Due to ongoing outage at Linode, multiple services are currently offline. We hope to be back up and fully operational in the next few hours.

Announcing the JA4 Database! ja4db.com Under *very* active development but ready for use. Expect orders of magnitude more data and JA4 combinations over the next few months. I recommend downloading the DB and loading up in your data explorer of choice for now. Everyone has a different use-case for JA4 so we're trying to make it easy to find what you're looking for. Below are some examples you can do in a data explorer like Elastic. JA4 to JA4H JA4 to User-Agent String JA4 to Application JA4 to Library JA4T to Device JA4X to Device JA4X to Application JA4X to Issuers JA4X to JA4T etc. etc. etc. There are so many combinations and use cases for each. Please send me any feedback, improvement suggestions.

Build a local Nmap Dashboard with Grafana hackertarget.com/nmap-dashbo…

Nmap 7.95 released. Loads of new OS and service fingerprints included. seclists.org/nmap-announce/2…

pcap did what - a mini project to visualise zeek logs with grafana github.com/hackertarget/pcap…

🚨IMPORTANT🚨 We have observed that the implant placed on tens of thousands of Cisco devices has been altered to check for an Authorization HTTP header value before responding [1/3]

! ALERT ! A vulnerability has been found in multiple versions of Fortinet Fortigate devices when SSL-VPN enabled. ACSC recommends organisations apply the available patches immediately, and investigate for signs of compromise. For more details visit cyber.gov.au/about-us/view-a…

Learning kubernetes

If you're investigating an organization's internet footprint, you need to check these data sources out! - @shodanhq - @censysio - @binaryedgeio - @securitytrails - @hackertarget - @host - @viewdns

.. that I was able to help people uncover threats, prevent further damage, determine the extent of the compromise, kick out the bad guys & ruin their day Our industry has significant demand for detection engineers that support DFIR & SOC teams Learn YARA, Suricata, Sigma, Zeek!

And now it is time for some lighthearted humor 🤣

What people seem to miss: The #Log4Shell vulnerability isn't just a RCE 0day. It's a vulnerability that causes hundreds and thousands of 0days in all kinds of software products. It's a 0day cluster bomb.

List of products / vendors with log4j response & info. gist.github.com/SwitHak/b66d…

In case you missed the news there is a vulnerability in log4j. It is a bad one. If you run java in your org you likely have work to do.

More modules! Just merged two new modules from @thetechr0mancer - Sublist3r and DNSDumpster (from the great @hackertarget team). Stopped counting how many modules we have now, but it's over 200. Reply with any we are missing! On master: github.com/smicallef/spiderf… #OSINT

Everyone's heard of #CobaltStrike. But do you know how it works? Don't worry. @ramen0x3f has you covered. Read the blog post 👉 mndt.info/3Duxg9Q

Extending DetectionLab. A Vagrantfile to deploy Ubuntu with #osquery and ossec pre-configured to send logs to #Splunk on Logger. github.com/hackertarget/Dete…

The @DetectionLab project by Chris Long is well worth your time getting to know. Here is a short getting started guide. hackertarget.com/cyber-secur…

osquery is great for system visibility. Benefits for Security OPS. hackertarget.com/osquery-lin…

20 Open Source Security Tools for Blue Teams (updated) hackertarget.com/10-open-sou…