Understanding the Principle of Least Privilege
With the number of high-profile and catastrophic cybersecurity breaches seeming to grow daily, it’s time for organizations of all sizes to rethink their approach to security. The best approach right now is the zero-trust security model. With the zero-trust security model, there is controlled and managed access to applications, file servers and networks. There are a few critical elements that work...
VAST : Visibility Across Space And Time
VAST is a tool for the network telemetry engine for data-driven security investigations. Key Features High-Throughput Ingestion: import numerous log formats over 100k events/second, including Zeek, Suricata, JSON, and CSV.Low-Latency Queries: sub-second response times over the entire data lake, thanks to multi-level bitmap indexing and actor model concurrency. Particularly helpful for instant indicator checking over the entire dataset.Flexible Export: access data in common...
Baserunner : A Tool For Exploring Firebase Datastores
Baserunner is atool for exploring and exploiting Firebase datastores. See this post on our blog for an overview of how Firebase works and why we developed this tool. Set Up git clone https://github.com/iosiro/baserunner.gitcd baserunnernpm installnpm run buildnpm startGo to http://localhost:3000 in your browser. Usage The Baserunner interface looks like this: First, use the configuration textbox to load a Firebase configuration JSON structure from the app you'd...
LibAFL : Advanced Fuzzing Library – Slot Your Fuzzer Together In Rust
Advanced Fuzzing Library is a slot your own fuzzers together and extend their features using Rust. LibAFL is written and maintained by Andrea Fioraldi andreafioraldi@gmail.com and Dominik Maier mail@dmnk.co. Why LibAFL? LibAFL gives you many of the benefits of an off-the-shelf fuzzer, while being completely customizable. Some highlight features currently include: fast: We do everything we can at compile time, keeping runtime overhead minimal. Users...
WordPress Brute Force : Super Fast Login WordPress Brute Force
WordPress Brute Force is a super fast login for WordPress. .---. .-----------/ __ / ------/ / ( )/ -----////// ' / --- //// / // : ★★ : --- // / / / '--// //.. WpCrack Brute Froce Tool™====UU====UU=========================='//||`''``usage: python WpCrack.py optional arguments:-h, --help show this help message and exit-V, --version show program's version number and exit-d, --debug debugging...
Priv2Admin : Exploitation Paths Allowing You To (Mis)Use The Windows Privileges
Priv2Admin idea is to "translate" Windows OS privileges to a path leading to: administrator,integrity and/or confidentiality threat,availability threat,just a mess. Privileges are listed and explained at: https://docs.microsoft.com/en-us/windows/win32/secauthz/privilege-constants If the goal can be achieved multiple ways, the priority is Using built-in commandsUsing PowerShell (only if a working script exists)Using non-OS toolsUsing any other method You can check your own privileges with whoami /priv. Disabled privileges are as...
7 Ways in Which You Can Keep Yourself Safe on the Internet
It's easy to find ways to stay safe on the internet. With today's technology, you can stay connected with loved ones and friends all over the world from the convenience of your own home. Still, if you don't practice proper internet safety while online, you can encounter a range of dangerous web behaviors that put you at risk of...
Kiterunner : Contextual Content Discovery Tool
For the longest of times, content discovery has been focused on finding files and folders. While this approach is effective for legacy web servers that host static files or respond with 3xx’s upon a partial path, it is no longer effective for modern web applications, specifically APIs. Over time, we have seen a lot of time invested in making content...
Red-Detector : Scan Your EC2 Instance To Find Its Vulnerabilities Using Vuls.io
Red-Detector is a tool to Scan your EC2 instance to find its vulnerabilities using Vuls (https://vuls.io/en/). Audit your EC2 instance to find security misconfigurations using Lynis (https://cisofy.com/solutions/#lynis). Scan your EC2 instance for signs of a rootkit using Chkrootkit (http://www.chkrootkit.org/). Requirements Configured AWS account with the EC2 actions mentioned below. The policy containing these requirements can be found in red-detector-policy.json. Actions details: Required action premissionWhy it...
Evasor : A Tool To Be Used In Post Exploitation Phase For Blue
The Evasor is an automated security assessment tool which locates existing executables on the Windows operating system that can be used to bypass any Application Control rules. It is very easy to use, quick, saves time and fully automated which generates for you a report including description, screenshots and mitigations suggestions, suites for both blue and red teams in...
.webp "Open Source Society University – A Gateway To Mastery In Computer Science")
