Use Mitaka to Perform In-Browser OSINT to Identify Malware, Sketchy Sites, Shady Emails & More

~ Dade Murphy ~ Leave a comment

Null Byte « WonderHowTo-- Web browser extensions are one of the simplest ways to get starting using open-source intelligence tools because they're cross-platform. So anyone using Chrome on Linux, macOS, and Windows can use them all the same. The same goes for Firefox. One desktop browser add-on, in particular, makes OSINT as easy as right-clicking … Continue reading Use Mitaka to Perform In-Browser OSINT to Identify Malware, Sketchy Sites, Shady Emails & More

Geo-Recon – An OSINT CLI Tool Desgined To Fast Track IP Reputation And Geo-locaton Look Up For Security Analysts

~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.SetupThis tool is compactible with:Any Linux Operating System (Debian, Ubuntu, CentOS)TermuxLinux Setupgit clone https://github.com/radioactivetobi/geo-recon.gitcd geo-reconchmod +x geo-recon.pypip install -r requirements.txtTermux Setupgit clone https://github.com/radioactivetobi/geo-recon.gitcd geo-reconchmod +x geo-recon.pypip install -r requirements.txtSample Syntax Linuxroot@kali:~/geo-recon# python geo-recon.py 138.121.128.19░██████╗░███████╗░█████╗░  ██████╗░███████╗░█████╗░░█████╗░███╗░░██╗██╔════╝░██╔════╝██╔══██╗  ██╔══██╗██╔════╝██╔══██╗██╔══██╗████╗░██║██║░░██╗░█████╗░░██║░░██║  ██████╔╝█████╗░░██║░░╚═╝██║░░██║██╔██╗██║██║░░╚██╗██╔══╝░░██║░░██║  ██╔══██╗██╔══╝░░██║░░██╗██║░░██║██║╚████║╚██████╔╝███████╗╚█████╔╝  ██║░░██║███████╗╚█████╔╝╚█████╔╝██║░╚███║░╚═════╝░╚══════╝░╚════╝░  ╚═╝░░╚═╝╚══════╝░╚════╝░░╚════╝░╚═╝░░╚══╝ By … Continue reading Geo-Recon – An OSINT CLI Tool Desgined To Fast Track IP Reputation And Geo-locaton Look Up For Security Analysts

PCI DSS compliance: why it’s important and how to adhere

~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- PCI DSS is short for Payment Card Industry Data Security Standard. Every party involved in accepting credit card payments is expected to comply with the PCI DSS. The PCI Standard is mandated by the card brands, but administered by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to … Continue reading PCI DSS compliance: why it’s important and how to adhere

How a badly configured DB allowed us to own an entire cloud of over 25K hosts (part 2/2)

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- On part 1 we briefly explained how we got administrator privileges to almost all BMC devices hosting a native Openstack cloud. In this part we’ll show how we used these to achieve complete compromise.If you’ve read up on BMC devices, by now you’ll know that they allow you toMonitorRebootReinstallKVMthe attached devices. This … Continue reading How a badly configured DB allowed us to own an entire cloud of over 25K hosts (part 2/2)

Bbrecon – Python Library And CLI For The Bug Bounty Recon API

~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- Bug Bounty Recon (bbrecon) is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet "safe harbor" attack surface, excluding out-of-scope targets.It comes with an ergonomic CLI and Python library.This repository holds the CLI and Python library. Please see … Continue reading Bbrecon – Python Library And CLI For The Bug Bounty Recon API

A juicy endpoint on the Taboola leads to reveal internal IPs and XSS

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- I usually read news about security everyday, One of these websites is ZDNet. There is an space in the bottom of page for recommending ads by the Taboola.As a security enthusiastic, I always take a look at somewhere I can 😁Just right-click on ads’s picture and find a juicy endpoint by Inspect Element. … Continue reading A juicy endpoint on the Taboola leads to reveal internal IPs and XSS

(Live) Webinar – XDR and Beyond with Autonomous Breach Protection

~ Dade Murphy ~ Leave a comment

The Hacker News-- Anyone paying attention to the cybersecurity technology market has heard the term XDR - Extended Detection and Response. XDR is a new technology approach that combines multiple protection technologies into a single platform. All the analyst firms are writing about it, and many of the top cybersecurity companies are actively moving into … Continue reading (Live) Webinar – XDR and Beyond with Autonomous Breach Protection

Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely

~ Dade Murphy ~ Leave a comment

The Hacker News-- Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. The flaws, which were uncovered by Norwegian cybersecurity firm Watchcom during a pentest, affect all … Continue reading Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely