SpiderFoot - OSINT automation Tool
SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.
SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line.
https://github.com/smicallef/spiderfoot
PiiScanner - Burp Suite ExtensionA PiiScanner Extension é uma extensão para o Burp Suite desenvolvida para detectar informações de identificação pessoal (PII), especificamente CPFs do Brasil, em requisições e respostas HTTP. Esta extensão utiliza o Montoya API e implementa validações para garantir que CPFs válidos e inválidos sejam registrados, auxiliando na identificação de possíveis exposições de dados sensíveis.
https://github.com/vanguard-threat-seekers/vanguard-burp-pii-scanner
🔎 Threat Intel Roundup: CrushFTP, CS2, Lazarus, Trigona
Week in Overview(5 Dec-12 Dec)
What is Prometheus ?
Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud. Since its inception in 2012, many companies and organizations have adopted Prometheus, and the project has a very active developer and user community
Prometheus collects and stores its metrics as time series data, i.e. metrics information is stored with the timestamp at which it was recorded, alongside optional key-value pairs called labels.
https://prometheus.io/docs/introduction/overview/
iOS Pentesting Series
Learn how to work with useful tools and apps such as Frida, Objection, 3uTools, Cydia, Burp, fsmon, fridump, SSL bypass, reFlutter etc.
Part 1: https://kishorbalan.medium.com/start-your-first-ios-application-pentest-with-me-part-1-1692311f1902
Part 2: https://kishorbalan.medium.com/ios-pentesting-series-part-2-into-the-battlefield-f17ed2778890
Part 3: https://kishorbalan.medium.com/ios-pentesting-series-part-3-the-ceasefire-53fcea3bbd70
FFuF - Fuzzing Tool
👨💻🛠 In this week's episode of Hacker Tools, we will take a look at FFuF.
https://www.youtube.com/watch?v=UDaeS7455mU
(Authenticated) Stored XSS - Simple Download Monitor 3.9.19 (Wordpress Plugin)
DreadPirateRobertt/stored-xss-simple-download-monitor-3-9-19-wordpress-plugin-cbef1564a44b" rel="nofollow">https://medium.com/@DreadPirateRobertt/stored-xss-simple-download-monitor-3-9-19-wordpress-plugin-cbef1564a44b
NSA - Mitigating Web ShellsThis repository houses a number of tools and signatures to help defend networks against web shell malware. More information about web shells and the analytics used by the tools here is available in NSA and ASD web shell mitigation guidance Detect and Prevent Web Shell Malware.
https://github.com/nsacyber/Mitigating-Web-Shells
Getting started with the Red Team Guides
RedTeamGuides is a platform that provides red team tutorial and guidance along with cheatsheets. It is aimed at helping security professionals and enthusiasts to learn about red teaming and penetration testing techniques.
The platform provides a wide range of resources, including step-by-step tutorials, how-to guides, and cheat sheets, that cover different topics related to red teaming, such as reconnaissance, exploitation, post-exploitation, and privilege escalation. The guides are regularly updated to keep up with the latest techniques and tools in the field.
https://redteamguides.com/index.html
Bitbucket Monitoring Activity
Automation that sends automatic alerts when new repositories are created. Bitbucket provides features to notify repository members about specific activities, such as code pushes, pull requests, and other events, but does not notify about new repositories created across the organization.
https://github.com/u37-Luth1er/bitbucket-monitoring-activity
The Greatest Video Game Pirate of All TimeEMPRESS is a renowned video game cracker known for their exceptional skills in bypassing digital rights management (DRM) protections. With a reputation for cracking the toughest security measures, EMPRESS has become a prominent figure in the gaming community, enabling players to access and play pirated versions of popular titles. Their contributions have sparked debates around piracy, copyright infringement, and the effectiveness of DRM in the gaming industry.
https://youtu.be/ZUioVa-wdDk?si=TKyx58h-k69KX60q
https://www.udemy.com/course/the-redteam-blueprint/?Xx.xx&couponCode=7D99B7EDDEC44923439D
https://www.udemy.com/course/hacking-the-windows-api-with-python/?Xx.xx&couponCode=4113E9AF79AEE0B911DB
Curso Práctico de Python 3 de cero a EXPERTO +50 EJERCICIOS
https://www.udemy.com/course/curso-practico-de-python-3-de-cero-a-experto-50-ejercicios/?Xx.xx&couponCode=29D94C14BD2B069BB24B
OWASP TOP 10 - Pentesting Web, Bug Bounty Hunting
https://www.udemy.com/course/owasp-top10-web/?Xx.xx&couponCode=F72B213DC48E1ABE8CD2
Web Scraping con Python - Extracción y Automatización Web
https://www.udemy.com/course/curso-web-scraping-con-python/?Xx.xx&couponCode=5E3654B2793D56E98ED8
Master en Burp Suite para Web, Pentest y Bug Bounty!
https://www.udemy.com/course/master-de-burp-suite/?Xx.xx&couponCode=8146B04B54F233D70900
Master JavaScript para Pentesters - XSS de 0 a 100
https://www.udemy.com/course/javascript-para-hackers-pentesters/?Xx.xx&couponCode=64DCCADEF22FCC9EAA8F
Vuln Research in VIDEO GAMES?!?!
Our adventure with FreeDroid RPG began when we were perusing the National Vulnerability Database (NVD) for video game-related bugs and discovered two CVEs from 2020 related to this game: CVE-2020-14938 and CVE-2020-14939. Both CVEs involved ways to maliciously manipulate the save game data—each fascinating in their own right. As we looked into the technical details of this original research from LogicalTrust, we noticed anomalies in the patches that were meant to address these vulnerabilities, sparking a deeper investigation
https://youtu.be/vHocemqpOuo?si=x7Et0MJdhwMdHTIv
Alien Vault - The World’s First Truly Open Threat Intelligence Community
https://otx.alienvault.com/
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
https://unit42.paloaltonetworks.com/hooking-framework-in-sandbox-to-analyze-android-apk/
SSRFire - An automated SSRF finder
aswinchandran274/ssrfire-an-automated-ssrf-finder-798f3ee8a38" rel="nofollow">https://medium.com/@aswinchandran274/ssrfire-an-automated-ssrf-finder-798f3ee8a38
File Shared < 1.6.48 (Wordpress Plugin) — Sensitive Data Exposure Mysql version, enviroment..When we try upload an unauthorized file, The plugin core stored Database sensitive informations like Mysql Version, Enviroment informations, userid, user_session, ip,(browser informations).
DreadPirateRobertt/file-shared-1-6-48-wordpress-plugin-sensitive-data-exposure-mysql-version-enviroment-343356762353" rel="nofollow">https://medium.com/@DreadPirateRobertt/file-shared-1-6-48-wordpress-plugin-sensitive-data-exposure-mysql-version-enviroment-343356762353
Linux Directories Explained in 100 Seconds
https://youtu.be/42iQKuQodW4?si=xx_zFeH_l2xwygYV
OTP Bypass via Source Page Inspection
katmaca2014/otp-bypass-via-source-page-inspection-3c6ac90a0fb5" rel="nofollow">https://medium.com/@katmaca2014/otp-bypass-via-source-page-inspection-3c6ac90a0fb5
https://www.udemy.com/course/curso-de-javascript-de-0-a-heroe/?couponCode=5AFF53FD65CDC4E4F976
Читать полностью…