Azure AD Security Config Analyzer (AADSCA)
We decided to take alternative approach for chapter 6 and we are not covering possible Azure AD attack path. This time, the focus is on on proactive side, how organizations can monitor and strengthen Azure AD's security posture. For this purpose we created 'Azure AD Security Config Analyzer' aka 'AADSCA' solution.
GitHub
Official page
#windows
We decided to take alternative approach for chapter 6 and we are not covering possible Azure AD attack path. This time, the focus is on on proactive side, how organizations can monitor and strengthen Azure AD's security posture. For this purpose we created 'Azure AD Security Config Analyzer' aka 'AADSCA' solution.
GitHub
Official page
#windows
🔥3👍1
Hack by HTML
HTML can be used for faking malicious phishing link, bypassing browser history etc. Here is my new article 'Hack by HTML' on it.
Source
#pentest #web
HTML can be used for faking malicious phishing link, bypassing browser history etc. Here is my new article 'Hack by HTML' on it.
Source
#pentest #web
Medium
Hack by HTML
The term ‘hack by HTML’ is often appears in hacking memes. However, there are certainly some HTML hacking techniques that are used in the…
🤔2🔥1
DNS Hacking
DNS has registry, something like Windows OS has registry. When a new website domain is registered, the domain and its IP address is technically written to a DNS zone file. This is the source for mapping domain to IP address (the actual DNS service) which is managed by DNS registry.
For example, when someone registers a domain in NameCheap, NameCheap will register the purchased domain in DNS registry using EPP protocol by exchanging XML messages. It has a security mechanism called 'EPP code' for authorizing the registrar. Even, EPP server communication is done over SSL/TLS (sometimes mTLS). Whois records are also updated this way. EPP maintains a kind of IAM or authorization where registrars can operate on only their controlled domains.
Programming languages like Python can used to communicate with EPP server. So, hackers can exploit EPP server by XXE attack.
Source
#pentest
DNS has registry, something like Windows OS has registry. When a new website domain is registered, the domain and its IP address is technically written to a DNS zone file. This is the source for mapping domain to IP address (the actual DNS service) which is managed by DNS registry.
For example, when someone registers a domain in NameCheap, NameCheap will register the purchased domain in DNS registry using EPP protocol by exchanging XML messages. It has a security mechanism called 'EPP code' for authorizing the registrar. Even, EPP server communication is done over SSL/TLS (sometimes mTLS). Whois records are also updated this way. EPP maintains a kind of IAM or authorization where registrars can operate on only their controlled domains.
Programming languages like Python can used to communicate with EPP server. So, hackers can exploit EPP server by XXE attack.
Source
#pentest
👍3
DNS Incident Response by Md. Abdullah Al Mamun, 2023
Root Cause Analysis with Detection Ideas
#forensic
Root Cause Analysis with Detection Ideas
#forensic
👍4
Securing Industrial Control Systems (ICS) and Operational Technology (OT)
👉 𝗔𝘁𝘁𝗮𝗰𝗸𝗶𝗻𝗴 𝗜𝗖𝗦/𝗢𝗧
🌟 Attacking ICS Plant #1 on TryHackMe
http://ow.ly/eC5050NuJ5e
🌟 Attacking ICS Plant #2 on TryHackMe
http://ow.ly/l8M750NuJ5j
🌟 Infrastructure Pentesting Checklist by Purab Parihar
http://ow.ly/7Ml950NuJ5f
🌟 John Hammond Attacking ICS Devices
http://ow.ly/LhMt50NuJ5o
🌟 Nmap and Sbom for ICS by Sulaiman Alhasawi
http://ow.ly/8bh550NuJ5g
🌟 Scada Hacker Library of Resources for Industrial Control System Cyber Security
http://ow.ly/Mh2e50NuJ5i
👉 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗮𝗻𝗱 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀
🌟 101 Critical Infrastructure Protection for the Public FedVTE
http://ow.ly/irxs50NuJ5l
🌟 Checkout CISA’s calendar for ICS Training
http://ow.ly/CrVc50NuJ5p
🌟 List of free online resources to learn ICS/OT cybersecurity by Irfan Shakeel
http://ow.ly/wwEq50NuIUW
🌟 A guide to your Certification journey in ICS/OT Cybersecurity by Shamikkumar Dave
http://ow.ly/jR2I50NuIV6
#useful
👉 𝗔𝘁𝘁𝗮𝗰𝗸𝗶𝗻𝗴 𝗜𝗖𝗦/𝗢𝗧
🌟 Attacking ICS Plant #1 on TryHackMe
http://ow.ly/eC5050NuJ5e
🌟 Attacking ICS Plant #2 on TryHackMe
http://ow.ly/l8M750NuJ5j
🌟 Infrastructure Pentesting Checklist by Purab Parihar
http://ow.ly/7Ml950NuJ5f
🌟 John Hammond Attacking ICS Devices
http://ow.ly/LhMt50NuJ5o
🌟 Nmap and Sbom for ICS by Sulaiman Alhasawi
http://ow.ly/8bh550NuJ5g
🌟 Scada Hacker Library of Resources for Industrial Control System Cyber Security
http://ow.ly/Mh2e50NuJ5i
👉 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗮𝗻𝗱 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀
🌟 101 Critical Infrastructure Protection for the Public FedVTE
http://ow.ly/irxs50NuJ5l
🌟 Checkout CISA’s calendar for ICS Training
http://ow.ly/CrVc50NuJ5p
🌟 List of free online resources to learn ICS/OT cybersecurity by Irfan Shakeel
http://ow.ly/wwEq50NuIUW
🌟 A guide to your Certification journey in ICS/OT Cybersecurity by Shamikkumar Dave
http://ow.ly/jR2I50NuIV6
#useful
👍4❤1
Security Study Plan
A Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on with free/paid resources, tools and concepts to excel.
GitHub
#education
A Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on with free/paid resources, tools and concepts to excel.
GitHub
#education
👍3
Above Network Vulnerability Scanner by Caster
Automates the search for network vulnerabilities, designed for pentesters, Red Team operators, and network security engineers. Support DTP, CDP, LLDP, OSPF, EIGRP, VRRP, HSRP, STP, LLMNR, NBT-NS и DHCPv6 protocols
GitHub
#hacktools
Automates the search for network vulnerabilities, designed for pentesters, Red Team operators, and network security engineers. Support DTP, CDP, LLDP, OSPF, EIGRP, VRRP, HSRP, STP, LLMNR, NBT-NS и DHCPv6 protocols
GitHub
#hacktools
👍3❤1
Курс этичного хакинга от колледжа PracticU, 2020 - 2022
Серия бесплатных уроков от ИТ колледжа PracticU по теме этичного хакинга, тестирования на проникновение, безопасности приложений, реверса, сертификации OSCP.
Полный пакет уроков доступен по подписке на официальном сайте.
YouTube
Официальный сайт
#education #pentest
Серия бесплатных уроков от ИТ колледжа PracticU по теме этичного хакинга, тестирования на проникновение, безопасности приложений, реверса, сертификации OSCP.
Полный пакет уроков доступен по подписке на официальном сайте.
YouTube
Официальный сайт
#education #pentest
🔥11👍3
Top Best 30 Active Directory Security Best Practices Checklist (ver.2023) By Andrew Fitzgerald
In this post, we have listed the best Active Directory Security Best Practices checklist that will assist organizations in enhancing AD security. Further, these practices will enable administrators to discover malicious attempts, identify and prioritize security activities. Follow some of the below listed AD best practices to improve and secure your Windows AD domain environment.
Source
#windows #hardening
In this post, we have listed the best Active Directory Security Best Practices checklist that will assist organizations in enhancing AD security. Further, these practices will enable administrators to discover malicious attempts, identify and prioritize security activities. Follow some of the below listed AD best practices to improve and secure your Windows AD domain environment.
Source
#windows #hardening
👍5
Обучающий видео курс Osint v.2 "Master OSINT", Mefodiy Kelevra (2021), PCRec
Курс является неотъемлемым продолжением "Русского OSINTa", но никак его ремиксом. Вторую часть мне захотелось сделать более универсальной, ориентированной на инструменты, более интернациональной. Продолжение ориентировано на обучение "навыку поиска".
Данный курс может быть интересен и SEO специалистам, пентестерам, журналистам, веб мастерам.
#education #OSINT
Курс является неотъемлемым продолжением "Русского OSINTa", но никак его ремиксом. Вторую часть мне захотелось сделать более универсальной, ориентированной на инструменты, более интернациональной. Продолжение ориентировано на обучение "навыку поиска".
Данный курс может быть интересен и SEO специалистам, пентестерам, журналистам, веб мастерам.
#education #OSINT
👍6❤1🔥1