OpenGPT - open source effort to create a similar experience to OpenAI's GPTs and Assistants API
https://github.com/langchain-ai/opengpts
https://github.com/langchain-ai/opengpts
GitHub
GitHub - langchain-ai/opengpts
Contribute to langchain-ai/opengpts development by creating an account on GitHub.
PyPI: Incident Report: User Account Takeover
reflection: This is not the first time I’ve seen developer accounts taken over, but if you think about it, what will happen. What if they take over, for example, the account of the developer of uBlock..? Where will they go or what will happen with your web requests being called back in it?)) In this context, the manifest v3 reduces such threats to a minimum...
https://blog.pypi.org/posts/2023-12-04-account-takeover/
reflection: This is not the first time I’ve seen developer accounts taken over, but if you think about it, what will happen. What if they take over, for example, the account of the developer of uBlock..? Where will they go or what will happen with your web requests being called back in it?)) In this context, the manifest v3 reduces such threats to a minimum...
https://blog.pypi.org/posts/2023-12-04-account-takeover/
Kali Linux 2023.4 Release
With new tools and Cloud ARM64, Vagrant Hyper-V, Raspberry Pi 5 supporting:
https://www.kali.org/blog/kali-linux-2023-4-release/
With new tools and Cloud ARM64, Vagrant Hyper-V, Raspberry Pi 5 supporting:
https://www.kali.org/blog/kali-linux-2023-4-release/
Kali Linux
Kali Linux 2023.4 Release (Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5) | Kali Linux Blog
With 2023 coming to an end and before the holiday season starts, we thought today would be a good time to release Kali 2023.4. Whilst this release may not have the most end-user features in it again, there are a number of new platform offerings and there…
Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings
https://michaelkoczwara.medium.com/hunting-malicious-infrastructure-headers-and-hardcoded-static-strings-2d7bb4e46d64
https://michaelkoczwara.medium.com/hunting-malicious-infrastructure-headers-and-hardcoded-static-strings-2d7bb4e46d64
The penetration testing execution standard consists of seven (7) main sections...
These cover everything related to a penetration test - from the initial communication and reasoning behind a pentest, through the intelligence gathering and threat modeling phases where testers are working behind the scenes in order to get a better understanding of the tested organization, through vulnerability research, exploitation and post exploitation, where the technical security expertise of the testers come to play and combine with the business understanding of the engagement, and finally to the reporting, which captures the entire process, in a manner that makes sense to the customer and provides the most value to it..:
http://www.pentest-standard.org/index.php/Main_Page
These cover everything related to a penetration test - from the initial communication and reasoning behind a pentest, through the intelligence gathering and threat modeling phases where testers are working behind the scenes in order to get a better understanding of the tested organization, through vulnerability research, exploitation and post exploitation, where the technical security expertise of the testers come to play and combine with the business understanding of the engagement, and finally to the reporting, which captures the entire process, in a manner that makes sense to the customer and provides the most value to it..:
http://www.pentest-standard.org/index.php/Main_Page
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Наконец-то запилил службу, которая возвращает внешний IP по curl или в браузере.
Возможности:
- Может возвращать реальный IP даже если клиент ходит через Cloudflare
- Быстрый. написан на Go
- IP можно смотреть через браузер или curl или wget
Curl:
curl https://getmyip.sys-adm.inWget:
wget -qO- https://getmyip.sys-adm.inPlease open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Last week, last month, this year... I've been meeting and talking to different people, and they all echoed the same sentiment - IPv6 is needed
A few days ago, I got acquainted with VEESP.com, a company that generously provided OpenBLD.net with an incredibly fast server featuring a high-speed Ethernet connection
Abstract: Usually, I spend some time testing servers, then assign them a secondary role before introducing them to the production environment. However, this time was different...
I was so impressed
I believe this is a great opportunity to start exploring the IPv6 space. In this month or early 2024, I hope we can begin experimenting with IPv6!
If you're ready to participate in the preliminary testing, please let me know through this OpenBLD.net Pre-Release Testing Form. I will reach out to you directly when the time comes, and together we can strive to make this world even better
P.S. Thanks to veesp.com and everyone who gives incentive to take a step forward
Please open Telegram to view this post
VIEW IN TELEGRAM
FBI Guidance to Victims of Cyber Incidents
- https://www.fbi.gov/investigate/cyber/fbi-guidance-to-victims-of-cyber-incidents-on-sec-reporting-requirements-fbi-policy-notice-summary
- https://www.fbi.gov/investigate/cyber/fbi-guidance-to-victims-of-cyber-incidents-on-sec-reporting-requirements-fbi-policy-notice-summary
Federal Bureau of Investigation
FBI Guidance to Victims of Cyber Incidents on SEC Reporting Requirements: FBI Policy Notice Summary | Federal Bureau of Investigation
This page contains a summary of the FBI’s Policy Notice regarding cyber victim requests to delay SEC-mandated public disclosures.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
In OpenBLD.net scoping activities, I created lite Go app - Awesome Servers Inventory Web App, which is a simple web app to manage your servers inventory. Ideal solution for small projects and infrastructures or IT ecosystems.
Features:
- Add new server
- Edit existing server
- Delete existing server
- Copy server IP details to clipboard
- Yaml config file
- Portable sqLite database
- One binary file to run the app
- https://github.com/m0zgen/serversAwesome
Please open Telegram to view this post
VIEW IN TELEGRAM
PoC. Apache Struts Remote Code Execution Vulnerability ( S2-066 CVE-2023-50164)
https://trganda.github.io/notes/security/vulnerabilities/apache-struts/Apache-Struts-Remote-Code-Execution-Vulnerability-(-S2-066-CVE-2023-50164)
https://trganda.github.io/notes/security/vulnerabilities/apache-struts/Apache-Struts-Remote-Code-Execution-Vulnerability-(-S2-066-CVE-2023-50164)
trganda.github.io
Apache Struts Remote Code Execution Vulnerability ( S2-066 CVE-2023-50164)
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
PoC Released for SharePoint Pre-Auth RCE Chain (CVE-2023-29357 & CVE-2023-24955)
https://securityonline.info/poc-released-for-sharepoint-pre-auth-rce-chain-cve-2023-29357-cve-2023-24955/
https://securityonline.info/poc-released-for-sharepoint-pre-auth-rce-chain-cve-2023-29357-cve-2023-24955/
Daily CyberSecurity
PoC Released for SharePoint Pre-Auth RCE Chain (CVE-2023-29357 & CVE-2023-24955)
A PoC exploit for SharePoint Pre-Auth Code Injection RCE chain has been released for two vulnerabilities (CVE-2023-29357 & CVE-2023-24955)
Behind the scenes: JaskaGO’s coordinated strike on macOS and Windows
https://cybersecurity.att.com/blogs/labs-research/behind-the-scenes-jaskagos-coordinated-strike-on-macos-and-windows
https://cybersecurity.att.com/blogs/labs-research/behind-the-scenes-jaskagos-coordinated-strike-on-macos-and-windows
LevelBlue
Behind the scenes: JaskaGO's coordinated strike on macOS and…
Executive summary In recent developments, a sophisticated malware stealer strain crafted in the Go programming language has been discovered by LevelBlue Labs, posing a severe threat to both Windows and macOS operating systems. As of the time of publishing…
Dshell
An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures:
https://github.com/USArmyResearchLab/Dshell
An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures:
https://github.com/USArmyResearchLab/Dshell
Agent Tesla’s Unique Approach: VBS and Steganography for Delivery and Intrusion
Good research:
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/agent-teslas-unique-approach-vbs-and-steganography-for-delivery-and-intrusion/
Good research:
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/agent-teslas-unique-approach-vbs-and-steganography-for-delivery-and-intrusion/
McAfee Blog
Agent Tesla's Unique Approach: VBS and Steganography for Delivery and Intrusion | McAfee Blog
Authored by Yashvi Shah Agent Tesla functions as a Remote Access Trojan (RAT) and an information stealer built on the .NET framework. It is capable of
Don't Believe Your Eyes - A WhatsApp Clickjacking Vulnerability
October dated research:
- Discovery Process
- Link Preview Mismatch
- Disguising Links
- Attack Scenario
- Mitigation
https://00xbyte.github.io/posts/Don%27t-Believe-Your-Eyes-A-WhatsApp-Clickjacking-Vulnerability/
P.S. Thx for the link dear subscriber✌️
October dated research:
- Discovery Process
- Link Preview Mismatch
- Disguising Links
- Attack Scenario
- Mitigation
https://00xbyte.github.io/posts/Don%27t-Believe-Your-Eyes-A-WhatsApp-Clickjacking-Vulnerability/
P.S. Thx for the link dear subscriber
Please open Telegram to view this post
VIEW IN TELEGRAM
Security Is Broken
Don’t Believe Your Eyes - A WhatsApp Phishing Vulnerability
Critical WhatsApp Flaw! Hackers can make ANY link look like Instagram, Facebook, or YOUR bank with this new phishing attack! Learn how to protect yourself NOW. Don’t be fooled by sneaky links on WhatsApp. This post reveals a serious security flaw and teaches…
CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare and other alternatives..:
https://github.com/spyboy-productions/CloakQuest3r
https://github.com/spyboy-productions/CloakQuest3r
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
This media is not supported in your browser
VIEW IN TELEGRAM
🚀 Glad to present the new release zDNS v0.1.3! 🎉
Following Zero Trust practices, I recently wrote and am slowly beginning to introduce new “blackhole” functionality into the OpenBLD.net DNS ecosystem
zDNS is a DNS server that puts security and control over DNS queries at the center. With new functionality, zDNS now supports regular expressions in hosts.txt files, allowing more flexibility in configuring allowed queries. Now you can use the power of regular expressions to precisely control permissions, including subdomains and patterns.
Main features:
🛑 Denies all DNS queries by default.
✅ Allows you to configure allowed requests through the hosts.txt file.
🔄 Uses balancing strategies to ensure reliable operation with DNS servers.
🛠Easily customizable via YAML configuration.
🔜 Prometheus metrics coming soon
Additional protection of your infrastructure or testing requests with zDNS is possible and may be useful to you! Download the latest version here and start using a DNS server with powerful customization options:
https://github.com/m0zgen/zdns/tree/dev
#zDNS #DNS #Security #Release #News
Following Zero Trust practices, I recently wrote and am slowly beginning to introduce new “blackhole” functionality into the OpenBLD.net DNS ecosystem
zDNS is a DNS server that puts security and control over DNS queries at the center. With new functionality, zDNS now supports regular expressions in hosts.txt files, allowing more flexibility in configuring allowed queries. Now you can use the power of regular expressions to precisely control permissions, including subdomains and patterns.
Main features:
🛑 Denies all DNS queries by default.
✅ Allows you to configure allowed requests through the hosts.txt file.
🔄 Uses balancing strategies to ensure reliable operation with DNS servers.
🛠Easily customizable via YAML configuration.
🔜 Prometheus metrics coming soon
Additional protection of your infrastructure or testing requests with zDNS is possible and may be useful to you! Download the latest version here and start using a DNS server with powerful customization options:
https://github.com/m0zgen/zdns/tree/dev
#zDNS #DNS #Security #Release #News