- How to Build a Successful Information Security Career (Daniel Miessler)
- The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
- Hiring your first Security Professional (Peerlyst - Dawid Balut)
- How to Start a Career in Cyber security
- How to Get Into Information Security (ISC^2)
- https://www.isc2.org/how-to-get-into-information-security.aspx
DECLARE @ClarionDate INT = 47563 | |
DECLARE @SqlDateTime DATETIME | |
-- Convert the clarion DATE into and SQL DateTime | |
SET @SqlDateTime = DateAdd(day, @ClarionDate - 4, '1801-01-01') | |
SELECT @SqlDateTime AS 'SQL Date Time' | |
-- Now convert it back from and SQL DateTime to a Clarion Date | |
SET @ClarionDate = DateDiff(day, DateAdd(day, -4, '1801-01-01'), @SqlDateTime) |
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/ | |
# generate server.xml with the following command: | |
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
# run as follows: | |
# python simple-https-server.py | |
# then in your browser, visit: | |
# https://localhost:4443 | |
import BaseHTTPServer, SimpleHTTPServer | |
import ssl |
From: http://redteams.net/bookshelf/ | |
Techie | |
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
Domain: TEST.local | |
User Enumeration: | |
Windows: | |
net user | |
net user /domain | |
net user [username] | |
net user [username] /domain | |
wmic useraccount | |
Mac: | |
dscl . ls /Users |
/* | |
* Derived from https://github.com/google/google-authenticator-android/blob/master/AuthenticatorApp/src/main/java/com/google/android/apps/authenticator/Base32String.java | |
* | |
* Copyright (C) 2016 BravoTango86 | |
* | |
* Licensed under the Apache License, Version 2.0 (the "License"); | |
* you may not use this file except in compliance with the License. | |
* You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 |
A combination of my own methodology and the Web Application Hacker's Handbook Task checklist, as a Github-Flavored Markdown file
The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY
Below names are to be passed to the --tamper=
parameter of sqlmap
.
The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests
view.
The scale is 0-5.
MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).
The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).
Here are the steps to build a Proof-of-Concept docx:
- Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
// Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;) | |
// Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work. | |
using System; | |
using System.Collections.Generic; | |
using System.Runtime.InteropServices; | |
namespace SCCMDecryptPOC | |
{ | |
internal class Program |