white2hack 📚

Обучающий видео курс Osint v.2 "Master OSINT", Mefodiy Kelevra (2021), PCRec Курс является неотъемлемым продолжением "Русского OSINTa", но никак его ремиксом. Вторую часть мне захотелось сделать более универсальной, ориентированной на инструменты, более интернациональной. Продолжение ориентировано на обучение "навыку поиска". Данный курс может быть интересен и SEO специалистам, пентестерам, журналистам, веб мастерам. #education #OSINT

Top Best 30 Active Directory Security Best Practices Checklist (in 2023) By Andrew Fitzgerald In this post, we have listed the best Active Directory Security Best Practices checklist that will assist organizations in enhancing AD security. Further, these practices will enable administrators to discover malicious attempts, identify and prioritize security activities. Follow some of the below listed AD best practices to improve and secure your Windows AD domain environment. Source #windows #hardening

Курс этичного хакинга от колледжа PracticU, 2020 - 2022 Серия бесплатных уроков от ИТ колледжа PracticU по теме этичного хакинга, тестирования на проникновение, безопасности приложений, реверса, сертификации OSCP. Полный пакет уроков доступен по подписке на официальном сайте. YouTube Официальный сайт #education #pentest

Above Network Vulnerability Scanner by Caster Automates the search for network vulnerabilities, designed for pentesters, Red Team operators, and network security engineers GitHub #hacktools

Security Study Plan A Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on with free/paid resources, tools and concepts to excel. GitHub #education

**AvtoGram — онлайн-сервис, который позволяет проверить информацию об автомобиле по его VIN-коду и государственному регистрационному номеру. Есть возможность пополнять внутреннюю базу закидывая фотки авто и зарабатывать на этом деньги. Источник TG bot #OSINT

Securing Industrial Control Systems (ICS) and Operational Technology (OT) 👉 𝗔𝘁𝘁𝗮𝗰𝗸𝗶𝗻𝗴 𝗜𝗖𝗦/𝗢𝗧 🌟 Attacking ICS Plant #1 on TryHackMe http://ow.ly/eC5050NuJ5e 🌟 Attacking ICS Plant #2 on TryHackMe http://ow.ly/l8M750NuJ5j 🌟 Infrastructure Pentesting Checklist by Purab Parihar http://ow.ly/7Ml950NuJ5f 🌟 John Hammond Attacking ICS Devices http://ow.ly/LhMt50NuJ5o 🌟 Nmap and Sbom for ICS by Sulaiman Alhasawi http://ow.ly/8bh550NuJ5g 🌟 Scada Hacker Library of Resources for Industrial Control System Cyber Security http://ow.ly/Mh2e50NuJ5i 👉 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗮𝗻𝗱 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 🌟 101 Critical Infrastructure Protection for the Public FedVTE http://ow.ly/irxs50NuJ5l 🌟 Checkout CISA’s calendar for ICS Training http://ow.ly/CrVc50NuJ5p 🌟 List of free online resources to learn ICS/OT cybersecurity by Irfan Shakeel http://ow.ly/wwEq50NuIUW 🌟 A guide to your Certification journey in ICS/OT Cybersecurity by Shamikkumar Dave http://ow.ly/jR2I50NuIV6

Payloads All The PDFs A list of crafted malicious PDF files to test the security of PDF readers and tools. GitHub #pentest

DNS Incident Response by Md. Abdullah Al Mamun, 2023 Root Cause Analysis with Detection Ideas #forensic

*SOC Analyst Interview Questions & Answers** #

DNS Hacking DNS has registry, something like Windows OS has registry. When a new website domain is registered, the domain and its IP address is technically written to a DNS zone file. This is the source for mapping domain to IP address (the actual DNS service) which is managed by DNS registry. For example, when someone registers a domain in NameCheap, NameCheap will register the purchased domain in DNS registry using EPP protocol by exchanging XML messages. It has a security mechanism called 'EPP code' for authorizing the registrar. Even, EPP server communication is done over SSL/TLS (sometimes mTLS). Whois records are also updated this way. EPP maintains a kind of IAM or authorization where registrars can operate on only their controlled domains. Programming languages like Python can used to communicate with EPP server. So, hackers can exploit EPP server by XXE attack. Source #pentest

Hack by HTML HTML can be used for faking malicious phishing link, bypassing browser history etc. Here is my new article 'Hack by HTML' on it. Source #pentest

TCP vs UDP #useful

Email Incident Response Email security incidents pose a high risk to a business & organization. The risk includes phishing, business email compromise (BEC) unauthorized access etc. This article describes some unique incident actions for email compromise cases. Source #forensic

Какой вопрос - такой и ответ :):) #fun

Azure AD Security Config Analyzer (AADSCA) We decided to take alternative approach for chapter 6 and we are not covering possible Azure AD attack path. This time, the focus is on on proactive side, how organizations can monitor and strengthen Azure AD's security posture. For this purpose we created 'Azure AD Security Config Analyzer' aka 'AADSCA' solution. GitHub Official page #windows

Oh.. My God😄 #fun