Network Security Channel

前往频道在 Telegram

⭕️Start Channel From 2017⭕️ ✅ Security Operation Center (SOC) ✅ Bug Bounty ✅ Vulnerability ✅ Pentest ✅ Hardening ✅ Linux ✅ Reasearch ✅ Security Network ✅ Security Researcher ✅ DevSecOps ✅ Blue Team ✅ Red Team

显示更多

伊朗63 669 技术与应用26 817

2 775

订阅者

+224 小时

+147 天

+5630 天

371

帖子浏览量

~ 14924 小时

~ 18348 小时

13.37%

参与率

~ 1

每日帖子数

Ads index

beta

帖子存档

2 776

DFIR Techbook A Practical Hands-on Approach to Database Forensics.

2 776

Techbook Malware Development: The result of self-research and investigation of malware development tricks, evasion techniques and persistence 2022.

2 776

Tech book Ethical Password Cracking: Decode passwords using John the Ripper, hashcat, and advanced methods for password breaking 2024.

2 776

Research Unveiling Mac Security: A Comprehensive Exploration of Sandboxing and AppData TCC 2024. https://github.com/guluisacat/MySlides/tree/main/BlackHatUSA2024_KCon2024

2 776

Tech book API Security for White Hat Hackers: Uncover offensive defense strategies and get up to speed with secure API implementation 2024.

2 776

Hardening Enhanced Visibility and Hardening Guidance for Communications Infrastructure 2024.: Network Infrastructure Security Guide, ver.1.2 https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF Cisco Guide to Securing NX-OS Devices https://sec.cloudapps.cisco.com/security/center/resources/securing_nx_os.html Cisco IOS XE Hardening Guide, 2024 https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/220270-use-cisco-ios-xe-hardening-guide.html —————————————————— #CyberSecurity #vCISO #CISA #Hardening #SecureBusinessContinuity

2 776

Infosec Standards NIST SP 800-63B-4: "Digital Identity Guidelines. Authentication and Authenticator Management", August 2024. NIST SP 800-63-4: "Digital Identity Guidelines" https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-4.2pd.pdf NIST SP 800-63A-4: "Identity Proofing and Enrollment" https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63A-4.2pd.pdf NIST SP 800-63C-4: "Federation and Assertions" https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63C-4.2pd.pdf National Institute of Standards and Technology (NIST) —————————————————— #CyberSecurity #vCISO #NIST #AAA

2 776

Infographics The DoD Cybersecurity Policy Chart, October 2024. https://csiac.org/resources/the-dod-cybersecurity-policy-chart

2 776

پرورش استعداد ها در امنیت سایبری راهکار استراتژیک

2 776

دزدی داده از طریق ICMP https://blog.bwlryq.net/posts/icmp_exfiltration/

2 776

You can now passively enumerate all endpoints of a website with katana. (No need waybackurls) Example: echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | tee endpoints You can then check the status of these endpoints or filter in order to find new vulnerabilities: Example: echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | httpx -mc 200 | grep -E '\.(js|php)$' | tee specificEndpoints

2 776

juicy_files.txt2.52 MB

2 776

fuzz.txt0.76 KB

2 776

Price Manipulation Method If the product price parameter cannot be changed, change the quantity of products. items[1][quantity]=1 --> 234 € items[1][quantity]=0.1 --> 23.4 €

2 776

⭐𝐗𝐒𝐒 𝐭𝐨 𝐒𝐒𝐑𝐅 (𝐌𝐞𝐭𝐡𝐨𝐝 𝟐)⭐ * Note this only works if proper sanitization is not performed and the server processes the payload server-side * Input the following code in the vulnerable field: You can also read local files:

2 776

Use these tools to bypass 403 most time it give false postive always check for content length.Both tool bypass protocol based,header based,path based and more techniques. https://github.com/Dheerajmadhukar/4-ZERO-3 https://github.com/yunemse48/403bypasser

2 776

Bug Bounty Tips: Discovering the Origin IP by scanning your target IP range When you're hunting on a bug bounty target and WAF stands in your way, here's a powerful technique to uncover the Origin IP by scanning the target's IP range. We'll be using a simple yet effective tool called hakoriginfinder by hakluke! Get it at https://github.com/hakluke/hakoriginfinder Here's my methodology to find the Origin IP using this tool and technique: Discover your target's ASN and check https://bgp.he.net/AS33848#_prefixes? Make a note of the target's IP range. Assuming you have a WAF-protected domain called example[.]com. Use this command with the IP range Identified in step 1 and pass your target host against the -h parameter: prips 93.184.216.0/24 | hakoriginfinder -h example[.]com If you receive a "MATCH" output, there's a strong likelihood that you've successfully identified the Origin IP. Now, you can send requests with the same Host header to bypass WAF or for whatever your mission requires. Happy hunting! credit:- Jayesh

2 776

💎LFI TIP BY KANAHIYA💎 1- on visiting url http://domain.tld it were redirecting first to http://domain.tod/dir1/dir2 then to sso login 2- Fuzzed after first redirection 3- http://domain.tld/dir1/dir2/FUZZ 4- this payload leads to 200 ok & disclosed all local files ////////////////../../../../../../../../etc/passwd 5- tried other local files /etc/hosts /etc/shells /proc/self/environ /bin/sh

2 776

Hacking_LLM.pdf2.78 MB

2 776

Find xss with this automation of the following work 1 subfinder -d indeed.com -o indeed.txt //Find Subdomains 2 httpx -l subdomains.txt -o httpx.txt // Live Subdomains 3 echo "indeed.com" | gau --threads 5 >> Enpoints.txt // Find Endpoints 4 cat httpx.txt | katana -jc >> Enpoints.txt // Find More Endpoints 5 cat Enpoints.txt | uro >> Endpoints_F.txt // Remove Duplicates 6 cat Endpoints_F.txt | gf xss >> XSS.txt // Filter Endpoints for XSS 7 cat XSS.txt | Gxss -p khXSS -o XSS_Ref.txt // Find reflected Parameters 8 dalfox file XSS_Ref.txt -o Vulnerable_XSS.txt // Find XSS Script https://github.com/dirtycoder0124/xss