Network Security Channel

#Tools 🔸 Decompiler Explorer! It is an interactive online decompiler which shows equivalent C-like output of decompiled programs from many popular decompilers. در وب سایت dogbolt.org با استفاده از ابزار سورس باز Decompiler Explorer میتونید فایل باینری خودتون رو آپلود کنید و خروجی دیکامپایل شده رو با استفاده از دیکامپایلر هایی مثل Angr, Ghidra, Binary Ninja, Hex-Rays و ... ببینید و باهم مقایسه کنید. @Engineer_Computer

citrix gateway XSS methodology CVE-2023-24488 @Engineer_Computer

⚡ Attention all software developers and programmers! MITRE's Top 25 list of dangerous software weaknesses for 2023 is here. Discover the crucial mistakes to avoid early in your product development process: https://thehackernews.com/2023/06/mitre-unveils-top-25-most-dangerous.html Build secure software from the ground up! 💪 WhatsApp rolls out an upgrade to its proxy feature! Share more than just texts - a step towards countering internet 🚫 censorship. Learn more: https://thehackernews.com/2023/06/whatsapp-upgrades-proxy-feature-against.html -Cyber Security awareness- Up2date 4 Defence Today, Secure Tomorrow @CisoasaService 1402.04.10 @Engineer_Computer

Iranian state-sponsored group, MuddyWater, deploys new PhonyC2 framework in targeted cyber attacks. New findings reveal connections to Technion breach and ongoing PaperCut server exploitation. Details: https://thehackernews.com/2023/06/from-muddyc3-to-phonyc2-irans.html Beware of proxyjacking! Vulnerable SSH servers are under attack in a financially motivated campaign, covertly ensnaring them into a proxy network. Read details: https://thehackernews.com/2023/06/cybercriminals-hijacking-vulnerable-ssh.html Discover how threat actors exploit unused bandwidth to run services and monetize it. @Engineer_Computer

Zabbix Certified Specialist (ZCS) You’ll learn how to deploy, configure, and maintain a Zabbix instance from scratch. You’ll also obtain practical knowledge required for configuring monitoring endpoints, learn a variety of metric collection and problem detection techniques, and become familiar with a variety of monitoring concepts. Products covered Zabbix 6.0 Format Up to 12 students Duration 5 days Course requirements None Recommended skills Basic experience in Linux operating systems Next level Zabbix Certified Professional Level 3 Previous level Zabbix Certified User Level 1 https://www.zabbix.com/training_specialist @Engineer_Computer

Strategic IT Asset Management (ITAM) Software Ivanti Neurons for ITAM consolidates your IT asset data and lets you track, configure, optimize and strategically manage your assets through their full lifecycle. The solution's configurable design helps you define and follow your own workflows or implement out-of-the-box processes. https://youtu.be/plo-Pk0qp2M https://www.ivanti.com/products/ivanti-neurons-itam @Engineer_Computer

awesome-symbolic-execution Public A curated list of awesome symbolic execution resources including essential research papers, lectures, videos, and tools. https://github.com/ksluckow/awesome-symbolic-execution -Cyber Security awareness- Up2date 4 Defence Today, Secure Tomorrow @CisoasaService 1402.04.10 @Engineer_Computer

https://www.ovrdrv.com/wp-content/uploads/2019/09/2023_Overdrive-Interactive_Social-Media-Map.pdf @Engineer_Computer

tools Malware analysis Hiding VMware virtual machines from malware https://github.com/d4rksystem/VMwareCloak -Cyber Security awareness- Up2date 4 Defence Today, Secure Tomorrow @CisoasaService 1402.04.10 @Engineer_Computer

Offensive security 1. Primary Group Behavior, Reporting and Exploitation https://www.hub.trimarcsecurity.com/post/primary-group-behavior-reporting-and-exploitation 2. Finding DNS vulnerabilities with Burp Suite https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite @Engineer_Computer

exploit 1.CVE-2022-31696: VMWare ESXI TCP Socket Keepalive Type Confusion LPE https://www.zerodayinitiative.com/blog/2023/6/21/cve-2022-31696-an-analysis-of-a-vmware-esxi-tcp-socket-keepalive-type-confusion-lpe 2.FortiNAC - Just a few more RCEs @Engineer_Computer

Offensivesecurity Obfuscated LSASS dump command: A quick walkthrough for a obfuscated PowerShell LSASS dump command via comsvcs.dll https://badoption.eu/blog/2023/06/21/dumpit.html ]-> https://github.com/powerseb/PowerExtract -Cyber Security awareness- Up2date 4 Defence Today, Secure Tomorrow @CisoasaService 1402.04.09 @Engineer_Computer

AWS DeepRacer Student Learn machine learning, win prizes by racing with students globally, and complete your application to the AWS AI & ML Scholarship program https://student.deepracer.com -Cyber Security awareness- Up2date 4 Defence Today, Secure Tomorrow @CisoasaService 1402.04.09 @Engineer_Computer

tools Offensive_security 1. ReconFTW - tool to perform automated recon on a target domain https://github.com/six2dez/reconftw ]-> Exposing hidden risks through ACLs in AD: https://labs.lares.com/securing-active-directory-via-acls 2. Scraping Kit - tool for scraping services for keywords, useful for initial enumeration of Domain Controllers https://github.com/LaresLLC/ScrapingKit @Engineer_Computer

Empty message @Engineer_Computer

💠 5 Ways I Bypassed Your Web Application Firewall (WAF) 🔗 https://hacklido.com/blog/504-5-ways-i-bypassed-your-web-application-firewall-waf -Cyber Security awareness- Up2date 4 Defence Today, Secure Tomorrow @CisoasaService 1402.04.08 @Engineer_Computer

⚡️ Urgent security alert! Fortinet has released urgent updates to fix a critical vulnerability (CVE-2023-33299) in FortiNAC, exposing networks to arbitrary code execution. Learn more: https://thehackernews.com/2023/06/new-fortinets-fortinac-vulnerability.html Critical SQL injection vulnerabilities found in Gentoo Soko! Exploiting these flaws could lead to remote code execution (RCE) on affected systems. Discover the details: https://thehackernews.com/2023/06/critical-sql-injection-flaws-expose.html @Engineer_Computer