infamous shell.openExternal: opens an application based on URI and filetype association.
when exposed to the renderer, remote.app allows the renderer processs to access APIs normally only available in the main process (this module will be deprecated in E 12 and removed in E 14)
Many of the functions exposed by this object can be easily abused, including but not limited to:
- app.relaunch([options]) Relaunches the app when current instance exits.
Here are some resources across a few areas (I'll update as I find more)
The Book of Secret Knowledge - https://github.com/trimstray/the-book-of-secret-knowledge
My CCDC cheatsheet has some blue team goodness I've compiled over two competitions - https://gist.github.com/alexiasa/fba4466849fde5b9ec3dd3cd7d1b3e9f
This is broader than SIEM (more about detections in general) but I found it helpful. - https://dragos.com/media/The_Four_Types%20of_Threat_Detection.pdf
Search options:
&strip=1 - cached text only: use Google's version of site and avoid connecting directlyI exploited a SQLi vulnerability to enumerate the columns in a database by doing something like this:
/comment.php?id=738 order by 1;#
Column enumeration can be achieved in a manner indistinguishable from magic by using sqlmap.
It can also be achieved with Burp Suite's Intruder function.
Log Review Cheatsheet Critical Log Review Checklist for Security Incidents
Hardening GPO Reference UT Windows Hardening Checklist
| Notes about Smalltalk. Smalltalk influenced essentially all of the subsequent object-oriented languages. A few of the modern Smalltalk frameworks include Amber and Seaside which are geared toward web development. | |
| "this is a comment in Smalltalk. we are going to declare and assign variables." | |
| | x y | "declare the variable x and y" | |
| x := 1 "assign x a value of 1" | |
| y:= $q "assign y the character 'q'" | |
| # this is a comment in Python. we are going to declare and assign variables. |
| ~/hashcat-4.0.1$ ./hashcat64.bin -a 1 -m 900 --opencl-platforms=1 c600a9a5e9314a06662676dae2cc6ee4 all.dict rockyou.dict -o dw_solved --outfile-format=2 -O | |
| hashcat (v4.0.1) starting... | |
| nvmlDeviceGetFanSpeed(): Not Supported | |
| nvmlDeviceGetFanSpeed(): Not Supported | |
| OpenCL Platform #1: NVIDIA Corporation | |
| ====================================== | |
| * Device #1: Tesla M60, 1903/7613 MB allocatable, 16MCU |
| Hashcat Benchmarks with AWS EC2 g3.8xlarge Instance | |
| Optimized Per These Instructions: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/optimize_gpu.html | |
| hashcat (v4.0.1) starting in benchmark mode... | |
| Benchmarking uses hand-optimized kernel code by default. | |
| You can use it in your cracking session by setting the -O option. | |
| Note: Using optimized kernel code limits the maximum supported password length. | |
| To disable the optimized kernel code in benchmark mode, use the -w option. |
I hereby claim:
To claim this, I am signing this object: