Unsupervisedlearning volume 2

Page 1

Unsupervised learning snippets volume # 2

113 Mental Models Explained https://fs.blog/mental-models/?mc_cid=2498c2fa19&mc_eid=29ba1f7396

Using a Yubikey for GPG and SSH https://0day.work/using-a-yubikey-for-gpg-and-ssh/?mc_cid=650af904cf&mc_eid=29ba1f7396

Meltdown Exploit — A POC for Meltdown https://github.com/paboldin/meltdown-exploit?mc_cid=6d7d56dcdb&mc_eid=29ba1f7396

Spamnesty — A tool that wastes spammers' time. https://spa.mnesty.com/?mc_cid=c822b4b7a4&mc_eid=29ba1f7396

Slurp — Enumerates S3 buckets manually and via certstream https://github.com/bbb31/slurp?mc_cid=c822b4b7a4&mc_eid=29ba1f7396

PasteHunter​ — Analyzing paste data using ELK. https://techanarchy.net/2017/12/08/pastehunter-the-results.html?utm_source=Unsupervised+Le arning+Subscribers&utm_campaign=dfbd65b98f-October+22%2C+2017+Newsletter&utm_medi um=email&utm_term=0_49fdb7d723-dfbd65b98f-444411105&mc_cid=dfbd65b98f&mc_eid=29b a1f7396

PacketTotal​ — Free, high-quality .pcap analysis. ​Note: ​You're sending your network traffic to the internet. https://packettotal.com/?utm_source=Unsupervised+Learning+Subscribers&utm_campaign=25 59971046-October+22%2C+2017+Newsletter&utm_medium=email&utm_term=0_49fdb7d723-2 559971046-444411105&mc_cid=2559971046&mc_eid=29ba1f7396

Chaining web vulnerabilities to get RCE

An epic list of Reverse Engineering resources​.

https://blog.zsec.uk/rce-chain/?utm_source=Unsupervised+Learning+Subscribers&utm_campai gn=19a2694355-October+22%2C+2017+Newsletter&utm_medium=email&utm_term=0_49fdb7 d723-19a2694355-444411105&mc_cid=19a2694355&mc_eid=29ba1f7396

A Penetration Tester's Guide to Subdomain Discovery https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570 f6

Honey AD Accounts https://jordanpotti.com/2017/11/06/honey-accounts/?utm_source=Unsupervised+Learning+Subs cribers&utm_campaign=ea63431cbf-October+22%2C+2017+Newsletter&utm_medium=email&u tm_term=0_49fdb7d723-ea63431cbf-444411105&mc_cid=ea63431cbf&mc_eid=29ba1f7396

Data Exfil Through Pixel Colors https://www.pentestpartners.com/security-blog/exfiltration-by-encoding-data-in-pixel-colour-valu es/?utm_source=Unsupervised+Learning+Subscribers&utm_campaign=ea63431cbf-October+2 2%2C+2017+Newsletter&utm_medium=email&utm_term=0_49fdb7d723-ea63431cbf-44441110 5&mc_cid=ea63431cbf&mc_eid=29ba1f7396

Front-end-Checklists​ — The perfect front-end checklist for modern websites and meticulous developers. https://github.com/thedaviddias/Front-End-Checklist?utm_source=Unsupervised+Learning+Sub scribers&utm_campaign=ea63431cbf-October+22%2C+2017+Newsletter&utm_medium=email& utm_term=0_49fdb7d723-ea63431cbf-444411105&mc_cid=ea63431cbf&mc_eid=29ba1f7396

TrevorC2 – Legitimate Covert C2 over Browser Emulation https://www.trustedsec.com/2017/10/trevorc2-legitimate-covert-c2-browser-emulation/?utm_sou rce=Unsupervised+Learning+Subscribers&utm_campaign=5cd99f0a54-October+22%2C+2017 +Newsletter&utm_medium=email&utm_term=0_49fdb7d723-5cd99f0a54-444411105&mc_cid=5 cd99f0a54&mc_eid=29ba1f7396

Performing & Preventing SSL Stripping: A Plain-English Primer https://blog.cloudflare.com/performing-preventing-ssl-stripping-a-plain-english-primer/?utm_sour ce=Unsupervised+Learning+Subscribers&utm_campaign=f8c0e6a9b5-October+22%2C+2017+ Newsletter&utm_medium=email&utm_term=0_49fdb7d723-f8c0e6a9b5-444411105&mc_cid=f8 c0e6a9b5&mc_eid=29ba1f7396

pcap2curl --- read a packet capture, extract the URLs, and replay them using curl. https://github.com/jullrich/pcap2curl?utm_source=Unsupervised+Learning+Subscribers&utm_ca mpaign=5b2aff0ab5-Unsupervised+Learning+Newsletter&utm_medium=email&utm_term=0_49f db7d723-5b2aff0ab5-444411105&mc_cid=5b2aff0ab5&mc_eid=29ba1f7396

AWS Extender --- A Burp plugin for testing the security of Amazon S3 buckets. https://www.virtuesecurity.com/blog/aws-penetration-testing-s3-buckets/?utm_source=Unsuperv ised+Learning+Subscribers&utm_campaign=957e8be94c-Unsupervised+Learning+Newsletter& utm_medium=email&utm_term=0_49fdb7d723-957e8be94c-444411105&mc_cid=957e8be94c& mc_eid=29ba1f7396

Sniffair https://github.com/Tylous/SniffAir?utm_source=Unsupervised+Learning+Subscribers&utm_cam paign=957e8be94c-Unsupervised+Learning+Newsletter&utm_medium=email&utm_term=0_49f db7d723-957e8be94c-444411105&mc_cid=957e8be94c&mc_eid=29ba1f7396

RepoSsessed --- A project of mine that scans GitHub repos for various types of vulnerabilities (currently focused around secrets). https://github.com/IOActive/RepoSsessed?utm_source=Unsupervised+Learning+Subscribers&u tm_campaign=957e8be94c-Unsupervised+Learning+Newsletter&utm_medium=email&utm_ter m=0_49fdb7d723-957e8be94c-444411105&mc_cid=957e8be94c&mc_eid=29ba1f7396 Testing for SSRF. https://www.cujanovic.com/ssrf-server-side-request-forgery-testing-resources/?utm_source=Uns upervised+Learning+Subscribers&utm_campaign=029437db86-Unsupervised+Learning+Newsl etter&utm_medium=email&utm_term=0_49fdb7d723-029437db86-444411105&mc_cid=029437 db86&mc_eid=29ba1f7396

Pharos --- A static binary analysis tool. https://n0where.net/pharos-static-binary-analysis-framework?utm_source=Unsupervised+Learni ng+Subscribers&utm_campaign=6c78a3a7e8-Unsupervised+Learning+Newsletter&utm_mediu m=email&utm_term=0_49fdb7d723-6c78a3a7e8-444411105&mc_cid=6c78a3a7e8&mc_eid=29 ba1f7396

Domain Analyzer --- Discovery of DNS, mail, IPs, Nmap scans, SPF info, etc. for a target domain.​ ​Link https://github.com/eldraco/domain_analyzer?utm_source=Unsupervised+Learning+Subscribers &utm_campaign=282c1786f0-Unsupervised+Learning+Newsletter&utm_medium=email&utm_te rm=0_49fdb7d723-282c1786f0-444411105&mc_cid=282c1786f0&mc_eid=29ba1f7396

Vulscan --- a vulnerability scanning module for Nmap that uses the NSE engine. It uses the -sV information and matches it to a number of vulnerability databases. https://github.com/scipag/vulscan?utm_source=Unsupervised+Learning+Subscribers&utm_cam paign=57dec5a05a-Unsupervised+Learning+Newsletter&utm_medium=email&utm_term=0_49f db7d723-57dec5a05a-444411105&mc_cid=57dec5a05a&mc_eid=29ba1f7396

A quality API security checklist by Shieldfy. https://github.com/shieldfy/API-Security-Checklist?utm_source=Unsupervised+Learning+Subscr ibers&utm_campaign=ef7dac69ea-Unsupervised+Learning+Newsletter&utm_medium=email&ut m_term=0_49fdb7d723-ef7dac69ea-444411105&mc_cid=ef7dac69ea&mc_eid=29ba1f7396

Yasuo --- Find vulnerable third-party web applications on a network.

https://github.com/0xsauby/yasuo?utm_source=Unsupervised+Learning+Subscribers&utm_cam paign=ef7dac69ea-Unsupervised+Learning+Newsletter&utm_medium=email&utm_term=0_49fd b7d723-ef7dac69ea-444411105&mc_cid=ef7dac69ea&mc_eid=29ba1f7396

WPSeku --- A Wordpress security scanner. http://www.toolswatch.org/2017/06/wpseku-v0-2-1-wordpress-security-scanner/?utm_source=U nsupervised+Learning+Subscribers&utm_campaign=ef7dac69ea-Unsupervised+Learning+New sletter&utm_medium=email&utm_term=0_49fdb7d723-ef7dac69ea-444411105&mc_cid=ef7dac 69ea&mc_eid=29ba1f7396

aws_public_ips — Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services. https://github.com/arkadiyt/aws_public_ips/?mc_cid=e172e5d2f3&mc_eid=29ba1f73 96

How to Generate a Free Wildcard SSL Certificate With Let's Encrypt for Your Domain on Ubuntu https://dotlayer.com/how-to-generate-a-free-wildcard-ssl-certificate-with-lets-encryptfor-your-domain/?mc_cid=2498c2fa19&mc_eid=29ba1f7396

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.