Streamlining Websocket Pentesting with wsrepl
๐ฃnibblesec
Nice work!
๐คilimanjf
I'm the author of this tool. As the blog post describes, I created it to address my own frustrations during engagements. If you've ever encountered challenges while testing websockets, I'd love to hear your thoughts.
๐คexecveat
๐@malwr
๐ฃnibblesec
Nice work!
๐คilimanjf
I'm the author of this tool. As the blog post describes, I created it to address my own frustrations during engagements. If you've ever encountered challenges while testing websockets, I'd love to hear your thoughts.
๐คexecveat
๐@malwr
Doyensec
Streamlining Websocket Pentesting with wsrepl
In an era defined by instant gratification, where life zips by quicker than a teenagerโs TikTok scroll, WebSockets have evolved into the heartbeat of web applications. Theyโre the unsung heroes in data streaming and bilateral communication, serving up everythingโฆ
VirusTotal Leak Data of 5,600 registered users
Better change those passwords.
Link here)
๐ฃhawaii_brian
I feel like I see data leaks of passwords all the time. What makes it so common?
How are they supposed to be stored? Hashed and salted?
๐คTheAnxiousPianist
"Usersโ names and e-mail addresses have been leaked, but passwords havenโt."
I have 2FA enabled but updated my password anyhow, making it longer and more complex.
๐คfmtheilig
Community notes about to get real interesting
๐คGoodEbening
๐@malwr
Better change those passwords.
Link here)
๐ฃhawaii_brian
I feel like I see data leaks of passwords all the time. What makes it so common?
How are they supposed to be stored? Hashed and salted?
๐คTheAnxiousPianist
"Usersโ names and e-mail addresses have been leaked, but passwords havenโt."
I have 2FA enabled but updated my password anyhow, making it longer and more complex.
๐คfmtheilig
Community notes about to get real interesting
๐คGoodEbening
๐@malwr
Help Net Security
VirusTotal leaked data of 5,600 registered users
VirusTotal has suffered a data leak, which exposed the names and email addresses of 5600 of its registered users.
๐1๐ฑ1
Detecting Fileless PowerShell operations
I am currently doing an internship where I am pen testing a proprietary incident response/memory forensics tool. I am new to pentesting/forensics in general. One of the things I am thinking about trying is using IEX in PowerShell to download/run things. Does this leave any kind of artifacts?
What would you be checking for in something like this?
I am planning on using atomic red team or caldera. I have noticed that with ART that the PowerShell commands you run are unique to that program and probably would not be a typical PowerShell command so perhaps not the best way to find out what PowerShell is actually doing but it seemed the easiest way to start testing quickly.
๐ฃGhostnineone
Depending on the setup of the target organisation, using powershell on the target will leave logs in the "Windows PowerShell.evtx" logs in decoded form, and if more logging are in place, "powershell transcripts" or "sysmon" logs may exist, other than logs, artifacts like Prefetch, ShimCache or AmCache can provide more evidence of powershell execution.
๐คOverZeeR
You can usually find PowerShell in the event logs.
๐คsmc0881
๐@malwr
I am currently doing an internship where I am pen testing a proprietary incident response/memory forensics tool. I am new to pentesting/forensics in general. One of the things I am thinking about trying is using IEX in PowerShell to download/run things. Does this leave any kind of artifacts?
What would you be checking for in something like this?
I am planning on using atomic red team or caldera. I have noticed that with ART that the PowerShell commands you run are unique to that program and probably would not be a typical PowerShell command so perhaps not the best way to find out what PowerShell is actually doing but it seemed the easiest way to start testing quickly.
๐ฃGhostnineone
Depending on the setup of the target organisation, using powershell on the target will leave logs in the "Windows PowerShell.evtx" logs in decoded form, and if more logging are in place, "powershell transcripts" or "sysmon" logs may exist, other than logs, artifacts like Prefetch, ShimCache or AmCache can provide more evidence of powershell execution.
๐คOverZeeR
You can usually find PowerShell in the event logs.
๐คsmc0881
๐@malwr
Reddit
From the computerforensics community on Reddit
Explore this post and more from the computerforensics community
โค1
The Tool List of IoT(Internet of Things) Device Search Engines
Internet Of Things (IoT) devices search engines
[Shodan](https://www.shodan.io/)
Criminal IP
[Airport webcams](http://airportwebcams.net/)
Insecam
[Lookr](https://www.lookr.com/)
Earthcam
[Openstreetcam](https://www.openstreetcam.org/map/)
Opentopia
[Pictimo](https://www.pictimo.com/)
Thingful
[Webcam.nl (NL)](https://webcam.nl/live_streaming/)
Webcams.travel
[Worldcam](https://worldcam.eu/)
censys
These tools can be utilized for discovering exposed IoT devices and detecting their vulnerabilities, open ports, etc.
Source: https://osint.link/
๐ฃtalentSA112200
๐@malwr
Internet Of Things (IoT) devices search engines
[Shodan](https://www.shodan.io/)
Criminal IP
[Airport webcams](http://airportwebcams.net/)
Insecam
[Lookr](https://www.lookr.com/)
Earthcam
[Openstreetcam](https://www.openstreetcam.org/map/)
Opentopia
[Pictimo](https://www.pictimo.com/)
Thingful
[Webcam.nl (NL)](https://webcam.nl/live_streaming/)
Webcams.travel
[Worldcam](https://worldcam.eu/)
censys
These tools can be utilized for discovering exposed IoT devices and detecting their vulnerabilities, open ports, etc.
Source: https://osint.link/
๐ฃtalentSA112200
๐@malwr
Shodan
Search engine of Internet-connected devices. Create a free account to get started.
citrixInspector: Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519
๐ฃdigicat
What are the experiences with the IoC checks so far?
๐คAlert-Sale2153
๐@malwr
๐ฃdigicat
What are the experiences with the IoC checks so far?
๐คAlert-Sale2153
๐@malwr
GitHub
GitHub - securekomodo/citrixInspector: Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrixโฆ
Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519 - securekomodo/citrixInspector
PurpleKeep: Providing Azure pipelines to create an infrastructure and run Atomic tests.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - Retrospected/PurpleKeep: Providing Azure pipelines to create an infrastructure and run Atomic tests.
Providing Azure pipelines to create an infrastructure and run Atomic tests. - GitHub - Retrospected/PurpleKeep: Providing Azure pipelines to create an infrastructure and run Atomic tests.
๐1
apk2url - Tool to gather endpoints from an APK
apk2url is a tool that can be useful for developers, pentesters and redteamers for information gathering purposes. This tool gathers IP and URL endpoints from an APK using decompiling and disassembly.
You never know what you can find =)
Try it out:
https://github.com/n0mi1k/apk2url
๐ฃn0mi1k
Thanks for sharing, iโll have to check this out!
Any idea on if it captures deeplinks too?
Edit: just saw you wrote it, iโll give it a go an pass any suggestions if youโd like.
๐คKillco_Joe
๐@malwr
apk2url is a tool that can be useful for developers, pentesters and redteamers for information gathering purposes. This tool gathers IP and URL endpoints from an APK using decompiling and disassembly.
You never know what you can find =)
Try it out:
https://github.com/n0mi1k/apk2url
๐ฃn0mi1k
Thanks for sharing, iโll have to check this out!
Any idea on if it captures deeplinks too?
Edit: just saw you wrote it, iโll give it a go an pass any suggestions if youโd like.
๐คKillco_Joe
๐@malwr
GitHub
GitHub - n0mi1k/apk2url: An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling
An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling - n0mi1k/apk2url