โก2โค2๐ณ1
AfroSec
AASTU CSC โ ep2
do u think am a good host or ? eski check it out, cyber night session with ELIEZER (brutal panda) it was soo lit tho ๐ฅ๐ฅ
@AfroSec
@AfroSec
๐ฅ5โค1๐ฏ1
was reading a course called control system cuz ur boi has mid exam and was trynna relate it wiz cybersec :)
From Blue Team perspective ๐
like SOC team isn't just monitoring - it's running a massive feedback control system. Every alert is a sensor reading, every playbook is a control algorithm
@AfroSec
From Blue Team perspective ๐
Control: Cybersecurity:
Sensor Measurements โโ SIEM Logs/Telemetry
Controller Action โโ Security Automation
Setpoint โโ Security Policy
Disturbance โโ Attack/Threat
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
SECURITY CONTROL LOOP
THREAT โ DETECTION โ RESPONSE โ
โ โ
โโโโ FEEDBACK โโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
like SOC team isn't just monitoring - it's running a massive feedback control system. Every alert is a sensor reading, every playbook is a control algorithm
@AfroSec
๐ฅ2๐2๐ญ1
Forwarded from Brut Security (DarkShadowโจ ShellSec)
Hey Hunter's,
Darkshadow here back again, dropping a really very interesting Method.
๐Web cache to RCE!๐
While i normally visit the web application i noticed, the website actively makes cache file from clint side to store errors.
Now The idea is, if we able to make any custom error then it will be cached, and if any how the error execute on the system we might see the output.
โ Exploit to reproduce final RCE:
1. The webapp was sending request from client side in a array based parameter.
2. Change the valid Input to a PHP code using system function. Here we just try to making a error using the invalid input.
3. Now the web application is not able to handle this input and makes error and store in a cache file.
4. After visiting the cache file, The error message reflecting on the cache file.
5. But wait, it's also execute my PHP code and store the command output in the file. Means we can execute OS commands output in cache file via making error. Means RCE!
Follow me for more methods x.com/darkshadow2bd
Darkshadow here back again, dropping a really very interesting Method.
๐Web cache to RCE!๐
While i normally visit the web application i noticed, the website actively makes cache file from clint side to store errors.
Now The idea is, if we able to make any custom error then it will be cached, and if any how the error execute on the system we might see the output.
โ Exploit to reproduce final RCE:
1. The webapp was sending request from client side in a array based parameter.
2. Change the valid Input to a PHP code using system function. Here we just try to making a error using the invalid input.
3. Now the web application is not able to handle this input and makes error and store in a cache file.
4. After visiting the cache file, The error message reflecting on the cache file.
5. But wait, it's also execute my PHP code and store the command output in the file. Means we can execute OS commands output in cache file via making error. Means RCE!
Follow me for more methods x.com/darkshadow2bd
โก2๐1
Forwarded from Mira
was learning sveltekit and thought it'd be cool to experiment with vercel ai-sdk as well... so, i find making decisions overwhelming. and i wanted to make it a bit gamified and actually helps me consider every possible outcomes. that's why i built pathly.
features:
- smart context aware AI chat with your decisions
- parallel selves and timelines from realstic POV
- timeline events simulation for possible outcomes
- AI decision analysis
- journal entries for your decisions
- beautiful dashboard and analytics page
- cool settings and keyboard shortcuts
it's customizable and you can even pass custom prompts for AI generations.
try it out:
- https://pathly-way.vercel.app
tech stack: SvelteKit, TypeScript, Better-Auth, Drizzle, Shadcn, Superforms
repo:
- https://github.com/AmanuelCh/Pathly
#MyProjects
features:
- smart context aware AI chat with your decisions
- parallel selves and timelines from realstic POV
- timeline events simulation for possible outcomes
- AI decision analysis
- journal entries for your decisions
- beautiful dashboard and analytics page
- cool settings and keyboard shortcuts
it's customizable and you can even pass custom prompts for AI generations.
try it out:
- https://pathly-way.vercel.app
tech stack: SvelteKit, TypeScript, Better-Auth, Drizzle, Shadcn, Superforms
repo:
- https://github.com/AmanuelCh/Pathly
#MyProjects
๐ฅ4
We just wrapped up an amazing cybersecurity event organized by the AASTU Cyber Security Club (AASTU CSC) collaboration with INSA โ and we couldnโt be more proud of the energy, excitement everyone brought today!
Huge thanks to everyone who showed up, engaged. Your presence truly fuels our passion to keep pushing the limits of cybersecurity learning at AASTU. ๐
Today was mainly a talk session โ and yeah, time kinda ran away from us ๐ โ but donโt worry, this is just the beginning. Weโve got way more deep-dive technical sessions, live demos, and hands-on experiences lined up for the future.
#AASTUCSC #INSA #CYBERSECURITY
@AfroSec
Huge thanks to everyone who showed up, engaged. Your presence truly fuels our passion to keep pushing the limits of cybersecurity learning at AASTU. ๐
Today was mainly a talk session โ and yeah, time kinda ran away from us ๐ โ but donโt worry, this is just the beginning. Weโve got way more deep-dive technical sessions, live demos, and hands-on experiences lined up for the future.
#AASTUCSC #INSA #CYBERSECURITY
@AfroSec
โค5๐3๐ฅ1