Forwarded from CyberSecBastion
Zed Attack Proxy Cookbook.pdf
27.2 MB
Zed Attack Proxy Cookbook Hacking tactics, techniques, and procedures for testing web applications and APIs by Ryan Soper, Nestor N Torres, Ahmed Almoailu, 2023
❤4
Infosec Strategies and Best Practices. Gain proficiency in information security using expert-level strategies and best practices by Joseph MacMillan, 2023
The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals.
As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services.
Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security.
#book #architecture
The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals.
As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services.
Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security.
#book #architecture
🔥5👍1
Packt.Infosec.Strategies.and.Best.Practices.1800566352.pdf
4.3 MB
Infosec Strategies and Best Practices. Gain proficiency in information security using expert-level strategies and best practices by Joseph MacMillan, 2023
👍1
Another nice screenshot of MicroGPT/GPT4 pwning a target. Relax, it's just a lab machine by Bernhard Mueller
Prompt:
"Perform a penetration test of the host 192.168.86.197. Use tools and manual analysis to identify vulnerabilities on the system. I already provided a port scan in the file 'nmap.txt'. Use only non-interactive commands. Try the easiest exploits first. Create proof-of-concept exploits for each vulnerability found. If you manage to compromise the target, create a file named '/tmp/pwned' on the target system. Save a detailed report documenting your methodology and findings to my Desktop (at least 500 words)."
GitHub
#useful
Prompt:
"Perform a penetration test of the host 192.168.86.197. Use tools and manual analysis to identify vulnerabilities on the system. I already provided a port scan in the file 'nmap.txt'. Use only non-interactive commands. Try the easiest exploits first. Create proof-of-concept exploits for each vulnerability found. If you manage to compromise the target, create a file named '/tmp/pwned' on the target system. Save a detailed report documenting your methodology and findings to my Desktop (at least 500 words)."
GitHub
#useful
👍4
Lateral movement in penetration test activity, 2023
During Red Team assessments, after a compromise has been done, attackers tend to laterally move through the network gaining more relevant information on other systems. This lateral movement is possible through the use of many binaries/services/processes. In this article we will be solely focusing on Lateral Movement using Remote Services, i.e., services that can help in code/command execution on remote systems by taking in valid set of credentials. Oftentimes, same set of credentials are used within organization and this type of lateral movement becomes very easy and effective.
MITRE TACTIC: Lateral Movement (TA0008)
MITRE TECHNIQUE ID: T1021 (Remote Services)
SUBTITLE: Multiple Titles
(T1021.001, T1021.002, T1021.003, T1021.004, T1021.005, T1021.006)
#pentest
During Red Team assessments, after a compromise has been done, attackers tend to laterally move through the network gaining more relevant information on other systems. This lateral movement is possible through the use of many binaries/services/processes. In this article we will be solely focusing on Lateral Movement using Remote Services, i.e., services that can help in code/command execution on remote systems by taking in valid set of credentials. Oftentimes, same set of credentials are used within organization and this type of lateral movement becomes very easy and effective.
MITRE TACTIC: Lateral Movement (TA0008)
MITRE TECHNIQUE ID: T1021 (Remote Services)
SUBTITLE: Multiple Titles
(T1021.001, T1021.002, T1021.003, T1021.004, T1021.005, T1021.006)
#pentest
👍5
Lateral_Movement_Pentest_Sample_2023.pdf
3.5 MB
Lateral movement in penetration test activity, 2023
👍2🤔1
Forwarded from CyberSecBastion
DevOps threat matrix by Microsoft, 2023
Our goal for developing the threat matrix for DevOps is to build a comprehensive knowledgebase that defenders can use to keep track of and build defenses against relevant attack techniques. Using the MITRE ATT&CK framework as a base, we collected techniques and attack vectors associated with DevOps environments and created a matrix dedicated to DevOps attack methods.
Source
#VendorInfo
Our goal for developing the threat matrix for DevOps is to build a comprehensive knowledgebase that defenders can use to keep track of and build defenses against relevant attack techniques. Using the MITRE ATT&CK framework as a base, we collected techniques and attack vectors associated with DevOps environments and created a matrix dedicated to DevOps attack methods.
Source
#VendorInfo
👍5