Network Security Channel

Top Recon Tools of 2023 #recon #tools @Engineer_Computer

CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE https://blog.aquasec.com/jenkins-server-vulnerabilities @Engineer_Computer

Malware analysis 1. AceCryptor Technical analysis https://www.welivesecurity.com/2023/05/25/shedding-light-acecryptor-operation 2. DogeRAT Android Malware Campaign https://cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries 3. FlowCloud malware infection via USB Flash Drive https://insight-jp.nttsecurity.com/post/102ifpu/flowcloud-malware-infection-via-usb-flash-drive @Engineer_Computer

tools Sec code review Code Query - universal code security scanning tool https://github.com/nccgroup/cq tools Offensive security 1. Cymulate - framework to help red team construct fully customizable/automated APT attacks https://github.com/opabravo/cymulate-framework#usage 2. Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists https://github.com/Maldev-Academy/EntropyReducer @Engineer_Computer

🐞 What's security flaws with this code? How to fix it? نقص امنیتی این کد چیه؟ اصلا نقص امنیتی داره؟ چنتا و به چه صورت؟‌ نحوه فیکس کردنش به چه صورت هست؟ #AppSec #code_challenge #vulnerable_code #web_security #FastAPI @Engineer_Computer

⭕️ در این مقاله محقق یک تکنیک جدید برای کشف دامنه را شرح میده و نحوه استفاده از اون رو در تست نفوذ، باگ بانتی و ... نشون میده. https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack/ #Recon #BugBounty #Pentest @Engineer_Computer

دامنه هايي با پسوند zip كه اخيرا گوگل ارائه كرده يك مشكل امنيتي جدي دارند كه سو استفاده از اون توسط #فيشينگ شروع شده. در اين نمونه، شخص يك ايميل از داخل شركت دريافت ميكند و در آن اشاره ميشود كه فلان فايل zip رو از اون مسير كپي كن و در صورتي كه فايل وجود نداشته باشد سيستم به صورت خودكار، كاربر را به سايت آلوده كه همنام فايل zip هست ميبرد @Engineer_Computer

Offensive Security Top 10 Payloads: Highlighting Notable and Trending Techniques https://blog.delivr.to/delivr-tos-top-10-payloads-highlighting-notable-and-trending-techniques-fb5e9fdd9356 @Engineer_Computer

https://certbot.eff.org/instructions?ws=plesk&os=windows&tab=standard @Engineer_Computer

Building a Red Team Infrastructure in 2023: Intro The infrastructure of a red team engagement might be poetically described as the beating heart of an engagement. It is the central point where everything is connected and runs together. All the data is stored here and when it crashes (or is crashed), it might as well end the whole engagement. This leads to several requirements that have to be met, rooting from different perspectives like functionality, stability, but also security and deception of the blue team. The topic of building a red team infrastructure is not a new one and although several blog posts on this topic exist, I tried to let my insights and struggle flow into this post, which will hopefully help you to make better decisions and avoid potential pitfalls. The following questions are drawing the outline for this blog post: What requirements have to be met? What are the components a red team infrastructure consists of? What software can be used? How are these components set up? https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023 Links [1]: https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki [2]: https://medium.com/geekculture/an-nginx-apache-alternative-for-c2-redirecting-61e92a917101 [3]: https://medium.com/@maxime.durand.54/add-the-geoip2-module-to-nginx-f0b56e015763 [4]: https://www.cobaltstrike.com/blog/simple-dns-redirectors-for-cobalt-strike/ [5]: https://labs.withsecure.com/publications/detecting-exposed-cobalt-strike-dns-redirectors [6]: https://github.com/BishopFox/sliver/wiki/DNS-C2 [7]: https://docs.getgophish.com/user-guide/documentation/sending-profiles [8]: https://www.wireguard.com/ @Engineer_Computer

🗒 SSRF bible Cheatsheet https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit @Engineer_Computer

Attention WhatsApp New Vunerbality WhatsApp crash after entering this following code If you paste this code in any WhatsApp group or chat , you will crash that group for all members . The only fix is use web WhatsApp and delete that message . The code is wa.me/settings #whatsapp #vulnerability #crash @Engineer_Computer

Find out the IP address through a call to Telegram 📖 Read https://github.com/n0a/telegram-get-remote-ip #OSINT #Telegram #ip @Engineer_Computer

یک ابزار هوشمند، هدف آن انجام وظایف #OSINT و موارد دیگر اما بدون هیچ کلید API است. https://github.com/j3ssie/metabigor @Engineer_Computer