Another nice screenshot of MicroGPT/GPT4 pwning a target. Relax, it's just a lab machine by Bernhard Mueller
Prompt:
"Perform a penetration test of the host 192.168.86.197. Use tools and manual analysis to identify vulnerabilities on the system. I already provided a port scan in the file 'nmap.txt'. Use only non-interactive commands. Try the easiest exploits first. Create proof-of-concept exploits for each vulnerability found. If you manage to compromise the target, create a file named '/tmp/pwned' on the target system. Save a detailed report documenting your methodology and findings to my Desktop (at least 500 words)."
GitHub
#useful
Prompt:
"Perform a penetration test of the host 192.168.86.197. Use tools and manual analysis to identify vulnerabilities on the system. I already provided a port scan in the file 'nmap.txt'. Use only non-interactive commands. Try the easiest exploits first. Create proof-of-concept exploits for each vulnerability found. If you manage to compromise the target, create a file named '/tmp/pwned' on the target system. Save a detailed report documenting your methodology and findings to my Desktop (at least 500 words)."
GitHub
#useful
👍4
Lateral movement in penetration test activity, 2023
During Red Team assessments, after a compromise has been done, attackers tend to laterally move through the network gaining more relevant information on other systems. This lateral movement is possible through the use of many binaries/services/processes. In this article we will be solely focusing on Lateral Movement using Remote Services, i.e., services that can help in code/command execution on remote systems by taking in valid set of credentials. Oftentimes, same set of credentials are used within organization and this type of lateral movement becomes very easy and effective.
MITRE TACTIC: Lateral Movement (TA0008)
MITRE TECHNIQUE ID: T1021 (Remote Services)
SUBTITLE: Multiple Titles
(T1021.001, T1021.002, T1021.003, T1021.004, T1021.005, T1021.006)
#pentest
During Red Team assessments, after a compromise has been done, attackers tend to laterally move through the network gaining more relevant information on other systems. This lateral movement is possible through the use of many binaries/services/processes. In this article we will be solely focusing on Lateral Movement using Remote Services, i.e., services that can help in code/command execution on remote systems by taking in valid set of credentials. Oftentimes, same set of credentials are used within organization and this type of lateral movement becomes very easy and effective.
MITRE TACTIC: Lateral Movement (TA0008)
MITRE TECHNIQUE ID: T1021 (Remote Services)
SUBTITLE: Multiple Titles
(T1021.001, T1021.002, T1021.003, T1021.004, T1021.005, T1021.006)
#pentest
👍5
Lateral_Movement_Pentest_Sample_2023.pdf
3.5 MB
Lateral movement in penetration test activity, 2023
👍2🤔1
Forwarded from CyberSecBastion
DevOps threat matrix by Microsoft, 2023
Our goal for developing the threat matrix for DevOps is to build a comprehensive knowledgebase that defenders can use to keep track of and build defenses against relevant attack techniques. Using the MITRE ATT&CK framework as a base, we collected techniques and attack vectors associated with DevOps environments and created a matrix dedicated to DevOps attack methods.
Source
#VendorInfo
Our goal for developing the threat matrix for DevOps is to build a comprehensive knowledgebase that defenders can use to keep track of and build defenses against relevant attack techniques. Using the MITRE ATT&CK framework as a base, we collected techniques and attack vectors associated with DevOps environments and created a matrix dedicated to DevOps attack methods.
Source
#VendorInfo
👍5
Ways to Get a Free PVS-Studio (SAST) License
There are several ways to get a free license of the PVS-Studio static code analyzer, which is meant for searching for errors and potential vulnerabilities. Open source projects, small closed projects, public security specialists and owners of the Microsoft MVP status can use the license for free. The article briefly describes each of these options
Source
Extra
For security expert
For pet project
#hacktool #AppSec
There are several ways to get a free license of the PVS-Studio static code analyzer, which is meant for searching for errors and potential vulnerabilities. Open source projects, small closed projects, public security specialists and owners of the Microsoft MVP status can use the license for free. The article briefly describes each of these options
Source
Extra
For security expert
For pet project
#hacktool #AppSec
🤔2🎉1
Energy Consumption of Post Quantum Cryptography: Dilithium and Kyber Beat Our Existing TLS 1.3 Performance
Интересная статья по поводу использования квантовых машин для вычисления ключей, которые сегодня считаются стойкими, например, тот же TLS 1.3
Американский институт NIST готовит документы и алгоритмы Kyber и Dilithium для обеспечения криптостойкости ключей в пост-квантовую эпоху.
Source
#crypto
Интересная статья по поводу использования квантовых машин для вычисления ключей, которые сегодня считаются стойкими, например, тот же TLS 1.3
Американский институт NIST готовит документы и алгоритмы Kyber и Dilithium для обеспечения криптостойкости ключей в пост-квантовую эпоху.
Source
#crypto
🤔3
This media is not supported in your browser
VIEW IN TELEGRAM
Mythic
A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It’s designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming.
Mythic is written by Cody Thomas and its a highly flexible and customizable open-source command-and-control (C2) framework that is designed to be used by red teamers and penetration testers. The framework provides a comprehensive platform for managing and controlling remote agents that can be used to perform various tasks, such as reconnaissance, exploitation, and post-exploitation activities.
Source
#hacktool
A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It’s designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming.
Mythic is written by Cody Thomas and its a highly flexible and customizable open-source command-and-control (C2) framework that is designed to be used by red teamers and penetration testers. The framework provides a comprehensive platform for managing and controlling remote agents that can be used to perform various tasks, such as reconnaissance, exploitation, and post-exploitation activities.
Source
#hacktool
🔥4👍3