#Research
"Automatic Policy Generation for Inter-Service Access Control of Microservices", 2021.

#Research
"Investigating co-occurrences of MITRE ATT\&CK Techniques", 2022.

#Infosec_Standards
CISA Cybersecurity Performance Goals (CPG) Checklist

]-> Cross-Sector Cybersecurity Performance Goals 2022 (.pdf):
https://www.cisa.gov/sites/default/files/publications/2022_00092_CISA_CPG_Report_508c.pdf

🔥Mind the Gap

The week before FirstCon22, Maddie gave an internal preview of her talk("0-day In-the-Wild Exploitation in 2022…so far"). Inspired by the description of an in-the-wild vulnerability in low-level memory management code, fellow Project Zero researcher Jann Horn started auditing the ARM Mali GPU driver. Over the next three weeks, Jann found five more exploitable vulnerabilities (2325, 2327, 2331, 2333, 2334).

⚠️The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable.

https://www.mediafire.com/folder/08fvlaxmz4t5d/Whatsapp+Sample


WhatsApp leak

https://drive.google.com/drive/u/0/mobile/folders/1ym9VORbxCu8Sl5fmBkC1HZyUhU0NrH-a

Twitter leak ig

sample #hacker_bano_chutiya_nhe 👻👻

#mobile #dfir

regex GitHub Dorks
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/

​​otp

One Time Password utilities Go / Golang

One Time Passwords (OTPs) are an mechanism to improve security over passwords alone. When a Time-based OTP (TOTP) is stored on a user's phone, and combined with something the user knows (Password), you have an easy on-ramp to Multi-factor authentication without adding a dependency on a SMS provider. This Password and TOTP combination is used by many popular websites including Google, GitHub, Facebook, Salesforce and many others.

The otp library enables you to easily add TOTPs to your own application, increasing your user's security against mass-password breaches and malware.

https://github.com/pquerna/otp

​​BugBountyTips

#BugBounty (Bypasses, Payloads, y más)

https://github.com/xNaughty/BugBountyTips

Are you looking for OSINT books? In the overview below you will find various books about Open Source Intelligence (OSINT), Social Media Intelligence (SOCMINT), Privacy, Hacking, Red Teaming, Blue Teaming, Brand Protection, Automation and more!
▫️ https://www.aware-online.com/en/osint-books/

Cyber security post uploader admin @hayper007

Xiongmai IoT Exploitation
https://ift.tt/3txnMOV

Submitted November 30, 2022 at 01:50AM by chicksdigthelongrun
via reddit https://ift.tt/E3C5Mpb

Active Directory Attack Cheat Sheet

Read

#AD #attack

Vulnerability Feed

#vuln #exploits

☃️Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet☃️

➡️ Wireless Testing
➡️ Networking
➡️ Mobile App Testing
https://github.com/OlivierLaflamme/Cheatsheet-God
and much more...

#oscp #bugbounty #activedirectory #redteaming #infosec #hacking #cybersecurity

SGX.Fail - Overview of SGX Attacks
https://sgx.fail/

Submitted November 30, 2022 at 07:59AM by Gallus
via reddit https://ift.tt/fptIBWk