BishopFox/GitGot: Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
The Nansh0u Campaign: signed rootkit, exposed infrastructure and PE exploits in a massive MS-SQL & PHPMyAdmin attack campaign
"18 U.S. Code § 1956. Laundering of monetary instruments"
Seizure notice for DeepDotWeb - Available through their .onion link.
here you go, internet.
a host in the 'gov' section of aws with an open rootshell.
Little blast from the last : Carna Botnet Internet Census 2012 paper.
Port scanning /0 using insecure embedded devices
"How Mass Surveillance Works in Xinjiang - Reverse Engineering Police App Reveals Profiling and Monitoring Strategies"
That's one very complete and in-depth analysis. Great report. Curious to see the source code, if anyone knows where I can find it.
Web Scraping with Scrapy: Advanced Examples
We5ter/Flerken: Open-Source Obfuscated Command Detection Tool
More bugbounty useful ressources !
streaak/keyhacks: KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid.
"Remote Code Execution in Dell Support Assist"
Good analysis and solid write-up 👍
Tl;Dr : Database gives100% coverage, 0% false positive, fast results. But need ~52 GB.
A bloom filter with 100% coverage, a 0.1% false positive need ~945MB of memory.
Finally, 5% of the hashes results in a 47MB bloom filter that covers 61% of the data.
"They see me scannin'; they hatin' "
Some tips for more discreet nmap scans.
Convenient commands for your pentesting / red-teaming engagements, OSCP and CTFs.
ThePoShWolf: PowerShell module for converting Curl commands to PowerShell.
Nice little script to save. Will come useful in the future.
"Analysis of an IRC based Botnet"
Tl;Dr: Mirai variant used to perform TCP Flood attacks. Don't seem to have port 22 or 23 scans for propagation unlike Mirai yet.
Security Researcher & Privacy Activist. 🐘 DM are welcome for any questions.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!