Forwarded from Exploiting Crew (Pr1vAt3)
π¦ LFIer Tool :
>>>>LFIer>>>> is a powerful tool for detecting >>>>Local File Inclusion (LFI)>>>> vulnerabilities in web applications. By injecting payloads into URL parameters and analyzing responses, it efficiently identifies potential security issues. The tool is designed for flexibility, efficiency, and accuracy, even when scanning sites protected by WAFs or cloud-based defenses.
π >>>>Key Features>>>>
1. >>>>β‘οΈ High Performance>>>>: Async programming ensures rapid, non-blocking requests for large-scale scanning.
2. >>>>π Advanced Detection>>>>: Custom payloads and indicators accurately detect vulnerabilities.
3. >>>>π‘ WAF/Cloud Bypass>>>>: Simulates real browser requests to bypass security measures.
4. >>>>π Custom Payloads>>>>: Allows user-defined payload injection for flexibility.
5. >>>>π Custom Headers>>>>: Mimics client requests or bypasses filters with custom headers.
6. >>>>β±οΈ Rate Limiting>>>>: Prevents server overload by controlling request frequency and batching.
7. >>>>π Flexible Output>>>>: Results in JSON or plain text for seamless integration into pipelines.
8. >>>>π§ Configurability>>>>: Adjustable settings for rate, timeouts, and workers.
9. >>>>π Organized Scans>>>>: Groups results by domain or URL list.
10. >>>>π Easy Updates>>>>: One-click update mechanism ensures the latest features.
π₯ >>>>Installation>>>>
# >>>>For Kali Linux (2024.4+)>>>>
# >>>>Using Virtual Environment (Recommended for Non-Kali Users)>>>>
1. >>>>Create and activate virtual environment:>>>>
2. >>>>Upgrade pip:>>>>
3. >>>>Clone the repository and install dependencies:>>>>
---
π >>>>Payloads & Indicators>>>>
# >>>>Linux Example>>>>
- >>>>Payloads>>>>:
- >>>>Indicators>>>>:
# >>>>Windows Example>>>>
- >>>>Payloads>>>>:
- >>>>Indicators>>>>:
---
𧩠>>>>Parameterized URLs>>>>
To find URLs with parameters:
---
π >>>>Usage Examples>>>>
# >>>>Single Domain Scan>>>>
# >>>>Multiple URLs with Custom Rate>>>>
# >>>>Advanced Usage>>>>
- Custom headers:
- JSON output:
---
βοΈ >>>>Important Notes>>>>
- Always activate the virtual environment before using LFIer:
- Regularly update LFIer to keep it effective against new protections:
This tool is a must-have for cybersecurity professionals looking to identify and remediate LFI vulnerabilities efficiently. Happy hunting!
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
>>>>LFIer>>>> is a powerful tool for detecting >>>>Local File Inclusion (LFI)>>>> vulnerabilities in web applications. By injecting payloads into URL parameters and analyzing responses, it efficiently identifies potential security issues. The tool is designed for flexibility, efficiency, and accuracy, even when scanning sites protected by WAFs or cloud-based defenses.
π >>>>Key Features>>>>
1. >>>>β‘οΈ High Performance>>>>: Async programming ensures rapid, non-blocking requests for large-scale scanning.
2. >>>>π Advanced Detection>>>>: Custom payloads and indicators accurately detect vulnerabilities.
3. >>>>π‘ WAF/Cloud Bypass>>>>: Simulates real browser requests to bypass security measures.
4. >>>>π Custom Payloads>>>>: Allows user-defined payload injection for flexibility.
5. >>>>π Custom Headers>>>>: Mimics client requests or bypasses filters with custom headers.
6. >>>>β±οΈ Rate Limiting>>>>: Prevents server overload by controlling request frequency and batching.
7. >>>>π Flexible Output>>>>: Results in JSON or plain text for seamless integration into pipelines.
8. >>>>π§ Configurability>>>>: Adjustable settings for rate, timeouts, and workers.
9. >>>>π Organized Scans>>>>: Groups results by domain or URL list.
10. >>>>π Easy Updates>>>>: One-click update mechanism ensures the latest features.
π₯ >>>>Installation>>>>
# >>>>For Kali Linux (2024.4+)>>>>
git clone https://github.com/Cybersecurity-Ethical-Hacker/lfier.git
cd lfier
pipx install aiohttp
pipx install colorama
pipx install tqdm
# >>>>Using Virtual Environment (Recommended for Non-Kali Users)>>>>
1. >>>>Create and activate virtual environment:>>>>
python3 -m venv venv
source venv/bin/activate
2. >>>>Upgrade pip:>>>>
pip install --upgrade pip
3. >>>>Clone the repository and install dependencies:>>>>
git clone https://github.com/Cybersecurity-Ethical-Hacker/lfier.git
cd lfier
pip install -r requirements.txt
---
π >>>>Payloads & Indicators>>>>
# >>>>Linux Example>>>>
- >>>>Payloads>>>>:
/..\\../..\\../etc/passwd
../../../../../etc/passwd
- >>>>Indicators>>>>:
root:x:0:0:
nobody:x:65534:
# >>>>Windows Example>>>>
- >>>>Payloads>>>>:
C:/boot.ini
- >>>>Indicators>>>>:
[boot loader]
timeout=30
---
𧩠>>>>Parameterized URLs>>>>
To find URLs with parameters:
paramspider -d domain.com -s 2>&1 | grep -Ei "https?://" | sort -u | httpx -silent -status-code -mc 200,201,204,401,403 > live_urls.txt
---
π >>>>Usage Examples>>>>
# >>>>Single Domain Scan>>>>
python lfier.py -d "https://domain.com/file.php?parameter=1234"
# >>>>Multiple URLs with Custom Rate>>>>
python lfier.py -l urls.txt -r 5
# >>>>Advanced Usage>>>>
- Custom headers:
python lfier.py -d "https://example.com" -H "User-Agent: CustomAgent"
- JSON output:
python lfier.py -l urls.txt -j -o results.json
---
βοΈ >>>>Important Notes>>>>
- Always activate the virtual environment before using LFIer:
source venv/bin/activate
- Regularly update LFIer to keep it effective against new protections:
python lfier.py -u
This tool is a must-have for cybersecurity professionals looking to identify and remediate LFI vulnerabilities efficiently. Happy hunting!
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hacking Search Queries :
1. Shodan
A search engine for discovering internet-connected devices such as servers, routers, and IoT devices.
2. ExploitDB
A comprehensive database of publicly available exploits and vulnerabilities for security professionals.
3. Censys
Provides real-time data about devices and servers exposed to the internet, assisting with vulnerability assessments.
4. SecurityTrails
Offers in-depth DNS and domain data, useful for gathering intelligence on domains and their infrastructure.
5. ZoomEye
Similar to Shodan, this search engine focuses on finding devices and services exposed to the internet.
6. VirusTotal
A tool that analyzes files and URLs for potential threats using multiple antivirus engines and tools.
7. Maltego
A powerful tool for open-source intelligence (OSINT) gathering, mapping relationships between people, domains, and networks.
8. Google Dorks
A technique that uses advanced search operators to find specific information on websites, often used in penetration testing.
9. GreyNoise
A threat intelligence platform that helps to identify and filter out background noise in network traffic to focus on real threats.
10. Foca
A tool for gathering metadata from documents, websites, and emails to perform digital reconnaissance and OSINT collection.
11. Recon-ng
A full-featured web reconnaissance framework for open-source intelligence gathering, helping to identify and map online targets.
12. OSINT Framework
A structured framework that categorizes various open-source intelligence tools to help with cyber investigations.
13. TheHarvester
A tool for gathering emails, subdomains, hosts, and other information from public sources to assist with penetration testing.
14. ThreatMiner
A tool for gathering threat intelligence data, including information about malware and attacks, from various sources.
15. Spokeo
A tool for aggregating information about individuals, often used in social engineering and OSINT investigations.
16. Whois Lookup
A query tool for obtaining domain registration information, often used to find the owner of a domain or IP address.
17. Robtex
A network intelligence platform that provides DNS, IP address, and ASN lookup information for network reconnaissance.
18. OpenVAS
An open-source vulnerability scanner used for detecting security issues and weaknesses in networks and systems.
19. Nmap
A network scanning tool that helps detect devices, services, and vulnerabilities within a network, frequently used in penetration testing.
20. Netcraft
A tool for gathering web server information, including the hosting provider and the software stack used by websites.
21. Recon.sh
A simple OSINT tool used for gathering information about a domain, including emails, DNS records, and other associated data.
22. Sublist3r
A fast subdomain enumeration tool used to find subdomains associated with a target domain.
23. Wappalyzer
A tool that helps identify technologies used on websites, such as frameworks, web servers, and content management systems (CMS).
24. BuiltWith
Provides detailed information about the technologies used on websites, including advertising networks, analytics tools, and CMS platforms.
25. Pentesterslab
A collection of resources and tools aimed at penetration testers, focusing on offensive security.
26. Burp Suite
A popular tool used by ethical hackers for web application security testing, including scanning for vulnerabilities.
27. Hydra
A powerful password-cracking tool used for brute-force attacks on network services.
28. Mimikatz
A tool for extracting plaintext passwords, Kerberos tickets, and other sensitive information from Windows systems.
29. Cuckoo Sandbox
An automated malware analysis tool that executes suspicious files in a controlled environment to analyze their behavior.
30. ThreatCrowd
A tool for analyzing and investigating malware, IP addresses, and other threat intelligence data.
31. VirusShare
A malware sample sharing platform useful for gathering information on known malicious files and their characteristics.
32. IBM X-Force Exchange
1. Shodan
A search engine for discovering internet-connected devices such as servers, routers, and IoT devices.
2. ExploitDB
A comprehensive database of publicly available exploits and vulnerabilities for security professionals.
3. Censys
Provides real-time data about devices and servers exposed to the internet, assisting with vulnerability assessments.
4. SecurityTrails
Offers in-depth DNS and domain data, useful for gathering intelligence on domains and their infrastructure.
5. ZoomEye
Similar to Shodan, this search engine focuses on finding devices and services exposed to the internet.
6. VirusTotal
A tool that analyzes files and URLs for potential threats using multiple antivirus engines and tools.
7. Maltego
A powerful tool for open-source intelligence (OSINT) gathering, mapping relationships between people, domains, and networks.
8. Google Dorks
A technique that uses advanced search operators to find specific information on websites, often used in penetration testing.
9. GreyNoise
A threat intelligence platform that helps to identify and filter out background noise in network traffic to focus on real threats.
10. Foca
A tool for gathering metadata from documents, websites, and emails to perform digital reconnaissance and OSINT collection.
11. Recon-ng
A full-featured web reconnaissance framework for open-source intelligence gathering, helping to identify and map online targets.
12. OSINT Framework
A structured framework that categorizes various open-source intelligence tools to help with cyber investigations.
13. TheHarvester
A tool for gathering emails, subdomains, hosts, and other information from public sources to assist with penetration testing.
14. ThreatMiner
A tool for gathering threat intelligence data, including information about malware and attacks, from various sources.
15. Spokeo
A tool for aggregating information about individuals, often used in social engineering and OSINT investigations.
16. Whois Lookup
A query tool for obtaining domain registration information, often used to find the owner of a domain or IP address.
17. Robtex
A network intelligence platform that provides DNS, IP address, and ASN lookup information for network reconnaissance.
18. OpenVAS
An open-source vulnerability scanner used for detecting security issues and weaknesses in networks and systems.
19. Nmap
A network scanning tool that helps detect devices, services, and vulnerabilities within a network, frequently used in penetration testing.
20. Netcraft
A tool for gathering web server information, including the hosting provider and the software stack used by websites.
21. Recon.sh
A simple OSINT tool used for gathering information about a domain, including emails, DNS records, and other associated data.
22. Sublist3r
A fast subdomain enumeration tool used to find subdomains associated with a target domain.
23. Wappalyzer
A tool that helps identify technologies used on websites, such as frameworks, web servers, and content management systems (CMS).
24. BuiltWith
Provides detailed information about the technologies used on websites, including advertising networks, analytics tools, and CMS platforms.
25. Pentesterslab
A collection of resources and tools aimed at penetration testers, focusing on offensive security.
26. Burp Suite
A popular tool used by ethical hackers for web application security testing, including scanning for vulnerabilities.
27. Hydra
A powerful password-cracking tool used for brute-force attacks on network services.
28. Mimikatz
A tool for extracting plaintext passwords, Kerberos tickets, and other sensitive information from Windows systems.
29. Cuckoo Sandbox
An automated malware analysis tool that executes suspicious files in a controlled environment to analyze their behavior.
30. ThreatCrowd
A tool for analyzing and investigating malware, IP addresses, and other threat intelligence data.
31. VirusShare
A malware sample sharing platform useful for gathering information on known malicious files and their characteristics.
32. IBM X-Force Exchange
A threat intelligence sharing platform where cybersecurity professionals can access and share information about threats and vulnerabilities.
33. AlienVault OTX
An open threat intelligence platform that provides a community-driven collection of actionable cybersecurity data.
34. Honeyd
A honeypot tool for simulating different types of computer systems and services to capture network-based attacks.
35. LogRhythm
A security information and event management (SIEM) tool used for monitoring and analyzing log data for suspicious activity.
36. Snort
A widely-used open-source intrusion detection system (IDS) that analyzes network traffic for malicious activity.
37. Suricata
A high-performance IDS/IPS (Intrusion Prevention System) and network security monitoring tool used to detect and block threats in real-time.
38. ZAP (OWASP Zed Attack Proxy)
A popular open-source security testing tool used to find vulnerabilities in web applications through penetration testing.
39. Social-Engineer Toolkit (SET)
A framework for automating social engineering attacks such as phishing, credential harvesting, and exploitation.
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
33. AlienVault OTX
An open threat intelligence platform that provides a community-driven collection of actionable cybersecurity data.
34. Honeyd
A honeypot tool for simulating different types of computer systems and services to capture network-based attacks.
35. LogRhythm
A security information and event management (SIEM) tool used for monitoring and analyzing log data for suspicious activity.
36. Snort
A widely-used open-source intrusion detection system (IDS) that analyzes network traffic for malicious activity.
37. Suricata
A high-performance IDS/IPS (Intrusion Prevention System) and network security monitoring tool used to detect and block threats in real-time.
38. ZAP (OWASP Zed Attack Proxy)
A popular open-source security testing tool used to find vulnerabilities in web applications through penetration testing.
39. Social-Engineer Toolkit (SET)
A framework for automating social engineering attacks such as phishing, credential harvesting, and exploitation.
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
UNDERCODE TESTING
Free
π¦SOC Automation Matrix: Capabilities and Gaps!
A structured framework to evaluate and optimize SOC automation potential to pinpoint critical areas for automation, implement targeted strategies, and significantly enhance threat response capabilities.
The matrix is organized into categories containing various automation capabilities. Each capability includes:
β’ Description: A brief overview of the capability.
β’ Techniques: Technology-agnostic ideas for implementation.
β’ Examples: Relevant workflow templates.
β’ References: Additional research contributing to capability.
This tool offers a platform-agnostic approach and delivers an independent reference point for us to assess what security automation can achieve and plan the next steps.
Source: https://tinesio.notion.site/4fd14ccf93e7408c8faf96c5aca8c3fd?v=ec12309e0f42446e83c08565c5dc52b2
The SOC Automation Capability Matrix connects threat hunting with data analysis by automating how security data is collected, processed, and enriched.
Ref: Dr. Meisam Eslahi
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
A structured framework to evaluate and optimize SOC automation potential to pinpoint critical areas for automation, implement targeted strategies, and significantly enhance threat response capabilities.
The matrix is organized into categories containing various automation capabilities. Each capability includes:
β’ Description: A brief overview of the capability.
β’ Techniques: Technology-agnostic ideas for implementation.
β’ Examples: Relevant workflow templates.
β’ References: Additional research contributing to capability.
This tool offers a platform-agnostic approach and delivers an independent reference point for us to assess what security automation can achieve and plan the next steps.
Source: https://tinesio.notion.site/4fd14ccf93e7408c8faf96c5aca8c3fd?v=ec12309e0f42446e83c08565c5dc52b2
The SOC Automation Capability Matrix connects threat hunting with data analysis by automating how security data is collected, processed, and enriched.
Ref: Dr. Meisam Eslahi
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Tines_io on Notion
SOC Automation Capability Matrix | Notion
The Automation Capability Matrix describes common activities which most security operations centers can automate
π¦π
πππ 100% off #cybersecurity udemy course.
π Total 100+ hours learning content.
π¨coupon code limit 100 or 1000 enrolments only.
CompTIA IT Fundamentals Exam FC0-U61 Simplified
(coupon code: AD897D891A9EF032AC18)
https://lnkd.in/gAbDPmr3
The #ISO 26000 Master Class: Empowering Ethical Leadership (coupon code: 0EBD8F6DFC2FF2DD905C)
https://lnkd.in/gt-_n2sy
IP Addressing and Subnetting - Hands-on Learning Approach (coupon code: 50A2C30D761734BE585A)
https://lnkd.in/gvTMBrKK
#CompTIA A+ (220-1102) Core 2 Practice Exams (coupon code: B3CA5A52F5C136D00A0E)
https://lnkd.in/gdMWx2cU
CompTIA A+ (220-1101) Core 1 Practice Exams (coupon code: DEA036405FE7E1908703)
https://lnkd.in/gnfwPir5
The Complete ISO 9001:2015 Master Class (coupon code: C2EC38DEDFFCED88471C)
https://lnkd.in/gKEBXYBN
Ref: Ahmad Parvez
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π Total 100+ hours learning content.
π¨coupon code limit 100 or 1000 enrolments only.
CompTIA IT Fundamentals Exam FC0-U61 Simplified
(coupon code: AD897D891A9EF032AC18)
https://lnkd.in/gAbDPmr3
The #ISO 26000 Master Class: Empowering Ethical Leadership (coupon code: 0EBD8F6DFC2FF2DD905C)
https://lnkd.in/gt-_n2sy
IP Addressing and Subnetting - Hands-on Learning Approach (coupon code: 50A2C30D761734BE585A)
https://lnkd.in/gvTMBrKK
#CompTIA A+ (220-1102) Core 2 Practice Exams (coupon code: B3CA5A52F5C136D00A0E)
https://lnkd.in/gdMWx2cU
CompTIA A+ (220-1101) Core 1 Practice Exams (coupon code: DEA036405FE7E1908703)
https://lnkd.in/gnfwPir5
The Complete ISO 9001:2015 Master Class (coupon code: C2EC38DEDFFCED88471C)
https://lnkd.in/gKEBXYBN
Ref: Ahmad Parvez
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
lnkd.in
LinkedIn
This link will take you to a page thatβs not on LinkedIn
Forwarded from Exploiting Crew (Pr1vAt3)
This media is not supported in your browser
VIEW IN TELEGRAM
π¦Video Link Injection Vulnerability:
The application is vulnerable to a link injection attack in the email content generated from the contact form. This vulnerability allows an attacker to inject malicious links into form fields, such as the "First Name" field, which are then included in the system-generated email. A successful exploitation can lead to phishing attacks, where users are redirected to fraudulent websites that may steal sensitive information like login credentials.
Ref: Aditay Kumar
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
The application is vulnerable to a link injection attack in the email content generated from the contact form. This vulnerability allows an attacker to inject malicious links into form fields, such as the "First Name" field, which are then included in the system-generated email. A successful exploitation can lead to phishing attacks, where users are redirected to fraudulent websites that may steal sensitive information like login credentials.
Ref: Aditay Kumar
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FREE LABS RED TEAM/BLUE TEAM and CTF SKILLS TO 2025:
Share with your network and friends.
Β· Attack-Defense - https://attackdefense.com
Β· Alert to win - https://alf.nu/alert1
Β· Buffer Overflow Labs - https://lnkd.in/eNbEWYh
Β· CryptoHack - https://cryptohack.org/
Β· CMD Challenge - https://cmdchallenge.com
Β· Cyberdefenders - https://lnkd.in/dVcmjEw8
Β· Damn Vulnerable Repository - https://lnkd.in/dEitQx6H
Β· Defend The Web - https://defendtheweb.net/
Β· Exploitation Education - https://exploit.education
Β· Google CTF - https://lnkd.in/e46drbz8
Β· HackTheBox - https://www.hackthebox.com
Β· Hacker101 - https://ctf.hacker101.com
Β· Hacking-Lab - https://hacking-lab.com/
Β· ImmersiveLabs - https://immersivelabs.com
Β· Infinity Learning CWL - https://lnkd.in/dbx-VhXu
Β· LetsDefend- https://letsdefend.io/
Β· NewbieContest - https://lnkd.in/ewBk6fU5
Β· OverTheWire - http://overthewire.org
Β· Practical Pentest Labs - https://lnkd.in/esq9Yuv5
Β· Pentestlab - https://pentesterlab.com
Β· Penetration Testing Practice Labs - https://lnkd.in/e6wVANYd
Β· PentestIT LAB - https://lab.pentestit.ru
Β· PicoCTF - https://picoctf.com
Β· PWNABLE - https://lnkd.in/eMEwBJzn
Β· Root-Me - https://www.root-me.org
Β· Red Team Exercises - https://lnkd.in/dMBfz-Sp
Β· Root in Jail - http://rootinjail.com
Β· SANS Challenger - https://lnkd.in/e5TAMawK
Β· SmashTheStack - https://lnkd.in/eVn9rP9p
Β· The Cryptopals Crypto Challenges - https://cryptopals.com
Β· Try Hack Me - https://tryhackme.com
Β· Vulnhub - https://www.vulnhub.com
Β· Vulnmachine - https://lnkd.in/eJ2e_kD
Β· W3Challs - https://w3challs.com
Β· WeChall - http://www.wechall.net
Β· Websploit - https://websploit.org/
Β· Zenk-Security - https://lnkd.in/ewJ5rNx2
Ref: Joas A Santos
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Share with your network and friends.
Β· Attack-Defense - https://attackdefense.com
Β· Alert to win - https://alf.nu/alert1
Β· Buffer Overflow Labs - https://lnkd.in/eNbEWYh
Β· CryptoHack - https://cryptohack.org/
Β· CMD Challenge - https://cmdchallenge.com
Β· Cyberdefenders - https://lnkd.in/dVcmjEw8
Β· Damn Vulnerable Repository - https://lnkd.in/dEitQx6H
Β· Defend The Web - https://defendtheweb.net/
Β· Exploitation Education - https://exploit.education
Β· Google CTF - https://lnkd.in/e46drbz8
Β· HackTheBox - https://www.hackthebox.com
Β· Hacker101 - https://ctf.hacker101.com
Β· Hacking-Lab - https://hacking-lab.com/
Β· ImmersiveLabs - https://immersivelabs.com
Β· Infinity Learning CWL - https://lnkd.in/dbx-VhXu
Β· LetsDefend- https://letsdefend.io/
Β· NewbieContest - https://lnkd.in/ewBk6fU5
Β· OverTheWire - http://overthewire.org
Β· Practical Pentest Labs - https://lnkd.in/esq9Yuv5
Β· Pentestlab - https://pentesterlab.com
Β· Penetration Testing Practice Labs - https://lnkd.in/e6wVANYd
Β· PentestIT LAB - https://lab.pentestit.ru
Β· PicoCTF - https://picoctf.com
Β· PWNABLE - https://lnkd.in/eMEwBJzn
Β· Root-Me - https://www.root-me.org
Β· Red Team Exercises - https://lnkd.in/dMBfz-Sp
Β· Root in Jail - http://rootinjail.com
Β· SANS Challenger - https://lnkd.in/e5TAMawK
Β· SmashTheStack - https://lnkd.in/eVn9rP9p
Β· The Cryptopals Crypto Challenges - https://cryptopals.com
Β· Try Hack Me - https://tryhackme.com
Β· Vulnhub - https://www.vulnhub.com
Β· Vulnmachine - https://lnkd.in/eJ2e_kD
Β· W3Challs - https://w3challs.com
Β· WeChall - http://www.wechall.net
Β· Websploit - https://websploit.org/
Β· Zenk-Security - https://lnkd.in/ewJ5rNx2
Ref: Joas A Santos
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
lnkd.in
LinkedIn
This link will take you to a page thatβs not on LinkedIn
Forwarded from Exploiting Crew (Pr1vAt3)
π¦πCyberAdvent Day 21: pyDescribeSDDL - Simplify Windows SDDL Analysis
π Ever struggled with decoding SDDL strings during audits or pentests? With pyDescribeSDDL, you can transform Security Descriptor Definition Language (SDDL) strings into readable insights effortlessly!
π What is pyDescribeSDDL?
pyDescribeSDDL is a Python tool designed to parse and describe the contents of SDDL strings, making it easier to analyze Access Control Entries (ACEs), Access Control Lists (ACLs), and associated SIDs and GUIDs.
π Key Features
1οΈβ£ Human-readable summaries: Use the --summary option to output clear and concise access information.
2οΈβ£ ACE Parsing: Supports detailed analysis of all major ACE types
3οΈβ£ SID Resolution: Automatically resolve well-known SIDs to their human-readable names.
4οΈβ£ GUID Parsing: Decode well-known GUIDs for easier interpretation.
π Check out pyDescribeSDDL here: https://github.com/p0dalirius/pyDescribeSDDL
Ref: RΓ©mi Gascou (Podalirius)RΓ©mi Gascou
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π Ever struggled with decoding SDDL strings during audits or pentests? With pyDescribeSDDL, you can transform Security Descriptor Definition Language (SDDL) strings into readable insights effortlessly!
π What is pyDescribeSDDL?
pyDescribeSDDL is a Python tool designed to parse and describe the contents of SDDL strings, making it easier to analyze Access Control Entries (ACEs), Access Control Lists (ACLs), and associated SIDs and GUIDs.
π Key Features
1οΈβ£ Human-readable summaries: Use the --summary option to output clear and concise access information.
2οΈβ£ ACE Parsing: Supports detailed analysis of all major ACE types
3οΈβ£ SID Resolution: Automatically resolve well-known SIDs to their human-readable names.
4οΈβ£ GUID Parsing: Decode well-known GUIDs for easier interpretation.
π Check out pyDescribeSDDL here: https://github.com/p0dalirius/pyDescribeSDDL
Ref: RΓ©mi Gascou (Podalirius)RΓ©mi Gascou
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from Exploiting Crew (Pr1vAt3)
π¦Web Vulnerability Resource - XSS
Unferstanding XSS Attack
https://lnkd.in/dg9THu25
XSS Filter Evasion by johnermac
https://lnkd.in/dk_gpSRP
Payloads XSs Evasion by citybasebrooks
https://lnkd.in/d4YQjBxE
XSS Resource by BruteLogic
https://lnkd.in/dcVG-RSX
XSS Challegens
https://lnkd.in/dhcbNe6d
https://lnkd.in/dif8SVjK
How to Find XSS by HackerOne
https://lnkd.in/dvqNm5bT
Learning about Cross Site Scripting (XSS)
https://lnkd.in/dYETX2VV
XSS CheatSheet by Portswigger Labs
https://lnkd.in/dAxxwj4
Hacktivity XSS by HackerOne
https://lnkd.in/dNNM86wx
XSS Explained by NahamSec
https://lnkd.in/dJiTs2td
XSS Stored, Blind, Reflected and DOM by InsiderPhD
https://lnkd.in/d9KzwBfd
Web Hacking Beyond Alert by Wild West
https://lnkd.in/djbgjFS8
XSS Tools
XSSTRIKE https://lnkd.in/dJkuhQ4X
Dalfox https://lnkd.in/dp_UnjGM
XSSMap https://lnkd.in/dgfqdEhj
FinDOM XSS https://lnkd.in/dffQm67D
Ref: Joas A SantosJoas A Santos
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Unferstanding XSS Attack
https://lnkd.in/dg9THu25
XSS Filter Evasion by johnermac
https://lnkd.in/dk_gpSRP
Payloads XSs Evasion by citybasebrooks
https://lnkd.in/d4YQjBxE
XSS Resource by BruteLogic
https://lnkd.in/dcVG-RSX
XSS Challegens
https://lnkd.in/dhcbNe6d
https://lnkd.in/dif8SVjK
How to Find XSS by HackerOne
https://lnkd.in/dvqNm5bT
Learning about Cross Site Scripting (XSS)
https://lnkd.in/dYETX2VV
XSS CheatSheet by Portswigger Labs
https://lnkd.in/dAxxwj4
Hacktivity XSS by HackerOne
https://lnkd.in/dNNM86wx
XSS Explained by NahamSec
https://lnkd.in/dJiTs2td
XSS Stored, Blind, Reflected and DOM by InsiderPhD
https://lnkd.in/d9KzwBfd
Web Hacking Beyond Alert by Wild West
https://lnkd.in/djbgjFS8
XSS Tools
XSSTRIKE https://lnkd.in/dJkuhQ4X
Dalfox https://lnkd.in/dp_UnjGM
XSSMap https://lnkd.in/dgfqdEhj
FinDOM XSS https://lnkd.in/dffQm67D
Ref: Joas A SantosJoas A Santos
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
lnkd.in
LinkedIn
This link will take you to a page thatβs not on LinkedIn
π¦[π
πππ πππππππππ - ππππππ πππππππππ πππππππ]
Whether you are preparing for a certification or need to sharpen your skills for your pentests.
π€Here is a list of resources π€:
ππππ ππ¨ π©π«ππππ’ππ?
πSet up and AD home lab with this blog post from spookysec:
https://lnkd.in/d-Dt7PBA
πYou also have a script here to set up a Vulnerable AD lab by WazeHell
https://lnkd.in/dyZS6WWr
π Check out the dedicated section on Active Directory of PenTips
https://lnkd.in/dhTP_eyt
πHere is a collection of various common attack scenarios on Microsoft Azure Active Directory by Cloud-Architekt:
https://lnkd.in/dnFfRRMM
πJulien Provenzano βοΈ shared a great document full of resources here:
https://lnkd.in/d-skx-R3
πFinally here is an Active Directory Exploitation Cheat Sheet by Integration-IT
https://lnkd.in/dBijrUjT
Resources Credit : Gabrielle
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Whether you are preparing for a certification or need to sharpen your skills for your pentests.
π€Here is a list of resources π€:
ππππ ππ¨ π©π«ππππ’ππ?
πSet up and AD home lab with this blog post from spookysec:
https://lnkd.in/d-Dt7PBA
πYou also have a script here to set up a Vulnerable AD lab by WazeHell
https://lnkd.in/dyZS6WWr
π Check out the dedicated section on Active Directory of PenTips
https://lnkd.in/dhTP_eyt
πHere is a collection of various common attack scenarios on Microsoft Azure Active Directory by Cloud-Architekt:
https://lnkd.in/dnFfRRMM
πJulien Provenzano βοΈ shared a great document full of resources here:
https://lnkd.in/d-skx-R3
πFinally here is an Active Directory Exploitation Cheat Sheet by Integration-IT
https://lnkd.in/dBijrUjT
Resources Credit : Gabrielle
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
security_SOC_2025.pdf
647.9 KB
π¦ SOC Architectures & Frameworks: Key to Cybersecurity! π¨
As cyber threats grow, choosing the right Security Operations Center (SOC) and framework is crucial. Hereβs a quick guide:
SOC Architectures:
Centralized SOC: One location, best for large organizations.
Decentralized SOC: Multiple locations, ideal for global companies.
Virtual SOC: Cloud-based, cost-effective for SMBs.
Hybrid SOC: Combines all models, offering flexibility.
Popular Frameworks:
NIST CSF: Risk-based, customizable.
MITRE ATT&CK: Helps improve threat detection.
ISO 27001: Compliance-focused, globally recognized.
CIS Controls: Simple, prioritized security controls.
Key Considerations: Budget, company size, risk level, and compliance needs. Make the right choice to protect your organization!
Ref: in pdf
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
As cyber threats grow, choosing the right Security Operations Center (SOC) and framework is crucial. Hereβs a quick guide:
SOC Architectures:
Centralized SOC: One location, best for large organizations.
Decentralized SOC: Multiple locations, ideal for global companies.
Virtual SOC: Cloud-based, cost-effective for SMBs.
Hybrid SOC: Combines all models, offering flexibility.
Popular Frameworks:
NIST CSF: Risk-based, customizable.
MITRE ATT&CK: Helps improve threat detection.
ISO 27001: Compliance-focused, globally recognized.
CIS Controls: Simple, prioritized security controls.
Key Considerations: Budget, company size, risk level, and compliance needs. Make the right choice to protect your organization!
Ref: in pdf
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β