Skip to content

Instantly share code, notes, and snippets.

View rezaduty's full-sized avatar
🚩
~

reza.duty rezaduty

🚩
~
183 followers · 26 following
View GitHub Profile
@win3zz
win3zz / ServiceNow_Sensitive_Info_Exposure.md
Last active July 8, 2024 13:59
ServiceNow Instance Exposing Sensitive Information via Unauthenticated Endpoints

ServiceNow Instance Exposing Sensitive Information via Unauthenticated Endpoints

  • Date: 26 June 2023
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • Discovered by: Bipin Jitiya (@win3zz)

Summary

[REDACTED], Inc., uses ServiceNow with an instance named "[REDACTED]" accessible at https://[REDACTED].service-now.com/. Upon reviewing this instance, I observed that it is not sufficiently hardened for security, and some endpoints are exposing sensitive information. The following three endpoints, designed for performance monitoring, logging, and troubleshooting purposes, are accessible without authentication:

@tin-z
tin-z / VR_roadmap.md
Last active July 12, 2024 10:30
Becoming a Vulnerability Researcher roadmap: my personal experience
@whiteman007
whiteman007 / CVE-2024-29291
Last active June 4, 2024 14:15
CVE-ID: CVE-2024-29291
Description:
A vulnerability has been discovered in the Laravel Framework in versions from 8.* to 11.*, allowing a remote attacker to obtain sensitive information via the laravel.log component. This vulnerability leads to the leakage of database credentials.
Additional Information:
None.
@W01fh4cker
W01fh4cker / evilServer.py
Created February 27, 2024 14:31
CVE-2024-23334
from aiohttp import web
async def index(request):
return web.Response(text="Hello, World!")
app = web.Application()
app.router.add_routes([
web.static("/static", "static/", follow_symlinks=True),
])
app.router.add_get('/', index)
@soheilsec
soheilsec / Red Team Courses
Created February 1, 2024 17:26
Red Team Courses
requirements:
OWASP top 10
kali linux
Active Directory concepts
Windows Internals
Linux Internals
Red Team 1 ->35-45 hours
Network Fundamentals
Web Application Security
@invictus-ir
invictus-ir / CloudTrail.csv
Last active May 2, 2024 12:56
An overview of CloudTrail events that are interesting from an Incident Response perspective
We can make this file beautiful and searchable if this error is corrected: It looks like row 8 should actually have 10 columns, instead of 9. in line 7.
"Initial Access","Execution","Persistence","Privilege Escalation","Defense Evasion","Credential Access","Discovery","Lateral Movement","Exfiltration","Impact"
ConsoleLogin,StartInstance,CreateAccessKey,CreateGroup,StopLogging,GetSecretValue,ListUsers,AssumeRole,CreateSnapShot,PutBucketVersioning
PasswordRecoveryRequested,StartInstances,CreateUser,CreateRole,DeleteTrail,GetPasswordData,ListRoles,SwitchRole,ModifySnapshotAttributes ,RunInstances
,Invoke,CreateNetworkAclEntry,UpdateAccessKey,UpdateTrail,RequestCertificate,ListIdentities,,ModifyImageAttribute,DeleteAccountPublicAccessBlock
,SendCommand,CreateRoute,PutGroupPolicy,PutEventSelectors,UpdateAssumeRolePolicy,ListAccessKeys,,SharedSnapshotCopyInitiated,
,,CreateLoginProfile,PutRolePolicy,DeleteFlowLogs,,ListServiceQuotas,,SharedSnapshotVolumeCreated,
,,AuthorizeSecurityGroupEgress,PutUserPolicy,DeleteDetector,,ListInstanceProfiles,,ModifyDBSnapshotAttribute,
,,AuthorizeSecurityGroupIngress,AddRoleToInstanceProfile,DeleteMembers,,ListBuckets,,PutBucketP
@win3zz
win3zz / GitHub-Leaked-API-Keys-and-Secrets.md
Last active July 16, 2024 11:47

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@Huntinex
Huntinex / report.py
Last active March 8, 2024 12:53
Automatic bug bounty report generator
import poe, sys
client = poe.Client("<POE_API_KEY_HERE>")
title=sys.argv[1]
path=sys.argv[2]
more=""
if len(sys.argv) > 3:
more="\" and here is more information: "+sys.argv[3]
message="""generate a bug bounty report for me (hackerone.com), the title of the bug is """+title+""" and the vulnerability path is \""""+path+more+"""
@X-Junior
X-Junior / lockbit_macos_string_decryption.py
Created April 17, 2023 03:05
Static String Decryption For Lockbit 3.0 MacOS Variant
'''
Author: Mohamed Ashraf (@X__Junior)
tested samples:
0be6f1e927f973df35dad6fc661048236d46879ad59f824233d757ec6e722bde
3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
usage:
python3 lockbit_macos_string_decryption.py sample.bin
'''
@SwitHak
SwitHak / 20230331-TLP-WHITE_3CX-event.md
Last active April 6, 2023 09:26
BlueTeam CheatSheet *3CX-Event-March2023* | Last updated: 2023-04-06 0926 UTC

Security Advisories / Bulletins / vendors Responses linked to 3CX compromise event

General

What's 3CX?

  • 3CX evolved from its roots as a PBX phone system to a complete communications platform, offering customers a simple, flexible, and affordable solution to call, video and live chat.

What's happening?

  • Per several report the building environment of 3CX for the DesktopApp (MAC & Windows) has been compromised
  • The recent releases (details given below) have been compromised to include malicious code inside it
  • More details available regarding the compromise with the graphics by Thomas Roccia: