HackTricks (free online book)
- linux/windows/macos hardening
- mobile/web/network services pentesting
- reversing and exploiting
- cryptography and steganography
and more.
http://book.hacktricks.xyz/
- linux/windows/macos hardening
- mobile/web/network services pentesting
- reversing and exploiting
- cryptography and steganography
and more.
http://book.hacktricks.xyz/
SIM HIJACKING
- Attacks Using Just A Phone Number
- Subscriber Identification Module (SIM)
- AT Commands
- SIM Application Toolkit (STK)
- TAR (Toolkit Application Reference)
https://sensepost.com/blog/2022/sim-hijacking/
- Attacks Using Just A Phone Number
- Subscriber Identification Module (SIM)
- AT Commands
- SIM Application Toolkit (STK)
- TAR (Toolkit Application Reference)
https://sensepost.com/blog/2022/sim-hijacking/
❤1👍1
Подборка полезных сервисов на все случаи жизни:
Stockimg — генератор логотипов, постеров, стоковых картинок, обложек для книг.
PDFai — чат с пдф файлами, обобщение информации.
Kadoa — парсит любую инфу с сайтов.
LingoSync — переводит видосы на более чем 40 языков.
Rosebud — нейросеть для ведения личного дневника. На основе ваших данных можно давать задания: прокачать скилы или поразмышлять о повседневной жизни.
Voxqube — инструмент быстрого дубляжа видеороликов YouTube на базе ИИ, позволяющий локализовать их на нескольких языках для расширения аудитории.
Codeamigo — интерактивные гайды по кодированию с помощью ИИ для легкого обучения программированию.
Books AI — загрузите фото книги и нейросеть расскажет обобщенно о чем она.
Stockimg — генератор логотипов, постеров, стоковых картинок, обложек для книг.
PDFai — чат с пдф файлами, обобщение информации.
Kadoa — парсит любую инфу с сайтов.
LingoSync — переводит видосы на более чем 40 языков.
Rosebud — нейросеть для ведения личного дневника. На основе ваших данных можно давать задания: прокачать скилы или поразмышлять о повседневной жизни.
Voxqube — инструмент быстрого дубляжа видеороликов YouTube на базе ИИ, позволяющий локализовать их на нескольких языках для расширения аудитории.
Codeamigo — интерактивные гайды по кодированию с помощью ИИ для легкого обучения программированию.
Books AI — загрузите фото книги и нейросеть расскажет обобщенно о чем она.
Stockimg AI
AI Photo Generator: Logo, Art, Stock Image, Illustration | Stockimg
Stockimg is an all in one design and content creation tool powered by AI. You can easily generate logo, illustration, wallpaper, poster and more.
❤1
Vuln_Hunting_WDM.pdf
1.8 MB
#tools
#Threat_Research
"Enhanced Vulnerability Hunting in WDM Drivers Using Symbolic Execution and Taint Analysis", 2023.
]-> tool to hunt vulns in x64 WDM drivers:
https://github.com/zeze-zeze/ioctlance
#Threat_Research
"Enhanced Vulnerability Hunting in WDM Drivers Using Symbolic Execution and Taint Analysis", 2023.
]-> tool to hunt vulns in x64 WDM drivers:
https://github.com/zeze-zeze/ioctlance
Cookie_analysis.pdf
810.7 KB
#Research
"Automated Large-Scale Analysis of Cookie Notice Compliance", 2024.
]-> CookieBlock Browser Extension:
https://github.com/dibollinger/CookieBlock
"Automated Large-Scale Analysis of Cookie Notice Compliance", 2024.
]-> CookieBlock Browser Extension:
https://github.com/dibollinger/CookieBlock
ChkUp.pdf
916.4 KB
#Threat_Research
"Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities", 2023.
]-> https://fw-chkup.github.io
"Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities", 2023.
]-> https://fw-chkup.github.io
SoK.pdf
581.7 KB
#Fuzzing
#Research
"SoK: Prudent Evaluation Practices for Fuzzing", 2024.
]-> https://github.com/fuzz-evaluator
]-> Fuzzing Evaluation Guidelines:
https://github.com/fuzz-evaluator/guidelines
#Research
"SoK: Prudent Evaluation Practices for Fuzzing", 2024.
]-> https://github.com/fuzz-evaluator
]-> Fuzzing Evaluation Guidelines:
https://github.com/fuzz-evaluator/guidelines
cyber_chi.pdf
1.7 MB
#Analytics
#Threat_Research
"China’s Cyber Revenge
Why the PRC Fails to Back Its Claims of Western Espionage", 2024.
#Threat_Research
"China’s Cyber Revenge
Why the PRC Fails to Back Its Claims of Western Espionage", 2024.
TestTime_attacks.pdf
4.8 MB
#MLSecOps
"Test-Time Backdoor Attacks on Multimodal Large Language Models", 2024.
]-> https://github.com/sail-sg/AnyDoor
"Test-Time Backdoor Attacks on Multimodal Large Language Models", 2024.
]-> https://github.com/sail-sg/AnyDoor
Evaluating_forensic_tools.pdf
579 KB
#Whitepaper
"Evaluating the Efficacy of Network Forensic Tools: A Comparative Analysis of Snort, Suricata, and Zeek in Addressing Cyber Vulnerabilities", 2024.
"Evaluating the Efficacy of Network Forensic Tools: A Comparative Analysis of Snort, Suricata, and Zeek in Addressing Cyber Vulnerabilities", 2024.
NIST_SP800_55v1.pdf
896.3 KB
#Infosec_Standards
NIST SP 800-55 v.1:
"Measurement Guide for Information Security", 2024.
Vol.1 - Identifying and Selecting Measures
Vol.2 - Developing an Information Security Measurement Program
NIST SP 800-55 v.1:
"Measurement Guide for Information Security", 2024.
Vol.1 - Identifying and Selecting Measures
Vol.2 - Developing an Information Security Measurement Program
KernelGPT.pdf
3.5 MB
"KernelGPT: Enhanced Kernel Fuzzing via Large Language Models", 2024.
]-> https://github.com/kernelslacker/trinity
]-> https://github.com/kernelslacker/trinity
KeyTrap in DNS (CVE-2023-50387)
https://github.com/knqyf263/CVE-2023-50387?tab=readme-ov-file
https://github.com/knqyf263/CVE-2023-50387?tab=readme-ov-file
一些安全的IMs选项 ——
1. E2EE + 开源
Session
Delta Chat
Simplex Chat
Silence
Wire
Safe Text
2. Matrix客户端
Element
Syphon
Cinny
FluffyChat
SchildiChat
3. 离线可用(网状网络)
berty
dIM Chat
Rumble
Serval Mesh
FireChat
Meshenger
Berkanan
Mesh
4. 基于Tor
Tinfoil Chat
Ricochet Refresh
Briar
Tox
Speek
cwtch.im
5. 区块链
Status
Mixin
Adamant
iMe Messenger & Crypto Wallet
6. 分叉
Molly (Signal)
DarkMessenger (Conversations)
aTox 0.6.0 (Tox)
Taranis (Jami)
7. VOIP/SIP/视频通话
Jami
Pryvate Now
Rocket.Chat
Jitsi Meet
Sipnetic
Linphone
8. XMPP (OTR/OMEMO)
Conversations
CoyIM
Dino.
Pidgin
Gajim
blabber
Beagle
MirandaNG
Wime
ChatSecure
(这里有完整的名单:https://omemo.top/)。
#tools
1. E2EE + 开源
Session
Delta Chat
Simplex Chat
Silence
Wire
Safe Text
2. Matrix客户端
Element
Syphon
Cinny
FluffyChat
SchildiChat
3. 离线可用(网状网络)
berty
dIM Chat
Rumble
Serval Mesh
FireChat
Meshenger
Berkanan
Mesh
4. 基于Tor
Tinfoil Chat
Ricochet Refresh
Briar
Tox
Speek
cwtch.im
5. 区块链
Status
Mixin
Adamant
iMe Messenger & Crypto Wallet
6. 分叉
Molly (Signal)
DarkMessenger (Conversations)
aTox 0.6.0 (Tox)
Taranis (Jami)
7. VOIP/SIP/视频通话
Jami
Pryvate Now
Rocket.Chat
Jitsi Meet
Sipnetic
Linphone
8. XMPP (OTR/OMEMO)
Conversations
CoyIM
Dino.
Pidgin
Gajim
blabber
Beagle
MirandaNG
Wime
ChatSecure
(这里有完整的名单:https://omemo.top/)。
#tools
👍2
#exploit
1. CVE-2024-1346:
Weak MySQL database root password in LaborOfficeFree
https://github.com/PeterGabaldon/CVE-2024-1346
2. A modern dashboard exploit for MS Xbox
https://github.com/XboxDev/endgame-exploit
1. CVE-2024-1346:
Weak MySQL database root password in LaborOfficeFree
https://github.com/PeterGabaldon/CVE-2024-1346
2. A modern dashboard exploit for MS Xbox
https://github.com/XboxDev/endgame-exploit
👍4