Malicious Microsoft Teams Invite: NTLM Relay and Drive By Download Attack
— https://medium.com/@bobbyrsec/malicious-microsoft-teams-invite-ntlm-relay-and-drive-by-download-attack-265821e3da9e
— https://medium.com/@bobbyrsec/malicious-microsoft-teams-invite-ntlm-relay-and-drive-by-download-attack-265821e3da9e
Medium
Malicious Microsoft Teams Invite: NTLM Relay and Drive By Download Attack
Summary
Learn Git & GitHub
friendly Git course to integrate Git and GitHub and manage versions of your projects using Git branches:
— https://www.codecademy.com/learn/learn-git
friendly Git course to integrate Git and GitHub and manage versions of your projects using Git branches:
— https://www.codecademy.com/learn/learn-git
Codecademy
Learn Git: Tutorial + Basics | Codecademy
Use our beginner friendly Git course to integrate Git and GitHub and manage versions of your projects using Git branches.
10+ Unique Flask Projects with Source Code – 2023
— https://machinelearningprojects.net/flask-projects/
— https://machinelearningprojects.net/flask-projects/
Python for Beginners (free course)
10 hours, 90 days of access:
— https://www.simplilearn.com/learn-python-basics-free-course-skillup
10 hours, 90 days of access:
— https://www.simplilearn.com/learn-python-basics-free-course-skillup
Simplilearn.com
Free Python Course with Certificate: Enroll Now!
The free Python course for beginners covers all the basics concepts of the Python programming language. Enroll now to earn your Python free certification.
Cybersecurity Career Path
Offensive, Defensive, Researcher, Engineer, Officer:
— https://github.com/rezaduty/cybersecurity-career-path
Offensive, Defensive, Researcher, Engineer, Officer:
— https://github.com/rezaduty/cybersecurity-career-path
GitHub
GitHub - rezaduty/cybersecurity-career-path: Cybersecurity Career Path
Cybersecurity Career Path. Contribute to rezaduty/cybersecurity-career-path development by creating an account on GitHub.
Hacking Your Cloud: Tokens Edition 2.0
Office and Microsoft 365 tokens can add some interesting dynamics to Azure and Microsoft 365 services penetration testing. There are a few different ways of getting JWT tokens… These methods are useful when attempting to bypass MFA restrictions and access cloud workloads that are unrestricted by location in conditional access. Most enterprises only restrict access to cloud workloads with MFA in conditional access..:
— https://www.trustedsec.com/blog/hacking-your-cloud-tokens-edition-2-0/
Office and Microsoft 365 tokens can add some interesting dynamics to Azure and Microsoft 365 services penetration testing. There are a few different ways of getting JWT tokens… These methods are useful when attempting to bypass MFA restrictions and access cloud workloads that are unrestricted by location in conditional access. Most enterprises only restrict access to cloud workloads with MFA in conditional access..:
— https://www.trustedsec.com/blog/hacking-your-cloud-tokens-edition-2-0/
TrustedSec
Hacking Your Cloud: Tokens Edition 2.0
Office and Microsoft 365 tokens can add some interesting dynamics to Azure and Microsoft 365 services penetration testing. First a free tool called Token…
Improve Onboarding through the Magic of Storytelling
4 simple steps for team lead for convenient new technical employe adaptation
— https://aminrb.me/blog/onboarding-storytelling/
4 simple steps for team lead for convenient new technical employe adaptation
— https://aminrb.me/blog/onboarding-storytelling/
aminrb.me
Improve Onboarding through the Magic of Storytelling
When you join a new team, you are usually bombarded with a lot of information. You need to familiarize yourself with the company’s culture, facilities, and colleagues. Initially, the onboarding process tends to be welcoming and hospitable. However, after…
Intro to Data Structures & Algorithms
Free course from Udacity. This course will introduce you to common data structures and algorithms in Python:
— https://www.udacity.com/course/data-structures-and-algorithms-in-python--ud513
Free course from Udacity. This course will introduce you to common data structures and algorithms in Python:
— https://www.udacity.com/course/data-structures-and-algorithms-in-python--ud513
Udacity
Learn Data Structures and Algorithms | Udacity
Learn online and advance your career with courses in programming, data science, artificial intelligence, digital marketing, and more. Gain in-demand technical skills. Join today!
Linux Kernel: Spectre v2 SMT mitigations problem
— https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx
— https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx
GitHub
Linux Kernel: Spectre v2 SMT mitigations problem
### Summary
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We h...
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We h...
CISA - Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-byDesign and -Default
— https://www.cisa.gov/sites/default/files/2023-04/principles_approaches_for_security-by-design-default_508_0.pdf
— https://www.cisa.gov/sites/default/files/2023-04/principles_approaches_for_security-by-design-default_508_0.pdf
Attack Surface Analyzer
Attack Surface Analyzer is a Microsoft developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration:
— https://github.com/microsoft/AttackSurfaceAnalyzer
Attack Surface Analyzer is a Microsoft developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration:
— https://github.com/microsoft/AttackSurfaceAnalyzer
GitHub
GitHub - microsoft/AttackSurfaceAnalyzer: Attack Surface Analyzer can help you analyze your operating system's security configuration…
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation. - microsoft/AttackSurfaceAnalyzer
Good News and New Changes in Sys-Admin Open BLD ecosystem
99.9% uptime - https://lab.sys-adm.in
New security concepts
- Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructire has centralized automated hacking IP mitigation system
- Updates - With open Sys-Admin activitieas now we are have two new instruments which can change security protection prism whis based on open source tools/instruments: ip2drop 🧘, cactusd 🌵
- Speed - Extremely improved speed (🏎 faster than IBM Quad9)
Results
- Open BLD ecosystem servers partially migrated from fail2ban to ip2drop
- All servers has new firewall settings and improvements (like as ipset)
Enjoy this - https://lab.sys-adm.in
99.9% uptime - https://lab.sys-adm.in
New security concepts
- Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructire has centralized automated hacking IP mitigation system
- Updates - With open Sys-Admin activitieas now we are have two new instruments which can change security protection prism whis based on open source tools/instruments: ip2drop 🧘, cactusd 🌵
- Speed - Extremely improved speed (🏎 faster than IBM Quad9)
Results
- Open BLD ecosystem servers partially migrated from fail2ban to ip2drop
- All servers has new firewall settings and improvements (like as ipset)
Enjoy this - https://lab.sys-adm.in
lab.sys-adm.in
Sys-Admin Laboratory
Open Sys-Admin BLD DNS - Focus on information for free with adblocking and implicit cybersecurity threat prevention.
Sys-Admin Up pinned «Good News and New Changes in Sys-Admin Open BLD ecosystem 99.9% uptime - https://lab.sys-adm.in New security concepts - Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructire…»
Sandbox Escape in vm2@3.9.16. PoC.
There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244
Credits: https://github.com/advisories/GHSA-7jxr-cg7f-gpgv
There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244
Credits: https://github.com/advisories/GHSA-7jxr-cg7f-gpgv
Gist
Sandbox Escape in vm2@3.9.16
Sandbox Escape in vm2@3.9.16. GitHub Gist: instantly share code, notes, and snippets.
Get started using Attack simulation training
If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, which includes Threat Investigation and Response capabilities, you can use Attack simulation training in the Microsoft 365:
— More details…
If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, which includes Threat Investigation and Response capabilities, you can use Attack simulation training in the Microsoft 365:
— More details…
Docs
Get started using Attack simulation training - Microsoft Defender for Office 365
Admins can learn how to use Attack simulation training to run simulated phishing and password attacks in their Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations.
Designing and Developing Modern Applications
free Zoom Conference. I known personally some participiants from speakers, so shoult be interecting, maybe:
— https://akvelon.global/devday2023/
free Zoom Conference. I known personally some participiants from speakers, so shoult be interecting, maybe:
— https://akvelon.global/devday2023/
akvelon.global
DevDay 2023
Designing and Developing Modern Applications: Best Practices and Emerging Trends