Ammar Amer

@jonathanbouman/reflected-client-xss-amazon-com-7b0d3cec787" target="_blank" rel="nofollow noopener">medium.com/@jonathanbouma…

We've just published "How to build custom scanners for web security automation", using a recent dive into automated race-condition detection by @albinowax as a case study. Enjoy! portswigger.net/research/how-t…

Kerberos Attacks: Replay Attacks Pass-the-Ticket Over-pass-the-Hash (aka pass the key) Offline (User) Password Cracking (Kerberoast) Forged Tickets – Golden/Silver Diamond PAC MS14-068 Skeleton Key

Unauthorized access to local files at Google The vulnerability allowed unauthorized access to local files. Write-up is available here: omespino.com/write-up-googl…

Tools that facilitate and automate passive recon: Social Mapper Skiptracer ScrapedIn linkScrape truffleHog GitHarvester Just-Metadata Spiderfoot Dataspolit Maltego

AMSI stands for “Anti-Malware Scan Interface” and it is another feature of Windows Defender for detecting malicious actors. AMSI is targeted especially at malicious scripts and other less obvious/dangerous programmatic components.

What is Red Team? • The practice of looking at a problem or situation from the perspective of an adversary

🚨🚨مجموعة الهاكر الروسية "Killnet" تعلن الحرب على إسرائيل وتبدأ بهجوم سيبراني واسع على جميع أنظمة الحكومة الإسرائيلية.

Nmap (written by Gordon Lyon, aka Fyodor) is one of the most popular, versatile, and robust port scanners available. It has been actively developed for over a decade and has numerous features beyond port scanning. nmap.org

Gobuster is a tool by OJ Reeves (The Colonial), located at github.com/OJ/gobuster Gobuster is written in Go and can either be compiled from source or installed with go get Gobuster is used to brute-force: − URIs − DNS Domains − Virtual Hosts

vulnerability scanning, Wireshark for monitoring network traffic, and Aircrack-ng for testing the security of wireless networks to name a few. kali.org

such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. All the programs packaged with the operating system have been evaluated for suitability and effectiveness. They include Metasploit for network penetration testing, Nmap for port and

Kali Linux is developed, funded and maintained by Offensive Security. It is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools that are geared towards various information security tasks,

Recorded Future's Insikt Group has conducted an analysis of a prolonged cyber-espionage campaign known as TAG-74, which focuses primarily on infiltrating South Korean academic, political and government organizations. recordedfuture.com/multi-year-chi…

The recording for "Smashing the state machine: the true potential of web race conditions" is now live, courtesy of @defcon! Watch it here - or catch the updated edition in-person at @nullcon later this week! youtube.com/watch?v=tKJzsa…

Very happy to see the Qakbot malware knocked offline! Also happy to be able to assist the @FBI by making the data searchable in @haveibeenpwned, here's the full story: troyhunt.com/data-from-the-…

The latest blog post from JPCERT/CC explains the details of, and countermeasures against, a new technique used in an attack that occurred in July, which bypasses detection by embedding a malicious Word file into a PDF file. blogs.jpcert.or.jp/en/2023/08/mal…

.@kalilinux has dropped a new release! offs.ec/45FhcQx Updates: 🟣 Internal Infrastructure - Major stack changes are underway 🟣 Kali Autopilot - An overhaul of the automation attack framework 🟣 9️⃣ new tools

Join us in exploring DNS Tunnels! 👷🏻‍♀️👷🏽 ⛏️Practical tips for analyzing DNS tunneling activities 🤖DeepDNS - using ML to hunt for DNS tunneling 🪙 Analysis of CoinLoader DNS backup C2 channel Read more --> research.checkpoint.com/2023/tunnel-wa…

This week's wrap-up includes 4 new exploit modules and a handful of bug fixes rapid7.com/blog/post/2023…