SIEM Training Sources/Videos
Little link collection:
— https://gist.github.com/isaqueprofeta/d14f394d8679fce0a11d7961d514fcdd
Little link collection:
— https://gist.github.com/isaqueprofeta/d14f394d8679fce0a11d7961d514fcdd
Gist
SIEM Training
SIEM Training. GitHub Gist: instantly share code, notes, and snippets.
Invictus-AWS
Is a python noscript that will help automatically enumerate and acquire relevant data from an AWS environment. The tool doesn't require any installation it can be run as a standalone noscript with minimal configuration required. The goal for Invictus-AWS is to allow incident responders or other security personnel to quickly get an insight into an AWS environment:
— https://github.com/invictus-ir/Invictus-AWS
Is a python noscript that will help automatically enumerate and acquire relevant data from an AWS environment. The tool doesn't require any installation it can be run as a standalone noscript with minimal configuration required. The goal for Invictus-AWS is to allow incident responders or other security personnel to quickly get an insight into an AWS environment:
— https://github.com/invictus-ir/Invictus-AWS
GitHub
GitHub - invictus-ir/Invictus-AWS: A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data…
A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of incident response. - GitHub - invictus-ir/Invictus-AWS: A t...
Diffrent Cloud Providers IPRanges Lists
List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft (Azure), Oracle (Cloud), DigitalOcean, GitHub, Facebook (Meta), Twitter and Linode with daily updates:
— https://github.com/lord-alfred/ipranges
List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft (Azure), Oracle (Cloud), DigitalOcean, GitHub, Facebook (Meta), Twitter and Linode with daily updates:
— https://github.com/lord-alfred/ipranges
GitHub
GitHub - lord-alfred/ipranges: 🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft,…
🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates. - lord...
/ After scanned every package on PyPi and found 57 live AWS keys
from organisations like:
- Amazon themselves
- Intel
- Stanford, Portland and Louisiana University
- The Australian Government
- ...
https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/
from organisations like:
- Amazon themselves
- Intel
- Stanford, Portland and Louisiana University
- The Australian Government
- ...
https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/
Setting up your bug bounty noscripts with Python and Bash — The subdomain monitoring bot
https://www.codelivly.com/setting-up-your-bug-bounty-noscripts-with-python-and-bash/
https://www.codelivly.com/setting-up-your-bug-bounty-noscripts-with-python-and-bash/
Codelivly
Setting up your bug bounty noscripts with Python and Bash — The subdomain monitoring bot - Codelivly
Bug bounty programs have become increasingly popular in recent years, with companies offering rewards to hackers and security researchers who can find vulnerabilities in their systems. While there are many tools available to help with bug hunting, writing…
Forwarded from Sys-Admin InfoSec
/ Can You Trust Your VSCode Extensions?
https://blog.aquasec.com/can-you-trust-your-vscode-extensions
https://blog.aquasec.com/can-you-trust-your-vscode-extensions
Aqua
Can You Trust Your VSCode Extensions?
Aqua Nautilus breaks down how VSCode extensions can easily be impersonated by attackers who hide malicious code through tactics like typosquatting
Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529)
— https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
— https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
Unit 42
Security Issue in JWT Secret Poisoning (Updated)
We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project.
Как выполнить единожды Linux logon скрипт
https://sys-adm.in/systadm/999-kak-vypolnit-edinozhdy-linux-logon-skript.html
https://sys-adm.in/systadm/999-kak-vypolnit-edinozhdy-linux-logon-skript.html
sys-adm.in
Как выполнить единожды Linux logon скрипт - Для сисадминов и не только
Sys-Adm.in - Сайт для сисадминов и не только. Здесь собраны различные материалы основанные на личной практике. Блог Евгения Гончарова.
Threema-PST22.pdf
413.9 KB
Three Lessons From Threema: Analysis of a Secure Messenger
On the Security Vulnerabilities of Text-to-SQL Models
attack with AI
https://arxiv.org/pdf/2211.15363.pdf
attack with AI
https://arxiv.org/pdf/2211.15363.pdf
1300+ domains are hosting a webpage that impersonates the official AnyDesk website (added to Open BLD)
— https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/
— https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/
lab.sys-adm.in
Sys-Admin Laboratory
Open Sys-Admin BLD DNS - Focus on information for free with adblocking and implicit cybersecurity threat prevention.
Bitdefender-PR-Whitepaper-EyeSpyVPN-creat625-en-EN.pdf
8.6 MB
EyeSpy - Spyware Delivered in VPN Installers
https://www.bitdefender.com/blog/labs/eyespy-iranian-spyware-delivered-in-vpn-installers/
https://www.bitdefender.com/blog/labs/eyespy-iranian-spyware-delivered-in-vpn-installers/
Detect-ad-ml-algorithm.pdf
398.8 KB
Detecting Adversarial Advertisements in the Wild
MSI's (in)Secure Boot
I decided to setup Secure Boot on my new desktop with a help of sbctl. Unfortunately I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not...
bypass seBoot on msi:
https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
I decided to setup Secure Boot on my new desktop with a help of sbctl. Unfortunately I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not...
bypass seBoot on msi:
https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
Abusing a GitHub Codespaces Feature For Malware Delivery
https://www.trendmicro.com/en_us/research/23/a/abusing-github-codespaces-for-malware-delivery.html
https://www.trendmicro.com/en_us/research/23/a/abusing-github-codespaces-for-malware-delivery.html
Trend Micro
Abusing a GitHub Codespaces Feature For Malware Delivery
Proof of Concept (POC): We investigate one of the GitHub Codespaces’ real-time code development and collaboration features that attackers can abuse for cloud-based trusted malware delivery. Once exploited, malicious actors can abuse legitimate GitHub accounts…
How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services
https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/
https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/
Orca Security
How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services
In this blog, we will describe how we found 4 different SSRF vulnerabilities and were able to take advantage of these flaws in some of the Azure Services.