OSINTTracker
A simple and free online tool to visualize investigations and collect data about different entry points (domains, email addresses, crypto wallet numbers) using hundreds of different online services.
https://app.osintracker.com/
A simple and free online tool to visualize investigations and collect data about different entry points (domains, email addresses, crypto wallet numbers) using hundreds of different online services.
https://app.osintracker.com/
π7β€βπ₯1
Advanced Frida Usage Part 4 β Sniffing location data from locations in iOS
https://8ksec.io/advanced-frida-usage-part-4-sniffing-location-data-from-locationd-in-ios/
https://8ksec.io/advanced-frida-usage-part-4-sniffing-location-data-from-locationd-in-ios/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Advanced Frida Usage Part 4 β Sniffing Location Data From Locationd In OS
In Part 4, Learn the intricate process of sniffing and manipulating location data on iOS using Frida. Read more to learn
β€2π1
How a simple K-TypeConfusion took me 3 months long to create a exploit? [HEVD] - Windows 11 (build 22621)
https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f
https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f
Medium
How a simple K-TypeConfusion took me 3 months long to create a exploit?
Have you ever tested something for a really long time, that it made part of your life? thatβs what happen to me for the last months when aβ¦
β€1
Assessing Security Risks of Local Storage on Non-Jailbroken iOS Devices
https://mrbypass.medium.com/assessing-security-risks-of-local-storage-on-non-jailbroken-ios-devices-8d303ebe0e77
https://mrbypass.medium.com/assessing-security-risks-of-local-storage-on-non-jailbroken-ios-devices-8d303ebe0e77
Medium
Assessing Security Risks of Local Storage on Non-Jailbroken iOS Devices
Hello everyone, while doing iOS application penetration testing you may have come across a situation where you donβt have the jailbrokenβ¦
β€1
Exploring Frida & Objection on Non-Jailbroken Devices without Application Patching
https://mrbypass.medium.com/unlocking-potential-exploring-frida-objection-on-non-jailbroken-devices-without-application-ed0367a84f07
https://mrbypass.medium.com/unlocking-potential-exploring-frida-objection-on-non-jailbroken-devices-without-application-ed0367a84f07
Medium
Unlocking Potential: Exploring Frida & Objection on Non-Jailbroken Devices without Applicationβ¦
As we saw in the previous article Assessing Security Risks of Local Storage on Non-Jailbroken iOS Devices that how we can install theβ¦
Invisible Adware: Unveiling Ad Fraud Targeting Korean Android Users
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/invisible-adware-unveiling-ad-fraud-targeting-korean-android-users/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/invisible-adware-unveiling-ad-fraud-targeting-korean-android-users/
McAfee Blog
Invisible Adware: Unveiling Ad Fraud Targeting Android Users | McAfee Blog
Authored by SangRyol Ryu, McAfee Threat Researcher We live in a world where advertisements are everywhere, and it's no surprise that users are becoming
Active Directory Pentesting Mind Map:
The Active Directory Pentesting Mind Map is a powerful tool designed to assist in conducting penetration testing on Active Directory environments.
β«οΈThe Active Directory Pentesting Mind Map assists security professionals and ethical hackers in performing comprehensive penetration testing on Active Directory infrastructures.
β«οΈIt presents a user-friendly and visually intuitive mind map that covers various aspects of the penetration testing process.
Mindmaps:
V1 V2 Download
The Active Directory Pentesting Mind Map is a powerful tool designed to assist in conducting penetration testing on Active Directory environments.
β«οΈThe Active Directory Pentesting Mind Map assists security professionals and ethical hackers in performing comprehensive penetration testing on Active Directory infrastructures.
β«οΈIt presents a user-friendly and visually intuitive mind map that covers various aspects of the penetration testing process.
Mindmaps:
V1 V2 Download
π₯2
All-in-one OSINT tool for analysing any website
Link: https://web-check.xyz/
https://web-check.xyz/about#api-documentation
Link: https://web-check.xyz/
https://web-check.xyz/about#api-documentation
π Cyberstalking: Understanding the Law and Protecting Yourself π
π In today's digital age, where connectivity is a part of our everyday lives, cyberstalking has become a prevalent concern. It's important to shed light on this issue and educate ourselves on the legal framework in place to combat cyberstalking in India.
π« What is Cyberstalking?
Cyberstalking refers to the persistent and unwanted harassment, intimidation, or stalking of individuals through electronic communication channels. It involves malicious actions such as sending threatening messages, spreading false information, sharing explicit content, or even impersonating someone online.
π The IPC Penal Code Approach in India π
In India, cyberstalking is a criminal offense and is covered under various sections of the Indian Penal Code (IPC).
Let's take a closer look at some key provisions:
1. Section 354D
2. Section 509
3. Section 499 & Section 500
4. Section 66E & Section 67
π₯ Protecting Yourself and Seeking Legal Redress π₯
β‘οΈ Safeguard your privacy: Be cautious about the personal information you share online. Regularly review your privacy settings on social media platforms and limit access to your personal data.
β‘οΈ Document evidence: If you become a victim of cyberstalking, save screenshots, emails, text messages, or any other evidence that can help establish the perpetrator's intent and actions.
β‘οΈ Report to authorities: If you experience cyberstalking, report the incident to the nearest police station or cybercrime cell. They will guide you on filing an official complaint and provide necessary assistance.
β‘οΈ Seek legal advice: Consult a lawyer who specializes in cybercrime and understands the nuances of the law. They can guide you through the legal process and help you seek appropriate legal remedies.
π€ Together Against Cyberstalking π€
Cyberstalking is a serious offense that can have devastating effects on individuals and their mental well-being. By spreading awareness, understanding the law, and taking preventive measures, we can work towards creating a safer digital environment for everyone.
π In today's digital age, where connectivity is a part of our everyday lives, cyberstalking has become a prevalent concern. It's important to shed light on this issue and educate ourselves on the legal framework in place to combat cyberstalking in India.
π« What is Cyberstalking?
Cyberstalking refers to the persistent and unwanted harassment, intimidation, or stalking of individuals through electronic communication channels. It involves malicious actions such as sending threatening messages, spreading false information, sharing explicit content, or even impersonating someone online.
π The IPC Penal Code Approach in India π
In India, cyberstalking is a criminal offense and is covered under various sections of the Indian Penal Code (IPC).
Let's take a closer look at some key provisions:
1. Section 354D
2. Section 509
3. Section 499 & Section 500
4. Section 66E & Section 67
π₯ Protecting Yourself and Seeking Legal Redress π₯
β‘οΈ Safeguard your privacy: Be cautious about the personal information you share online. Regularly review your privacy settings on social media platforms and limit access to your personal data.
β‘οΈ Document evidence: If you become a victim of cyberstalking, save screenshots, emails, text messages, or any other evidence that can help establish the perpetrator's intent and actions.
β‘οΈ Report to authorities: If you experience cyberstalking, report the incident to the nearest police station or cybercrime cell. They will guide you on filing an official complaint and provide necessary assistance.
β‘οΈ Seek legal advice: Consult a lawyer who specializes in cybercrime and understands the nuances of the law. They can guide you through the legal process and help you seek appropriate legal remedies.
π€ Together Against Cyberstalking π€
Cyberstalking is a serious offense that can have devastating effects on individuals and their mental well-being. By spreading awareness, understanding the law, and taking preventive measures, we can work towards creating a safer digital environment for everyone.
π1
BugBounty's tip for today <3
always after running waybackruls, katana, etc...
try to find secret files by running:
grep "\.txt"
~ "\.log"
~ "\.cache"
~ "\.secret"
~ "\.db"
~ "\.backup"
~ "\.yml"
~ "\.json"
~ "\.gz"
~ "\.rar"
~ "\.zip"
~ "\.config"
always after running waybackruls, katana, etc...
try to find secret files by running:
grep "\.txt"
~ "\.log"
~ "\.cache"
~ "\.secret"
~ "\.db"
~ "\.backup"
~ "\.yml"
~ "\.json"
~ "\.gz"
~ "\.rar"
~ "\.zip"
~ "\.config"
π8
When doing a penetration test make sure there is verbiage in the executive summary that states what the penetration test does not cover.
For example, a black/grey box penetration test does not account for attack vectors that come from
- Insider threats
- Access to source code by some other means
- Phishing
It covers threats that start from the outside with little to no knowledge of the scope beforehand. This is the most common threat type, but usually the threat type that will have the least impact.
Most executives that read the report will probably not understand this, which may give a false sense of security for breaches that start from another attack vector.
It also gives you an opportunity to upsell more projects that cover other areas of the customer infrastructure in the future.
For example, a black/grey box penetration test does not account for attack vectors that come from
- Insider threats
- Access to source code by some other means
- Phishing
It covers threats that start from the outside with little to no knowledge of the scope beforehand. This is the most common threat type, but usually the threat type that will have the least impact.
Most executives that read the report will probably not understand this, which may give a false sense of security for breaches that start from another attack vector.
It also gives you an opportunity to upsell more projects that cover other areas of the customer infrastructure in the future.
SQL injection payload :
0'XOR(if(now()=sysdate(),sleep(6),0))XOR'β€βπ₯6
US-23-YukiChen-Diving-into-Windows-Remote-Access.pdf
3.5 MB
Diving into Windows Remote
Access Service for Pre-Auth Bugs
https://www.blackhat.com/us-23/briefings/schedule/#diving-into-windows-remote-access-service-for-pre-auth-bugs-31968
Access Service for Pre-Auth Bugs
https://www.blackhat.com/us-23/briefings/schedule/#diving-into-windows-remote-access-service-for-pre-auth-bugs-31968
Bria
AI image generator that allows you to download images in PSD(!) format so you can edit individual layers in Photopea, Gimp and other image editors.
https://labs.bria.ai/
(Only 5 pictures for free, but you only need email to create new account)
AI image generator that allows you to download images in PSD(!) format so you can edit individual layers in Photopea, Gimp and other image editors.
https://labs.bria.ai/
(Only 5 pictures for free, but you only need email to create new account)
DEFCON-31-Syscalls-Workshop-main.zip
3.9 MB
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low"
https://github.com/VirtualAlllocEx/DEFCON-31-Syscalls-Workshop
https://github.com/VirtualAlllocEx/DEFCON-31-Syscalls-Workshop
Rusty Bootkit
Windows UEFI Bootkit in Rust (Codename: RedLotus)
A bootkit can run code before the operating system and potentially inject malicious code into the kernel or load a malicious kernel driver by infecting the boot process and taking over the system's firmware or bootloader, effectively disabling or bypassing security protections.
https://github.com/memN0ps/bootkit-rs
Windows UEFI Bootkit in Rust (Codename: RedLotus)
A bootkit can run code before the operating system and potentially inject malicious code into the kernel or load a malicious kernel driver by infecting the boot process and taking over the system's firmware or bootloader, effectively disabling or bypassing security protections.
https://github.com/memN0ps/bootkit-rs
Black Hat USA 2023 slides.zip
381.1 MB
Black Hat USA 2023 Slides
https://github.com/onhexgroup/Conferences/tree/main/Black%20Hat%20USA%202023%20slides
https://github.com/onhexgroup/Conferences/tree/main/Black%20Hat%20USA%202023%20slides
π2