All posts tagged cyber

■■■■■ Tools & Interesting Things for RedTeam Ops. https://github.com/bigb0sss/RedTeam-OffensiveSecurity https://t.me/cKure/11851

■■■□□ File Block EXE. https://github.com/trustedsec/SysmonCommunityGuide/blob/master/chapters/file-blockshredding.md https://t.me/cKure/11850

A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain. https://github.com/Dec0ne/ShadowSpray/ https://t.me/cKure/11848

■■■■□ Hackers Can Use ‘App Mode’ in Chromium Browsers’ for Stealth Phishing Attacks. https://thehackernews.com/2022/10/hackers-can-use-app-mode-in-chromium.html https://t.me/cKure/11847

■■■■■ Zero-Day: CVE-2022-40684 (CVSS score: 9.6). Fortinet revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. https://thehackernews.com/2022/10/fortinet-warns-of-active-exploitation.html https://t.me/cKure/11846

■■■□□ Real-world infosec wordlists, updated regularly. https://github.com/trickest/wordlists https://t.me/cKure/11845

● Yet another website: sqlflow.gudusoft.com (Visualizing SQL queries) https://t.me/cKure/11843

■■■■■ Tool: Katana-ds (ds for dork_scanner) is a simple python tool that automates Google Hacking/Dorking and supports Tor. It becomes a more powerful in combination with GHDB. https://github.com/TebbaaX/Katana https://t.me/cKure/11841

■■■■□ Here are 30 cybersecurity search engines: 1. Dehashed—View leaked credentials. 2. SecurityTrails—Extensive DNS data. 3. DorkSearch—Really fast Google dorking. 4. ExploitDB—Archive of various exploits. 5. ZoomEye—Gather information about targets. 6. Pulsedive—Search for threat intelligence. 7. GrayHatWarfare—Search public S3 buckets. 8. PolySwarm—Scan files and URLs for threats. 9. Fofa—Search for various threat intelligence. 10. LeakIX—Search…

■■■□□ Search-dorks for Duck.com https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/ https://t.me/cKure/11838