🦑your go-to list for mastering ceh certifications with comprehensive notes and guides:

🔗 OSCP-PWK Notes
• https://lnkd.in/g6FxfX8E
• https://lnkd.in/ghgucHas
• https://lnkd.in/gJa76GPK
• https://lnkd.in/g6MM6XCk

🔗 AWAE-OSWE Notes
• https://lnkd.in/g2ryHz3e
• https://lnkd.in/gYaMjxQa
• https://lnkd.in/gXfgMii5

🔗 OSWP Notes
• https://lnkd.in/gEfuSCS6
• https://lnkd.in/g8NeRaFD
• https://lnkd.in/gVfCCtZa

🔗 OSED Notes
• https://lnkd.in/g7R-Xpd7
• https://lnkd.in/gTErMaG7

🔗 OSEP Notes
• https://lnkd.in/gx2QYYiq
• https://lnkd.in/gicUKZKy

🔗 OSWA Notes
• https://lnkd.in/gkEXePVN
• https://lnkd.in/gjUqBDH3

🔗 OffSec Reporting
• https://lnkd.in/gW-5NiUw

Thank you Semih Tüfekçi 👏

Chrome Extensions for Bug Bounty

LoL

🦑ARP vulnerabilities:

Address Resolution Protocol (ARP) was designed when network security was underdeveloped.

Therefore the protocol is clear text with no embedded security. It does not validate ARP packets and even accepts ARP Responses even if an ARP Request has never been sent out. By default, no mechanism validates whether a rouge host sends malicious ARP messages or intercepts and alters ARP Requests/Replies. Several well-known attacks use the same process called ARP spoofing. The ultimate goal of the attackers is to get in the data path, as shown in, and steal private data.

🦑Top 1300+ hacking gadgets to watch for in 2024:

https://pastebin.com/jsi747Uk

🦑 AI-Chat-App-Hack-Vision integrating GPT-4 and Vision:

Overview
This project combines GPT-4 with Vision Studio using Azure services. It uses the sample nature dataset from Vision Studio and is inspired by the [Azure Search OpenAI Demo](https://github.com/Azure/azure-search-openai-demo).

Requirements

Azure Account
1. Azure Free Account: Sign up for free Azure credits.
2. Permissions:
- Role-Based Access Control (RBAC):
- Microsoft.Authorization/roleAssignments/write permissions.
- Subscription or resource group access is mandatory.
- Azure OpenAI Access:
- Request access via [this form](https://aka.ms/oai/access).

Local Environment
1. Tools:
- Azure Developer CLI
- Python 3.9–3.11 (ensure python --version works).
- Node.js 14+
- Git
- PowerShell 7+ (Windows only).

2. Setup:
- Install dependencies.
- Ensure Python and PowerShell paths are configured.



Azure Deployment

Steps
1. Prepare Local Code:
- Create a folder and navigate to it in your terminal.
- Authenticate: azd auth login.
- Initialize project:
azd init -t https://github.com/mattgotteiner/AI-Chat-App-Hack-Vision.

2. Deploy Resources:
- Run azd up to provision and deploy all resources.
- Monitor for costs! Stop unused resources to avoid charges:
- azd down or delete resources manually.
- After deployment, access the app via the provided URL.

Deployment Details
- Resources Deployed:
- Azure App Service (Basic Tier, 1 CPU core, 1.75 GB RAM).
- Azure OpenAI (Standard tier, GPT-4 model).
- Azure AI Search (Standard tier, 1 replica).
- Azure Blob Storage (ZRS).
- Azure Monitor (Pay-as-you-go).

- Cost Optimization:
- Use free SKUs where possible.
- Refer to the [Azure Pricing Calculator](https://azure.microsoft.com/en-us/pricing/calculator/) for estimates.



Running Locally
1. Ensure successful deployment with azd up.
2. Authenticate: azd auth login.
3. Start app:
- Navigate to the app directory.
- Run ./start.ps1 or use VS Code's "Run & Debug".
- Open [http://localhost:50505](http://localhost:50505) in your browser.

Clean Up
To avoid unnecessary costs:
1. Run azd down.
2. Confirm cleanup by entering y when prompted.

For more details, refer to the [project repository](https://github.com/mattgotteiner/AI-Chat-App-Hack-Vision).

🦑Damm G2a should patch this ..

https://drive.google.com/file/d/1QJygOCFebxM5GVIk3-Z67YeoFITJ-xJL/view?pli=1

🦑Network Protocol and Traffic Analyzers:

Wireshark - https://www.wireshark.org/

tcpdump - https://www.tcpdump.org/

EtherApe - http://etherape.sourceforge.net/

Capsa Free - https://www.colasoft.com/capsa-free/

Nmap - https://nmap.org/

Netcat (nc) - https://nc110.sourceforge.io/

🦑Network Performance Monitoring:

Nagios - https://www.nagios.org/

PRTG Network Monitor - https://www.paessler.com/prtg

Zabbix - https://www.zabbix.com/

SolarWinds Network Performance Monitor -
https://www.solarwinds.com/network-performance-monitor

ManageEngine OpManager - https://www.manageengine.com/network-monitoring/

Cacti - https://www.cacti.net/

Network Security Analysis

Snort - https://www.snort.org/

Suricata - https://suricata.io/

Zeek (formerly Bro) - https://zeek.org/

OpenVAS (now Greenbone Vulnerability Manager) - https://www.greenbone.net/en/vulnerability-management/

AlienVault OSSIM - https://cybersecurity.att.com/products/ossim

🦑Wireless Network Analysis:

Kismet - https://kismetwireless.net/

Acrylic WiFi - https://www.acrylicwifi.com/

inSSIDer - https://www.metageek.com/products/inssider/

Ekahau HeatMapper - https://www.ekahau.com/heatmapper/

WiFi Analyzer (Microsoft Store) - https://www.microsoft.com/en-us/p/wifi-analyzer/9nblggh33n0n

🦑Network Diagnostics and Troubleshooting:

PingPlotter - https://www.pingplotter.com/

MTR (My Traceroute) - https://github.com/traviscross/mtr

Angry IP Scanner - https://angryip.org/

This is a beautiful malicous BadUSB implant photo. One of the best parts of #RedTeaming is going into an office and secretly swapping out USB cables on folks desks.

⬇️ 💻 Thanks to Lumafield’s Neptune industrial x-ray CT scanner, we can see the O.MG USB-C Cable isn’t just a regular USB cable. At its core, the O.MG Cable uses an ultra compact ESP32 Pico allow for keystroke injection attacks, remote control via wifi, hardware keylogging, ID/PID spoofing as well as remote command and control.

These are not really that new, and have existed in various forms and lesser capabilities at higher prices for almost ten years now.

Source: Linkedin

🦑Hack with 1 Plug:

Duckyspark v.0.4.1
Translator from USB-Rubber-Ducky payloads (Ducky script) to a Digispark code.

Usage:

python3 Duckyspark_translator.py [payload.txt] [output_file]
or
python3 Duckyspark_translator.py [payload.txt]

in this case the translated payload will be saved in the file "digipayload.ino"

Ducky payloads you can find here: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads

or here: https://github.com/CedArctic/DigiSpark-Scripts

Or, you can simply write your own payloads using Ducky script

Ducky script syntax: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript

Recently we found the video "Digispark Flashing Guide & Ducky Payload Converters" that shows how to flash Digispark using the payloads generated by our script: https://www.youtube.com/watch?v=Lrn_hgckhGw&lc

Our site: https://awake.pro/

Upd: added 3d models of USB flesh drive to hide Digispark.

You could edit 3d model, or just print on 3d printer ready-for-print .stl models

Commands

🦑 Example of sFTP Credentials Leak in Private Program

Target Sub-Domain: trc[•]example[•]com

Impact: Full FTP Server Access Obtained

Details: sftp-config.json exposed sensitive credentials.

Severity: 🔴 Critical (9.6)

💡 Stay vigilant for exposed configuration files!

🦑Top ChatGPT extensions for enhancing your productivity and web browsing experience:

1. Monica AI Copilot: A versatile assistant powered by GPT-4, offering functionalities like email drafting, web summaries, PDF chatting, and AI image generation, all while integrating with real-time web browsing.

2. AIPRM for ChatGPT: A powerful tool for marketers and content creators, featuring over 4,500 professional prompts for generating blog titles, ad copy, SEO strategies, and more.

3. Superpower ChatGPT: Adds features like organizing chat folders, custom prompt saving, and downloadable conversations. It’s a great organizational tool for frequent ChatGPT users.

4. Wiseone: Designed for readers, this extension simplifies complex text by providing definitions, context, and summaries directly within your browser.

5. YouTube Summary with ChatGPT & Claude: Summarizes YouTube videos and supports multilingual summaries, complete with timestamps for key points.

6. ChatGPT Writer: Specializes in creating emails and messages based on context, perfect for streamlining communication tasks.

7. Compose AI: Assists with sentence completion, rephrasing, and email replies, making it ideal for improving your writing speed and clarity.

These extensions are available on the Chrome Web Store and are useful for professionals, students, and casual users alike. Let me know if you'd like help with installation or exploring any of these!

🦑Easiest XSS Testing!! [Basic Recon Tips]

✅Tip: Use Inspect Element to find how the input is handled by the server. i.e. if it is enclosed as ''<your_payload>'' try to escape the closing '' '' by adding ''<your_payload> in the input field. This will break the filters in most cases.
This tip is just a very basic method to bypass filters. There are numerous other ways to bypass the filters and having a little knowledge on javascript will be a advantage for you guys...

I will be sharing next levels of bypassing on my coming posts✅

Source

🦑Google Dorks basics:


site:.edu “phone number”– This Dork searches for websites on .edu domains that contain the words “phone number”. student “phone number” – This Dork searches for websites on .edu domains that contain the words “student” and “phone number”.

inurl:edu “login” – This Dork searches for websites on .edu domains that contain the words “login”. This Dork searches for school websites that contain student login information.

“powered by Undercode” site:.edu – This Dork searches for websites on .edu domains that contain the words “powered by Undercode”. This Dork searches for school websites that are running on the Undercode forum software.

“powered by Undercode” site:.gov – This Dork searches for websites on .gov domains that contain the words “powered by Undercode”. This Dork searches for governmental websites that are running on the Undercode forum software.

“powered by Undercode” site:.mil – This Dork searches for websites on .mil domains that contain the words “powered by Undercode”. This Dork searches for military websites that are running on the Undercode forum software.

“powered by Undercode” inurl:.edu – This Dork searches for websites on .edu domains that contain the words “powered by Undercode”. This Dork searches for school websites that are running on the Undercode forum software.

“powered by Undercode” inurl:.mil – This Dork searches for websites on .mil domains that contain the words “powered by Undercode”. This Dork searches for military websites that are running on the Undercode forum software.

inurl:.com “powered by Undercode” – This Dork searches for websites on .com domains that contain the words “powered by Undercode”. This Dork searches for websites that are running on the Undercode forum software.

inurl:.edu “register forum” – This Dork searches for websites on .edu domains that contain the words “register forum”. This Dork searches for school websites that allow you to register for a forum.
inurl:.gov “register forum” – This Dork searches for websites on .gov domains that contain the words “register forum”. This Dork searches for governmental websites that allow you to register for a forum

🦑 top cybersecurity job sites:

https://www.cyberseek.org

https://www.hays.com

https://www.comptia.org

🦑Advanced Steganography Tool made with Python:

Installation

1. Clone the repository:

   kali@kali:~$ git clone https://github.com/Sanjipan/Steganography
   

2. Install required Python libraries:

   kali@kali:~$ pip install argparse
   kali@kali:~$ pip install Wave
   kali@kali:~$ sudo pip install opencv-python
   kali@kali:~$ pip install numpy
   kali@kali:~$ pip install Pillow
   kali@kali:~$ pip install pytest-shutil
   kali@kali:~$ pip install subprocess.run
   kali@kali:~$ sudo pip install stegano
   

How to Use

1. Navigate to the project directory:

   kali@kali:~$ cd Steganography
   

2. Encoding/Decoding Files:

- For Audio Files:
- Encoding:

       sudo python3 ./Steganography.py -a -e <location of file>
       

- Decoding:

       sudo python3 ./Steganography.py -a -d <location of file>
       

- For Video Files:
- Encoding:

       sudo python3 ./Steganography.py -v -e <location of file>
       

- Decoding:

       sudo python3 ./Steganography.py -v -d <location of file>
       

- For Image Files:
- Encoding:

       sudo python3 ./Steganography.py -i -e <location of file>
       

- Decoding:

       sudo python3 ./Steganography.py -i -d <location of file>
       

- For Text Files:
- Encoding:

       sudo python3 ./Steganography.py -t -e <location of file>
       

- Decoding:

       sudo python3 ./Steganography.py -t -d <location of file>
       

3. For Help:

   sudo python3 ./Steganography.py -h
   sudo python3 ./Steganography.py --help
   

For more detailed usage and code, visit the repository [here](https://github.com/Sanjipan/Steganography).

🧨 Hide Data/Malwares in Images:

https://youtu.be/4TsEqrs09SM