♂️ Github repositories every Developer should know ♂️


❗️A very popular repo that curates all topics from Development, testing, business, etc, etc.

https://github.com/sindresorhus/awesome


❗️Clean Code JavaScript

https://github.com/ryanmcdermott/clean-code-javascript


❗️Tech Interview Handbook

https://github.com/yangshun/tech-interview-handbook


❗️Developer Roadmaps, articles and resources for developers.

https://github.com/kamranahmedse/developer-roadmap


❗️33 JS Concepts

https://github.com/leonardomso/33-js-concepts


❗️Best websites a programmer should visit

https://github.com/sdmg15/Best-websites-a-programmer-should-visit


❗️Design Resources for Developers

https://github.com/bradtraversy/design-resources-for-developers


❗️Big List of Naughty Strings:

https://github.com/minimaxir/big-list-of-naughty-strings

The repository includes links to various tools, frameworks, and resources that can be used by Red Teamers to conduct attacks, as well as resources for defenders to improve their security posture.

The repository is organized into several categories, including reconnaissance and information gathering, exploitation, post-exploitation, and defense evasion. Each category contains links to various tools and resources that can be used in Red Team Operations.

Some of the tools and frameworks included in the repository are well-known and widely used, such as Metasploit, Cobalt Strike, and Empire. Other tools and frameworks are less well-known but still valuable for Red Team Operations, such as BloodHound, which is used for Active Directory reconnaissance, and GoPhish, which is used for phishing simulations.

In addition to tools and frameworks, the repository also includes links to blogs, articles, and other resources that provide guidance on conducting Red Team Operations and improving overall security posture. These resources cover a wide range of topics, including social engineering, network infrastructure, and application security.

Overall, the "Awesome-Red-Team-Operations" repository is a valuable resource for Red Teamers, defenders, and anyone interested in learning more about cybersecurity.

https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations

To participate, join us at
https://t.me/+v4ic8auHhXRhYTA1

To ensure the security of this channel, the release of the Offsec Leak will be postponed to another channel.
https://t.me/+RaY74LwsK14wZTBl

You will receive the link to access the leak in that channel. We will leak the information on that channel, but please note that the link will expire in 24 hours.

https://t.me/c/1288436544/237

OSMR

As manny people ask for PEN 200
My team will make a study Guide in a way to learn it better way

Note: It is not a from Offsec we make this for your practice purpose and it will be posted today evening

if you like what we did or you have any suggestion's regarding this topic you can send your thought on @Cyberscurity_bot this bot we will try to implement in any way possible

Hope you like innovative way of learning

list of tools and resources related to the use of machine learning for cybersecurity:

Datasets:
UNM Cybersecurity Data Repository: A collection of network traffic datasets for cybersecurity research.
DARPA Cyber Grand Challenge Dataset: A dataset containing network traffic and other data from the DARPA Cyber Grand Challenge.
NSL-KDD Dataset: A dataset for network intrusion detection research.

Papers:

"A survey of machine learning for big data processing in cybersecurity": A survey paper on the use of machine learning for big data processing in cybersecurity.
"Machine Learning Techniques in Cybersecurity": A review of various machine learning techniques used in cybersecurity.
"Deep Learning for Network Intrusion Detection: A Survey": A survey paper on the use of deep learning for network intrusion detection.

Books:

"Applied Machine Learning for Cyber Security": A book that covers the application of machine learning techniques to various cybersecurity problems.
"Machine Learning and Security: Protecting Systems with Data and Algorithms": A book that covers the use of machine learning in cybersecurity from both offensive and defensive perspectives.
Talks:

"Applying Machine Learning to Cybersecurity": A talk by David Bianco on the application of machine learning to cybersecurity.
"Machine Learning and Cyber Security": A talk by Sven Krasser on the use of machine learning in cybersecurity.
"Using Machine Learning to Detect Malicious Activity": A talk by Jamie Butler on the use of machine learning to detect malicious activity.

Tutorials:

"Machine Learning for Cybersecurity Course": A free online course on the use of machine learning in cybersecurity.
"A Gentle Introduction to Machine Learning in Cybersecurity": A tutorial on the basics of machine learning in cybersecurity.
"Building a Machine Learning Model for Network Intrusion Detection": A tutorial on building a machine learning model for network intrusion detection.

Courses:

"Applied Data Science with Python Specialization": A Coursera specialization that includes a course on Applied Machine Learning in Python, which covers the application of machine learning to cybersecurity.
"Machine Learning for Cybersecurity Professionals": A SANS Institute course on the use of machine learning in cybersecurity.

Miscellaneous:

"Awesome Machine Learning for Cyber Security": A curated list of resources related to the use of machine learning in cybersecurity.
"OpenAI Cybersecurity Initiative": A research initiative focused on the application of machine learning to cybersecurity problems.

DATASETS

HIKARI-2021 Datasets: A collection of datasets for malware classification, phishing detection, and intrusion detection.

Samples of Security Related Data: A collection of datasets for network traffic analysis, intrusion detection, and malware analysis.

DARPA Intrusion Detection Data Sets [ 1998 / 1999 ]: A set of datasets created for the DARPA intrusion detection evaluation program.

Stratosphere IPS Data Sets: A collection of datasets for intrusion detection, botnet detection, and malware analysis.

Open Data Sets: A list of open data sets for various cybersecurity applications, including botnet detection, phishing detection, and malware analysis.

Data Capture from National Security Agency: A collection of datasets created by the National Security Agency (NSA) for network traffic analysis.

The ADFA Intrusion Detection Data Sets: A set of datasets created for the Australian Defence Force Academy (ADFA) intrusion detection evaluation program.

NSL-KDD Data Sets: A set of datasets for intrusion detection research.

Malicious URLs Data Sets: A collection of datasets for malicious URL detection.

Multi-Source Cyber-Security Events: A collection of datasets for cybersecurity event analysis.

KDD Cup 1999 Data: A dataset for intrusion detection research.

Web Attack Payloads: A collection of payloads for web attack simulation.

WAF Malicious Queries Data Sets: A collection of datasets for web application firewall testing.

Malware Training Data Sets: A collection of datasets for malware analysis and classification.

Aktaion Data Sets: A collection of datasets for intrusion detection and malware analysis.

CRIME Database from DeepEnd Research: A database of malware samples for research purposes.

Publicly available PCAP files: A collection of network traffic capture files for various cybersecurity applications.

2007 TREC Public Spam Corpus: A dataset for spam detection research.

Drebin Android Malware Dataset: A dataset for Android malware analysis.

PhishingCorpus Dataset: A dataset for phishing detection research.

EMBER: A dataset for detecting malware in executables.

Vizsec Research: A collection of datasets for cybersecurity visualization research.

SHERLOCK: A dataset for identifying malicious domains.

Probing / Port Scan - Dataset: A dataset for network probing and port scanning analysis.

Aegean Wireless Intrusion Dataset (AWID): A dataset for wireless network intrusion detection.

BODMAS PE Malware Dataset: A dataset for malware analysis and classification.

DNS stands for Domain Name System:
- DNS translates human-readable domain names into IP addresses for computers to communicate over the internet
- DNS requests are sent to a configured DNS resolver if not found in cache

How DNS Works:
- DNS resolver checks for associated DNS record in cache or sends request to root server for TLD server's IP address
- TLD server responds with authoritative server's IP address for domain, which sends back IP address of domain
- Common DNS record types include NS, A, MX, PTR, CNAME, and TXT

DNS Zone Transfer:
- DNS zone transfer is the process of transferring a copy of the DNS zone file from primary to secondary DNS server
- Zone transfer is needed due to the critical nature of DNS and need for redundancy
- AXFR is a client-initiated request used for DNS zone transfer

DNS Enumeration Using Zone Transfer:
- DNS enumeration using zone transfer involves retrieving entire zone file for a domain from DNS server
- Techniques include using dig command in Linux or nslookup command in Windows
- Tools such as DNSRecon, DNSEnum, and Nmap broadcast-dns-service-discovery script can also be used
- Prevention includes not allowing untrusted hosts to transfer zones and ensuring private hostnames are not referenced to IP addresses

DNS Cache Poisoning (DNS Spoofing):
- DNS cache poisoning involves entering false information into a DNS cache
DNS resolvers save responses to IP address queries for a certain amount of time
- Attackers can poison DNS caches by impersonating DNS nameservers and forging replies when DNS resolver queries nameserver
- DNS uses both UDP and TCP for communication between clients and servers

What are DNS poisoning attacks?:
- DNS poisoning attacks exploit vulnerabilities in the DNS system to inject false information into the cache of a DNS server.
- Attackers can accomplish this through various means, such as exploiting weaknesses in the DNS server software or intercepting and modifying DNS queries and responses in transit.

Why are DNS poisoning attacks a concern?:
- DNS poisoning attacks can be difficult to carry out due to the short amount of time attackers have to send a forged response before the real response arrives.
- However, attackers can still carry out DNS poisoning attacks if they know or guess certain factors, such as which DNS queries are not cached by the targeted DNS resolver.

How can DNS poisoning be prevented?:
- DNSSEC (Domain Name System Security Extensions) can be used to verify DNS data integrity and origin.
- DNSSEC uses public key cryptography to sign and verify DNS responses, ensuring that they have not been tampered with.

What is a flaw in DNSSEC?:
- NSEC record types in DNSSEC contain cryptography information and the name of the closest existing domain name in a zone, along with the name of the next domain name that would exist in the zone if it did exist.
- Attackers can use this information to enumerate all secret subdomains if DNSSEC is not properly configured.

How can DNSSEC zone walking be prevented?:
- NSEC3 records can be used instead of NSEC records to contain salted hash values of non-existent domain names and closest existing domain names in a zone.
- This prevents attackers from understanding the subdomains as the values are hashed.

What is DNS cache snooping?:
- DNS cache snooping is a type of attack where an attacker tries to obtain information about the DNS queries and responses made by a target user or network.
- The attacker does this by analyzing the contents of the DNS cache maintained by the target’s DNS resolver.

How can DNS cache snooping be avoided?:
- Disabling non-recursive queries can prevent DNS cache snooping by ensuring that all queries are performed recursively and IP addresses are generated by the DNS hierarchy of servers.

What are some tools used for DNSSEC zone walking?:
- LDNS and DNSRecon are common tools used for DNSSEC zone walking.
- Nmap script dns-nsec-snum can also be used for DNSSEC zone walking.

DNS Cache Poisoning:
- DNS cache poisoning is a type of attack in which an attacker exploits vulnerabilities in DNS servers to insert fake DNS records into their cache.
- This can allow the attacker to redirect users to malicious websites, intercept sensitive data, or perform other nefarious actions.

DNS Zone Transfers:
- DNS zone transfers can be used by attackers to gather information about a target organization's DNS infrastructure.
- It is important for organizations to properly configure their DNS servers to prevent unauthorized zone transfers.

DNS Cache Snooping:
- DNS cache snooping is a technique used by attackers to determine whether a DNS resolver has cached records for a particular domain.
- This can be used to identify vulnerable DNS servers and launch more targeted attacks.

Preventing DNS Cache Snooping:
- Preventive measures to prevent DNS cache snooping include not having externally accessible DNS servers, not allowing public access to DNS servers that require recursion, and using DNS rate limiting.
- It is important for organizations to properly configure their DNS servers to prevent these types of attacks.

The Microsoft Learn Cloud Skills #Challenge

Free Microsoft Certification exam offer will be delivered by June 30, 2023, and will expire on September 27, 2023. You must complete your exam before this date.

There are 8 challenges available to choose from, select one that's right for you. Once you complete that challenge you will earn a free Microsoft Certification exam that can be applied to your choice from a select list of options.

AWS DeepRacer Student
Learn machine learning, win prizes by racing with students globally, and complete your application to the AWS AI & ML Scholarship program

https://student.deepracer.com

OpenAI, the developer of ChatGPT, has chosen London as the location for its first international office in a boost to the UK’s attempts to stay competitive in the artificial intelligence race.

The San Francisco-based company behind the popular chatbot said on Wednesday that it would start its expansion outside the US in the UK capital.

OpenAI said the UK office would reinforce efforts to create “safe AGI”. AGI refers to artificial general intelligence, or a highly intelligent AI system that OpenAI’s chief executive, Sam Altman, has described as “generally smarter than humans”.

RESOLUTE ATTACK

Latest New links on TOR SEARCH

Copy Paste link in Tor Browser.

Best Hiden Wiki – http://deepqelxz6iddqi5obzla2bbwh5ssyqqobxin27uzkr624wtubhto3ad.onion/



Dark Web Hackers for Social Media Account Hacking :- http://n3a5vyxy6sfuh3n5cwjhvnefkqvcdpzpyi7okfpqbairv2syor42e3yd.onion



Premium Paypal, Ebay and bank accounts - AccMarket :- http://55niksbd22qqaedkw36qw4cpofmbxdtbwonxam7ov2ga62zqbhgty3yd.onion



Cardshop – USA CVV KNOWN BALANCE & Worldwide CC & CVV :- http://gjq7bnlsu6j2s2klzerelpwppcvlklsmdffa3rl7mq6wvjmtcgvfqfyd.onion



Bitcoin mining with stolen electricity Darkmining :- http://jbtb75gqlr57qurikzy2bxxjftzkmanynesmoxbzzcp7qf5t46u7ekqd.onion



Bitcoin Investment Trust – earn 5-9% per week! :- http://jhi4v5rjly75ggha26cu2eeyfhwvgbde4w6d75vepwxt2zht5sqfhuqd.onion



Mobile Store – Best unlocked cell phones vendor :- http://rxmyl3izgquew65nicavsk6loyyblztng6puq42firpvbe32sefvnbad.onion



Kamagra 4 Bitcoin – Like Viagra but cheaper :- http://vhlehwexxmbnvecbmsk4ormttdvhlhbnyabai4cithvizzaduf3gmayd.onion



Fake passports and ID cards for Bitcoin Onion Identity Services :- http://ymvhtqya23wqpez63gyc3ke4svju3mqsby2awnhd3bk2e65izt7baqad.onion



Uk Guns and Ammo Store :- http://k6m3fagp4w4wspmdt23fldnwrmknse74gmxosswvaxf3ciasficpenad.onion



USfakeIDs – US fake ID store :- http://lqcjo7esbfog5t4r4gyy7jurpzf6cavpfmc4vkal4k2g4ie66ao5mryd.onion



Scary & Creepy Videos – http://jnfqxx3pn7yur3xohy33cxuhjniluz2o5kdd4y5z373nzmk3dhqjzsad.onion/



Data Base – http://breachdbsztfykg2fdaq2gnqnxfsbj5d35byz3yzj73hazydk4vq72qd.onion/