#Beacon
https://youtu.be/HlL2NZK5fVU?list=PLtZtNPs3fJyB37loFSAM5OD-IEnn18gu9
YouTube
Beginner to Advanced Bug Bounty Hunting Course | 2022
All my videos are for educational purposes with bug bounty hunters and penetration testers in mind YouTube don't take down my videos 😉
Ethical hacking web application hacking and bug bounty hunting
Follow me on Twitter = https://twitter.com/PhD_Security…
Ethical hacking web application hacking and bug bounty hunting
Follow me on Twitter = https://twitter.com/PhD_Security…
👍4🔥1🤩1
Forwarded from The Bug Bounty Hunter
Regulator: A unique method of subdomain enumeration
https://cramppet.github.io/regulator/index.html
https://cramppet.github.io/regulator/index.html
👍1
Forwarded from Deleted Account
Удар_по_контейнерам_Пентестим_Docker_и_Kubernetes_в_облаке_Amazon.pdf
4 MB
💩3👍2🤩1
Forwarded from beacon private!
#cicd #cicdsecurity #security
1. https://cloud.hacktricks.xyz/pentesting-ci-cd/pentesting-ci-cd-methodology
2. https://habr.com/ru/company/swordfish_security/blog/524490/
3. https://www.cidersecurity.io/blog/research/ppe-poisoned-pipeline-execution/?utm_source=github&utm_medium=github_page&utm_campaign=ci%2fcd%20goat_060422
4. https://github.com/cider-security-research/cicd-goat
5. https://wp.nyu.edu/dispatch/pentesting-for-your-ci-cd-pipeline/
6. https://www.invicti.com/blog/web-security/sensitive-data-exposure-public-web-assets-hidden-threat/
7. https://gist.github.com/reewardius/8391a02e7f16d6b25796ff3b1a95719b
8. https://github.com/aquasecurity/chain-bench
9. https://github.com/aquasecurity/chain-bench/blob/main/docs/CIS-Software-Supply-Chain-Security-Guide-v1.0.pdf
10. https://www.cidersecurity.io/top-10-cicd-security-risks/
11. https://www.techtarget.com/searchitoperations/tip/7-best-practices-to-ensure-your-CI-CD-pipelines-security
12. https://www.plutora.com/blog/7-most-important-ci-cd-security-best-practices-2022
13. https://t.me/k8security/424
14. https://t.me/k8security/725
15. https://gist.github.com/reewardius/03da47fb6b3c08063436c521a67c0373
16. https://gist.github.com/reewardius/87eecd50b81aa5a936301d261d0ebfcf
1. https://cloud.hacktricks.xyz/pentesting-ci-cd/pentesting-ci-cd-methodology
2. https://habr.com/ru/company/swordfish_security/blog/524490/
3. https://www.cidersecurity.io/blog/research/ppe-poisoned-pipeline-execution/?utm_source=github&utm_medium=github_page&utm_campaign=ci%2fcd%20goat_060422
4. https://github.com/cider-security-research/cicd-goat
5. https://wp.nyu.edu/dispatch/pentesting-for-your-ci-cd-pipeline/
6. https://www.invicti.com/blog/web-security/sensitive-data-exposure-public-web-assets-hidden-threat/
7. https://gist.github.com/reewardius/8391a02e7f16d6b25796ff3b1a95719b
8. https://github.com/aquasecurity/chain-bench
9. https://github.com/aquasecurity/chain-bench/blob/main/docs/CIS-Software-Supply-Chain-Security-Guide-v1.0.pdf
10. https://www.cidersecurity.io/top-10-cicd-security-risks/
11. https://www.techtarget.com/searchitoperations/tip/7-best-practices-to-ensure-your-CI-CD-pipelines-security
12. https://www.plutora.com/blog/7-most-important-ci-cd-security-best-practices-2022
13. https://t.me/k8security/424
14. https://t.me/k8security/725
15. https://gist.github.com/reewardius/03da47fb6b3c08063436c521a67c0373
16. https://gist.github.com/reewardius/87eecd50b81aa5a936301d261d0ebfcf
cloud.hacktricks.xyz
Pentesting CI/CD Methodology | HackTricks Cloud
#kubernetes #full #will_be_updated
Interesting talks:
1) https://www.youtube.com/watch?v=vTgQLzeBfRU&t=2119s
2) https://www.youtube.com/watch?v=fVqCAUJiIn0&t=1637s
3) https://www.youtube.com/watch?v=dxKpCO2dAy8
4) Kubernetes Goat - https://youtu.be/5ojho4L6Xfo
5) На русском: https://youtu.be/MwVXWU324XY
6) https://youtu.be/Ek1oaGwfli0
7) https://youtu.be/PZBLOCSmeiA
8) https://youtu.be/JoLgVBTc73c
9) https://youtu.be/LtCx3zZpOfs
10) https://youtu.be/UdMFTdeAL1s
11) https://youtu.be/xDj4_ZI1Y9A
12) https://youtu.be/iD_klswHJQs
13) https://youtu.be/1w_t6mOaOq4
· https://microsoft.github.io/Threat-Matrix-for-Kubernetes/
· https://infosecwriteups.com/attacking-kubernetes-part-1-9192886b09c5
· https://labs.withsecure.com/publications/attacking-kubernetes-through-kubelet
· https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-1
· https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-2
· https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-3
· https://lobuhisec.medium.com/kubernetes-pentest-recon-checklist-tools-and-resources-30d8e4b69463
· https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/
· https://cloudsecdocs.com/container_security/offensive/
· https://tbhaxor.com/container-breakout-part-1/
· https://habr.com/ru/company/flant/blog/465141/
· https://habr.com/ru/company/southbridge/blog/655409/
· https://habr.com/ru/company/southbridge/blog/507656/
· https://github.com/g3rzi/HackingKubernetes
· https://gitlab.com/pentest-tools/PayloadsAllTheThings/-/tree/master/Kubernetes
https://www.microsoft.com/en-us/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/
https://t.me/k8security/756
Course Youtube:
· https://www.youtube.com/@MrIntern/videos
· https://youtu.be/W1eiMWGZwKo
· https://www.youtube.com/@learnwithgvr
· https://www.youtube.com/@learnwithggs6888
HTB:
· https://0xdf.gitlab.io/2021/09/04/htb-unobtainium.html
· https://0xdf.gitlab.io/2022/02/14/htb-steamcloud.html
Goat:
· https://madhuakula.com/kubernetes-goat/
· https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/
CloudTricks:
· https://cloud.hacktricks.xyz/pentesting-cloud/
CTF:
· https://hackernoon.com/capturing-all-the-flags-in-bsidessf-ctf-by-pwning-our-infrastructure-3570b99b4dd0
Tools:
https://github.com/inguardians/peirates
https://github.com/cdk-team/CDK
https://github.com/cyberark/kubesploit
https://github.com/aquasecurity/kube-hunter
https://github.com/aquasecurity/kube-bench
https://github.com/quarkslab/kdigger
https://github.com/kubescape/kubescape
https://github.com/controlplaneio/kubesec
https://github.com/brompwnie/botb
https://github.com/ctrsploit/ctrsploit
https://github.com/dev-sec/cis-kubernetes-benchmark
https://github.com/dev-sec/cis-docker-benchmark
https://github.com/deepfence/SecretScanner
https://github.com/GitGuardian/ggshield
https://github.com/hadolint/hadolint
https://github.com/goodwithtech/dockle
https://github.com/aquasecurity/trivy
https://github.com/stealthcopter/deepce
https://github.com/Ullaakut/Gorsair
https://github.com/anchore/grype
https://github.com/liamg/traitor
https://github.com/chen-keinan/kube-beacon
https://github.com/cyberark/kubernetes-rbac-audit
Interesting talks:
1) https://www.youtube.com/watch?v=vTgQLzeBfRU&t=2119s
2) https://www.youtube.com/watch?v=fVqCAUJiIn0&t=1637s
3) https://www.youtube.com/watch?v=dxKpCO2dAy8
4) Kubernetes Goat - https://youtu.be/5ojho4L6Xfo
5) На русском: https://youtu.be/MwVXWU324XY
6) https://youtu.be/Ek1oaGwfli0
7) https://youtu.be/PZBLOCSmeiA
8) https://youtu.be/JoLgVBTc73c
9) https://youtu.be/LtCx3zZpOfs
10) https://youtu.be/UdMFTdeAL1s
11) https://youtu.be/xDj4_ZI1Y9A
12) https://youtu.be/iD_klswHJQs
13) https://youtu.be/1w_t6mOaOq4
· https://microsoft.github.io/Threat-Matrix-for-Kubernetes/
· https://infosecwriteups.com/attacking-kubernetes-part-1-9192886b09c5
· https://labs.withsecure.com/publications/attacking-kubernetes-through-kubelet
· https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-1
· https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-2
· https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-3
· https://lobuhisec.medium.com/kubernetes-pentest-recon-checklist-tools-and-resources-30d8e4b69463
· https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/
· https://cloudsecdocs.com/container_security/offensive/
· https://tbhaxor.com/container-breakout-part-1/
· https://habr.com/ru/company/flant/blog/465141/
· https://habr.com/ru/company/southbridge/blog/655409/
· https://habr.com/ru/company/southbridge/blog/507656/
· https://github.com/g3rzi/HackingKubernetes
· https://gitlab.com/pentest-tools/PayloadsAllTheThings/-/tree/master/Kubernetes
https://www.microsoft.com/en-us/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/
https://t.me/k8security/756
Course Youtube:
· https://www.youtube.com/@MrIntern/videos
· https://youtu.be/W1eiMWGZwKo
· https://www.youtube.com/@learnwithgvr
· https://www.youtube.com/@learnwithggs6888
HTB:
· https://0xdf.gitlab.io/2021/09/04/htb-unobtainium.html
· https://0xdf.gitlab.io/2022/02/14/htb-steamcloud.html
Goat:
· https://madhuakula.com/kubernetes-goat/
· https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/
CloudTricks:
· https://cloud.hacktricks.xyz/pentesting-cloud/
CTF:
· https://hackernoon.com/capturing-all-the-flags-in-bsidessf-ctf-by-pwning-our-infrastructure-3570b99b4dd0
Tools:
https://github.com/inguardians/peirates
https://github.com/cdk-team/CDK
https://github.com/cyberark/kubesploit
https://github.com/aquasecurity/kube-hunter
https://github.com/aquasecurity/kube-bench
https://github.com/quarkslab/kdigger
https://github.com/kubescape/kubescape
https://github.com/controlplaneio/kubesec
https://github.com/brompwnie/botb
https://github.com/ctrsploit/ctrsploit
https://github.com/dev-sec/cis-kubernetes-benchmark
https://github.com/dev-sec/cis-docker-benchmark
https://github.com/deepfence/SecretScanner
https://github.com/GitGuardian/ggshield
https://github.com/hadolint/hadolint
https://github.com/goodwithtech/dockle
https://github.com/aquasecurity/trivy
https://github.com/stealthcopter/deepce
https://github.com/Ullaakut/Gorsair
https://github.com/anchore/grype
https://github.com/liamg/traitor
https://github.com/chen-keinan/kube-beacon
https://github.com/cyberark/kubernetes-rbac-audit
YouTube
Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantec
Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantec
While Kubernetes offers new and exciting ways to deploy and scale container-based workloads in production, many organizations may not be aware of the security risks inherent…
While Kubernetes offers new and exciting ways to deploy and scale container-based workloads in production, many organizations may not be aware of the security risks inherent…
Hi all, last week I was inspired by the idea of creating a dictionary using artificial intelligence. The old dictionaries in most projects were no longer finding anything, as they were as old as possible and no new wordlists were being added.
I present you a dictionary, which was 70% generated with OpenAI ChatGPT, the other 30% were taken from Bo0om (fuzz.txt) and other bughunters.
This dictionary contains configuration files ranging from development, frameworks, SCM, configuration for automated QA software to CNI plugins for Kubernetes.
The project is alive and will be actively supplemented and cleaned up.
https://github.com/reewardius/bbFuzzing.txt
I present you a dictionary, which was 70% generated with OpenAI ChatGPT, the other 30% were taken from Bo0om (fuzz.txt) and other bughunters.
This dictionary contains configuration files ranging from development, frameworks, SCM, configuration for automated QA software to CNI plugins for Kubernetes.
The project is alive and will be actively supplemented and cleaned up.
https://github.com/reewardius/bbFuzzing.txt
GitHub
GitHub - reewardius/bbFuzzing.txt
Contribute to reewardius/bbFuzzing.txt development by creating an account on GitHub.
#Beacon
Hi all, last week I was inspired by the idea of creating a dictionary using artificial intelligence. The old dictionaries in most projects were no longer finding anything, as they were as old as possible and no new wordlists were being added. I present you…
GitHub
GitHub - reewardius/bbDomains.txt
Contribute to reewardius/bbDomains.txt development by creating an account on GitHub.
Forwarded from PAINtest
Сегодня при тестировании одного из веб-ресурсов мне потребовалось обойти блокировки по IP-адресу, но я обнаружил, что в русскоязычных ресурсах совсем нет гайдов на эту тему. Собственно, поэтому с «лёгкой руки» и буквально за 30 минут родилась эта заметка, описывающая один из методов обхода блокировки по айпишнику - с помощью IPRotate расширения для BurpSuite.
Плагин позволяет направлять каждый запрос Burp через AWS API Gateway, а, значит, изменять IP-адрес клиента, видимый целевым сервером.
Использование плагина может быть полезно для перебора учетных данных, обхода ограничений на частоту запросов API или блокировки WAF.
Пошаговая инструкция по ссылке:
https://w0lfreak.medium.com/ip-rotate-burpsuite-18020efe4f79
Приятного чтения и, надеюсь, будет полезно! 😉
Плагин позволяет направлять каждый запрос Burp через AWS API Gateway, а, значит, изменять IP-адрес клиента, видимый целевым сервером.
Использование плагина может быть полезно для перебора учетных данных, обхода ограничений на частоту запросов API или блокировки WAF.
Пошаговая инструкция по ссылке:
https://w0lfreak.medium.com/ip-rotate-burpsuite-18020efe4f79
Приятного чтения и, надеюсь, будет полезно! 😉
Medium
IP Rotate BurpSuite
Intro