Kali
This is a short graduate course providing an introduction to the areas of crime, espionage and conflicts in cyberspace. The material is used for the “Cybercrime, Cyberespionage, and Cyberwar” course currently taught in the Master in Cybersecurity at UC3M. The course provides a gentle, not very technical introduction to several contemporary security and privacy topics, including The main goal of …
Continue reading “CCC : Cyberspace Under Siege – Understanding Crime, Espionage, And Conflict”
Este repositorio contiene una prueba de concepto (PoC) para la vulnerabilidad CVE-2024-37081 en VMware vCenter. La vulnerabilidad se debe a una mala configuración en el archivo /etc/sudoers que permite la preservación de variables ambientales peligrosas al ejecutar comandos sudo. Esto puede ser aprovechado por atacantes para ejecutar comandos arbitrarios con privilegios de root. Vulnerabilidad Requisitos Instrucciones 2. Ejecuta …
Continue reading “VMware vCenter : CVE-2024-37081 Proof Of Concept”
Mailgoose is a web application that allows the users to check whether their SPF, DMARC and DKIM configuration is set up correctly. CERT PL uses it to run bezpiecznapoczta.cert.pl, an online service that helps Polish institutions to configure their domains to decrease the probability of successful e-mail spoofing. Under the hood, Mailgoose uses checkdmarc and dkimpy, among others. Quick …
Continue reading “Mailgoose – Ensuring Email Security With SPF, DMARC, And DKIM Verification”
An innovative open-source tool that revolutionizes BGP management by acting as a reverse proxy and firewall. Leveraging the powerful BGPFix library, bgpipe enhances security, visibility, and control over BGP sessions. From seamless JSON conversions to robust router control mechanisms, explore how bgpipe secures and streamlines BGP communications. This project provides an open-source BGP reverse proxy …
Sinon is a modular tool for automatic burn-in of Windows-based deception hosts that aims to reduce the difficulty of orchestrating deception hosts at scale whilst enabling diversity and randomness through generative capabilities. It has been created as a proof-of-concept and is not intended for production deception environments. It would likely be better suited to having …
Continue reading “Sinon – Modular Windows Burn-In Automation With Generative AI For Deception”
“Android Autorooter” delves into the cutting-edge possibilities of exploiting Android vulnerabilities to achieve root access. This article guides you through setting up a self-executing Android exploit using CVE-2024-0044, a critical security flaw. Follow step-by-step instructions to craft and deploy a meterpreter payload, turning theoretical vulnerability into practical attack capability. Give This A Try Create a …
Continue reading “Android Autorooter Exploit : A Step-By-Step Guide”
Embark on a journey to become a Web3 security expert with our comprehensive 2024 roadmap. This guide delves deep into mastering Ethereum, Solidity, and essential security practices through strategic courses, hands-on exercises, and community audits. Equip yourself with the knowledge and skills to navigate the complex landscape of smart contract security and blockchain vulnerabilities. An …
This extension hijacks Burp’s HTTP and TLS stack, allowing you to spoof any browser TLS fingerprint (JA3). It boosts the power of Burp Suite while reducing the likelihood of fingerprinting by various WAFs like CloudFlare, PerimeterX, Akamai, DataDome, etc. It does this without resorting to hacks, reflection or forked Burp Suite Community code. All code …
Continue reading “Awesome TLS – Evading WAFs With Advanced Burp Suite Extension”
SMBclient-ng is a robust and intuitive command-line tool designed to enhance interactions with SMB shares, offering a plethora of commands to manage and navigate both local and remote file systems. This versatile tool simplifies the process of connecting to SMB servers, handling files, and managing directories. Whether you’re a network administrator or a security professional, …
Continue reading “SMBclient-ng : A Comprehensive Tool For Managing SMB Shares”
Welcome to the Red Team Interview Questions repository! This repository aims to provide a comprehensive list of topics and questions that can be helpful for both interviewers and candidates preparing for red team-related roles. Whether you’re looking to assess your knowledge or preparing to interview candidates, these questions cover a wide range of essential topics …
Continue reading “Red Team Interview Questions – A Deep Dive Into Red Teaming Essential”
