Cobalt Strike, a Defender’s Guide – Part 2
The DFIR Report Real Intrusions by Real Attackers, The Truth Behind the Intrusion Our previous report on Cobalt Strike focused on the most frequently used capabilities that we had observed. In this report, we will focus on the network traffic it produced, and provide some easy wins defenders can be on the look out for to detect beaconing activity. We cover topics such as domain fronting, SOCKS pro
Easily Identify Malicious Servers on the Internet with JARM - Salesforce Engineering Blog
TL;DR JARM is an active Transport Layer Security (TLS) server fingerprinting tool. Scanning with JARM provides the ability to identify and group malicious servers on the Internet. JARM is available here: https://github.com/salesforce/jarm JARM fingerprints can be used to: Quickly verify that all servers in a group have the same TLS configuration.Group disparate servers on the internet by configura
5 ways to Banner Grabbing
Grabbing a banner is the first and apparently the most important phase in both the offensive and defensive penetration testing environments. In this article, we’ll take a tour to “Banner Grabbing†and learn how the different command-line tools and web interfaces help us to grab the banner of a webserver and its running services. Table of Content Introduction Why Banner Grabbing? Types of Banner Gr
Test a TLS server on any port
The Transport Layer Security (TLS) is an internet protocol to protect data when transmitted. It is the "S" in HTTPS but can be used for more than just websites, like secure file transfer or by encrypted e-mail transmission. Initially it was known as SSL but was actually renamed TLS over twenty years ago. Getting TLS right is not easy. Expired certificates, outdated SSL versions, unpatched vulnerab
GitHub - skavngr/rapidscan: :new: The Multi-Tool Web Vulnerability Scanner.
one-step installation. executes a multitude of security scanning tools, does other custom coded checks and prints the results spontaneously. some of the tools include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, amass, nikto etc executes under one entity. saves a lot of time, indeed a lot time!. checks for same vulnerabilities with multiple tools to help you zero-in on fals
最新ã‹ã¤æœ‰åŠ¹ãªãƒ—ãƒã‚シサーãƒä¸€è¦§ - The Latest Active Proxy Servers List
リスト㯠1 時間毎ã«æ›´æ–°ã•ã‚Œã¾ã™ã€‚ - The list below will be updated in each hour. "Last Checked of Alive" ã¯ã€ã‚¯ãƒãƒ¼ãƒ©ãŒã‚‚ã£ã¨ã‚‚最近ã«ã‚µãƒ¼ãƒãŒç”Ÿãã¦ã„ã‚‹ã“ã¨ã‚’確èªã§ããŸæ™‚刻ã§ã™ã€‚ - "Last Checked of Alive" column indicates the time which our crawler made sure a responce to be active. "Active Count" ã¯ã€é€£ç¶šã—ã¦ã‚µãƒ¼ãƒã®ç¨¼å‹•ãŒç¢ºèªã§ããŸå›žæ•°ã§ã™ã€‚ - "Active Count" column indicates the continuous counts of which the server is active. Hostname or IP Address Proxy Port Last Che
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
6 Banner Grabbing Tools with Examples [100% Working] | GoLinuxCloud
Host Discovery / Network Mapping | The Hive
Information Gathering | VK9 Security
GitHub - Qazeer/InfoSec-Notes: InfoSec Notes
GitHub - Qazeer/InfoSec-Notes at fbdf38d90ddb2c843468f7e3c8f2ff830093cf5a
InfoSec Notes | InfoSec Notes
GitHub - salesforce/jarm
How I found 130+ Sub-domain Takeover vulnerabilities using Nuclei
安全工具集 - zha0gongz1 - åšå®¢å›
handbook/content/information-gathering/subdomain-enumeration.md at 398dc3bba597812059aa2ae556e1541b2ed0b109 · 0xffsec/handbook
ã¯ã¦ãªãƒ–ックマークã®ãŠæ°—ã«å…¥ã‚Šãƒ¦ãƒ¼ã‚¶ãƒ¼ã§ã€æ—¢ã«ã‚¢ã‚¯ãƒ†ã‚£ãƒ´ã§ã¯ãªã„ユーザーを調ã¹ã‚‹ ref: http://qiita.com/esehara@github/items/d595c89c52a81052bf42
GitHub - wavvs/lazydns: WIP
hackXarsenal/hunter-recon at master · devanshbatham/hackXarsenal · GitHub
GitHub - projectdiscovery/httpx: httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
{{#tags}}- {{label}}
{{/tags}}