رفتن به مطلب

Root SmasheЯ

مدیریت کل سایت
  • تعداد ارسال ها

    82
  • تاریخ عضویت

  • آخرین بازدید

  • روز های برد

    2

آخرین بار برد Root SmasheЯ در 18 بهمن 1398

Root SmasheЯ یکی از رکورد داران بیشترین تعداد پسند مطالب است !

اعتبار در سایت

7 Neutral

2 دنبال کننده

درباره Root SmasheЯ

  • دیگر گروه ها ISG Defender Team

آخرین بازدید کنندگان نمایه

152 بازدید کننده نمایه
  1. Cybersecurity Attacks – Red Team Strategies Who this book is for This is one of the few detailed cybersecurity books for penetration testers, cybersecurity analysts, security leaders and strategists, as well as red team members and chief information security officers (CISOs) looking to secure their organizations from adversaries. The program management part of this book will also be useful for beginners in the cybersecurity domain. To get the most out of this book, some penetration testing experience, and software engineering and debugging skills are necessary. Table of Contents Establishing an Offensive Security Program Managing an Offensive Security Team Measuring an Offensive Security Program Progressive Red Team Operations Situational Awareness - Mapping Out the Homefield Using Graph Databases Building a Comprehensive Knowledge Graph Hunting for Credentials Advanced Credential Hunting Powerful Automation Protecting the Pen Tester Traps, Deceptions, and Honeypots Blue Team Tactics for the Red Team By Johann Rehberger Packt Publishing 2020-03-31 524 pages Packt.Cybersecurity.Attacks.Red.Team.Strategies.1838828869.pdf
  2. Root SmasheЯ

    Bug Bounty Hunting Essentials 2018

    Bug Bounty Hunting Essentials What you will learn Learn the basics of bug bounty hunting Hunt bugs in web applications Hunt bugs in Android applications Analyze the top 300 bug reports Discover bug bounty hunting research methodologies Explore different tools used for Bug Hunting Who this book is for This book is targeted towards white-hat hackers, or anyone who wants to understand the concept behind bug bounty hunting and understand this brilliant way of penetration testing. This book does not require any knowledge on bug bounty hunting. Table of Contents Basics of Bug Bounty Hunting How to write a Bug Bounty Report SQL Injection Vulnerabilities Cross Site Request Forgery Application Logic Vulnerabilities Cross Site Scripting Attacks SQL Injection Open Redirect Vulnerabilities Sub Domain Takeover XML External Entity Vulnerability Template Injection Top Bug Bounty Hunting tools Top Learning resources By Carlos A. Lozano, Shahmeer Amir Packt Publishing 2018-11-30 270 pages Packt.Bug.Bounty.Hunting.Essentials.1788626893.epub
  3. Root SmasheЯ

    PRAXIS | Cyberpunk Mix

    میکس PRAIX سبک: Electro/Cyberpunk مدت زمان: 44:54 دقیقه THEY.I - Vegas Mode [Hidden Content] [Hidden Content] 03:10 BETTOGH - REED [Hidden Content] [Hidden Content] 06:39 Chris Keya - Circuitry [Hidden Content] [Hidden Content] 10:22 Introspect - Come Up [Hidden Content] [Hidden Content] 15:10 Extra Terra - Neural Link [Hidden Content] 18:37 Inexedra - The Cleaner [Hidden Content] [Hidden Content] 26:05 Ray Gun Hero - Midnight Havoc [Hidden Content] [Hidden Content] 30:35 Signal Void - Ultra Violet [Hidden Content] [Hidden Content] 36:45 Ferus Melek - Dune Riders [Hidden Content] [Hidden Content] 40:39 Oscillian - Activate [Hidden Content] [Hidden Content] Download: [Hidden Content]
  4. Root SmasheЯ

    The Hacker Playbook 3/2/1

    The Hacker Playbook Practical Guide To Penetration Testing Just as a professional athlete doesn’t show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either. The Hacker Playbook provides them their own game plans. Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the “game” of penetration hacking features hands-on examples and helpful advice from the top of the field. Year: 2014 ISBN 10: 1494932636 File: PDF, 26.09 MB دانلود کتاب The Hacker Playbook Practical Guide To Penetration Testing
  5. Root SmasheЯ

    The Hacker Playbook 3/2/1

    The Hacker Playbook 2 Practical Guide To Penetration Testing Just as a professional athlete doesn’t show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either. The Hacker Playbook provides them their own game plans. Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the “game” of penetration hacking features hands-on examples and helpful advice from the top of the field. Through a series of football-style “plays,” this straightforward guide gets to the root of many of the roadblocks people may face while penetration testing—including attacking different types of networks, pivoting through security controls, privilege escalation, and evading antivirus software. From “Pregame” research to “The Drive” and “The Lateral Pass,” the practical plays listed can be read in order or referenced as needed. Either way, the valuable advice within will put you in the mindset of a penetration tester of a Fortune 500 company, regardless of your career or level of experience. This second version of The Hacker Playbook takes all the best “plays” from the original book and incorporates the latest attacks, tools, and lessons learned. Double the content compared to its predecessor, this guide further outlines building a lab, walks through test cases for attacks, and provides more customized code. Whether you’re downing energy drinks while desperately looking for an exploit, or preparing for an exciting new job in IT security, this guide is an essential part of any ethical hacker’s library—so there’s no reason not to get in the game. Year: 2015 Pages: 398 File: PDF, 23.16 MB دانلود The Hacker Playbook 2
  6. Root SmasheЯ

    The Hacker Playbook 3/2/1

    The Hacker Playbook 3: Practical Guide To Penetration Testing Back for the third season, The Hacker Playbook 3 (THP3) takes your offensive game to the pro tier. With a combination of new strategies, attacks, exploits, tips and tricks, you will be able to put yourself in the center of the action toward victory. The main purpose of this book is to answer questions as to why things are still broken. For instance, with all the different security products, secure code reviews, defense in depth, and penetration testing requirements, how are we still seeing massive security breaches happening to major corporations and governments? The real question we need to ask ourselves is, are all the safeguards we are putting in place working? This is what The Hacker Playbook 3 - Red Team Edition is all about. By now, we are all familiar with penetration testing, but what exactly is a Red Team? Red Teams simulate real-world, advanced attacks to test how well your organization's defensive teams respond if you were breached. They find the answers to questions like: Do your incident response teams have the right tools, skill sets, and people to detect and mitigate these attacks? How long would it take them to perform these tasks and is it adequate? This is where you, as a Red Teamer, come in to accurately test and validate the overall security program. THP3 will take your offensive hacking skills, thought processes, and attack paths to the next level. This book focuses on real-world campaigns and attacks, exposing you to different initial entry points, exploitation, custom malware, persistence, and lateral movement--all without getting caught! This heavily lab-based book will include multiple Virtual Machines, testing environments, and custom THP tools. So grab your helmet and let's go break things! For more information, visit [Hidden Content]. Year: 2018 Publisher: Secure Planet LLC ISBN 10: 1980901759 ISBN 13: 9781980901754 File: EPUB, 4.88 MB دانلود کتاب The Hacker Playbook 3
  7. Root SmasheЯ

    KILLSHOT-A Penetration Testing Framework

    A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner Why KillShot ? You Can use this tool to Spider your website and get important information and gather information automaticaly using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and to find the vulnerability in your website using Cms Exploit Scanner && WebApp Vul Scanner Also You can use killshot to Scan automaticly multiple type of scan with nmap and unicorn . And With this tool You can Generate PHP Simple Backdoors upload it manual and connect to the target using killshot This Tool Bearing A simple Ruby Fuzzer Tested on VULSERV.exe And Linux Log clear script To change the content of login paths Spider can help you to find parametre of the site and scan xss and sql Download KILLSHOT
  8. Root SmasheЯ

    PeaceMaker Threat Detection

    PeaceMaker Threat Detection is a kernel-mode utility designed to detect a variety of methods commonly used in advanced forms of malware. Compared to a stereotypical anti-virus that may detect via hashes or patterns, PeaceMaker targets the techniques malware commonly uses in order to catch them in the act. Furthermore, PeaceMaker is designed to provide an incredible amount of detail when a malicious technique is detected, allowing for effective containment and response. Features View what code started a process (stack trace). View what code loaded an image into a process (stack trace). Detect unmapped (hidden) code via Stack Walking common operations such as: Process Creation Image Load Thread Creation Detect remote thread creation. Detect parent process ID spoofing. Detect threat creation on unmapped (hidden) code. Block basic tamper operations on the GUI Client. Block filesystem/registry write, delete, or execute operations that violate a user-specified filter. Detect filesystem/registry write, delete, or execute operations that violate a user-specified filter. Logs the source process and stack of the operation. Filter for known false positives. Download PeaceMaker Threat Detection
  9. Root SmasheЯ

    راه اندازی بخش آموزش

    باسلام با توجه به کمبود مطالب آموزش به فارسی، گروه امنیتی ایران در حال راه اندازی بخشی برای آموزش مسایل امنیتی به زبان فارسی می باشد. مطالب آموزشی از ۲ دید کاربران حرفه ای و کاربران تازه وارد دسته بندی شده اند. برای راه اندازی این بخش نیاز است تا نیازهایی که اولویت بیشتری دارند را شناسایی کنیم. به همین علت لطفا با شرکت در نظرسنجی موجود، در راستای ارتقا سطح دانش فنی موجود، کمک نمایید. لطفا در صورت تمایل نیز نظر خود را در همین تاپیک اعلام فرمایید. با تشکر
  10. Root SmasheЯ

    CyberScan v1.1.1

    CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country ...) Download CyberScan v1.1.1
  11. The script will use msfvenom (metasploit) to generate shellcode in diferent formats ( C# | python | ruby dll | msi | hta-psh | docm | apk | macho | elf | deb | mp4 | etc ) injects the shellcode generated into one template (example: python) "the python funtion will execute the shellcode into ram" and uses compilers like gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file. It also starts a multi-handler to recive the remote connection (shell or meterpreter session). 'venom generator' reproduces some of the technics used by Veil-Evasion.py, unicorn.py, powersploit.py, etc.. Download Venom | Size:70MB
  12. Root SmasheЯ

    Meterpeter - Powershell Backdoor

    meterpeter - This PS1 starts a listener Server on a Windows|Linux attacker machine and generates oneliner PS reverse shell payloads obfuscated in ANCII|BXOR with a random secret key and another layer of Characters/Variables Obfuscation to be executed on the victim machine (The payload will also execute AMSI reflection bypass in current session to evade AMSI detection while working). You can also recive the generated oneliner reverse shell connection via netcat. (in this case you will lose the C2 functionalities like screenshot, upload, download files, Keylogger, AdvInfo, PostExploitation, etc) meterpeter payloads/droppers can be executed using User or Administrator Privileges depending of the cenario (executing the Client as Administrator will unlock ALL Server Modules, amsi bypasses, etc.). Droppers will mimic a Fake KB Security Update while in background Downloads and executes our Client in $env:tmp trusted location, with the intent of evading Windows Defender Exploit Guard. meterpeter payloads|droppers are FUD (dont test samples on VirusTotal). Download C2 Powershell Command & Control Framework with BuiltIn Commands
  13. Root SmasheЯ

    ir-rescue | comprehensively collect host forensic data

    A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response. ir-rescue is composed of two sister scripts that collect a myriad of forensic data from 32-bit and 64-bit Windows systems (ir-rescue-win) and from Unix systems (ir-rescue-nix). The scripts respect the order of volatility and artifacts that are changed with the execution (e.g., prefetch files on Windows) and are intended for incident response use at different stages in the analysis and investigation process. Each are described as follows: ir-rescue-win is fully written in Batch and can be set to perform comprehensive and customized acquisitions of specific types of live data and of historical data from available Volume Shadow Copy Service (VSS) copies. ir-rescue-win makes use of built-in Windows commands and well-known third party utilities from Sysinternals and NirSoft, for instance, some being open-source. PowerShell and the Windows Management Instrumentation (WMI) are not used in order to make ir-rescue-win transversally compatible. ir-rescue-nix is written in Bash (v4+) and makes use of built-in Unix commands. Some commands used might not be POSIX-compliant and therefore might not be available on some Unix-like systems or variants, especially on older operating systems. ir-rescue is designed to group data collections according to data type. For example, all data that relates to networking, such as open file shares and Transmission Control Protocol (TCP) connections, is grouped together, while running processes, services and tasks are gathered under malware. The acquisition of data types and other general options are specified in a simple configuration file. It should be noted that the scripts launch a great number of commands and tools, thereby leaving a considerable footprint (e.g., strings in the memory, prefetch files, program execution caches) on the system. The runtime varies depending on the computation power, disk write throughput and configurations set. Disk performance is especially important if secure deletion is set and when dumping 64-bit memory (usually 8 GB in size), which can take a considerable amount of time. Download ir-rescue
  14. Root SmasheЯ

    Syborg-Recursive DNS Domain Enumerator

    Syborg is a Recursive DNS Domain Enumerator which is neither active nor completely passive. This tool simply constructs a domain name and queries it with a specified DNS Server. Syborg has a Dead-end Avoidance system inspired from @Tomnomnom's ettu. When you run subdomain enumeration with some of the tools, most of them passively query public records like virustotal, crtsh or censys. This enumeration technique is really fast and helps to find out a lot of domains in much less time. However, there are some domains that may not be mentioned in these public records. In order to find those domains, Syborg interacts with the nameservers and recursively brute-forces subdomain from the DNS until it's queue is empty. Installation: Resolve the Dependencies: pip3 install -r requirements.txt Usage: python3 syborg.py yahoo.com Download Cyborg
  15. Root SmasheЯ

    Weblogic Scanner

    Currently detectable vulnerabilities: weblogic administrator console CVE-2014-4210 CVE-2016-0638 CVE-2016-3510 CVE-2017-3248 CVE-2017-3506 CVE-2017-10271 CVE-2018-2628 CVE-2018-2893 CVE-2018-2894 CVE-2018-3191 CVE-2018-3245 CVE-2018-3252 CVE-2019-2618 CVE-2019-2725 CVE-2019-2729 CVE-2019-2890 نیازمندی ها python >= 3.6 pip3 install requests Download Weblogic scanner
×
×
  • اضافه کردن...