astsu

ModSecurity WAF are so easy to Bypass !

Speed up homelab patching with a CACHE youtu.be/ydfsjWDPDyU?si…

@itsfoss Any base package manager that comes with the distro

Share! 🐧

This is so annoying and so true! Why are you doing this people? For fs 😫😩

SIEM and SOAR

Types of DLP

@firefox Kernel panic

Tell a scary story in just two words, we’ll go first: no wifi 😱

On Linux, I/O redirection is an important shell feature that allows input and output streams (stdin, stdout, stderr) to be redirected to or from files, devices, or other commands. Here are useful examples of I/O redirection on #Linux 😎👇 #sysadmin #devops

Paessler increased the cost of PRTG Network Monitor license. If you need an alternative, check out @checkmk or @zabbix or even Nagios reddit.com/r/networking/s…

Pretty useful and good. Learning the actual syntax for iptables is much more useful IMHO (and firewalld)

Want to learn more about exploitation and RE without having to shell out $$$ for a class? Just download @metasploit, go through the exploits, pick a target, install the vulnerable version, modify the exploit, root cause the vuln, and dev out your own exploit. Rinse and repeat.

Question for MacBook users: do you still experience a 30 seconds delay when connected to a network without Internet for every binary? If this has been solved, I may consider migrating back to macOS for work (been a Linux user for years)

In today's WTF?!?!? moment When a ESXi server is domain-joined, it assumes any "ESX Admins" group & its members should have full admin rights. So.... anyone who can create & manage a group in AD, can get full admin rights to the VMware ESX hypervisors! microsoft.com/en-us/security…

Devices might boot into BitLocker recovery with the July 2024 security update #devices-might-boot-into-bitlocker-recovery-with-the-july-2024-security-update" target="_blank" rel="nofollow noopener">learn.microsoft.com/en-us/windows/…

Beginner roadmap for Red Team🎯❤️ 📍Networking Fundamentals ├── TCP/IP Model │ ├── Layers │ ├── Protocols │ └── Data Flow ├── Subnet Masking │ ├── Network Addresses │ ├── Subnet Masks │ └── Broadcast Addresses ├── IP Routing │ ├── Routing Protocols │ │ ├── RIP │ │ ├── OSPF │ │ └── BGP │ └── Packet Forwarding └── Network Devices ├── Routers ├── Switches └── Firewalls 📍Operating Systems ├── Linux │ ├── Command-Line Interface │ ├── File Systems │ ├── Processes │ └── System Administration ├── Windows │ ├── Registry │ ├── File Systems │ ├── Services │ └── User Management └── macOS ├── Architecture └── Command-Line Tools 📍Programming ├── Python │ ├── Data Structures and DBMS │ ├── Control Flow │ └── Libraries │ ├── Scapy │ └── BeautifulSoup ├── Bash │ └── Shell Scripting └── C/C++ (Optional) └── Exploitation and Malware Development 📍Cybersecurity Basics ├── Threat Landscape │ ├── Malware │ ├── Phishing │ └── DDoS ├── Vulnerability Types │ ├── SQL Injection │ ├── XSS │ └── Buffer Overflows └── Security Controls ├── Firewalls ├── Intrusion Detection Systems └── Antivirus 📍Information Gathering ├── OSINT (Open-Source Intelligence) │ ├── Techniques │ │ ├── Search Engines (Google Dorking) │ │ ├── Social Media (Facebook, Twitter, LinkedIn) │ │ ├── WHOIS Lookups │ │ ├── Public Records (Domain Registrations, SSL Certificates) │ │ └── Data Breaches (Have I Been Pwned, Breach Compilation Sites) │ ├── Tools │ │ ├── Maltego │ │ ├── Recon-ng │ │ ├── theHarvester │ │ └── SpiderFoot │ └── Gathering Information │ ├── Identifying Domain Names │ ├── Collecting Email Addresses │ ├── Mapping Company Infrastructure │ └── Gathering Employee Information ├── Footprinting │ ├── Network Footprinting │ │ ├── Identifying Network Blocks │ │ ├── Mapping Network Topology │ │ └── Discovering Active Hosts │ ├── Website Footprinting │ │ ├── Identifying Web Server Technology │ │ ├── Mapping Web Application Structure │ │ └── Gathering Information from HTTP Headers │ ├── DNS Footprinting │ │ ├── DNS Zone Transfers │ │ ├── Enumerating DNS Records (A, MX, TXT, CNAME) │ │ └── Reverse DNS Lookups │ └── Tools │ ├── Nmap │ ├── Dig │ ├── Netcat │ └── Shodan └── Scanning ├── Nmap (Network Mapper) │ ├── Port Scanning │ │ ├── TCP SYN Scan │ │ ├── UDP Scan │ │ └── Service Version Detection │ ├── OS Detection │ ├── Network Mapping │ │ ├── Host Discovery │ │ ├── Traceroute │ │ └── Network Topology Mapping │ └── Scriptable Scanning │ ├── NSE Scripts (Nmap Scripting Engine) │ └── Custom Scripts └── Nessus ├── Vulnerability Scanning │ ├── Configuration Checks │ ├── Network Vulnerability Scanning │ └── Web Application Scanning ├── Plugin Management │ ├── Using Built-In Plugins │ └── Custom Plugin Development ├── Report Generation │ ├── Customizing Reports │ ├── Severity Assessment │ └── Remediation Recommendations └── Credentialed Scanning ├── Configuring Credentials └── Enhanced Detection Capabilities 📍Vulnerability Assessment ├── Manual Testing ├── Vulnerability Scanners └── Exploit Databases 📍Exploitation ├── Web Application Exploitation │ ├── SQL Injection │ ├── XSS │ ├── CSRF │ └── Remote Code Execution ├── Network Exploitation │ ├── Buffer Overflows │ └── Format String Vulnerabilities └── Privilege Escalation 📍Post-Exploitation ├── Lateral Movement ├── Persistence └── Data Exfiltration 📍Evasion ├── Antivirus Evasion ├── Intrusion Detection System Evasion └── Network Forensics Evasion 📍Reporting ├── Effective Communication ├── Report Structure └── Visualization 📍Practical Application ├── CTF (Capture The Flag) Participation │ ├── Types of CTFs │ │ ├── Jeopardy-Style │ │ ├── Attack-Defense │ │ └── Mixed │ ├── Popular CTF Platforms │ │ ├── Hack The Box CTF │ │ ├── PicoCTF │ │ ├── CTFtime (for finding and tracking CTF events) │ │ └── Google Capture The Flag (Google CTF) │ ├── Skills Developed │ │ ├── Exploitation Techniques │ │ ├── Reverse Engineering │ │ ├── Forensics │ │ ├── Cryptography │ │ └── Web Application Security │ └── Tips for Success │ ├── Build a Team │ ├── Review Previous Challenges │ ├── Time Management │ └── Document Solutions and Techniques ├── Lab Environment │ ├── Setting Up a Lab │ │ ├── Virtualization Software (VMware, VirtualBox) │ │ ├── Creating Virtual Machines │ │ ├── Networking Configuration (NAT, Host-Only, Bridged) │ │ └── Snapshots and Backups │ ├── Recommended Lab Setups │ │ ├── Penetration Testing Lab │ │ ├── Web Application Testing Environment │ │ ├── Reverse Engineering Lab │ │ └── Malware Analysis Sandbox │ ├── Lab Tools │ │ ├── Kali Linux │ │ ├── Metasploit │ │ ├── Burp Suite │ │ ├── Wireshark │ │ └── Custom Scripts and Tools │ └── Security and Isolation │ ├── Network Segmentation │ ├── Host Isolation │ └── Regular Updates and Patching └── Online Resources ├── TryHackMe │ ├── Learning Paths │ │ ├── Offensive Security │ │ ├── Defensive Security │ │ └── Introduction to Cybersecurity │ ├── Labs and Challenges │ │ ├── Room-Based Challenges │ │ ├── Skills-Based Labs │ │ └── Weekly Challenges │ ├── Community and Support │ │ ├── Discussion Forums │ │ ├── Discord Channels │ │ └── Study Groups │ └── Progress Tracking │ ├── Achievements and Badges │ └── Skill Assessments ├── Hack The Box │ ├── Boxes and Machines │ │ ├── Active Machines │ │ ├── Retired Machines │ │ └── Challenge Types (Easy, Medium, Hard) │ ├── Labs and Endgames │ │ ├── Hack The Box Labs │ │ ├── Pro Labs │ │ └── Capture The Flag Events │ ├── Community and Resources │ │ ├── Forums │ │ ├── Write-Ups │ │ └── Discord Community │ └── Training and Progression │ ├── User Rank System │ └── Skills Development Tracking └── VulnHub ├── Vulnerable Machines │ ├── Beginner │ ├── Intermediate │ └── Advanced ├── Machine Downloads │ ├── OVA/OVF Files │ ├── VM Images │ └── Instructions and Walkthroughs ├── Community Contributions │ ├── User-Submitted Machines │ ├── Walkthroughs │ └── Reviews and Feedback └── Setting Up and Usage ├── Importing VMs ├── Customization and Configuration └── Network Configuration and Isolation follow for more- @harshleenchawl2

Blue Team Roadmap🔵🎯 ├── Foundations │ ├── Basic Networking │ │ ├── TCP/IP │ │ ├── DNS │ │ ├── DHCP │ │ ├── Subnetting │ │ └── Network Topologies │ ├── Operating Systems │ │ ├── Windows │ │ │ ├── Active Directory │ │ │ ├── Group Policy │ │ │ └── Windows Event Logs │ │ └── Linux │ │ ├── File Permissions │ │ ├── Syslog │ │ └── Scripting (Bash, Python) │ └── Cybersecurity Fundamentals │ ├── CIA Triad │ ├── Risk Management │ ├── Threat Models │ └── Attack Vectors ├── Threat Intelligence │ ├── OSINT │ │ ├── Tools (Maltego, Recon-ng) │ │ └── Data Sources (Shodan, Censys) │ ├── Threat Hunting │ │ ├── Hypothesis-Driven Hunting │ │ ├── TTPs │ │ └── Use Cases Development │ └── IOCs │ ├── IP Addresses │ ├── Hash Values │ ├── Domains │ └── File Names ├── Security Operations │ ├── Monitoring and Logging │ │ ├── SIEM │ │ │ ├── Tools (Splunk, ELK Stack, QRadar) │ │ │ └── Log Parsing and Correlation │ │ └── Log Analysis │ │ ├── Log Sources (Windows Event Logs, Syslog) │ │ └── Log Aggregation and Storage │ ├── Incident Response │ │ ├── IR Plan Development │ │ ├── Incident Handling Procedures │ │ └── Digital Forensics │ │ ├── Memory Analysis │ │ └── Disk Forensics │ ├── EDR │ │ ├── Tools (CrowdStrike, Carbon Black) │ │ └── Endpoint Visibility and Control │ └── NSM │ ├── Tools (Zeek, Suricata) │ └── Traffic Analysis ├── Vulnerability Management │ ├── Vulnerability Assessment │ │ ├── Scanning Tools (Nessus, OpenVAS) │ │ └── Assessment Methodologies │ ├── Patch Management │ │ ├── Patch Deployment Strategies │ │ └── Patch Testing and Validation │ └── Configuration Management │ ├── Secure Configuration Guides │ └── Configuration Monitoring ├── Identity and Access Management │ ├── Authentication Methods │ │ ├── MFA │ │ └── SSO │ ├── Authorization │ │ ├── RBAC │ │ └── ABAC │ └── Identity Governance │ ├── User Lifecycle Management │ └── Access Reviews and Recertification ├── Secure Architecture │ ├── Network Segmentation │ │ ├── VLANs │ │ └── Microsegmentation │ ├── Zero Trust Architecture │ │ ├── Principles and Implementation │ │ └── Identity-Centric Security │ └── Encryption │ ├── Data at Rest │ │ ├── Disk Encryption │ │ └── Database Encryption │ └── Data in Transit │ ├── TLS/SSL │ └── VPNs ├── Awareness and Training │ ├── Security Awareness Programs │ │ ├── Regular Training Sessions │ │ └── Security Newsletters │ ├── Phishing Simulations │ │ ├── Phishing Campaigns │ │ └── Analysis of Results │ └── User Training │ ├── Role-Based Training │ └── Just-in-Time Training ├── Compliance and Governance │ ├── Regulatory Requirements │ │ ├── GDPR │ │ ├── HIPAA │ │ └── PCI-DSS │ └── Policy Development │ ├── Security Policies │ ├── Incident Response Policies │ └── Data Protection Policies ├── Advanced Defense Techniques │ ├── Deception Technologies │ │ ├── Honeypots │ │ └── Honeytokens follow for more- @harshleenchawl2

𝗖𝗼𝗻𝘁𝗼𝘀𝗼 𝗗𝗮𝘁𝗮 𝗚𝗲𝗻𝗲𝗿𝗮𝘁𝗼𝗿 𝘃𝟮 is available. Stop using ancient crappy data for your next demo. 𝗥𝗲𝗮𝗱𝘆-𝘁𝗼-𝘂𝘀𝗲 𝗳𝗶𝗹𝗲𝘀: CSV, Parquet, Delta Table, PBIX, SQL Server; from 10k to 100M orders; fresh data (2014-2024). 𝗖𝗼𝗺𝗺𝗮𝗻𝗱-𝗹𝗶𝗻𝗲 𝘁𝗼𝗼𝗹 for Windows, macOS, and Linux to generate customized data distribution and/or different data volume. 𝗢𝗽𝗲𝗻-𝘀𝗼𝘂𝗿𝗰𝗲 𝗠𝗜𝗧 𝗹𝗶𝗰𝗲𝗻𝘀𝗲 for C# code that generates files. Read the announcement for links and details: sqlbi.com/blog/marco/202…

PrintNightmare strikes again: itm4n.github.io/printnightmare…

Microsoft warns that some Windows devices will boot into BitLocker recovery after installing the July 2024 security updates. bleepingcomputer.com/news/microsoft…