAD joined Windows devices with AADInternals v0.6.6:
https://o365blog.com/post/deviceidentity/?s=09
How to steal identities of existing Azure AD joined devices, and how to fake identies of non-AAD joined Windows devices with AADInternals v0.6.6:
https://o365blog.com/post/deviceidentity/?s=09
O365Blog
Stealing and faking Azure AD device identities
In my previous blog posts I’ve covered details on PRTs, BPRTs, device compliance, and Azure AD device join.
In this blog, I’ll show how to steal identities of existing Azure AD joined devices, and how to fake identies of non-AAD joined Windows devices with…
In this blog, I’ll show how to steal identities of existing Azure AD joined devices, and how to fake identies of non-AAD joined Windows devices with…
The Ultimate Hacker's Roadmap 2022
https://github.com/0xTRAW/Cybersecurity-Roadmap
and from the same category - The Ultimate Hacker Roadmap
https://github.com/Kennyslaboratory/Ultimate-Hacker-Roadmap
https://github.com/0xTRAW/Cybersecurity-Roadmap
and from the same category - The Ultimate Hacker Roadmap
https://github.com/Kennyslaboratory/Ultimate-Hacker-Roadmap
GitHub
GitHub - thatstraw/Cybersecurity-Roadmap
Contribute to thatstraw/Cybersecurity-Roadmap development by creating an account on GitHub.
Попалось тут - гейм на разных языках, программируешь героя он ходит, собирает кристаллы, разные языки (pyhon, javanoscript, lua) https://codecombat.com/play
CodeCombat
CodeCombat: Learn to Code by Playing a Game
Learn programming with a multiplayer live coding strategy game for beginners. Learn Python or JavaScript as you defeat ogres, solve mazes, and level up. Open source HTML5 game!
Escaping VMware’s NSX Edge OS Jailed Shell
In this blog post we provide details about a CLI injection vulnerability that we discovered during a penetration testing engagement against VMware Cloud Director. The vulnerability was identified on NSX Edge OS version < 6.4.13:
https://www.secforce.com/blog/escaping-vmwares-nsx-edge-os-jailed-shell/
In this blog post we provide details about a CLI injection vulnerability that we discovered during a penetration testing engagement against VMware Cloud Director. The vulnerability was identified on NSX Edge OS version < 6.4.13:
https://www.secforce.com/blog/escaping-vmwares-nsx-edge-os-jailed-shell/
www.secforce.com
SECFORCE - Security without compromise
Cybersecurity consultancy specialized in offensive security helping top-tier organisations all over the world.
Tutorial: Kubernetes Vulnerability Scanning & Testing With Open Source
https://www.conjur.org/blog/tutorial-kubernetes-vulnerability-scanning-testing-with-open-source/
https://www.conjur.org/blog/tutorial-kubernetes-vulnerability-scanning-testing-with-open-source/
CyberArk Developer
Tutorial: Kubernetes Vulnerability Scanning & Testing With Open Source
Explore our CyberArk open-source tools, Kubesploit and KubiScan, that will help Kubernetes users maximize their security.
FREE CYBERSECURITY SERVICES AND TOOLS from CISA
https://www.cisa.gov/free-cybersecurity-services-and-tools
https://www.cisa.gov/free-cybersecurity-services-and-tools
Cybersecurity and Infrastructure Security Agency CISA
No Cost Cybersecurity Services & Tools | CISA
MicrosoftSecurity_Best_Practices.pdf
9.6 MB
MicrosoftSecurity Best Practices
Known as the AzureSecurity Compass or MicrosoftSecurity
Compass) is a collection of best practices that provideclear actionable guidancefor security related decisions.
This is designed to help you increaseyour security postureand reducerisk whether your environment is cloud-
only, or a hybrid enterprisespanning cloud(s) and on-premises data centers.This guidance was formerly
referred to as AzureSecurity Compass and is now increasing in scopeto encompass all Microsoft security
guidanceand capabilities, including Microsoft 365
Known as the AzureSecurity Compass or MicrosoftSecurity
Compass) is a collection of best practices that provideclear actionable guidancefor security related decisions.
This is designed to help you increaseyour security postureand reducerisk whether your environment is cloud-
only, or a hybrid enterprisespanning cloud(s) and on-premises data centers.This guidance was formerly
referred to as AzureSecurity Compass and is now increasing in scopeto encompass all Microsoft security
guidanceand capabilities, including Microsoft 365
Node.js Tutorial for Beginners: Learn Step by Step in 3 Days
https://www.guru99.com/node-js-tutorial.html
https://www.guru99.com/node-js-tutorial.html
Guru99
Node.js Tutorial for Beginners: Learn Step by Step in 3 Days
Learn Node js Tutorial for Beginners: This course cover various aspect of node.js like modules, express, promises, generators, MongoDB, etc.
Docker optimization guide: the 12 best tips to optimize Docker image security
https://www.augmentedmind.de/2022/02/20/optimize-docker-image-security/
https://www.augmentedmind.de/2022/02/20/optimize-docker-image-security/
AugmentedMind.de
Docker optimization guide: the 12 best tips to optimize Docker image security
Learn how to optimize your Docker image security with 12 useful tips. Understand the underlying attack vector, and the mitigation approaches.
OwnCloud with Raspberry PI: self host your private cloud
https://peppe8o.com/owncloud-with-raspberry-pi-self-host-your-private-cloud/amp/
https://peppe8o.com/owncloud-with-raspberry-pi-self-host-your-private-cloud/amp/
Peppe8O
OwnCloud with Raspberry PI: self host your private cloud
Install and setup OwnCloud on Raspberry PI by using docker to get a private cloud to share files and collaborate by keeping all files yours
A Method for Decrypting Data Infected with Hive Ransomware.pdf
3.6 MB
A Method for Decrypting Data Infected with Hive Ransomware
Bash Functions in Linux
When writing complex logic in Bash noscripts, it makes sense to group it in reusable functions.
In this quick tutorial, we’re going to take a look at how to define and use Bash functions:
https://www.baeldung.com/linux/bash-functions
When writing complex logic in Bash noscripts, it makes sense to group it in reusable functions.
In this quick tutorial, we’re going to take a look at how to define and use Bash functions:
https://www.baeldung.com/linux/bash-functions
Baeldung on Linux
Bash Functions in Linux | Baeldung on Linux
Learn how to define and use Bash functions
Казалось бы - типичная ситуация: средиректить NGINX HTTP/HTTPS WWW домен на этот же домен или другой без WWW
Действительно, все просто, но есть нюанс - для корректного HTTPS WWW домена надо подложить небольшой конфиг, редиректящий на нужный таргет.
В общем родился такой вот пост, на заметочку - Лаконичный конфиг NGINX для редиректа с WWW и без
https://sys-adm.in/systadm/971-lakonichnyj-konfig-nginx-dlya-redirekta-s-www-i-bez.html
Действительно, все просто, но есть нюанс - для корректного HTTPS WWW домена надо подложить небольшой конфиг, редиректящий на нужный таргет.
В общем родился такой вот пост, на заметочку - Лаконичный конфиг NGINX для редиректа с WWW и без
https://sys-adm.in/systadm/971-lakonichnyj-konfig-nginx-dlya-redirekta-s-www-i-bez.html
sys-adm.in
Лаконичный конфиг NGINX для редиректа с WWW и без - Для сисадминов и не только
Sys-Adm.in - Сайт для сисадминов и не только. Здесь собраны различные материалы основанные на личной практике. Блог Евгения Гончарова.
Скрипты для диагностики DNS появившиеся в рамках BLD DNS проекта
На сегодня их 5:
- DNS-TESTER
- BENCH-DNS
- CHECK-DNS-SERVERS
- MAC-DNS
- BLD-LOOKUP
О каждом из них, с примером результата работы скриптов, рассказал у себя в Sys-Adm.in блоге
На сегодня их 5:
- DNS-TESTER
- BENCH-DNS
- CHECK-DNS-SERVERS
- MAC-DNS
- BLD-LOOKUP
О каждом из них, с примером результата работы скриптов, рассказал у себя в Sys-Adm.in блоге
sys-adm.in
Скрипты для диагностики DNS появившиеся в рамках BLD DNS проекта - Для сисадминов и не только
Sys-Adm.in - Сайт для сисадминов и не только. Здесь собраны различные материалы основанные на личной практике. Блог Евгения Гончарова.
15 Best Cloud Security Certifications In 2022
https://worldscholarshipforum.com/best-cloud-security-certifications/
https://worldscholarshipforum.com/best-cloud-security-certifications/
World Scholarship Forum
15 Best Cloud Security Certifications In 2022
Find AWS Certified Security and Certified Encryption Specialist (ECES) and other Best Cloud Security Certifications to advance your career.
Comparing Node JavaScript to JavaScript in the Browser
https://css-tricks.com/node-javanoscript-compared-to-javanoscript/
https://css-tricks.com/node-javanoscript-compared-to-javanoscript/
CSS-Tricks
Comparing Node JavaScript to JavaScript in the Browser | CSS-Tricks
Node JavaScript is a great way to write server-side code. This article shows how to write your own APIs and tools using Node.