Fingerprinting_Browser_Ext.pdf
996.9 KB
#Threat_Research
"The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions", 2022.
]-> Tool/Repo: https://github.com/kostassolo/dangers-of-human-touch
"The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions", 2022.
]-> Tool/Repo: https://github.com/kostassolo/dangers-of-human-touch
OpenVPN_fp.pdf
11.6 MB
#Research
"OpenVPN is Open to VPN Fingerprinting", 2022.
]-> Network traffic classification library:
https://github.com/LibtraceTeam/libprotoident
"OpenVPN is Open to VPN Fingerprinting", 2022.
]-> Network traffic classification library:
https://github.com/LibtraceTeam/libprotoident
Python3.pdf
17.1 MB
#Tech_book
"Python 3: The Comprehensive Guide", 2022.
"Python 3: The Comprehensive Guide", 2022.
Рекламные идентификаторы (ID) прячутся в коде вебсайта (в Chrome комбинацией клавиш - CTRL+U):
AdSense: Pub- или ca-pub
Analytics: UA-
Amazon: &tag=
AddThis: #pubid / pubid
Metrika: mc.yandex / ym
Rambler: top100
Mail.ru: Top.Mail.Ru
Сервисы поиска рекламных идентификаторов:
├blacklight (Search AD)
├urlscan (Search AD)
└spiderfoot (Search AD)
Поиск совпадений рекламных идентификаторов:
├spyonweb (Reverse AD)
├shodan (Reverse AD)
├osint.sh (Reverse AD)
├analyzeid (Reverse AD)
├dnslytics (Reverse AD)
└intelx (Reverse AD)
Доступ к чужой статистике:
https://metrika.yandex.ru/dashboard?id=ID
https://top100.rambler.ru/search?query=ID
https://top.mail.ru/visits?id=ID
Translation: ru-en
Advertising identifiers (ID) are hidden in the website code (in Chrome, the key combination is CTRL + U):
AdSense: Pub- or ca-pub
Analytics: UA-
Amazon: &tag=
AddThis: #pubid / pubid
Metrika: mc.yandex / ym
Rambler: top100
Mail.ru: Top.Mail.Ru
Search services for advertising identifiers:
├blacklight (Search AD)
├urlscan (Search AD)
└spiderfoot (Search AD)
Searching for Advertising ID Matches:
├spyonweb (Reverse AD)
├shodan (Reverse AD)
├osint.sh (Reverse AD)
├analyzeid (Reverse AD)
├dnslytics (Reverse AD)
└intelx (Reverse AD)
Access to someone else's statistics:
https://metrika.yandex.ru/dashboard?id=ID
https://top100.rambler.ru/search?query=ID
https://top.mail.ru/visits?id=ID
AdSense: Pub- или ca-pub
Analytics: UA-
Amazon: &tag=
AddThis: #pubid / pubid
Metrika: mc.yandex / ym
Rambler: top100
Mail.ru: Top.Mail.Ru
Сервисы поиска рекламных идентификаторов:
├blacklight (Search AD)
├urlscan (Search AD)
└spiderfoot (Search AD)
Поиск совпадений рекламных идентификаторов:
├spyonweb (Reverse AD)
├shodan (Reverse AD)
├osint.sh (Reverse AD)
├analyzeid (Reverse AD)
├dnslytics (Reverse AD)
└intelx (Reverse AD)
Доступ к чужой статистике:
https://metrika.yandex.ru/dashboard?id=ID
https://top100.rambler.ru/search?query=ID
https://top.mail.ru/visits?id=ID
Translation: ru-en
Advertising identifiers (ID) are hidden in the website code (in Chrome, the key combination is CTRL + U):
AdSense: Pub- or ca-pub
Analytics: UA-
Amazon: &tag=
AddThis: #pubid / pubid
Metrika: mc.yandex / ym
Rambler: top100
Mail.ru: Top.Mail.Ru
Search services for advertising identifiers:
├blacklight (Search AD)
├urlscan (Search AD)
└spiderfoot (Search AD)
Searching for Advertising ID Matches:
├spyonweb (Reverse AD)
├shodan (Reverse AD)
├osint.sh (Reverse AD)
├analyzeid (Reverse AD)
├dnslytics (Reverse AD)
└intelx (Reverse AD)
Access to someone else's statistics:
https://metrika.yandex.ru/dashboard?id=ID
https://top100.rambler.ru/search?query=ID
https://top.mail.ru/visits?id=ID
themarkup.org
Blacklight – The Markup
A Real-Time Website Privacy Inspector
👍3
This media is not supported in your browser
VIEW IN TELEGRAM
Free travel with contactless payment
A SMALL vulnerability in the fare scheme in the subway and social transport. 100% works with Apple Pay (I can't test Android Pay). The essence of the scheme is simple to impossibility.
Would need:
1. Apple smartphone with Apple Pay support
2. Debit card with zero balance (less than the fare in your area (I have 28r))
Progress of work (on the example of the subway):
1. We go down to the subway
2. We pay through a turnstile with a contactless payment terminal
3. There is no money, but you der ... "ahem" for the first time they will let you through, the card will be sent to an emergency
4. But because payment went through Apple Pay, card emulation, it is this emulation code that gets into the emergency situation (it is different for each card)
5. We bind the card to the AP again, the code changes
6. Next time start from point 1
A SMALL vulnerability in the fare scheme in the subway and social transport. 100% works with Apple Pay (I can't test Android Pay). The essence of the scheme is simple to impossibility.
Would need:
1. Apple smartphone with Apple Pay support
2. Debit card with zero balance (less than the fare in your area (I have 28r))
Progress of work (on the example of the subway):
1. We go down to the subway
2. We pay through a turnstile with a contactless payment terminal
3. There is no money, but you der ... "ahem" for the first time they will let you through, the card will be sent to an emergency
4. But because payment went through Apple Pay, card emulation, it is this emulation code that gets into the emergency situation (it is different for each card)
5. We bind the card to the AP again, the code changes
6. Next time start from point 1
👍3
Кто работает по Китаю вот полный рессурс по проверки и пробиву всех данных.
Translation: ru-en
Who works in China, here is a complete resource for checking and breaking through all the data.
( Profile @hayper007 tools lab profile https://start.me/u/kxEL4L millions tools available Here)
Open this link create account and enjoy ☺️🥲
Translation: ru-en
Who works in China, here is a complete resource for checking and breaking through all the data.
( Profile @hayper007 tools lab profile https://start.me/u/kxEL4L millions tools available Here)
Open this link create account and enjoy ☺️🥲
Start.me
OSINT CHINE - Start.me
A startpage with online resources about OSINT CHINE, created by Pangar-ban.
👍2
https://www.udemy.com/share/102NqC3@worFLMt_BaYvfirSuLDExi9GHOnah9VcbEX9G4v16LxIC_5sTMoeer2rs-KLwzQv4Q==/
https://www.udemy.com/share/101IJY3@Yq-dbJnffkpQLbqThmYQ7XlewODhTJJGZXagbMa82mQPtWJ2mQb3HkjzVAuNJHNQAA==/
https://www.udemy.com/share/103ZZc3@h1k6PibAvLT7PPS1dQ22dbkufr3VGaKw2I_LFx2qNWT6_Qoj6klVCbRyrn5PIBavCg==/
Good Free udemy courses for OSINT
https://www.udemy.com/share/101IJY3@Yq-dbJnffkpQLbqThmYQ7XlewODhTJJGZXagbMa82mQPtWJ2mQb3HkjzVAuNJHNQAA==/
https://www.udemy.com/share/103ZZc3@h1k6PibAvLT7PPS1dQ22dbkufr3VGaKw2I_LFx2qNWT6_Qoj6klVCbRyrn5PIBavCg==/
Good Free udemy courses for OSINT
Udemy
Online Courses - Learn Anything, On Your Schedule | Udemy
Udemy is an online learning and teaching marketplace with over 250,000 courses and 80 million students. Learn programming, marketing, data science and more.
This media is not supported in your browser
VIEW IN TELEGRAM
Video By @towards_cybersecurity (instagram)
🔥5
Подборка ресурсов с базой стандартных паролей+пары паролей.
1. defpass.com
2. many-passwords.github.io
3. fortypoundhead.com
4. cirt.net
5. datarecovery.com
6. passwordsdatabase.com
7. default-password.info
8. www.routerpasswords.com
Translation: ru-en
A selection of resources with a database of standard passwords + pairs of passwords.
1.defpass.com
2.many-passwords.github.io
3. fortypoundhead.com
4. cirt.net
5.datarecovery.com
6.passwordsdatabase.com
7.default-password.info
8. www.routerpasswords.com
1. defpass.com
2. many-passwords.github.io
3. fortypoundhead.com
4. cirt.net
5. datarecovery.com
6. passwordsdatabase.com
7. default-password.info
8. www.routerpasswords.com
Translation: ru-en
A selection of resources with a database of standard passwords + pairs of passwords.
1.defpass.com
2.many-passwords.github.io
3. fortypoundhead.com
4. cirt.net
5.datarecovery.com
6.passwordsdatabase.com
7.default-password.info
8. www.routerpasswords.com
Приятного стендоффа)
[ Archive: https://ping-admin.com/free_test/result/16691176185b03fv4le676ma5f1041b7.html
Translation: ru-en
Happy standoff)
[Archive: https://ping-admin.com/free_test/result/16691176185b03fv4le676ma5f1041b7.html
[ Archive: https://ping-admin.com/free_test/result/16691176185b03fv4le676ma5f1041b7.html
Translation: ru-en
Happy standoff)
[Archive: https://ping-admin.com/free_test/result/16691176185b03fv4le676ma5f1041b7.html
Forwarded from 卩ro 爪Cracker
Fuzzing the web for mysterious bugs
https://ift.tt/NMDbPpi
Submitted November 21, 2022 at 11:02PM by hisxo
via reddit https://ift.tt/iGyt8g1
https://ift.tt/NMDbPpi
Submitted November 21, 2022 at 11:02PM by hisxo
via reddit https://ift.tt/iGyt8g1
0Xacb
Till REcollapse - 0xacb
Welcome back to my blog. In this post, I’ll explain the REcollapse technique. I’ve been researching it for the last couple of years to discover weirdly simpl...
👍2
Forwarded from 卩ro 爪Cracker
Windows 10 Hardening Script
This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on).
References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
https://gist.github.com/mackwage/08604751462126599d7e52f233490efe
This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on).
References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
https://gist.github.com/mackwage/08604751462126599d7e52f233490efe
🏆1
Forwarded from 卩ro 爪Cracker
Vehicle OSINT Tool Collection
A comprehensive list of websites, add-ons, repositories, and other tools useful for finding information on a target vehicle.
https://github.com/TheBurnsy/Vehicle-OSINT-Collection
A comprehensive list of websites, add-ons, repositories, and other tools useful for finding information on a target vehicle.
https://github.com/TheBurnsy/Vehicle-OSINT-Collection
🔥🔥🔥Play With Windows Defender - ASR
This article mainly uses the previous research to unravel the mystery of Windows Defender's ASR rules. Due to the limited domestic reference materials, most of them refer to foreign conferences and topics.
This article mainly uses the previous research to unravel the mystery of Windows Defender's ASR rules. Due to the limited domestic reference materials, most of them refer to foreign conferences and topics.
🛡DotDumper: Automatically Unpacking DotNet Based Malware
The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get there are plenty, which is why the creation of such a system is held in high regard. When it comes to DotNet targeting binaries, our new open-source tool DotDumper aims to assist in several of the crucial steps along the way: logging (in-memory) activity, dumping interesting memory segments, and extracting characteristics from the given sample.
The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get there are plenty, which is why the creation of such a system is held in high regard. When it comes to DotNet targeting binaries, our new open-source tool DotDumper aims to assist in several of the crucial steps along the way: logging (in-memory) activity, dumping interesting memory segments, and extracting characteristics from the given sample.
❤1