​​Awesome Azure Penetration Testing

A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure.

https://github.com/Kyuu-Ji/Awesome-Azure-Pentest

#cybersecurity #infosec #pentesting

​​SSRFmap

Automatic SSRF fuzzer and exploitation tool.

SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz.

https://github.com/swisskyrepo/SSRFmap

#cybersecurity #infosec #pentesting

Cloud Hacking: Web3.0 Approach

https://www.youtube.com/watch?v=mGWP8cEe0Mo

Bug Bounty Hint

How to test for SQL injection 👇

1) Select params for testing in:

🔹 URL query
🔹 POST body
🔹 Headers
🔹 Cookies

It can be any parameter. Typically, I test integer parameters first.

2) Perform math if the tested field is an integer:

🔹 user_id=1338-1

If there is a sign of an SQL injection, you will see a result with user_id=1337.

3) Try to add symbols at the end of the parameter:

🔹 ' (single quote)
🔹 " (double quote)
🔹 ; (semicolon)

Observe the response status. If you spot an error response, there might be a chance of SQL injection.

4) Try to add another symbol and see if the error disappears

🔹 login=admin (status: 200)
🔹 login=admin' (status: 500)
🔹 login=admin'' (status: 200)

In SQL the escape character for a single quote is another single quote, and for a double quote is another double quote

5) Perform SQL query functions

Int
🔹 user_id=1337 AND 1=1 ✅
🔹 user_id=1337 AND 2=1 ❌

Text
🔹 login=admin' AND 'A'='A ✅
🔹 login=admin' AND 'A'='B ❌

JSON int
🔹 {"user_id":"1337 AND 1=1"} ✅

6) Combine SQL query functions with comments

Int ✅
🔹 user_id=1337 AND 1=1 --

Text ✅
🔹 login=admin' AND 'A'='A' --

JSON int ✅
🔹 {"user_id":"1337 AND 1=1 --"}

JSON text ✅
🔹 {"login":"admin' AND 'A'='A' --"}

7) Use Tools to test vulnerable params further

🔹 sqlmap
🔹 r0oth3x49/ghauri (github)

Remember that you only need to obtain the database version for the initial Proof of Concept (POC). Further exploitation should be tested only with permission from the program/company

8) You can use the following DB Fiddle to experiment with SQL injection points and behavior.

Edit SQL queries on the right and then click RUN to see how the SQL queries are executed and what results are displayed at the bottom.

https://www.db-fiddle.com/f/mZ2ftcLLzZLbrEELn38hjQ/0

Android Penetration Testing Cheat Sheet
https://github.com/ivan-sincek/android-penetration-testing-cheat-sheet

​​Scoper

This is a #BurpSuite extension that allows users to easily add web addresses to the Burp Suite scope

https://github.com/haticeerturk/scoper

​​learning-reverse-engineering

This repository contains sample programs written primarily in C and C++ for learning native code reverse engineering.

https://github.com/jstrosch/learning-reverse-engineering

​​Malware Reverse Engineering for Beginners

This repository contains relevant samples and data related to "Malware Reverse Engineering for Beginners" articles.

https://github.com/intezer/Malware-Reverse-Engineering-for-Beginners

​​Reverse-Engineering

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

https://github.com/mytechnotalent/Reverse-Engineering

​​Recon Scripts

Recon scripts for Red Team and Web blackbox auditing.

https://github.com/mtimani/Recon_scripts

Are you Looking for any Cyber Security Services?

Contact us for more details about our services here: hackerinthehouse.in/contact/
or drop an email to services@hackerinthehouse.in

​​Awesome SOC

A collection of sources of documentation, as well as field best practices, to build/run a #SOC.

https://github.com/cyb3rxp/awesome-soc

​​WinShellcode

It's a C code project created in Visual Studio that helps you generate shellcode from your C code.

https://github.com/DallasFR/WinShellcode

#infosec #pentesting #redteam

A detailed guide to OSINT 🔥

Link 🔗 : https://blog.hackerinthehouse.in/a-detailed-guide-to-osint/

Linux Kernel: Spectre v2 SMT mitigations problem ( CVE-2023-1998, PoC included )

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same beahaviour can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot comand line.

Download: https://system32.ink/news-feed/p/299/

Automating Blind Sql Injection Using Python

In this post I will show how to automate blind sql injection exploitation with Python. The techniques used are a combination of skills I learning in Offensive Security’s Advanced Web Attacks and Exploitation course as well as Justin Clarke’s “SQL Injection Attacks and Defense” book.

Read Full Article: https://bit.ly/AutoBlindSqliUsingPython

Weaponizing Discord DLL Hijacking via Excel Macros (POC)
https://ift.tt/xTWbk0Z

Submitted April 17, 2023 at 09:11PM by thehunter699
via reddit https://ift.tt/cFvmHYr

Learning faster involves improving your ability to acquire, process, and retain new information effectively.

Here are some tips to help you learn faster:

• Set clear goals:
Determine what you want to learn and establish specific, measurable, achievable, relevant, and time-bound (SMART) goals. This will give you direction and motivation.

• Break down complex topics:
Divide complex subjects into smaller, more manageable parts. This will make it easier to understand and absorb new information.

• Use multiple learning modalities:
Combine different learning methods, such as reading, writing and listening to engage different parts of your brain and improve information retention.

• Use mnemonic devices:
Employ memory aids like acronyms, associations, and visualization to help you remember new information.

• Teach others:
Sharing your knowledge with others not only helps them learn but reinforces your own understanding of the material.

• Practice regularly:
Repetition is key to learning new skills or concepts. The more you practice, the better you become.

• Schedule breaks:
Breaks are essential for maintaining focus and avoiding burnout. If after 2 hours you can't focus, stop. If it's after 30 min, stop. Take 5-10 min off and then come back.

• Stay organized:
Keep track of your progress, create a study schedule, and maintain a dedicated learning environment to minimize distractions.

• Take care of yourself:
Prioritize sleep, exercise, and a balanced diet to maintain optimal cognitive function.

• Embrace failure:
Don't be afraid to make mistakes. Learning from failure helps you grow and improve.

• Use technology:
Utilize online resources, apps, and tools to enhance your learning experience and make it more efficient.

Remember that learning is a lifelong process, and everyone's learning style is different. Experiment with these strategies to find what works best for you and be patient with yourself as you progress.

Learning hacking isn't different than learning to walk, once you know it, then you can run...