📘 Breach Report Collection A collection of companies that disclose adversary TTPs after they have been breached, with links to the reports By @BushidoToken #cybersecurity #blueteam github.com/BushidoUK/Breach-…

🔍 Question of the day: Which tools are your go-to choices for bug bounty automation? 1) amass 2) subfinder 3) github-subdomains 4) findomain 5) assetfinder 6) securitytrails 7) Rapid DNS 8) crt(.)sh 9) dnsx 10) massdns 11) puredns 12) httpx 13) naabu 14) RustScan 15) katana 16) hakrawler 17) wayback 18) gau 19) waymore 20) nuclei 21) Intelx 22) Short Name Scanner 23) axiom 24) ShadowClone 25) anew 26) qsreplace 27) chaos 28) notify 29) ffuf 30) gotator 31) gowitness 32) dorks_hunter 33) dehashed 34) dirbuster 35) LinkFinder 36) Param Miner 37) Arjun 38) clairvoyance 39) sqlmap 40) Ghauri 41) XSStrike 42) dalfox 43) dnsReaper Let me know If I've missed out on any other Important ones :) #BugBountyTips #HackerOne #BugCrowd #SecurityTips #InfoSec #CyberSecurity

Windows Directories For SOC Analysts

三年内攻防演练实战总结，200 必修高危漏洞清单

很棒的网络安全手册 github.com/0xsyr0/Awesome-Cy…… #infosec #pentesting #redteam

poweshell bypass AV 对抗的其实都是windows AMSI，基本高级点的杀软厂商接入了AMSI接口 xz.aliyun.com/t/11097 github.com/subat0mik/whoamsi…

## Data URLs 功能是将小文件嵌入到文档中。 data:,Hello, World! data:text/plain;base64,SGVsbG8sIFdvcmxkIQ== data:text/html,

Hello, World!

data:text/html, developer.mozilla.org/en-US/…

Matrix👨‍💻 while :;do echo $LINES $COLUMNS $(( $RANDOM % $COLUMNS)) $(printf "\U$(($RANDOM % 500))");sleep 0.05;done|gawk '{a[$3]=0;for (x in a){o=a[x];a[x]=a[x] 1;printf "\033[%s;%sH\033[2;32m%s",o,x,$4;printf "\033[%s;%sH\033[1;37m%s\033[0;0H",a[x],x,$4;if (a[x]>=$1){a[x]=0;}}}'

Zenbleed攻击从AMD Zen2处理器窃取敏感数据。 谷歌安全研究人员Tavis Ormandy发现了一个影响AMD Zen2 CPU处理器的安全漏洞——Zenbleed，漏洞CVE编号为CVE-2023-20593。攻击者利用该漏洞可以以30Kb/s的速度从CPU中窃取密码、加密密钥等敏感数据。 参考及来源：bleepingcomputer.com/news/se…

Project Zero: 2022 0-day In-the-Wild Exploitation…so far googleprojectzero.blogspot.c…

LFI-FINDER - 专注于检测本地文件包含漏洞 （LFI） kitploit.com/2023/07/lfi-fin…

Spring漏洞综合利用工具——Spring_All_Reachable ift.tt/HpPNj7R ift.tt/nFk3bcR

DCOM DLL Hijacking We recently discovered the following DCOM classes that are subject to DLL hijacking. If an attacker can write to the associated path, they can move laterally by instantiating the COM object. Some classes have additional DLL hijackin… t.me/hackgit/9362

JPMorgan, Wells Fargo, and other major banks will use the new Federal Reserve's 'FedNow' instant payment system. Let's take a look at how it works. Federal Reserve launched FedNow instant payment service on 20 Jul. It allows retail clients to send and receive money within seconds and it is available 24x7. 🔹 What does this mean? 1. Peer-to-peer payment services in the private sector like Venmo or PayPal act as intermediaries between banks, so we need to leverage payment schemes for clearing and Fed systems for settlement. However, FedNow can directly settle the transactions in central bank accounts. [1] 2. Fedwire, another real-time payments system, will still function in large-value or low-value payments. FedNow is not designed to replace Fedwire. The diagram below shows a comparison between FedNow and ACH (Automated Clearing House), which is used in domestic low-value payments. 🔹 FedNow [2] Step 0 - Bob wants to pay Alice $1000. Step 1 - Bob initiates a payment transaction using FedNow. Step 2 - The sender’s bank submits a payment message to FedNow. Step 3 - The FedNow service validates the payment message. Step 4 - The FedNow service sends the payment message to the receiver’s bank, where it is confirmed. Step 5 - The receiver’s bank replies to FedNow, confirming that the payment is accepted. Step 6 - The FedNow service debits and credits the designated accounts of the sender and receiver’s banks. Step 7 - The FedNow service notifies the sender’s bank and receiver’s bank that the settlement is complete. Step 8 - The banks debit and credit the bank accounts. 🔹 ACH Step 1 - Bob receives authorization from Alice that he can deduct from Alice’s account. Step 2 - The payment transaction is sent to the receiver’s bank. Step 3 - The bank collects files in batches and sends them to the ACH operator. Step 4 - The ACH operator sends the files to the sender’s bank. Step 5 - The sender’s bank pulls funds from Alice’s account. Step 6 - Withdrawn funds are sent to the ACH operator. Step 7 - The ACH operator distributes funds to Bob’s bank. Step 8 - Bob receives the fund. Step 9 - The clearing instructions are sent to Fedwire. Step 10 - Fedwire sends clearing broadcasts to banks for settlements. Over to you: What types of instant payment systems does your country provide? – Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): bit.ly/42Ex9oZ

An interesting find: @Wise publicizes the compensation ranges for all of their engineering levels on their career site. Here is how they add up: (Cont'd)

此 Google 云端硬盘💽包含 200 多个文档： - 黑客攻击 - 红队 - 蓝队 - 威胁追踪 - Python 渗透测试 - 漏洞赏金 - 信息安全认证 - 路线图 drive.google.com/drive/folde…

Google Dork - Open Redirect inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:target[.]com

Proxy-checker ProxyChecker Made in NodeJS github.com/rawbypa/proxychec… #infosecurity