Subdomain enumeration is an essential OSINT technique. Amass and Subfinder are well-known enumeration tools, but they have limitations. Explore this comprehensive database with over 200 sources.

https://osintteam.com/passive-subdomain-enumeration-uncovering-more-subdomains-than-subfinder-amass/

This is kinda cool - my #Azure #VaultRecon vulnerability (that #Microsoft say is by design and is not a vulnerability) is now listed in the #CloudVulnDB #SecurityResearch —#CloudSecurity #KeyVault #Enumeration #SharingIsSecuring #WeAllWinTogether

https://www.cloudvulndb.org/azure-vault-recon-keyvault-secret-metadata-control-plane-exfiltration

Finally finished implementing the functionality of the PS function for #Enumeration that I've been working on since I saw some flaws in the currently existing tools while studying for #CRTE

It's focused on trying to show interesting ACLs without overwhelming you with lots of useless information. There's probably something out there that does that already (Find-InteterestingDomainAcl is supposed to do the trick but it's still too verbose for me). However, I needed an excuse to dive deeper into ACLs

After cleaning the current monolith of PS scripting and allowing @maikel to peer review it, I'll publish it

In this week's Linux Update newsletter, Chris Binnie looks at the enumeration tools feroxbuster and ffuf for automating search during a cyberattack
https://www.linux-magazine.com/Issues/2025/290/Enumerating-Resources
#security #tools #feroxbuster #ffuf #enumeration #cyberattack #automation #fuzzing

Title of the day: "generatingfunctionology"

https://www2.math.upenn.edu/~wilf/gfologyLinked2.pdf

who spies on you more - ms, apple, google or amazon - ai surveillance content from rob braxman
https://www.youtube.com/watch?v=QwxaRPuJkyU
#tracking #capital surveillance #enumeration #ever cookie

Oh boy. A simple #enumeration #attack could be used to read credit offers at #CHECK24 and #verivox, two big German portal offering a lot of things around comparing credit offers, insurance contracts and other things.

This is such a trivial mistake, it nearly feels deliberate. This should never ever happend. And for sure this should have be a red flag in any #securityaudit. I wonder how they can state "No indications of miss use.". #cybersecurity

Article in German:
https://correctiv.org/aktuelles/datenschutz/2024/09/17/kreditvermittlung-bei-check24-und-verivox-kritische-datenlecks-entdeckt/

Did you know:

A large part of the hacker's workflow is done through open-source intelligence (OSINT) and enumeration.

Tools like Shodan can help map out your digital footprint.

TheHarvester - Your New Best Friend in Recon! This tool gathers emails, names, and other info from public sources. Perfect for beginners in reconnaissance. #TheHarvester #Recon #Infosec #osint #enumeration

I saw this passphrase wordlist project popup. Just like to remind folks that passphrase passwords (ex: correcthorsebatterystapler), even with character substitution, can be enumerated and that GPUs will eventually be able to bruteforce the inevitable password dumps from data breaches. In fact a certain someone wrote up a blog post two years ago showing how you could enumerate all permutations of passphrases using Ruby to build your own custom passphrase wordlists; which of course was met with immediate poo-pooing upon.
#wordlists #passphrase #enumeration #ruby

Does anyone have a directory enumeration wordlist that's optimized to find common directories quickly, and doesn't have junk in it like 490541629456ea9c7e1c31 or Oasis - The Complete Discography.
#dirbusting #enumeration #wordlist

https://youtu.be/1O_47ZZ_J_g?si=FJti3ds0KCeVUrZO

@blackpointus's CEO John Murchison talks about the surprising and uncommon approach #ALPHV #BlackCat #ransomware takes from initial #intrusion and #enumeration all the way to #exfiltration; namely, a decided reliance on the #networking and #IT tools available to them as opposed to a reliance on #malware. He covers how their approach is able to evade #EDR, the way they are similar to nation state actors in their level of sophistication, and notes what a large attack surface #microsoft365 has relative to the ability to properly #harden and #secure the environment. He also covers how quickly the #Rust ransomware #payload is able to take over.

Definitely worth a watch given the recent attack on #ChangeHealthcare.

New blog post: Preparing a National Sampling Frame: capacity strengthening in Cameroon

A report on our recent #preEA and #QGIS workshop with #ins_cameroun

#geospatial #census #statistics #Enumeration #MINRESI_CM

https://www.worldpop.org/blog/preparing-a-national-sampling-frame-capacity-strengthening-in-cameroon/

Weekend project: try to solve some #combinatorics #enumeration problems by reduction to #SharpSAT. (Which, to be clear, I thought was unlikely to succeed!)

I picked c2d http://reasoning.cs.ucla.edu/c2d/ because it scored highly in the 2020 Model Counting Competition https://arxiv.org/abs/2012.01323 but I am not sure this is the same version. The one I got is dated 2005 and was 32-bit only. It ran out of memory on this 364-variable 942-clause instance (corresponding to 6 playing cards chosen from a standard 52-card deck.)

Looking at the 2023 competition instead, I think I should try SharpSAT-TD https://github.com/Laakeri/sharpsat-td but it is not as well documented. For example, I don't know if it supports the "eclauses" (exactly-one clauses) extension of the Dimacs CNF format.

Enumeration - I have just completed this room! Check it out: https://tryhackme.com/room/enumerationpe #tryhackme #security #enumeration #processes #services #post-exploitation #users #enumerationpe via @RealTryHackMe

All sets of integer lattice points symmetric along the X and Y axes, and connected allowing diagonals, of size 14 and 15.

Code here: https://gist.github.com/mgritter/8cfc41a7325f85b75c029f77915a2f44

Inspired by this Quora question, https://www.quora.com/On-an-XY-array-of-lattice-points-how-many-patterns-of-N-connected-points-are-mirror-symmetric-in-both-X-and-Y-Adjacency-connections-are-1-in-X-1-in-Y-or-1-1-in-X-Y-I-do-not-know-the-answer, although I misinterpreted what he was asking for. That was closer to all polyominoes, allowing diagonal connections, which are horizontally and vertically symmetric. But I don't allow the line of symmetry to run down a half-integer value.

Lista użytkowników Wordpress dostępna przez API ( https://nfsec.pl/pentest/6215 ) #wordpress #user #enumeration #badbot #twittermigration

Point-in-Time count shows homeless numbers up over 9% in Victoria, BC region

This year’s count identified 1,665 people who were experiencing homelessness, versus 1,523 in 2020

Homeless include many seniors, Indigenous and people with disabilities

https://www.timescolonist.com/local-news/point-in-time-count-shows-homeless-numbers-up-slightly-7366592

There has to be a better way, right? Brute force can’t be the best way to enumerate zones of subdomains. #pentesting #hacking #dns #zone #enumeration #hackthebox

25 Recon Tools for Hacking & BugBounty