How the Chrome Root Program Keeps Users Safe
http://security.googleblog.com/2023/05/how-chrome-root-program-keeps-users-safe.html
http://security.googleblog.com/2023/05/how-chrome-root-program-keeps-users-safe.html
Google Online Security Blog
How the Chrome Root Program Keeps Users Safe
Posted by Chrome Root Program, Chrome Security Team What is the Chrome Root Program? A root program is one of the foundations for se...
Logger++
A multithreaded logging extension for #BurpSuite. In addition to logging requests and responses from all Burp Suite tools, the extension allows advanced filters to be defined to highlight interesting entries or filter logs to only those which match the filter.
https://github.com/nccgroup/LoggerPlusPlus
#infosec #pentesting #bugbounty
A multithreaded logging extension for #BurpSuite. In addition to logging requests and responses from all Burp Suite tools, the extension allows advanced filters to be defined to highlight interesting entries or filter logs to only those which match the filter.
https://github.com/nccgroup/LoggerPlusPlus
#infosec #pentesting #bugbounty
GitHub
GitHub - nccgroup/LoggerPlusPlus: Advanced Burp Suite Logging Extension
Advanced Burp Suite Logging Extension. Contribute to nccgroup/LoggerPlusPlus development by creating an account on GitHub.
👍3🔥1
Top25 Parameter
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual #recon.
https://github.com/lutfumertceylan/top25-parameter
#infosec #pentesting #bugbounty
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual #recon.
https://github.com/lutfumertceylan/top25-parameter
#infosec #pentesting #bugbounty
GitHub
GitHub - lutfumertceylan/top25-parameter: For basic researches, top 25 vulnerability parameters that can be used in automation…
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙 - lutfumertceylan/top25-parameter
🔥2
🚀 SOC Analyst Certification Path 🚀
SOC Analyst Certification is a recognized program that offers training and credentials to individuals pursuing a career in Security Operations Center (SOC) analysis.
This certification equips professionals with essential skills to protect computer networks from cyber threats and respond to security incidents efficiently.
⚡Link: bit.ly/SocAnalystCertification
Share & Support ❤️
SOC Analyst Certification is a recognized program that offers training and credentials to individuals pursuing a career in Security Operations Center (SOC) analysis.
This certification equips professionals with essential skills to protect computer networks from cyber threats and respond to security incidents efficiently.
⚡Link: bit.ly/SocAnalystCertification
Share & Support ❤️
❤🔥3👍2
x8
Hidden parameters discovery suite written in Rust.
The tool aids in identifying hidden parameters that could potentially be vulnerable or reveal interesting functionality that may be missed by other testers. Its high accuracy is achieved through line-by-line comparison of pages, comparison of response codes, and reflections.
https://github.com/Sh1Yo/x8
#infosec #pentesting #bugbounty
Hidden parameters discovery suite written in Rust.
The tool aids in identifying hidden parameters that could potentially be vulnerable or reveal interesting functionality that may be missed by other testers. Its high accuracy is achieved through line-by-line comparison of pages, comparison of response codes, and reflections.
https://github.com/Sh1Yo/x8
#infosec #pentesting #bugbounty
🔥1
Red Teaming & Pentesting checklists for various engagements
Even though, a penetration test is a creative process most people maintain private checklists to ensure that they will not forget to test networks, systems and applications against various scenarios and maintain the overall quality of the assessment.
https://github.com/netbiosX/Checklists
infosec #pentesting #redteam
Even though, a penetration test is a creative process most people maintain private checklists to ensure that they will not forget to test networks, systems and applications against various scenarios and maintain the overall quality of the assessment.
https://github.com/netbiosX/Checklists
infosec #pentesting #redteam
Bug Bounty scripts
The scripts I write to help me on my bug bounty hunting.
https://github.com/victoni/Bug-Bounty-Scripts
#infosec #pentesting #bugbounty
The scripts I write to help me on my bug bounty hunting.
https://github.com/victoni/Bug-Bounty-Scripts
#infosec #pentesting #bugbounty
🔥1
toxssin
Penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js).
This project started as (and still is) a research-based creative endeavor to explore the exploitability depth that an XSS vulnerability may introduce by using vanilla JavaScript, trusted certificates and cheap tricks.
https://github.com/t3l3machus/toxssin
#infosec #pentesting #redteam
Penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js).
This project started as (and still is) a research-based creative endeavor to explore the exploitability depth that an XSS vulnerability may introduce by using vanilla JavaScript, trusted certificates and cheap tricks.
https://github.com/t3l3machus/toxssin
#infosec #pentesting #redteam
👍4
12 Ways to Make Money From Cybersecurity :)
1. Security Auditing
2. Bug Bounty Hunting
3. Write Books
4. Become a Speaker
5. Create a YouTube page
6. Create Training Course
7. Buy Cybersecurity Stocks
8. Coaching
9. Freelance Writing
10. Consultation
11. Build a Cybersecurity App
12. Cybersecurity Start Up
1. Security Auditing
2. Bug Bounty Hunting
3. Write Books
4. Become a Speaker
5. Create a YouTube page
6. Create Training Course
7. Buy Cybersecurity Stocks
8. Coaching
9. Freelance Writing
10. Consultation
11. Build a Cybersecurity App
12. Cybersecurity Start Up
👍3🔥2
SQLi Queries Generator Online
https://trickypenguin.ink/sqli-queries-generator/
@trickypenguin.ink
@trickypenguin
#sqli #pentesting #tools
https://trickypenguin.ink/sqli-queries-generator/
@trickypenguin.ink
@trickypenguin
#sqli #pentesting #tools
❤7❤🔥1🔥1
Js Finding
A Python tool for extracting JavaScript (JS) files from a given list of domains. This tool utilizes various utilities such as waybackurls, gauplus, and subjs to perform JS file extraction from the specified domains.
https://github.com/pikpikcu/js-finding
#infosec #redteam #bugbounty
A Python tool for extracting JavaScript (JS) files from a given list of domains. This tool utilizes various utilities such as waybackurls, gauplus, and subjs to perform JS file extraction from the specified domains.
https://github.com/pikpikcu/js-finding
#infosec #redteam #bugbounty
❤1
This media is not supported in your browser
VIEW IN TELEGRAM
HBSQLI
Automated tool for testing header based blind sql injection.
https://github.com/SAPT01/HBSQLI
#infosec #pentesting #bugbounty
Automated tool for testing header based blind sql injection.
https://github.com/SAPT01/HBSQLI
#infosec #pentesting #bugbounty
❤🔥1❤1
CVE-2023-32315
Openfire Bypass
https://github.com/tangxiaofeng7/CVE-2023-32315-Openfire-Bypass
#cve #cybersecurity #infosec
Openfire Bypass
https://github.com/tangxiaofeng7/CVE-2023-32315-Openfire-Bypass
#cve #cybersecurity #infosec
DefaultCreds Cheat Sheet
#Python tool to quickly search through a database of 1231+ default logins and passwords for different products.
https://github.com/ihebski/DefaultCreds-cheat-sheet
#pentest
#Python tool to quickly search through a database of 1231+ default logins and passwords for different products.
https://github.com/ihebski/DefaultCreds-cheat-sheet
#pentest
👍3🔥1
Mass reverse ip to domain tool
Web Based User Friendly
https://trickypenguin.ink/reverse-ip/
##### Tool Link #####
#tools @trickypenguin
Web Based User Friendly
https://trickypenguin.ink/reverse-ip/
#tools @trickypenguin
❤3❤🔥1👍1
SOC SIEM Use Cases For Beginners/Intern
I wanted to share the list of sample use cases that I've come up. The list that I draft is heavily UBA focused which is fine and it's a good start for a beginners/intern.
Sample Use Cases:
•Server shutdown/reboot detection
•Removable media detected
•Windows abnormal shutdown
•Login attempts with the same account from different source desktops
•Detection of server shutdown-reboot after office hours
•Administrative group membership changed
•Unauthorized default account logins
•Interactive use of service account
•Remote access login – success & failure
•Windows service stop-restart
•ACL set on admin group members
•Windows account enabled/disabled
•Multiple Windows account lockout
•Multiple Windows logins by the same user
•Brute force attempt from the same source
•Logins outside normal business hours
•Logins to multiple user accounts from the same source
•Brute force attempt from the same source with successful login
•Windows account created/deleted
•Windows hardware failure
•Failed login to multiple destinations from the same source
•Administrative accounts - multiple login failures
•Detection of user account added/removed in admin group
•Detection of system time changes (boot time)
•Detection of use of default product vendor accounts
•User deleted within 24 hours of being created
•Critical service stopped on Windows Servers
•Windows Security Log is full
•Multiple password changes in a short time period
•Windows group type was changed
•Audit policy change
•Audit log cleared
•Detection of user account added
•Logon failure - a logon attempt was made using an expired account
•High number of users created/removed within a short period of time
•Outbound traffic observed from servers to the internet
•Failed logins/attempts with disabled/ex-employee/expired accounts
•Windows file-folder delete
•Windows file-folder permission changes
•High number of users created/removed within a short period of time
I wanted to share the list of sample use cases that I've come up. The list that I draft is heavily UBA focused which is fine and it's a good start for a beginners/intern.
Sample Use Cases:
•Server shutdown/reboot detection
•Removable media detected
•Windows abnormal shutdown
•Login attempts with the same account from different source desktops
•Detection of server shutdown-reboot after office hours
•Administrative group membership changed
•Unauthorized default account logins
•Interactive use of service account
•Remote access login – success & failure
•Windows service stop-restart
•ACL set on admin group members
•Windows account enabled/disabled
•Multiple Windows account lockout
•Multiple Windows logins by the same user
•Brute force attempt from the same source
•Logins outside normal business hours
•Logins to multiple user accounts from the same source
•Brute force attempt from the same source with successful login
•Windows account created/deleted
•Windows hardware failure
•Failed login to multiple destinations from the same source
•Administrative accounts - multiple login failures
•Detection of user account added/removed in admin group
•Detection of system time changes (boot time)
•Detection of use of default product vendor accounts
•User deleted within 24 hours of being created
•Critical service stopped on Windows Servers
•Windows Security Log is full
•Multiple password changes in a short time period
•Windows group type was changed
•Audit policy change
•Audit log cleared
•Detection of user account added
•Logon failure - a logon attempt was made using an expired account
•High number of users created/removed within a short period of time
•Outbound traffic observed from servers to the internet
•Failed logins/attempts with disabled/ex-employee/expired accounts
•Windows file-folder delete
•Windows file-folder permission changes
•High number of users created/removed within a short period of time
👍6🔥2❤1