Automate Your Job Application Process (outside Russia and CIS)
These tools scan job boards, personalize your resume and cover letters, and then fill out online application forms, freeing up your time and helping you apply to more jobs faster.
Benefits:
✅ Job Search Automation
✅ Autofill Applications
✅ Application Tracker
🔖 LazzyApply
🔖 JobCopilot
🔖 Huntr
🔖 BulkApply
#job
These tools scan job boards, personalize your resume and cover letters, and then fill out online application forms, freeing up your time and helping you apply to more jobs faster.
Benefits:
#job
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4
Mastering Windows Group Policy. Control and secure your Active Directory environment with Group Policy by Jordan Krause, 2018
Improve and reimagine your organization's security stance, desktop standards, and server administration with centralized management via Group Policy
This book begins with a discussion of the core material any administrator needs to know in order to start working with Group Policy. Moving on, we will also walk through the process of building a lab environment to start testing Group Policy today. Next we will explore the Group Policy Management Console (GPMC) and start using the powerful features available for us within that interface. Once you are well versed with using GPMC, you will learn to perform and manage the traditional core tasks inside Group Policy.
Included in the book are many examples and walk-throughs of the different filtering options available for the application of Group Policy settings, as this is the real power that Group Policy holds within your network. You will also learn how you can use Group Policy to secure your Active Directory environment, and also understand how Group Policy preferences are different than policies, with the help of real-world examples.
Finally we will spend some time on maintenance and troubleshooting common Group Policy-related issues so that you, as a directory administrator, will understand the diagnosing process for policy settings.
#book #windows
Improve and reimagine your organization's security stance, desktop standards, and server administration with centralized management via Group Policy
This book begins with a discussion of the core material any administrator needs to know in order to start working with Group Policy. Moving on, we will also walk through the process of building a lab environment to start testing Group Policy today. Next we will explore the Group Policy Management Console (GPMC) and start using the powerful features available for us within that interface. Once you are well versed with using GPMC, you will learn to perform and manage the traditional core tasks inside Group Policy.
Included in the book are many examples and walk-throughs of the different filtering options available for the application of Group Policy settings, as this is the real power that Group Policy holds within your network. You will also learn how you can use Group Policy to secure your Active Directory environment, and also understand how Group Policy preferences are different than policies, with the help of real-world examples.
Finally we will spend some time on maintenance and troubleshooting common Group Policy-related issues so that you, as a directory administrator, will understand the diagnosing process for policy settings.
#book #windows
👍2🔥1
Mastering_Windows_Group_Policy_2018.pdf
11.6 MB
Mastering Windows Group Policy. Control and secure your Active Directory environment with Group Policy by Jordan Krause, 2018
🔥6👍2
Upd. tags and links
Add:
(+) links to w2hack official GitHub repo
(+) tagged some unmarked materials
Change:
(/) update pinned second post
#info
Add:
(+) links to w2hack official GitHub repo
(+) tagged some unmarked materials
Change:
(/) update pinned second post
#info
🔥4🤬1
Парни, вы заметили, что известные персоны в кибербезе, те кто в конце 2000-х и на протяжение 2010-х топили вверх по карьерной лестнице, бились в CTF, выступали на эвентах, работали в компаниях с узноваемым брендом, пушили свои тулзы на GitHub, грабили проф сертификаты, мутили свое комьюнити, райтили блоги, двигали собственные проекты, те кто стал rock star, unicorn кибербеза сейчас либо (1) открыли свой бизнес РФ/Мир либо (2) заняли топ менеджерские кресла в РФ компаниях либо (3) иммигрировали в UK/UAE/USA, где спецы в БигТехе либо (4) сменили роли на ИТ либо другие направления.
В паблике очень много новичков, джунов, тех кто только в начале или где-то ближе к середине своего карьерного пути. Учат, админят, пушат, кодят, лабы гоняют, нагибают hr на работу получше.
А кто-нибудь думал какой финал? К чему идем? Есть ли видение своего трибьюта? Что будем делать через 5, 7 или 10 лет? А может знаете кто так сейчас и топит как 10 лет назад без изменений?
#talk
В паблике очень много новичков, джунов, тех кто только в начале или где-то ближе к середине своего карьерного пути. Учат, админят, пушат, кодят, лабы гоняют, нагибают hr на работу получше.
А кто-нибудь думал какой финал? К чему идем? Есть ли видение своего трибьюта? Что будем делать через 5, 7 или 10 лет? А может знаете кто так сейчас и топит как 10 лет назад без изменений?
#talk
🤔6❤3👍1
Вопрос к ребятам кто учился и выпустился на ИБ специальностях в российских ВУЗах за крайние 15 лет. Много ли ваших однокурсников занимаются кибербезом, работают по профилю обучения?
Anonymous Poll
5%
Все работают, все 100% выпуска
9%
50% или половина от всех
14%
25% - 30% от выпуска
19%
Не больше 10%, их единицы
9%
1% (один, два, три человека с выпуска)
3%
0% или вообще никто
36%
Не знаю, смотреть результаты
5%
Свой вариант (пиши в чат)
🤷♂8🤔6👍2❤1😁1
Custom noscript (python) for easy, basic pattern, low difficult automated penetration test, w2hack, 2020/2025
This project is a Python-based automated penetration testing tool designed to streamline the process of assessing the security of a target system. The noscript performs various tasks, including (1) information gathering, (2) reconnaissance, (3) discovery and scanning, (4) vulnerability assessment, (5) exploitation if possible, and final (6) analysis (reporting). It integrates multiple tools to automate the scanning and testing process, making it easier for security professionals to identify and exploit vulnerabilities.
Features
✅ Update CVE Database: Fetches the latest Common Vulnerabilities and Exposures (CVE) from an API for use in vulnerability assessment.
✅ Information Gathering: Collects basic information about the target using tools like whois, nslookup, dig, etc.
✅ Reconnaissance: Uses nmap and nikto (optional) to discover services and potential vulnerabilities.
✅ Discovery and Scanning: Performs a full port scan using nmap and a directory brute-force attack using dirb.
✅ Vulnerability Assessment: Evaluates the target against known CVEs using nmap noscripts and performs an OWASP ZAP scan (web app only).
✅ Exploitation: Attempts to exploit discovered vulnerabilities using msfconsole and brute-force attacks with hydra.
✅ Final Analysis and Review: Reviews the collected data, analyzes open ports and services, and summarizes the findings.
✅ Report: Compiles the results into a comprehensive report for further analysis (auto coloring, etc).
Requirements
❗️ Various external tools like whois, nslookup, dig, fierce, nmap, nikto, dirb, msfconsole, hydra, and zap-cli (w3af) should be installed before run the noscript ❗️
⬇️ GitHub
#tools #pentest
This project is a Python-based automated penetration testing tool designed to streamline the process of assessing the security of a target system. The noscript performs various tasks, including (1) information gathering, (2) reconnaissance, (3) discovery and scanning, (4) vulnerability assessment, (5) exploitation if possible, and final (6) analysis (reporting). It integrates multiple tools to automate the scanning and testing process, making it easier for security professionals to identify and exploit vulnerabilities.
Features
✅ Update CVE Database: Fetches the latest Common Vulnerabilities and Exposures (CVE) from an API for use in vulnerability assessment.
✅ Information Gathering: Collects basic information about the target using tools like whois, nslookup, dig, etc.
✅ Reconnaissance: Uses nmap and nikto (optional) to discover services and potential vulnerabilities.
✅ Discovery and Scanning: Performs a full port scan using nmap and a directory brute-force attack using dirb.
✅ Vulnerability Assessment: Evaluates the target against known CVEs using nmap noscripts and performs an OWASP ZAP scan (web app only).
✅ Exploitation: Attempts to exploit discovered vulnerabilities using msfconsole and brute-force attacks with hydra.
✅ Final Analysis and Review: Reviews the collected data, analyzes open ports and services, and summarizes the findings.
✅ Report: Compiles the results into a comprehensive report for further analysis (auto coloring, etc).
Requirements
Python 3.x + requests library
BeautifulSoup4 library
subprocess library
# Installation
Clone this repository \ unpack the tar
git clone https://github.com/D3One/Automated-Penetration-Testing-Script_v1.git
cd automated-penetration-testing_v1
# Install the required Python libraries:
sudo pip install -r requirements.txt
# Ensure that all the external tools (whois, nmap, etc.) are installed and accessible in your system's PATH.
sudo apt-get install whois dnsutils fierce nmap nikto dirb hydra zaproxy
# Usage
Run the noscript:
python scanner.py
Enter the target IP address or domain when prompted.
enjoy it! :)
#tools #pentest
Please open Telegram to view this post
VIEW IN TELEGRAM
❤4🔥3👍1
simple_automated_pentest_basic_pattern__ver1.1_[w2hack].py
5.6 KB
Custom noscript (python) for easy, basic pattern, low difficult automated penetration test, w2hack, 2020/2025
❤6
Tactics, Techniques, and Procedures by FreeZeroDays, 2021/2025
My big mess of offensive security notes and miscellaneous resources.
In similar fashion to other resources of this nature, all commands documented have been manually verified as working and l33t at the time of documentation.
This was inspired by both snovvcrash and sneakerhax's offensive note collections. I highly recommend checking them out if you're looking for additional resources!
🧑🎓 GitHub
🧑🎓 GitBook
See also:
Pentester Tactics, Techniques, and Procedures TTPs by Chris Traynor
#pentest
My big mess of offensive security notes and miscellaneous resources.
In similar fashion to other resources of this nature, all commands documented have been manually verified as working and l33t at the time of documentation.
This was inspired by both snovvcrash and sneakerhax's offensive note collections. I highly recommend checking them out if you're looking for additional resources!
See also:
Pentester Tactics, Techniques, and Procedures TTPs by Chris Traynor
#pentest
Please open Telegram to view this post
VIEW IN TELEGRAM
❤8👍1
Kubernetes Goat is an interactive Kubernetes security learning playground. It has intentionally vulnerable by design scenarios to showcase the common misconfigurations, real-world vulnerabilities, and security issues in Kubernetes clusters, containers, and cloud native environments.
🔻 Main page
✏️ MITRE ATT&CK
🏆 Scenarios
See also:
Attacking Kubernetes by Reza, 2025
Red Team Tactics, Techniques, and Procedures for Kubernetes by sneakerhax, 2025
List of all Attack Techniques by Stratus Red Team, 2025
Attacking Kubernetes by HackTricks Cloud
Kubernetes Threat Matrix (interactive!)
#SecDevOps #pentest
🔻 Main page
See also:
Attacking Kubernetes by Reza, 2025
Red Team Tactics, Techniques, and Procedures for Kubernetes by sneakerhax, 2025
List of all Attack Techniques by Stratus Red Team, 2025
Attacking Kubernetes by HackTricks Cloud
Kubernetes Threat Matrix (interactive!)
#SecDevOps #pentest
Please open Telegram to view this post
VIEW IN TELEGRAM
❤8😁2🔥1
Arm Assembly Internals & Reverse Engineering by Maria Markstedter
Welcome to this tutorial series on ARM assembly basics. This is the preparation for the followup tutorial series on ARM exploit development. Before we can dive into creating ARM shellcode and build ROP chains, we need to cover some ARM Assembly basics first.
🛡 Official page
😺 About author
#hardware #reverse
Welcome to this tutorial series on ARM assembly basics. This is the preparation for the followup tutorial series on ARM exploit development. Before we can dive into creating ARM shellcode and build ROP chains, we need to cover some ARM Assembly basics first.
🛡 Official page
#hardware #reverse
Please open Telegram to view this post
VIEW IN TELEGRAM
❤7🔥5😁1
Media is too big
VIEW IN TELEGRAM
Функции:
✅Работа с RFID и NFC: устройство способно считывать, копировать и эмулировать метки, радиопульты, iButton и цифровые ключи доступа.
✅ Работа с инфракрасными сигналами: Flipper Zero оснащён инфракрасным передатчиком и приёмником, что позволяет управлять телевизорами, кондиционерами и другой техникой, захватывать и воспроизводить сигналы ИК-пультов.
✅ Работа с Sub-GHz-частотами (433 МГц, 868 МГц и другие): устройство умеет передавать и принимать сигналы на низких радиочастотах, что позволяет анализировать радиоуправляемые устройства (например, беспроводные звонки, розетки, умные датчики).
✅ Bluetooth-аналитика и взаимодействие с устройствами: Flipper Zero поддерживает Bluetooth, что позволяет подключаться к мобильному приложению Flipper, анализировать активные Bluetooth-устройства вокруг.
#hardware #fun
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8👍3
🚨 Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicles
A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft.
Demonstrations reveal that the firmware, said to be circulating on the dark web, can clone a vehicle’s keyfob with just a single, brief signal capture.
Sources:
❗️ Article (Eng) + Seclab (Rus)
#hardware
A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft.
Demonstrations reveal that the firmware, said to be circulating on the dark web, can clone a vehicle’s keyfob with just a single, brief signal capture.
Sources:
#hardware
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥4👍3
Threat Hunting and Detection by Mehmet E. (Cyb3r-Monk), 2025
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL (Kusto Query Language).
🔤 GitHub
See also:
❗️ ATT&CK + D3FEND = D.E.A.T.H
❗️ D3FEND Matrix
#defensive
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL (Kusto Query Language).
See also:
#defensive
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥6
The Threat Hunter Playbook by OTRF, Roberto Rodriguez (Cyb3rWard0g), 2022
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient, ll the detection documents in this project follow the structure of MITRE ATT&CK categorizing post-compromise adversary behavior in tactical groups and are available in the form of interactive notebooks.
⚔️ GitHub
📔 The Book
See also:
❗️ Awesome Threat Detection and Hunting by 0x4D31
❗️ The Threat Hunting Project + GitHub
❗️ Malware + DFIR analysis notes by antonyn0p
#defensive
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient, ll the detection documents in this project follow the structure of MITRE ATT&CK categorizing post-compromise adversary behavior in tactical groups and are available in the form of interactive notebooks.
See also:
#defensive
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥5👍2
𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻 - 𝗪𝗲𝗯 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 & 𝗔𝗣𝗜 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 by DevSecOps Guides, 2025
𝗧𝗮𝗯𝗹𝗲 𝗼𝗳 𝗰𝗼𝗻𝘁𝗲𝗻𝘁:
🔴 𝗘𝗻𝗱-𝘁𝗼-𝗘𝗻𝗱 𝗘𝗻𝗰𝗿𝘆𝗽𝘁𝗶𝗼𝗻 HTTP exposure → SSL stripping → HSTS with preload → unbreakable TLS tunnels.
🔴 𝗢𝗔𝘂𝘁𝗵 𝟮.𝟬 & 𝗣𝗞𝗖𝗘 Auth code interception → malicious app replay → PKCE enforcement → no token without proof key.
🔴 𝗝𝗪𝗧 𝗟𝗶𝗳𝗲𝗰𝘆𝗰𝗹𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 HS256 secret theft → forged admin tokens → RS256 + short-lived tokens → revoked refresh tokens.
🔴 𝗠𝘂𝘁𝘂𝗮𝗹 𝗧𝗟𝗦 (𝗺𝗧𝗟𝗦) Stolen static API key → partner impersonation → client certificate auth → cryptographic identity.
🔴 𝗗𝗗𝗼𝗦 & 𝗥𝗮𝘁𝗲 𝗟𝗶𝗺𝗶𝘁𝗶𝗻𝗴 Naive IP limits → low-and-slow scraping → dynamic, user-aware throttling → edge WAF protection.
🔴 𝗜𝗻𝗽𝘂𝘁 𝗩𝗮𝗹𝗶𝗱𝗮𝘁𝗶𝗼𝗻 & 𝗢𝘂𝘁𝗽𝘂𝘁 𝗘𝗻𝗰𝗼𝗱𝗶𝗻𝗴 SQLi & XSS payloads → data exfiltration & session hijacking → parameterized queries & contextual encoding → neutralized threats.
🔴 𝗔𝗣𝗜 𝗚𝗮𝘁𝗲𝘄𝗮𝘆 & 𝗪𝗔𝗙 Inconsistent microservice security → finding the weakest link → centralized WAF at the gateway → uniform defense.
🔴 𝗦𝗲𝗰𝘂𝗿𝗲 𝗦𝗲𝘀𝘀𝗶𝗼𝗻 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 Cookie theft via XSS → session hijacking → HttpOnly, Secure, SameSite=Strict cookies → locked-down sessions.
🔴 𝗔𝗣𝗜 𝗩𝗲𝗿𝘀𝗶𝗼𝗻𝗶𝗻𝗴 & 𝗗𝗲𝗽𝗿𝗲𝗰𝗮𝘁𝗶𝗼𝗻 Zombie v1 API → exploiting old bugs → forced deprecation & brownouts → controlled demolition.
🔴 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗟𝗼𝗴𝗶𝗰 𝗙𝗹𝗮𝘄𝘀 Price tampering → checkout abuse → server-side re-validation → trust nothing from the client.
🔴 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗠𝗲𝘀𝗵 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 Lateral movement in-cluster → compromised pod escalates → zero-trust mTLS → granular authorization policies.
🔣 Web page
#AppSec
𝗧𝗮𝗯𝗹𝗲 𝗼𝗳 𝗰𝗼𝗻𝘁𝗲𝗻𝘁:
🔴 𝗘𝗻𝗱-𝘁𝗼-𝗘𝗻𝗱 𝗘𝗻𝗰𝗿𝘆𝗽𝘁𝗶𝗼𝗻 HTTP exposure → SSL stripping → HSTS with preload → unbreakable TLS tunnels.
🔴 𝗢𝗔𝘂𝘁𝗵 𝟮.𝟬 & 𝗣𝗞𝗖𝗘 Auth code interception → malicious app replay → PKCE enforcement → no token without proof key.
🔴 𝗝𝗪𝗧 𝗟𝗶𝗳𝗲𝗰𝘆𝗰𝗹𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 HS256 secret theft → forged admin tokens → RS256 + short-lived tokens → revoked refresh tokens.
🔴 𝗠𝘂𝘁𝘂𝗮𝗹 𝗧𝗟𝗦 (𝗺𝗧𝗟𝗦) Stolen static API key → partner impersonation → client certificate auth → cryptographic identity.
🔴 𝗗𝗗𝗼𝗦 & 𝗥𝗮𝘁𝗲 𝗟𝗶𝗺𝗶𝘁𝗶𝗻𝗴 Naive IP limits → low-and-slow scraping → dynamic, user-aware throttling → edge WAF protection.
🔴 𝗜𝗻𝗽𝘂𝘁 𝗩𝗮𝗹𝗶𝗱𝗮𝘁𝗶𝗼𝗻 & 𝗢𝘂𝘁𝗽𝘂𝘁 𝗘𝗻𝗰𝗼𝗱𝗶𝗻𝗴 SQLi & XSS payloads → data exfiltration & session hijacking → parameterized queries & contextual encoding → neutralized threats.
🔴 𝗔𝗣𝗜 𝗚𝗮𝘁𝗲𝘄𝗮𝘆 & 𝗪𝗔𝗙 Inconsistent microservice security → finding the weakest link → centralized WAF at the gateway → uniform defense.
🔴 𝗦𝗲𝗰𝘂𝗿𝗲 𝗦𝗲𝘀𝘀𝗶𝗼𝗻 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 Cookie theft via XSS → session hijacking → HttpOnly, Secure, SameSite=Strict cookies → locked-down sessions.
🔴 𝗔𝗣𝗜 𝗩𝗲𝗿𝘀𝗶𝗼𝗻𝗶𝗻𝗴 & 𝗗𝗲𝗽𝗿𝗲𝗰𝗮𝘁𝗶𝗼𝗻 Zombie v1 API → exploiting old bugs → forced deprecation & brownouts → controlled demolition.
🔴 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗟𝗼𝗴𝗶𝗰 𝗙𝗹𝗮𝘄𝘀 Price tampering → checkout abuse → server-side re-validation → trust nothing from the client.
🔴 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗠𝗲𝘀𝗵 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 Lateral movement in-cluster → compromised pod escalates → zero-trust mTLS → granular authorization policies.
#AppSec
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
1❤6👍2😱1
𝗦𝗲𝗰𝘂𝗿𝗲_𝗯𝘆_𝗗𝗲𝘀𝗶𝗴𝗻_𝗪𝗲𝗯_𝗦𝗲𝗿𝘃𝗶𝗰𝗲_&_𝗔𝗣𝗜_𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆.pdf
2.4 MB
𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻 - 𝗪𝗲𝗯 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 & 𝗔𝗣𝗜 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 by DevSecOps Guides, 2025
❤4👍2
SANS Linux Incident Response_2025.pdf
2 MB
SANS Linux Incident Response, 2025