IPv6 Attacks (Active Directory)
DNS Attack or DNS Spoofing its an attack that try to spoof the DNS traffic to allows an attacker to gather very important information about the network. If IPv6 is turned on the attacker can even spoof the DNS traffic for a Domain Admin and with certain tools, create an user with exclusive privileges.
Sometimes a bad practice is to store the password in the field of "denoscription", that kind of issues allows to an attacker to break into the network in an easier way.
#pentest #windows
DNS Attack or DNS Spoofing its an attack that try to spoof the DNS traffic to allows an attacker to gather very important information about the network. If IPv6 is turned on the attacker can even spoof the DNS traffic for a Domain Admin and with certain tools, create an user with exclusive privileges.
Sometimes a bad practice is to store the password in the field of "denoscription", that kind of issues allows to an attacker to break into the network in an easier way.
#pentest #windows
🔥4👍1
Inside the Mind of a Hacker: 2023 Edition
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
#useful
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
#useful
🤔3👍1
SSH penetration test scenario
The SSH protocol, also known as Secure Shell, is a technique for secure and reliable remote login from one computer to another. It offers several options for strong authentication, as it protects the connections and communications\ security and integrity with strong encryption. It is a secure alternative to the nonprotected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).
Previous post
#pentest #linux
The SSH protocol, also known as Secure Shell, is a technique for secure and reliable remote login from one computer to another. It offers several options for strong authentication, as it protects the connections and communications\ security and integrity with strong encryption. It is a secure alternative to the nonprotected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).
Previous post
#pentest #linux
👍4
Malware Analysis Techniques. Tricks for the triage of adversarial software by Dylan Barker, 2021
Analyze malicious samples, write reports, and use industry-standard methodologies to confidently triage and analyze adversarial software and malware.
Malware Analysis Techniques begins with an overview of the nature of malware, the current threat landscape, and its impact on businesses. Once you've covered the basics of malware, you'll move on to discover more about the technical nature of malicious software, including static characteristics and dynamic attack methods within the MITRE ATT&CK framework. You'll also find out how to perform practical malware analysis by applying all that you've learned to attribute the malware to a specific threat and weaponize the adversary's indicators of compromise (IOCs) and methodology against them to prevent them from attacking.
#book #malware
Analyze malicious samples, write reports, and use industry-standard methodologies to confidently triage and analyze adversarial software and malware.
Malware Analysis Techniques begins with an overview of the nature of malware, the current threat landscape, and its impact on businesses. Once you've covered the basics of malware, you'll move on to discover more about the technical nature of malicious software, including static characteristics and dynamic attack methods within the MITRE ATT&CK framework. You'll also find out how to perform practical malware analysis by applying all that you've learned to attribute the malware to a specific threat and weaponize the adversary's indicators of compromise (IOCs) and methodology against them to prevent them from attacking.
#book #malware
👍8🔥1
Malware_Analysis_Techniques_Tricks_for_the_triage_of_adversarial.pdf
7.2 MB
Malware Analysis Techniques. Tricks for the triage of adversarial software by Dylan Barker, 2021
👍7🔥1
Для всех новых подписчиков w2hack и тех кто еще по каким-то причинам не знает, есть отдельный авторский канал CyberSecBastion посвященный исключительно материалам относящимся к вопросам DevSecOps, K8s security, Cloud AWS, Azure, GCP, Secure SDLC, API security and AppSec.
Весь контент представлен только на английском языке. С текущего момента разрешен репост всех материалов
Присоединиться!
Dear friends, for all new subscribers w2hack channel and those who still don't know for a some reason, exists the separate CyberSecBastion channel dedicated exclusively to materials related to DevSecOps, K8s security, Cloud AWS, Azure, GCP, Secure SDLC, API security and AppSec issues.
All content is presented in English only. And, good news, from now on, sharing and repost of all materials is allowed.
Welcome onboard!
#info
Весь контент представлен только на английском языке. С текущего момента разрешен репост всех материалов
Присоединиться!
Dear friends, for all new subscribers w2hack channel and those who still don't know for a some reason, exists the separate CyberSecBastion channel dedicated exclusively to materials related to DevSecOps, K8s security, Cloud AWS, Azure, GCP, Secure SDLC, API security and AppSec issues.
All content is presented in English only. And, good news, from now on, sharing and repost of all materials is allowed.
Welcome onboard!
#info
🔥7👍3👏1
CISSP Concepts Guide - by M.Waleed Khaliq.pdf
17 MB
CISSP Concepts Guide by M.Waleed Khaliq, 2023
👍5
🔥4