| Tweetovi |
| Mr. Fuzzy proslijedio/la je tweet | ||
|
Sean Gallagher
@thepacketrat
|
19 h |
|
I feel like I'm writing the same stories over and over again and it never seems to change anything:
Somebody didn't patch.
Somebody didn't test.
Somebody bought and forgot.
Somebody thought security through obscurity works.
Somebody didn't respond to a vulnerability report.
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
TrustedSec
@TrustedSec
|
18 h |
|
Secret's out! @Carlos_Perez announces the release of the TrustedSec #Sysmon Community Guide. Discover the vision for making the guide and how you can contribute to making the best #resource for all things sysmon!
hubs.ly/H0mW9r50
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
The Cyber
@r0wdy_
|
7 h |
|
Not sure if there's a better CTI tool than pDNS. Maybe VTI? twitter.com/ydklijnsma/sta…
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
Vala Afshar
@ValaAfshar
|
18 h |
|
If you want to master something, teach it. The more you teach, the better you learn. Teaching is a powerful tool to learning.
—Professor Richard Feynman pic.twitter.com/zgX4nZIQJt
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
Vala Afshar
@ValaAfshar
|
6. velj |
|
Listen to David Bowie’s stunningly accurate understanding of the power of the Internet in 1999 - worldwide web was only 6 years old.
“I think the potential of what the Internet can do for society, both good and bad, is unimaginable.” pic.twitter.com/V8SlGyzZW0
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
Vala Afshar
@ValaAfshar
|
5. velj |
|
The ability to remove clutter and to simplify is a superpower.
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
Metasploit Project
@metasploit
|
4. velj |
|
Last year, @wvuuuuuuuuuuuuu researched and published a command-and-control module for SMB DOUBLEPULSAR. Since then, we've researched and reverse-engineered the RDP version of the implant. Today we're publishing that research and a module for it. Details: blog.rapid7.com/2020/02/04/dou…
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
dawgyg
@thedawgyg
|
4. velj |
|
When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018) #bugbountytip #bugbounty
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
Doyensec
@Doyensec
|
3. velj |
|
Our first blog post of 2020 is out! Learn about how we discovered a heap overflow in the F-Secure Internet Gatekeeper, which leads to unauthenticated RCE blog.doyensec.com/2020/02/03/hea… #infosec pic.twitter.com/z5ZUEETMnp
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
Xentropy
@SamuelAnttila
|
1. velj |
|
I was tired of outdated XSS cheat sheets that don't touch on frameworks, html5, filter bypasses and other important stuff, so I made my own. I hope you find it as useful as I do. :)
netsec.expert/2020/02/01/xss…
#bugbountytips pic.twitter.com/Mdygq1PI9Z
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
Inanc Gumus
@inancgumus
|
16. kol |
|
🎁 1000+ #golang exercises are waiting for you. From the simplest ones to the advanced.
Check out: github.com/inancgumus/lea…
PS: I salute you if you can solve the advanced slice exercises.
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
HD Moore
@hdmoore
|
27. sij |
|
Flamingo is a new open source tool from @Atredis for capturing credentials sprayed by IT and security products: atredis.com/blog/2020/1/26…
(h/t to @4lex for HTTP NTLM support!) pic.twitter.com/V2jKi3Enpg
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
ً
@chyumiin
|
31. sij |
|
If you are stressed, here is an old Asian grandma making tofu pic.twitter.com/ykwv4HiAfc
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
PaulM
@pmelson
|
2. ruj |
|
There are multiple legitimate, free tunneling services that are routinely used by attackers to evade defenses:
ngrok[.](com|io)
portmap[.](com|io)
serveo[.]net
localtunnel[.]me
pagekite[.]net
Hunt for these domains. Also hunt for long-running TCP connections with dstport>10000.
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
Clément Notin
@cnotin
|
3. ruj |
|
#Pentest success story:
1. Steal .keytab file from a Linux server for a webapp using Kerberos authentication🕵️
2. Extract Kerberos service encryption key using github.com/sosdave/KeyTab…
3. Create silver ticket using #mimikatz🥝 and pass-the-ticket
4. Browse the target
5. Profit!😉 pic.twitter.com/yI9yfoXDrb
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
Julian Horoszkiewicz
@julianpentest
|
27. pro |
|
PE Import Table hijacking as a way of achieving persistence/exploiting DLL side loading (Christmas blog post 😉):
#windows #persistence #redteam #dll #sideloading
hackingiscool.pl/pe-import-tabl…
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
ΜΔDΞRΔS
@hackermaderas
|
1. velj |
|
Deleting your digital footprint:
twitter.com/somenerdliam/s…
zdnet.com/article/how-to…
wikihow.com/Delete-Yoursel…
Consumer Reporting
consumerfinance.gov/consumer-tools…
Requesting Consumer Scoring data from companies like Sift (who collects/uses millions of datapoints)
nytimes.com/2019/11/04/bus… pic.twitter.com/xCqxwoshtt
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
dawgyg
@thedawgyg
|
27. pro |
|
Thinking about getting stoned and starting the blog back up tonight with the first post a basic intro to bug hunting, and some of my routine for hunting bugs. If this can get 100 retweets then I'll start on it, otherwise xbox sounds like just as much fun lol. #bugbounty
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
Alexandre Borges
@ale_sp_brazil
|
13. pro |
|
Finally: Malwoverview 2.0 (in Python 3.x) is available!
github.com/alexandreborge…
There're so many news, so it's better to check on the GitHub ;)
#malware #threatintelligence #threathunting #security pic.twitter.com/SkDU89PZsN
|
||
|
|
||
| Mr. Fuzzy proslijedio/la je tweet | ||
|
elan gale
@theyearofelan
|
29. sij |
|
I’ve got some NEWS for you people about WHY your salads are dull and flavorless. Are you ready for some NEWS???
|
||
|
|
||