Ways to Get a Free PVS-Studio (SAST) License
There are several ways to get a free license of the PVS-Studio static code analyzer, which is meant for searching for errors and potential vulnerabilities. Open source projects, small closed projects, public security specialists and owners of the Microsoft MVP status can use the license for free. The article briefly describes each of these options
Source
Extra
For security expert
For pet project
#hacktool #AppSec
There are several ways to get a free license of the PVS-Studio static code analyzer, which is meant for searching for errors and potential vulnerabilities. Open source projects, small closed projects, public security specialists and owners of the Microsoft MVP status can use the license for free. The article briefly describes each of these options
Source
Extra
For security expert
For pet project
#hacktool #AppSec
🤔2🎉1
Energy Consumption of Post Quantum Cryptography: Dilithium and Kyber Beat Our Existing TLS 1.3 Performance
Интересная статья по поводу использования квантовых машин для вычисления ключей, которые сегодня считаются стойкими, например, тот же TLS 1.3
Американский институт NIST готовит документы и алгоритмы Kyber и Dilithium для обеспечения криптостойкости ключей в пост-квантовую эпоху.
Source
#crypto
Интересная статья по поводу использования квантовых машин для вычисления ключей, которые сегодня считаются стойкими, например, тот же TLS 1.3
Американский институт NIST готовит документы и алгоритмы Kyber и Dilithium для обеспечения криптостойкости ключей в пост-квантовую эпоху.
Source
#crypto
🤔3
This media is not supported in your browser
VIEW IN TELEGRAM
Mythic
A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It’s designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming.
Mythic is written by Cody Thomas and its a highly flexible and customizable open-source command-and-control (C2) framework that is designed to be used by red teamers and penetration testers. The framework provides a comprehensive platform for managing and controlling remote agents that can be used to perform various tasks, such as reconnaissance, exploitation, and post-exploitation activities.
Source
#hacktool
A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It’s designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming.
Mythic is written by Cody Thomas and its a highly flexible and customizable open-source command-and-control (C2) framework that is designed to be used by red teamers and penetration testers. The framework provides a comprehensive platform for managing and controlling remote agents that can be used to perform various tasks, such as reconnaissance, exploitation, and post-exploitation activities.
Source
#hacktool
🔥4👍3
Disabling Intel’s Backdoors On Modern Laptops
Because you are hacked at the moment you power on the computer and connect it.
connected=hacked
У кого материнки от Intel гасите эту опцию пока не поздно
Source
#
Because you are hacked at the moment you power on the computer and connect it.
connected=hacked
У кого материнки от Intel гасите эту опцию пока не поздно
Source
#
😱3❤2
Pivoting over WiFi: WPA PSK
Наглядка от гуру хЭка. Ломят Wi-Fi и крепятся в системе надолго..
#pentest
Наглядка от гуру хЭка. Ломят Wi-Fi и крепятся в системе надолго..
#pentest
👍4
Vulmap scanner
Vulmap is an open-source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These noscripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these noscripts. Also, they can be used for privilege escalation by pentesters/red teamers.
GitHub
#hacktool
Vulmap is an open-source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These noscripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these noscripts. Also, they can be used for privilege escalation by pentesters/red teamers.
GitHub
#hacktool
👏6🤔1
Nmap for pentesters. Cracking Passwords Mini Guide
The Nmap Scripting Engine (NSE) is one of Nmap’s most powerful and flexible features. It allows users to write (and share) simple noscripts to automate a wide variety of networking tasks. Those noscripts are then executed in parallel with the speed and efficiency you expect from Nmap. The core of the Nmap Scripting Engine is an embeddable Lua interpreter. The second part of the Nmap Scripting Engine is the NSE Library, which connects Lua and Nmap.
NSE noscripts define a list of categories that they belong to. Currently defined categories are auth, broadcast, brute, default. discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, and
vuln.
Nmap contains noscripts for brute-forcing dozens of protocols, including HTTP-brute, Oracle-brute, SNMP-brute, etc.
#pentest
The Nmap Scripting Engine (NSE) is one of Nmap’s most powerful and flexible features. It allows users to write (and share) simple noscripts to automate a wide variety of networking tasks. Those noscripts are then executed in parallel with the speed and efficiency you expect from Nmap. The core of the Nmap Scripting Engine is an embeddable Lua interpreter. The second part of the Nmap Scripting Engine is the NSE Library, which connects Lua and Nmap.
NSE noscripts define a list of categories that they belong to. Currently defined categories are auth, broadcast, brute, default. discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, and
vuln.
Nmap contains noscripts for brute-forcing dozens of protocols, including HTTP-brute, Oracle-brute, SNMP-brute, etc.
#pentest
👍3
Physical Penetration Test Resources by CSbyGB, Gabrielle B.
🌟 My story about one of the most thrilling pentest that I made
http://ow.ly/p09850NKsH9
👉 𝗪𝗛𝗔𝗧 𝗜𝗦 𝗣𝗛𝗬𝗦𝗜𝗖𝗔𝗟 𝗣𝗘𝗡𝗧𝗘𝗦𝗧
🌟 CRPPL Quick Training by Joas Antonio
http://ow.ly/CfzQ50NKsHe
🌟 Physical Penetration Testing: Pretty much everything you need to know on Redlegg
http://ow.ly/v29R50NKsHm
🌟 How to get into Physical Penetration Testing by HoodiePoney
http://ow.ly/q9wo50NKsHp
🌟 6 Best practices for performing Physical Penetration Tests by Daniel Wood on Darkreading
http://ow.ly/vvA250NKsHk
🌟 13 physical penetration testing methods that actually work
http://ow.ly/lCFN50NKsH5
🌟 Physical Pentesting in red team assessment by Eduardo Arriols
http://ow.ly/cQY750NKsHj
👉 𝗘𝗫𝗣𝗘𝗥𝗧𝗦 𝗧𝗔𝗟𝗞 𝗔𝗕𝗢𝗨𝗧 𝗜𝗧
🌟 Tactics of Physical Pentesters by FreeCodeCamp
http://ow.ly/Ow7o50NKsHo
#useful
🌟 My story about one of the most thrilling pentest that I made
http://ow.ly/p09850NKsH9
👉 𝗪𝗛𝗔𝗧 𝗜𝗦 𝗣𝗛𝗬𝗦𝗜𝗖𝗔𝗟 𝗣𝗘𝗡𝗧𝗘𝗦𝗧
🌟 CRPPL Quick Training by Joas Antonio
http://ow.ly/CfzQ50NKsHe
🌟 Physical Penetration Testing: Pretty much everything you need to know on Redlegg
http://ow.ly/v29R50NKsHm
🌟 How to get into Physical Penetration Testing by HoodiePoney
http://ow.ly/q9wo50NKsHp
🌟 6 Best practices for performing Physical Penetration Tests by Daniel Wood on Darkreading
http://ow.ly/vvA250NKsHk
🌟 13 physical penetration testing methods that actually work
http://ow.ly/lCFN50NKsH5
🌟 Physical Pentesting in red team assessment by Eduardo Arriols
http://ow.ly/cQY750NKsHj
👉 𝗘𝗫𝗣𝗘𝗥𝗧𝗦 𝗧𝗔𝗟𝗞 𝗔𝗕𝗢𝗨𝗧 𝗜𝗧
🌟 Tactics of Physical Pentesters by FreeCodeCamp
http://ow.ly/Ow7o50NKsHo
#useful
🔥5👍2
🌟 SANS Webcast Physical Security Everything that’s wrong with your typical door by Deviant Ollam
http://ow.ly/X4JO50NKsHc
🌟 How do red teams legally break into banks on Truesec with Stök and Fabio Viggiani
http://ow.ly/HTzr50NKsHb
👉 𝗧𝗢𝗢𝗟𝗦 𝗔𝗡𝗗 𝗧𝗘𝗖𝗛𝗡𝗜𝗤𝗨𝗘𝗦
🌟 Physical Security Toolkit
http://ow.ly/cGIv50NKsHi
🌟 P5 - The public physical pentesting paraphernalia project by stensjoberg
http://ow.ly/8y6G50NKsHh
🌟 The Open Organisation of Lockpickers
http://ow.ly/VaUL50NKsH3
🌟 Exploring the uncharted backwaters of HID iCLASS security by Milosch Meriac
http://ow.ly/x6Kq50NKsHa
👉 𝗖𝗢𝗠𝗠𝗨𝗡𝗜𝗧𝗬
🌟 Physical Security Village
http://ow.ly/Xk4t50NKsH8
🌟 Physical Security Village Resources
http://ow.ly/J4xw50NKsHl
#useful
http://ow.ly/X4JO50NKsHc
🌟 How do red teams legally break into banks on Truesec with Stök and Fabio Viggiani
http://ow.ly/HTzr50NKsHb
👉 𝗧𝗢𝗢𝗟𝗦 𝗔𝗡𝗗 𝗧𝗘𝗖𝗛𝗡𝗜𝗤𝗨𝗘𝗦
🌟 Physical Security Toolkit
http://ow.ly/cGIv50NKsHi
🌟 P5 - The public physical pentesting paraphernalia project by stensjoberg
http://ow.ly/8y6G50NKsHh
🌟 The Open Organisation of Lockpickers
http://ow.ly/VaUL50NKsH3
🌟 Exploring the uncharted backwaters of HID iCLASS security by Milosch Meriac
http://ow.ly/x6Kq50NKsHa
👉 𝗖𝗢𝗠𝗠𝗨𝗡𝗜𝗧𝗬
🌟 Physical Security Village
http://ow.ly/Xk4t50NKsH8
🌟 Physical Security Village Resources
http://ow.ly/J4xw50NKsHl
#useful
🔥6
Gabrielle B.
🏳️ Ethical Hacker |🏆Award-winning Pentester | Artemis Red Team
Женское лицо пен-теста! Да не просто лицо, а заслуженный и авторитетный спец, мастер своего дела. А теперь скажите, что пен-тест дело не женское и девушкам нет места в ИБ..
Web page
GitHub
LinkedIn
#celebrety
🏳️ Ethical Hacker |🏆Award-winning Pentester | Artemis Red Team
Женское лицо пен-теста! Да не просто лицо, а заслуженный и авторитетный спец, мастер своего дела. А теперь скажите, что пен-тест дело не женское и девушкам нет места в ИБ..
Web page
GitHub
#celebrety
🔥6❤3😱1
XSS Attack with XSSer - Ever wanted to know how XSS attacks work? Try it hands-on, for free! In this lab exercise, you will pentest a vulnerable web application with the XSSer tool.
This document illustrates all the important steps required to complete this lab. This is by no means a comprehensive step-by-step solution for this exercise. This is only provided as a reference to various commands needed to complete this exercise and for your further research on this topic. Also, note that the IP addresses and domain names might be different in your lab.
#web
This document illustrates all the important steps required to complete this lab. This is by no means a comprehensive step-by-step solution for this exercise. This is only provided as a reference to various commands needed to complete this exercise and for your further research on this topic. Also, note that the IP addresses and domain names might be different in your lab.
#web
👍7
Почему инвентаризация, классификация и приоритезация ИТ активов важна не смотря на "бумажность" работы
#useful
#useful
🤔4