Exploits Explained
» Link: Synack (https://www.synack.com/blog/exploits-explained-5-unusual-authentication-bypass-techniques/) |
Synack (https://www.synack.com/blog/exploits-explained-5-unusual-authentication-bypass-techniques/)
Exploits Explained: 5 Unusual Authentication Bypass Techniques
Authentication bypass vulnerabilities are common flaws that exist in modern web applications—but they’re not always easy to find.
Shodan Dorks
» Link: Medium (https://shahjerry33.medium.com/shodan-dorks-the-gods-eye-f224f9b3984f)
Cybersecurity Ecosystem
» Kutt.it/ECO (https://kutt.it/ECO) | Awesome Security
(https://github.com/fabacab/awesome-cybersecurity-blueteam)Think Before You Scan
» Kutt.it/QRC (https://kutt.it/QRC) | Personal Cybersecurity
(https://t.me/MegaPack/2681)Top OSINT & Infosec Resources
» Kutt.it/TOP (https://kutt.it/TOP) | Router Hacking
(https://secnigma.wordpress.com/2022...into-router-hacking-and-firmware-emulation/)~ @WHITEHAT | #OSINT #Security
Sites to Get Free Trial of VPS or RDP
clouding.io
www.digitalocean.com
www.vultr.com
developer.rackspace.com
www.cloudsigma.com
sadd.io
www.skysilk.com
www.ctl.io
vpswala.org
www.apponfly.com
gratisvps.net
my.letscloud.io
runwhenidle is a Linux utility that can automatically suspend the execution of a resource—intensive command when the user is in front of the computer, and resume it when he is absent.
github.com
Vulnerabilities online. Useful resources and databases for finding vulnerabilities.
• MITRE CVE (https://www.cve.org /) — database, search engine and vulnerability classifier.
• opencve.io (https://www.opencve.io/cve ) — a CVE search engine with the functionality of alerts about new threats.
• Vulnerability Database (https://vulners.com /) is a resource for finding information about current threats.
• sploitus (https://t.me/Social_engineering/1220 ) — a search engine for exploits and necessary tools tools.
• CVE Trends (https://t.me/Social_engineering/1957 ) is a resource that tracks the popularity of CVE in real time.
• GitHub Advisory Database (https://github.com/advisories ) — Vulnerability database, including CVE and security recommendations.
• Exploit DB (https://t.me/Social_engineering/1220 ) — A CVE-compatible archive of publicly available exploits and vulnerable software.
• Cloudvulndb (https://www.cloudvulndb.org /) is a project that accumulates vulnerabilities and security problems of cloud service providers.
• CVEDetails (https://www.cvedetails.com /), osv.dev (https://osv.dev/list ), VulDB (https://vuldb.com /), maltiverse (https://maltiverse.com/search ) — data sources about vulnerabilities and indicators of compromise.
• security.snyk.io (https://security.snyk.io /) and Mend Vulnerability Database (https://www.mend.io/vulnerability-database /), Vulncode-DB (https://www.vulncode-db.com /) is an open source vulnerability database.
• Rapid7 - DB (https://www.rapid7.com/db /) — a database that contains details of more than 180 thousand vulnerabilities and 4 thousand exploits. All exploits are included in Metasploit.
Open Source cyber security tools for professionals
1. Zeek: https://zeek.org/
Network Security Monitoring
2. ClamAV: https://www.clamav.net/
Antivirus
3. OpenVAS: https://www.openvas.org/
Vulnerability Scanner
4. TheHive: https://lnkd.in/e7aVCRUZ
Incident Response
5. PFSense: https://www.pfsense.org/
Security appliance (firewall/VPN/router)
6. Elastic: https://www.elastic.co/de/
Analytics
7. Osquery: https://www.osquery.io/
Endpoint visibility
8. Arkime: https://arkime.com/
Packet capture and search
9. Wazuh: https://wazuh.com/
XDR and SIEM
10. Alien Vault Ossim: https://lnkd.in/eShQt29h
SIEM
11. Velociraptor: https://lnkd.in/eYehEaNa
Forensic and IR
12. MISP project: https://lnkd.in/emaSrT57
Information sharing and Threat Intelligence
13. Kali: https://www.kali.org/
Security OS
14. Parrot: https://www.parrotsec.org/
Security OS
15. OpenIAM: https://www.openiam.com/
IAM
16. Yara: https://lnkd.in/eEJegEak
Patterns
17. Wireguard: https://www.wireguard.com/
VPN
18. OSSEC: https://www.ossec.net/
HIDS
19. Suricata: https://suricata.io/
IDS/IPS
20. Shuffler: https://shuffler.io/
SOAR
21. Phish Report: https://phish.report/
Anti Phishing
22. Graylog: https://lnkd.in/eAFuUmuw
Logmanagement
23. Trivy: https://lnkd.in/e7JxXStY
DevOps/IaC Scanning
24. OpenEDR: https://openedr.com/
EDR
25. Metasploit: https://lnkd.in/e4ECX-py
Pentest
26. NMAP: https://nmap.org/
Curriculum for Information Security Specialists
A hands-on curriculum to become a successful cybersecurity engineer based on roles such as Pentest, AppSec, Cloud Security, DevSecOps, etc. Includes free and paid resources, tools and concepts.
⏺ Link to GitHub (https://github.com/jassics/security-study-plan)
» Link: Synack (https://www.synack.com/blog/exploits-explained-5-unusual-authentication-bypass-techniques/) |
Synack (https://www.synack.com/blog/exploits-explained-5-unusual-authentication-bypass-techniques/)
Exploits Explained: 5 Unusual Authentication Bypass Techniques
Authentication bypass vulnerabilities are common flaws that exist in modern web applications—but they’re not always easy to find.
Shodan Dorks
» Link: Medium (https://shahjerry33.medium.com/shodan-dorks-the-gods-eye-f224f9b3984f)
Cybersecurity Ecosystem
» Kutt.it/ECO (https://kutt.it/ECO) | Awesome Security
(https://github.com/fabacab/awesome-cybersecurity-blueteam)Think Before You Scan
» Kutt.it/QRC (https://kutt.it/QRC) | Personal Cybersecurity
(https://t.me/MegaPack/2681)Top OSINT & Infosec Resources
» Kutt.it/TOP (https://kutt.it/TOP) | Router Hacking
(https://secnigma.wordpress.com/2022...into-router-hacking-and-firmware-emulation/)~ @WHITEHAT | #OSINT #Security
Sites to Get Free Trial of VPS or RDP VPS Cloud: Tu Servidor Virtual en España - ¡Pruébanos!
Hosting de Servidores Cloud VPS en la nube, Data Center en España, discos SSD, con Linux o Windows y facturados por horas. ¡Pruébalos!
clouding.io
DigitalOcean | Cloud Infrastructure for Developers
An ocean of simple, scalable cloud solutions.
www.digitalocean.com
SSD VPS Servers, Cloud Servers and Cloud Hosting
Vultr Global Cloud Hosting - Brilliantly Fast SSD VPS Cloud Servers. 100% KVM Virtualization
www.vultr.com
Rackspace Developer Center - Rackspace Developer Center
Cloud-as-a-Service | Join our global network with your own managed cloud solution
CloudSigma offers a unique fully managed cloud solution based on a revenue sharing business model. IT service providers around the globe are partnering with CloudSigma to derisk and accelerate their cloud strategies.
SADD | Landing
sadd.io
SkySilk Professional Cloud Hosting Services: Simple and Secure VPS
Scalable and simple SSD cloud server that gives you to host and deploy any solution for your needs. Build for professionals to deploy Linux cloud servers in seconds
www.skysilk.com
Cloud Computing Services and Managed Services - Hybrid Cloud and IT Solutions
Lumen Cloud offers secure enterprise cloud services ideal for business apps, IaaS, PaaS, SaaS, DBaaS and cloud management in a single platform.
www.ctl.io
Free VPS - Instant Activation (Best NVMe SSD Server 2024)
VPS Server with NVMe SSD, full root access, 24/7 Support, and DDoS protection. Signup without Credit Card for Windows And Linux Server.
vpswala.org
AppOnFly Windows VPS & Cloud Gaming
AppOnFlyWindows Virtual Private Server in a web browser in 30 seconds. Run Windows apps and Games on Mac, Android or iOS. Cloud Gaming, Forex Trading & Business apps 24/7. Anonymous surfing.
Free VPS Hosting | Try a 30-Day Trial | Servers at No Risk.
Free VPS Server with Fast NVME-SSD Disk Performance. Get Unlimited Resources Multiple Locations , Windows or Linux OS, 24/7 Support,No Credit Card Required.
gratisvps.net
LetsCloud - Cloud computing with SSD and high performance Worldwide
Everything to give you the best performance and get you closer to your customers.
runwhenidle is a Linux utility that can automatically suspend the execution of a resource—intensive command when the user is in front of the computer, and resume it when he is absent.
GitHub - perk11/runwhenidle
Contribute to perk11/runwhenidle development by creating an account on GitHub.
github.com
Vulnerabilities online. Useful resources and databases for finding vulnerabilities.• MITRE CVE (https://www.cve.org /) — database, search engine and vulnerability classifier.
• opencve.io (https://www.opencve.io/cve ) — a CVE search engine with the functionality of alerts about new threats.
• Vulnerability Database (https://vulners.com /) is a resource for finding information about current threats.
• sploitus (https://t.me/Social_engineering/1220 ) — a search engine for exploits and necessary tools tools.
• CVE Trends (https://t.me/Social_engineering/1957 ) is a resource that tracks the popularity of CVE in real time.
• GitHub Advisory Database (https://github.com/advisories ) — Vulnerability database, including CVE and security recommendations.
• Exploit DB (https://t.me/Social_engineering/1220 ) — A CVE-compatible archive of publicly available exploits and vulnerable software.
• Cloudvulndb (https://www.cloudvulndb.org /) is a project that accumulates vulnerabilities and security problems of cloud service providers.
• CVEDetails (https://www.cvedetails.com /), osv.dev (https://osv.dev/list ), VulDB (https://vuldb.com /), maltiverse (https://maltiverse.com/search ) — data sources about vulnerabilities and indicators of compromise.
• security.snyk.io (https://security.snyk.io /) and Mend Vulnerability Database (https://www.mend.io/vulnerability-database /), Vulncode-DB (https://www.vulncode-db.com /) is an open source vulnerability database.
• Rapid7 - DB (https://www.rapid7.com/db /) — a database that contains details of more than 180 thousand vulnerabilities and 4 thousand exploits. All exploits are included in Metasploit.
Open Source cyber security tools for professionals
1. Zeek: https://zeek.org/
Network Security Monitoring
2. ClamAV: https://www.clamav.net/
Antivirus
3. OpenVAS: https://www.openvas.org/
Vulnerability Scanner
4. TheHive: https://lnkd.in/e7aVCRUZ
Incident Response
5. PFSense: https://www.pfsense.org/
Security appliance (firewall/VPN/router)
6. Elastic: https://www.elastic.co/de/
Analytics
7. Osquery: https://www.osquery.io/
Endpoint visibility
8. Arkime: https://arkime.com/
Packet capture and search
9. Wazuh: https://wazuh.com/
XDR and SIEM
10. Alien Vault Ossim: https://lnkd.in/eShQt29h
SIEM
11. Velociraptor: https://lnkd.in/eYehEaNa
Forensic and IR
12. MISP project: https://lnkd.in/emaSrT57
Information sharing and Threat Intelligence
13. Kali: https://www.kali.org/
Security OS
14. Parrot: https://www.parrotsec.org/
Security OS
15. OpenIAM: https://www.openiam.com/
IAM
16. Yara: https://lnkd.in/eEJegEak
Patterns
17. Wireguard: https://www.wireguard.com/
VPN
18. OSSEC: https://www.ossec.net/
HIDS
19. Suricata: https://suricata.io/
IDS/IPS
20. Shuffler: https://shuffler.io/
SOAR
21. Phish Report: https://phish.report/
Anti Phishing
22. Graylog: https://lnkd.in/eAFuUmuw
Logmanagement
23. Trivy: https://lnkd.in/e7JxXStY
DevOps/IaC Scanning
24. OpenEDR: https://openedr.com/
EDR
25. Metasploit: https://lnkd.in/e4ECX-py
Pentest
26. NMAP: https://nmap.org/
Curriculum for Information Security SpecialistsA hands-on curriculum to become a successful cybersecurity engineer based on roles such as Pentest, AppSec, Cloud Security, DevSecOps, etc. Includes free and paid resources, tools and concepts.
⏺ Link to GitHub (https://github.com/jassics/security-study-plan)
