Открытый курс по этичному хакингу. Формат: 10% теория / 90% практика.

Это то, что доктор прописал, курс от практикующего Этичного Хакера, Master of Computer Science, OSCP, eWPTXv2, eCPTXv2

Исследователь множественных CVE, автор блога: murat.one, канала: @onebrick, хорошего человека и моего друга, по окончанию курса слушатели будут на уровне junior penetration tester, в общем 10 недель:

• Неделя 1. Введение в коммерческий пентест. Создание рабочей среды
• Неделя 2. Сбор информации. OSINT
• Неделя 3. Техники социальной инженерии
• Неделя 4. Безопасность web-приложений
• Неделя 5. Атака на web-приложения. Автоматические инструменты
• Неделя 6. Безопасность инфраструктуры. Разведка
• Неделя 7. Атаки на инфраструктуру. Metasploit Framework
• Неделя 8. Основы Android приложений и атаки на WiFi
• Неделя 9. Платформы для обучения кибербезопасности
• Неделя 10. Написание коммерческого отчета

Со слов автора - не диктор и возможно придется поставить скорость на 1.5, но лично мне все в самый раз:

• https://youtu.be/oRflkcjm08U

Спасибо @manfromkz за проделанный труд и за открытый awareness паблику 🤝
 

[ru] Мои "Flex" факторы работы с инфраструктурой, про 12 факторов Heroku и не только

В Августе 2021 года, когда я запускал OPEN BLD DNS и по сегодняшний день - слыхом не слыхивал про методологию THE TWELVE-FACTOR APP, но когда прочитал, понял - у меня все так и было +- на интуитивном уровне, сегодня хочу рассказать свою версию факторов подхода к разработке, деплою, использованию и отслеживанию работоспособности проектов.

Далее о 12 факторах, моей "Flex" методологии и о том, как это все можно применять на практике:

* Статья о 12 факторах Heroku и моего “Flex” взгляда

~~~

[en] My "Flex" factors working with infrastructure and about of 12-factors app from Heroku

Try to use Google Translator, but I created repo and site for my “Flex” concept:

* Repo: https://github.com/m0zgen/flex-doc
* Site: https://flex-doc.pages.dev

CyrilEx Regex Tester

One of the best regex tester:
* https://extendsclass.com/regex-tester.html

#regex #test

macOS Security and Privacy Guide

highly hardenning configarions and examples:
* https://github.com/drduh/macOS-Security-and-Privacy-Guide

Simple Knot Resolver installation and configuration example article (ru)

* Install
* Logging
* DNS, DoT, DoH example config
* DNS Forwarding
* RPZ example section
* DNS Application Firewall
* Caching

- https://sys-adm.in/systadm/986-prostoj-primer-ustanovki-i-nastrojki-knot-resolver.html

IP Reflector - simple Open IP API gateway

Many IP detection service, such as detection: County, ISP, Lat/Lon and etc has limited access.

This services has some limitations, like as requests limitations and HTTP mode only, this limitation may be cause some problems, as example:
- you have service which works on HTTPS, some security limitations will prohibit create requests from HTTPS to HTTP...

IP Reflector it is a simple Open IP API gateway for http://ip-api.com, after run reflector locally / remote, you can use this more or less like this:

curl http://127.0.0.1:8000/\?ip=1.1.1.1

You will recieve JSON response:

{"status":"success","country":"Australia","countryCode":"AU","region":"QLD","regionName":"Queensland","city":"South Brisbane","zip":"4101","lat":-27.4766,"lon":153.0166,"timezone":"Australia/Brisbane","isp":"Cloudflare, Inc","org":"APNIC and Cloudflare DNS Resolver project","as":"AS13335 Cloudflare, Inc.","query":"1.1.1.1"}

Link to repo:
* https://github.com/m0zgen/ip-reflector

Open BLD DNS Updating News: New BLD release, New tools and more
 
I'm happy to present new Open BLD release which is already in production 🎉

🌴 Stabilities and Updates:
• Atomizing/Micro-servicing: Different server BLD infrastructure roles
• Alerting coverage: Local and remote BLD services
• Caching: Redis to KeyDB partially changes/migrations
• Caching: Sync caching between different BLD role servers
• Configurable: Minimum TLS version can be setup through config file
• Configurable: Multiple configations supporting
• Configurable: Custom HTTP User Agent for DoH upstreams
• Configurable: Updated conditional Bootstrap and Upstream functionality
• Stability: Auto-recovering and Self-checking mechanisms

🧩 Tools:
• IP Reflector. IP Reflection API Service.
• Monitor.sh. Script for checking systemd unit status
• Self-cert-gen. Simple self signed certificate generator
• monit2telegram. A simple noscript to send Monit alerts using Telegram bot.
• Flex App Additions Methodology. Flow for Engineers, this methodology can be used as additional helper for 12-Factor app or can be used separetely, as standalone practice.

🦚 Agentless BLD:
BLD works without agents or any additional tools and allow to use secure and clean Internet:
• In: Browsers (Chrome, Brave, Firefox, Edge and etc)
• On: Mobile devices (Android, iOS)
• In/On: Computers or networks (Primaty/Secondary DNS)

📟 More details on official BLD site:
• https://lab.sys-adm.in

#free #bld #dns

Mozilla HTTP Observatory

The Mozilla HTTP Observatory is a set of tools to analyze your website and inform you if you are utilizing the many available methods to secure it.

https://github.com/mozilla/http-observatory

#tool

How to reset Linux user password with Ansible
* [en] - Read

Как сменить пароль Linux пользователя при помощи Ansible
* [ru] - Читать

Let’s rock! :D

GitHub Copilot

GitHub Copilot uses the OpenAI Codex to suggest code and entire functions in real-time, right from your editor..

https://github.com/features/copilot

Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses

https://github.com/leakuidatorplusteam/artifacts

Viddy - Modern watch command.

https://github.com/sachaos/viddy

AppFlowy.IO - The Open Source Alternative To Notion

You are in charge of your data and customizations.

Documentation:
* https://appflowy.gitbook.io/docs/essential-documentation/contribute-to-appflowy

Official site:
* https://www.appflowy.io

GitHub:
* https://github.com/AppFlowy-IO/appflowy

#need_ro_research

Open BLD DNS: Our supporter is UptimeRobot
 
Hey, UptimeRobot it is a very good solution for on-line monitoring tasks. I'm using UptimeRobot over than 10 years for monitoring tasks by:
- Ping availability my Blog and Forum
- HTTP(S) availability and SSL expiry reminders
- Port(s) availability for Open BLD services
- Keyword checking on web-pages

Free plan allow using UptimeRobot with 5 min. interval with notifications to email.

Now, UptimeRobot helps to Open BLD Project to reduce checking intervals to 1 min and now you can checking Open BLD status on:
• https://bld-status.sys-adm.in page.

On my own behalf, I express my deep gratitude to the UptimeRobot service, now the availability and stability of the Open BLD service has more monitoring than it was.
 

What is CoreDNS?

Short concept presentation from CNCF:

https://www.cncf.io/wp-content/uploads/2020/08/Introduction-to-CoreDNS-1.pdf

𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗔𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲 Learn Map

Using Hermes’s Quicksort to run Doom: A tale of JavaScript exploitation

https://engineering.fb.com/2022/07/20/security/hermes-quicksort-to-run-doom/