В инфраструктуре государственных организаций выявлены иностранные кибершпионы
ГТС КЗ:
— https://sts.kz/2023/03/07/v-infrastrukture-gosudarstvennyh-organizacij-vyyavleny-inostrannye-kibershpiony/
ГТС КЗ:
— https://sts.kz/2023/03/07/v-infrastrukture-gosudarstvennyh-organizacij-vyyavleny-inostrannye-kibershpiony/
Rust for n00bs. Free price.
This course provides an overview of the Rust syntax and teaches the basics of reading and writing Rust code. It assumes no prior knowledge of Rust and covers everything you need to get started with your learning journey:
— https://training.zeropointsecurity.co.uk/courses/rust-for-n00bs
This course provides an overview of the Rust syntax and teaches the basics of reading and writing Rust code. It assumes no prior knowledge of Rust and covers everything you need to get started with your learning journey:
— https://training.zeropointsecurity.co.uk/courses/rust-for-n00bs
Zero-Point Security
Rust for n00bs
An introduction to Rust fundamentals.
Установка Rust в macOS + Fish Shell
— https://sys-adm.in/systadm/1001-ustanovka-rust-v-macos-fish-shell.html
— https://sys-adm.in/systadm/1001-ustanovka-rust-v-macos-fish-shell.html
sys-adm.in
Установка Rust в macOS + Fish Shell - Для сисадминов и не только
Sys-Adm.in - Сайт для сисадминов и не только. Здесь собраны различные материалы основанные на личной практике. Блог Евгения Гончарова.
CVE-2023-21768 Local Privilege Escalation POC
For demonstration purposes only. Complete exploit works on vulnerable Windows 11 22H2 systems. Write primitive works on all vulnerable systems:
https://github.com/chompie1337/Windows_LPE_AFD_CVE-2023-21768
For demonstration purposes only. Complete exploit works on vulnerable Windows 11 22H2 systems. Write primitive works on all vulnerable systems:
https://github.com/chompie1337/Windows_LPE_AFD_CVE-2023-21768
GitHub
GitHub - chompie1337/Windows_LPE_AFD_CVE-2023-21768: LPE exploit for CVE-2023-21768
LPE exploit for CVE-2023-21768. Contribute to chompie1337/Windows_LPE_AFD_CVE-2023-21768 development by creating an account on GitHub.
BlueHat 2023 security conference video
from Microsoft Security Response Center (MSRC)
— https://www.youtube.com/playlist?list=PLXkmvDo4MfusWp9f7IHT9xAPCkN2ZSm2L
from Microsoft Security Response Center (MSRC)
— https://www.youtube.com/playlist?list=PLXkmvDo4MfusWp9f7IHT9xAPCkN2ZSm2L
GOAD (Game Of Active Directory) - version 2
GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques:
-- https://github.com/Orange-Cyberdefense/GOAD
GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques:
-- https://github.com/Orange-Cyberdefense/GOAD
Mini Robot Enters Blood Vessels
Researchers demonstrate proof of concept in a pig’s artery:
— https://spectrum.ieee.org/mini-robot-surgeon
Researchers demonstrate proof of concept in a pig’s artery:
— https://spectrum.ieee.org/mini-robot-surgeon
Active Directory Cheatsheet with code examples
- internal audit
- port forwarding
- bypass EP
- enumeration
- and etc…
— https://hideandsec.sh/books/cheatsheets-82c/page/active-directory
- internal audit
- port forwarding
- bypass EP
- enumeration
- and etc…
— https://hideandsec.sh/books/cheatsheets-82c/page/active-directory
hideandsec.sh
Active Directory | HideAndSec
This cheatsheet is built from numerous papers, GitHub repos and GitBook, blogs, HTB boxes and labs,...
Debugging D-Link: Emulating firmware and hacking hardware
— https://www.greynoise.io/blog/debugging-d-link-emulating-firmware-and-hacking-hardware
— https://www.greynoise.io/blog/debugging-d-link-emulating-firmware-and-hacking-hardware
www.greynoise.io
Debugging D-Link: Emulating firmware and hacking hardware
GreyNoise researchers explain the process of how attackers gain footholds in organizations via exploiting weaknesses in device firmware, with a practical, working example of exploiting several vulnerabilities in D-Link routers.
Shells In Plain Sight – Storing Payloads In The Cloud
inside in a image…
— https://www.trustedsec.com/blog/shells-in-plain-sight-storing-payloads-in-the-cloud/
inside in a image…
— https://www.trustedsec.com/blog/shells-in-plain-sight-storing-payloads-in-the-cloud/
TrustedSec
Shells in Plain Sight - Storing Payloads in the Cloud
TL;DR: Encode payload in image file, host it publicly, and nobody's the wiser. Each pixel's data is encoded as RGB (Red, Green, and Blue). Figure 2 - RGB…
Abusing Microsoft Outlook 365 to Capture NTLM
— https://www.hackingarticles.in/abusing-microsoft-outlook-365-to-capture-ntlm/
— https://www.hackingarticles.in/abusing-microsoft-outlook-365-to-capture-ntlm/
Hacking Articles
Abusing Microsoft Outlook 365 to Capture NTLM
Learn how attackers exploit Microsoft Outlook to capture NTLM hashes, with detection and mitigation techniques for security teams.
Local privilege escalation via PetitPotam (perfectly on Windows 21H2 10.0.20348.1547)
https://github.com/wh0amitz/PetitPotato
https://github.com/wh0amitz/PetitPotato
GitHub
GitHub - wh0amitz/PetitPotato: Local privilege escalation via PetitPotam (Abusing impersonate privileges).
Local privilege escalation via PetitPotam (Abusing impersonate privileges). - wh0amitz/PetitPotato
Cross-site noscripting (XSS) cheat sheet
-- https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet#assignable-protocol-with-location
-- https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet#assignable-protocol-with-location
portswigger.net
Cross-Site Scripting (XSS) Cheat Sheet - 2025 Edition | Web Security Academy
Interactive cross-site noscripting (XSS) cheat sheet for 2025, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.
CVE-2023-23397_EXPLOIT_0DAY
Exploit for the CVE-2023-23397 Credit to domchell
— https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY
Exploit for the CVE-2023-23397 Credit to domchell
— https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY
GitHub
GitHub - sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY: Exploit for the CVE-2023-23397
Exploit for the CVE-2023-23397. Contribute to sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY development by creating an account on GitHub.
Forwarded from Sys-Admin InfoSec
Good News and New Changes in Sys-Admin Open BLD ecosystem
lab.sys-adm.in - it's AD/Malicious-free Open BLD DNS secure service, today I happy present for you/us few good news:
New security concepts
🐕 Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructure has centralized automated hacking IP mitigation system
☀️ Updates - With open Sys-Admin activities now we are have two new instruments which can change security protection prism which based on open source tools/instruments…
🐌 Speed - Extremely improved speed for collecting/merging/compressing and deploying block/allow lists from Internet
Results
🌵 Cactusd Server, which writen from scratch on GoLang - fully replace BLD-Server update service
🧘 ip2drop replaced fail2ban in Open BLD ecosystem
🥋 All servers has new firewall settings and improvements
Deprecations
♻️ BLD-Server will deprecated and excluded from Sys-Admin activities/supporting in future (thanks nodejs which was foundament for this service)
Welcome
👋 I'm looking for talent, experts, programmers and just good and positive people for code-review, feedback, suggestions and etc - Welcome 🤜🤛
lab.sys-adm.in - it's AD/Malicious-free Open BLD DNS secure service, today I happy present for you/us few good news:
New security concepts
🐕 Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructure has centralized automated hacking IP mitigation system
☀️ Updates - With open Sys-Admin activities now we are have two new instruments which can change security protection prism which based on open source tools/instruments…
🐌 Speed - Extremely improved speed for collecting/merging/compressing and deploying block/allow lists from Internet
Results
🌵 Cactusd Server, which writen from scratch on GoLang - fully replace BLD-Server update service
🧘 ip2drop replaced fail2ban in Open BLD ecosystem
🥋 All servers has new firewall settings and improvements
Deprecations
♻️ BLD-Server will deprecated and excluded from Sys-Admin activities/supporting in future (thanks nodejs which was foundament for this service)
⚰Welcome
👋 I'm looking for talent, experts, programmers and just good and positive people for code-review, feedback, suggestions and etc - Welcome 🤜🤛