Forwarded from CyberSecBastion
Nuclei Vuln Scanner
Fast and customisable vulnerability scanner based on simple YAML based DSL.
Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.
GitHub
#tools
Fast and customisable vulnerability scanner based on simple YAML based DSL.
Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.
GitHub
#tools
👍4
A Quick Guide to Information Security Standards.pdf
1.6 MB
A Quick Guide to Information Security Standards
👍3
Azure AD Security Config Analyzer (AADSCA)
We decided to take alternative approach for chapter 6 and we are not covering possible Azure AD attack path. This time, the focus is on on proactive side, how organizations can monitor and strengthen Azure AD's security posture. For this purpose we created 'Azure AD Security Config Analyzer' aka 'AADSCA' solution.
GitHub
Official page
#windows
We decided to take alternative approach for chapter 6 and we are not covering possible Azure AD attack path. This time, the focus is on on proactive side, how organizations can monitor and strengthen Azure AD's security posture. For this purpose we created 'Azure AD Security Config Analyzer' aka 'AADSCA' solution.
GitHub
Official page
#windows
🔥3👍1
Hack by HTML
HTML can be used for faking malicious phishing link, bypassing browser history etc. Here is my new article 'Hack by HTML' on it.
Source
#pentest #web
HTML can be used for faking malicious phishing link, bypassing browser history etc. Here is my new article 'Hack by HTML' on it.
Source
#pentest #web
Medium
Hack by HTML
The term ‘hack by HTML’ is often appears in hacking memes. However, there are certainly some HTML hacking techniques that are used in the…
🤔2🔥1
DNS Hacking
DNS has registry, something like Windows OS has registry. When a new website domain is registered, the domain and its IP address is technically written to a DNS zone file. This is the source for mapping domain to IP address (the actual DNS service) which is managed by DNS registry.
For example, when someone registers a domain in NameCheap, NameCheap will register the purchased domain in DNS registry using EPP protocol by exchanging XML messages. It has a security mechanism called 'EPP code' for authorizing the registrar. Even, EPP server communication is done over SSL/TLS (sometimes mTLS). Whois records are also updated this way. EPP maintains a kind of IAM or authorization where registrars can operate on only their controlled domains.
Programming languages like Python can used to communicate with EPP server. So, hackers can exploit EPP server by XXE attack.
Source
#pentest
DNS has registry, something like Windows OS has registry. When a new website domain is registered, the domain and its IP address is technically written to a DNS zone file. This is the source for mapping domain to IP address (the actual DNS service) which is managed by DNS registry.
For example, when someone registers a domain in NameCheap, NameCheap will register the purchased domain in DNS registry using EPP protocol by exchanging XML messages. It has a security mechanism called 'EPP code' for authorizing the registrar. Even, EPP server communication is done over SSL/TLS (sometimes mTLS). Whois records are also updated this way. EPP maintains a kind of IAM or authorization where registrars can operate on only their controlled domains.
Programming languages like Python can used to communicate with EPP server. So, hackers can exploit EPP server by XXE attack.
Source
#pentest
👍3
DNS Incident Response by Md. Abdullah Al Mamun, 2023
Root Cause Analysis with Detection Ideas
#forensic
Root Cause Analysis with Detection Ideas
#forensic
👍4
Securing Industrial Control Systems (ICS) and Operational Technology (OT)
👉 𝗔𝘁𝘁𝗮𝗰𝗸𝗶𝗻𝗴 𝗜𝗖𝗦/𝗢𝗧
🌟 Attacking ICS Plant #1 on TryHackMe
http://ow.ly/eC5050NuJ5e
🌟 Attacking ICS Plant #2 on TryHackMe
http://ow.ly/l8M750NuJ5j
🌟 Infrastructure Pentesting Checklist by Purab Parihar
http://ow.ly/7Ml950NuJ5f
🌟 John Hammond Attacking ICS Devices
http://ow.ly/LhMt50NuJ5o
🌟 Nmap and Sbom for ICS by Sulaiman Alhasawi
http://ow.ly/8bh550NuJ5g
🌟 Scada Hacker Library of Resources for Industrial Control System Cyber Security
http://ow.ly/Mh2e50NuJ5i
👉 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗮𝗻𝗱 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀
🌟 101 Critical Infrastructure Protection for the Public FedVTE
http://ow.ly/irxs50NuJ5l
🌟 Checkout CISA’s calendar for ICS Training
http://ow.ly/CrVc50NuJ5p
🌟 List of free online resources to learn ICS/OT cybersecurity by Irfan Shakeel
http://ow.ly/wwEq50NuIUW
🌟 A guide to your Certification journey in ICS/OT Cybersecurity by Shamikkumar Dave
http://ow.ly/jR2I50NuIV6
#useful
👉 𝗔𝘁𝘁𝗮𝗰𝗸𝗶𝗻𝗴 𝗜𝗖𝗦/𝗢𝗧
🌟 Attacking ICS Plant #1 on TryHackMe
http://ow.ly/eC5050NuJ5e
🌟 Attacking ICS Plant #2 on TryHackMe
http://ow.ly/l8M750NuJ5j
🌟 Infrastructure Pentesting Checklist by Purab Parihar
http://ow.ly/7Ml950NuJ5f
🌟 John Hammond Attacking ICS Devices
http://ow.ly/LhMt50NuJ5o
🌟 Nmap and Sbom for ICS by Sulaiman Alhasawi
http://ow.ly/8bh550NuJ5g
🌟 Scada Hacker Library of Resources for Industrial Control System Cyber Security
http://ow.ly/Mh2e50NuJ5i
👉 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗮𝗻𝗱 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀
🌟 101 Critical Infrastructure Protection for the Public FedVTE
http://ow.ly/irxs50NuJ5l
🌟 Checkout CISA’s calendar for ICS Training
http://ow.ly/CrVc50NuJ5p
🌟 List of free online resources to learn ICS/OT cybersecurity by Irfan Shakeel
http://ow.ly/wwEq50NuIUW
🌟 A guide to your Certification journey in ICS/OT Cybersecurity by Shamikkumar Dave
http://ow.ly/jR2I50NuIV6
#useful
👍4❤1