Microsoft Azure AD Assessment
PoweShell module noscript:
— https://github.com/AzureAD/AzureADAssessment
PoweShell module noscript:
— https://github.com/AzureAD/AzureADAssessment
GitHub
GitHub - AzureAD/AzureADAssessment: Tooling for assessing an Azure AD tenant state and configuration
Tooling for assessing an Azure AD tenant state and configuration - AzureAD/AzureADAssessment
PoC CVE-2023-27532 (Veeam Backup & Replication)
Proof of Concept code to exploit CVE-2023-27532 and either leak plaintext credentials or perform remote command execution:
— https://github.com/sfewer-r7/CVE-2023-27532
Proof of Concept code to exploit CVE-2023-27532 and either leak plaintext credentials or perform remote command execution:
— https://github.com/sfewer-r7/CVE-2023-27532
I built a Zero Day with undetectable exfiltration using only ChatGPT prompts
https://www.forcepoint.com/blog/x-labs/zero-day-exfiltration-using-chatgpt-prompts
https://www.forcepoint.com/blog/x-labs/zero-day-exfiltration-using-chatgpt-prompts
Forcepoint
Forcepoint Security Insights
writing-an-INTERPRETER-in-go.pdf
913.8 KB
Writing an Interpreter in Go
BurpGPT
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type:
— https://github.com/aress31/burpgpt
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type:
— https://github.com/aress31/burpgpt
GitHub
GitHub - aress31/burpgpt: A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering…
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any ty...
50 Methods For Lsass Dump(RTC0002)
https://redteamrecipe.com/50-Methods-For-Dump-LSASS/
Img raw:
https://raw.githubusercontent.com/elementalsouls/DumpLSASS/main/50_Methods%20for%20LSASS%20Dump.png
https://redteamrecipe.com/50-Methods-For-Dump-LSASS/
Img raw:
https://raw.githubusercontent.com/elementalsouls/DumpLSASS/main/50_Methods%20for%20LSASS%20Dump.png
Почему сегодня я не сертифицируюсь (почти)
Через 10-20 лет ИИ выпилит штатных и нештатных специалистов из свои насиженных мест. Многие потеряют работу и у дел останется только тот, кто сможет предложить нечто лучшее или иное, чем сможет предложить ИИ.
Сегодня многие изучая различные технологии - тратят свое жизненное время и деньги на изучение того, что будет неактуально через пару лет.
Здесь есть повод задуматься над тем, на что конкретно ты, конкретно здесь и сейчас тратишь свою жизнь.
Прежде чем тратить время, к примеру, на изучение методологий поиска уязвимостей в коде, задумайся, уже сегодня это делает ИИ, за 10 долларов в месяц.
Не трать время впустую.
#note #create_own_technologies
Через 10-20 лет ИИ выпилит штатных и нештатных специалистов из свои насиженных мест. Многие потеряют работу и у дел останется только тот, кто сможет предложить нечто лучшее или иное, чем сможет предложить ИИ.
Сегодня многие изучая различные технологии - тратят свое жизненное время и деньги на изучение того, что будет неактуально через пару лет.
Здесь есть повод задуматься над тем, на что конкретно ты, конкретно здесь и сейчас тратишь свою жизнь.
Прежде чем тратить время, к примеру, на изучение методологий поиска уязвимостей в коде, задумайся, уже сегодня это делает ИИ, за 10 долларов в месяц.
Не трать время впустую.
#note #create_own_technologies
Malicious Microsoft Teams Invite: NTLM Relay and Drive By Download Attack
— https://medium.com/@bobbyrsec/malicious-microsoft-teams-invite-ntlm-relay-and-drive-by-download-attack-265821e3da9e
— https://medium.com/@bobbyrsec/malicious-microsoft-teams-invite-ntlm-relay-and-drive-by-download-attack-265821e3da9e
Medium
Malicious Microsoft Teams Invite: NTLM Relay and Drive By Download Attack
Summary
Learn Git & GitHub
friendly Git course to integrate Git and GitHub and manage versions of your projects using Git branches:
— https://www.codecademy.com/learn/learn-git
friendly Git course to integrate Git and GitHub and manage versions of your projects using Git branches:
— https://www.codecademy.com/learn/learn-git
Codecademy
Learn Git: Tutorial + Basics | Codecademy
Use our beginner friendly Git course to integrate Git and GitHub and manage versions of your projects using Git branches.
10+ Unique Flask Projects with Source Code – 2023
— https://machinelearningprojects.net/flask-projects/
— https://machinelearningprojects.net/flask-projects/
Python for Beginners (free course)
10 hours, 90 days of access:
— https://www.simplilearn.com/learn-python-basics-free-course-skillup
10 hours, 90 days of access:
— https://www.simplilearn.com/learn-python-basics-free-course-skillup
Simplilearn.com
Free Python Course with Certificate: Enroll Now!
The free Python course for beginners covers all the basics concepts of the Python programming language. Enroll now to earn your Python free certification.
Cybersecurity Career Path
Offensive, Defensive, Researcher, Engineer, Officer:
— https://github.com/rezaduty/cybersecurity-career-path
Offensive, Defensive, Researcher, Engineer, Officer:
— https://github.com/rezaduty/cybersecurity-career-path
GitHub
GitHub - rezaduty/cybersecurity-career-path: Cybersecurity Career Path
Cybersecurity Career Path. Contribute to rezaduty/cybersecurity-career-path development by creating an account on GitHub.
Hacking Your Cloud: Tokens Edition 2.0
Office and Microsoft 365 tokens can add some interesting dynamics to Azure and Microsoft 365 services penetration testing. There are a few different ways of getting JWT tokens… These methods are useful when attempting to bypass MFA restrictions and access cloud workloads that are unrestricted by location in conditional access. Most enterprises only restrict access to cloud workloads with MFA in conditional access..:
— https://www.trustedsec.com/blog/hacking-your-cloud-tokens-edition-2-0/
Office and Microsoft 365 tokens can add some interesting dynamics to Azure and Microsoft 365 services penetration testing. There are a few different ways of getting JWT tokens… These methods are useful when attempting to bypass MFA restrictions and access cloud workloads that are unrestricted by location in conditional access. Most enterprises only restrict access to cloud workloads with MFA in conditional access..:
— https://www.trustedsec.com/blog/hacking-your-cloud-tokens-edition-2-0/
TrustedSec
Hacking Your Cloud: Tokens Edition 2.0
Office and Microsoft 365 tokens can add some interesting dynamics to Azure and Microsoft 365 services penetration testing. First a free tool called Token…
Improve Onboarding through the Magic of Storytelling
4 simple steps for team lead for convenient new technical employe adaptation
— https://aminrb.me/blog/onboarding-storytelling/
4 simple steps for team lead for convenient new technical employe adaptation
— https://aminrb.me/blog/onboarding-storytelling/
aminrb.me
Improve Onboarding through the Magic of Storytelling
When you join a new team, you are usually bombarded with a lot of information. You need to familiarize yourself with the company’s culture, facilities, and colleagues. Initially, the onboarding process tends to be welcoming and hospitable. However, after…
Intro to Data Structures & Algorithms
Free course from Udacity. This course will introduce you to common data structures and algorithms in Python:
— https://www.udacity.com/course/data-structures-and-algorithms-in-python--ud513
Free course from Udacity. This course will introduce you to common data structures and algorithms in Python:
— https://www.udacity.com/course/data-structures-and-algorithms-in-python--ud513
Udacity
Learn Data Structures and Algorithms | Udacity
Learn online and advance your career with courses in programming, data science, artificial intelligence, digital marketing, and more. Gain in-demand technical skills. Join today!