I hereby claim:
- I am sapran on github.
- I am sapran (https://keybase.io/sapran) on keybase.
- I have a public key whose fingerprint is EA74 4EC9 18CA BA16 4912 D417 A2A3 AE1B E7C9 D1FE
To claim this, I am signing this object:
Vlad Styran sapran
sapran
/ gist:8f03c6f8e1e55fe67152
Created
August 18, 2015 12:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am sapran on github. | |
| * I am sapran (https://keybase.io/sapran) on keybase. | |
| * I have a public key whose fingerprint is EA74 4EC9 18CA BA16 4912 D417 A2A3 AE1B E7C9 D1FE | |
| To claim this, I am signing this object: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| It is known that Sergey Mikhailov headed the department at the Center for Information Security of the FSB, which was responsible for the work of the hacker environment. He coordinated the activities of hacker groups who carried out the orders of the FSB cyber attacks on information resources in Ukraine, the EU and the US. A Kaspersky Lab works closely with the FSB in the context of the collection of personal and sensitive data of its customers to transfer their Russian security services. Its Inbuilt Antivirus spyware. It was found by experts including the NSA and the FBI. In my view, the arrest of both main performers of Russian cyber attacks on the resources of the US is an attempt to "hide the wiser." Clean Up individuals who can testify ties hackers and senior FSB. This effectively - removing intermediaries that were involved in the raid have a long tradition NKVD-KGB-FSB. The question of whether these people eventually eliminated the answers I have. |
sapran
/ keybase.md
Created
March 15, 2017 12:05
sapran
/ subdomain_scraping
Created
December 10, 2017 12:02
DNS subdomain scraping techniques
Source: https://www.youtube.com/watch?v=C4ZHAdI8o1w
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GoBuster | |
| ``` | |
| gobuster -m dns -u $DOMAIN -t 100 -w all.txt | |
| ``` | |
| # MassDNS | |
| ``` | |
| ./subbrute.py all.txt $DOMAIN | massdns -r resolvers.txt -t A -a -o -w massdns_output.txt - | |
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| find ./ -type f | parallel -j150% grep -f ./patterns.txt {} > ./result.txt |
sapran
/ Berezha-job
Last active
January 28, 2018 09:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| We are hiring! | |
| We will be happy to offer a long term contract to a Senior Offensive Security Professional. (1/6) | |
| SW50cm8KVGhpcyBpcyBhIHBlcm1hbmVudCByb2xlIGluIEJlcmV6aGEgU2VjdXJpdHksIGEgdGhyZWUgeWVhciBvbGQgVWtyYWluaWFuIGN5YmVyLXNlY3VyaXR5IGNvbXBhbnkgdGhhdCBpcyBmb2N1c2VkIG9uIFNlY3VyaXR5IENvbnN1bHRpbmcsIFNvZnR3YXJlIFNlY3VyaXR5LCBhbmQgU2VjdXJpdHkgQXNzZXNzbWVudHMuIEluIGEgbWlkLXRlcm0gcGVyc3BlY3RpdmUsIHdlIGV4cGVjdCB0aGlzIHBvc2l0aW9uIHRvIHRyYW5zZm9ybSBpbnRvIGEgVGVjaCBMZWFkIHJvbGUgb2Ygb3VyIE9mZmVuc2l2ZSBTZWN1cml0eSBwcmFjdGljZS4gKDIvNikKCjU0Njg2NTIwNmE2ZjYyMGEyZDIwNTM2ZjY2NzQ3NzYxNzI2NTIwNzM2NTYzNzU3MjY5NzQ3OTIwNjE3MzczNjU3MzczNmQ2NTZlNzQ3MzJjMjA3MDY1NmU2NTc0NzI2MTc0Njk2ZjZlMjA3NDY1NzM3NDczMmMyMDZiNmU2Zjc3NmM2NTY0Njc2NTIwNzM2ODYxNzI2OTZlNjcyMDczNjU3MzczNjk2ZjZlNzMyZTBhMmQyMDU3NmY3MjZiNmM2ZjYxNjQyMDY1Nzg3MDY1NjM3NDYxNzQ2OTZmNmUzYTIwMzQzMDIwNjg2Zjc1NzI3MzIwNzA2NTcyMjA3NzY1NjU2YjJjMjA3MDYxNjk2NDIwNmY3NjY1NzI3NDY5NmQ2NTczMmUwYTJkMjA0ZjY2NjY2OTYzNjUyYzIwNzI2NTZkNmY3NDY1MmMyMDZmNmUyZDczNjk3NDY1MjA2MTc0MjA3NDY4NjUyMDYzNmM2O |
sapran
/ nmap_firewall
Created
March 18, 2018 17:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nmap options/ideas to avoid Firewall | |
| fragmentation | |
| -f | |
| change default MTU | |
| --mtu 24 | |
| random number of decoys | |
| -D RND:10 |
sapran
/ oob_xxe
Created
March 25, 2018 09:45
Taken from this article: https://hawkinsecurity.com/2018/03/24/gaining-filesystem-access-via-blind-oob-xxe/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
sapran
/ vagrant-patch-for-virtualbox-5.2
Created
March 25, 2018 19:39
— forked from roktas/vagrant-patch-for-virtualbox-5.2
Patch to make vagrant work with VBox 5.2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -eo pipefail | |
| TARGETFMT='/opt/vagrant/embedded/gems/gems/vagrant-%s/plugins/providers/virtualbox/driver/meta.rb' | |
| die() { echo >&2 "$@"; exit 1; } | |
| [[ $EUID -eq 0 ]] || die "sudo required" |
sapran
/ appsec_awareness_training_day2.md
Last active
March 27, 2018 17:43
Notes to Application Security awareness training in line with OWASP SAMM initial development team education effort according to Education and Guidance practice.
- https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
- Least Privilege
- Fail-Safe Defaults
OlderNewer