BishopFox/GitGot: Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

github.com/BishopFox/GitGot

d4rk007/RedGhost: Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. (Shell)

github.com/d4rk007/RedGhost

The Nansh0u Campaign: signed rootkit, exposed infrastructure and PE exploits in a massive MS-SQL & PHPMyAdmin attack campaign

guardicore.com/2019/05/nansh0u

"18 U.S. Code § 1956. Laundering of monetary instruments"

RT @Patrick_Shortis@twitter.com

Seizure notice for DeepDotWeb - Available through their .onion link.

🐦🔗: twitter.com/Patrick_Shortis/st

Definitely honeypot...

RT @Viss@twitter.com

shodan.io/host/18.253.157.192

here you go, internet.
a host in the 'gov' section of aws with an open rootshell.

🐦🔗: twitter.com/Viss/status/112473

Little blast from the last : Carna Botnet Internet Census 2012 paper.

Port scanning /0 using insecure embedded devices

census2012.sourceforge.net/pap

"How Mass Surveillance Works in Xinjiang - Reverse Engineering Police App Reveals Profiling and Monitoring Strategies"

That's one very complete and in-depth analysis. Great report. Curious to see the source code, if anyone knows where I can find it.

hrw.org/report/2019/05/01/chin

More bugbounty useful ressources !

streaak/keyhacks: KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid.
github.com/streaak/keyhacks/bl

"Remote Code Execution in Dell Support Assist"

Good analysis and solid write-up 👍
@BillDemirkapi@twitter.com
d4stiny.github.io/Remote-Code-

Tl;Dr : Database gives100% coverage, 0% false positive, fast results. But need ~52 GB.
A bloom filter with 100% coverage, a 0.1% false positive need ~945MB of memory.
Finally, 5% of the hashes results in a 47MB bloom filter that covers 61% of the data.
philwantsfish.github.io/securi

Pentesting Cheatsheets:
Convenient commands for your pentesting / red-teaming engagements, OSCP and CTFs.
ired.team/offensive-security-e

ThePoShWolf: PowerShell module for converting Curl commands to PowerShell.

Nice little script to save. Will come useful in the future.
github.com/ThePoShWolf/Curl2PS

"Analysis of an IRC based Botnet"

Tl;Dr: Mirai variant used to perform TCP Flood attacks. Don't seem to have port 22 or 23 scans for propagation unlike Mirai yet.

stratosphereips.org/blog/2019/

H4ckForJob/dirmap: 个高级web目录扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。

Another nice web directory scanning tool written in Python3.

github.com/H4ckForJob/dirmap

And btw Firefox mobile purposely don't hide the url bar on this given website when scrolling.

Show more
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!