All Articles

Ordered by Date Received : Year: "2021" Month: "06"
Page: << < 179 (of 221) > >>

Total Articles in this collection: 11,093

Navigation Help at the bottom of the page

Article: UPDATE: Merlin v0.9.0 - published about 4 years ago.
Content: Merlin v0.9.0 was released a couple of days ago. This release adds support for HTTP and h2c protocols. As we know, the h2c protocol is the non-TLS version of HTTP/2. This release also adds new “Listeners” menu to create and manage multiple listeners. You can now configure agent/listeners to listen on a list of resources and change the Agent JA3 hash on the f...
https://pentestit.com/merlin-v0-9-0-released/
Published: 2020 09 16 00:37:04
Received: 2021 06 06 09:05:31
Feed: PenTestIT
Source: PenTestIT
Category: News
Topic: Security Tooling

Get your Free Scan and Score Certificate

Article: UPDATE: Empire v3.4.0 - published about 4 years ago.
Content: Empire v3.4.0 was released a couple of days ago! I briefly mentioned about this tool in my old post titled – List of Open Source C2 Post-Exploitation Frameworks. This new version brings support for Malleable C2 listeners and reflective file loading among other bug fixes. What is Empire? Empire 3.x is an open source post-exploitation framework that includes a...
https://pentestit.com/empire-v3-4-0-post-exploitation-framework-updated/
Published: 2020 09 18 18:30:07
Received: 2021 06 06 09:05:31
Feed: PenTestIT
Source: PenTestIT
Category: News
Topic: Security Tooling

Cyber Tzar Free Score Certificate

Article: Wifi Honey - Creates fake APs using all encryption - published about 12 years ago.
Content:
https://thntools999.blogspot.com/2012/11/wifi-honey-creates-fake-aps-using-all.html
Published: 2012 11 03 21:13:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Score Summary

Get your Free Scan and Score Certificate

Cyber Tzar Free Score Certificate

Article: Spooftooph 0.5.2 - Automated spoofing or cloning Bluetooth device - published about 12 years ago.
Content:
https://thntools999.blogspot.com/2012/11/spooftooph-052-automated-spoofing-or.html
Published: 2012 11 03 21:21:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Get your repeat Free Scan and Score Certificate

Article: BeEF 0.4.3.8 - Browser Exploitation Framework - published about 12 years ago.
Content:
https://thntools999.blogspot.com/2012/11/beef-0438-browser-exploitation-framework.html
Published: 2012 11 03 21:37:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Your Score Explained

Article: Joomscan updated - now can identify 673 joomla vulnerabilities - published about 12 years ago.
Content:
https://thntools999.blogspot.com/2012/11/joomscan-updated-now-can-identify-673.html
Published: 2012 11 03 21:45:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Gold Score Certificate

Get your repeat Free Scan and Score Certificate

Cyber Tzar Score Summary

Article: ExploitShield Browser Edition - Forget about browser vulnerabilities - published about 12 years ago.
Content:
https://thntools999.blogspot.com/2012/11/exploitshield-browser-edition-forget.html
Published: 2012 11 04 12:32:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Security Made Simple

Article: PySQLi - Python SQL injection framework - published about 12 years ago.
Content:
https://thntools999.blogspot.com/2012/11/pysqli-python-sql-injection-framework.html
Published: 2012 11 04 18:03:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Score Analysis

Article: TXDNS v 2.2.1 - Aggressive multithreaded DNS digger - published about 12 years ago.
Content:
https://thntools999.blogspot.com/2012/11/txdns-v-221-aggressive-multithreaded.html
Published: 2012 11 10 15:13:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Risk Impact Distribution

Cyber Security Made Simple

Cyber Tzar Your Score Explained

Article: NetSleuth : Open source Network Forensics And Analysis Tools - published about 12 years ago.
Content:
https://thntools999.blogspot.com/2012/11/netsleuth-open-source-network-forensics.html
Published: 2012 11 10 15:21:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Platform Highlights

Article: SSLsplit v 0.4.5 - Man-in-the-middle attacks against SSL/TLS - published about 12 years ago.
Content:
https://thntools999.blogspot.com/2012/11/sslsplit-v-045-man-in-middle-attacks.html
Published: 2012 11 10 15:30:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Risk Impact Assesment

Article: PwnPi v2.0 - A Pen Test Drop Box distro for the Raspberry Pi - published about 12 years ago.
Content:
https://thntools999.blogspot.com/2012/11/pwnpi-v20-pen-test-drop-box-distro-for.html
Published: 2012 11 10 15:42:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Your Score Explained

Cyber Tzar Platform Highlights

Cyber Tzar Gold Score Certificate

Article: PwnStar latest version with new Exploits released - published about 12 years ago.
Content:
https://thntools999.blogspot.com/2012/11/pwnstar-latest-version-with-new.html
Published: 2012 11 10 15:53:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Sites

Article: BlindElephant – Web Application Fingerprinting - published almost 12 years ago.
Content:
https://thntools999.blogspot.com/2013/02/blindelephant-web-application.html
Published: 2013 02 15 14:47:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Risk Groups Explained

Article: Automated HTTP Enumeration Tool - published almost 12 years ago.
Content:
https://thntools999.blogspot.com/2013/02/automated-http-enumeration-tool.html
Published: 2013 02 15 16:07:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Cyber Tzar Sites

Cyber Tzar Score Analysis

Article: Weevely : Stealth PHP web shell with telnet style console - published almost 12 years ago.
Content:
https://thntools999.blogspot.com/2013/02/weevely-stealth-php-web-shell-with.html
Published: 2013 02 15 16:48:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Developer? Secuity Assesor? Risk Manager? Actary? We can help, whatever you need

Article: Password Cracker Tool Hashkill version 0.3.1 released - published almost 12 years ago.
Content:
https://thntools999.blogspot.com/2013/02/password-cracker-tool-hashkill-version.html
Published: 2013 02 15 17:02:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Article: WAppEx v2.0 : Web Application exploitation Tool - published almost 12 years ago.
Content:
https://thntools999.blogspot.com/2013/02/wappex-v20-web-application-exploitation.html
Published: 2013 02 15 17:15:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Developer? Secuity Assesor? Risk Manager? Actary? We can help, whatever you need

Cyber Tzar Risk Impact Distribution

Article: Unhide Forensic Tool, Find hidden processes and ports - published almost 12 years ago.
Content:
https://thntools999.blogspot.com/2013/02/unhide-forensic-tool-find-hidden.html
Published: 2013 02 15 17:39:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Learn more about our products

Article: Recon-ng : Web Reconnaisance framework for Penetration testers - published almost 12 years ago.
Content:
https://thntools999.blogspot.com/2013/02/recon-ng-web-reconnaisance-framework.html
Published: 2013 02 17 17:12:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Article: Snort 2.9.4.1 - Network intrusion detection system - published over 11 years ago.
Content:
https://thntools999.blogspot.com/2013/03/snort-2941-network-intrusion-detection.html
Published: 2013 03 05 07:46:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Learn more about our products

Cyber Tzar Risk Impact Assesment

Article: Pentoo 2013.0 RC1.1 Released - published over 11 years ago.
Content:
https://thntools999.blogspot.com/2013/03/pentoo-20130-rc11-released.html
Published: 2013 03 10 06:21:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

View our available products

Article: Phrozen Keylogger Lite v1.0 download - published over 11 years ago.
Content:
https://thntools999.blogspot.com/2013/03/phrozen-keylogger-lite-v10-download.html
Published: 2013 03 10 06:27:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Article: Biggest password cracking wordlist with millions of words - published over 11 years ago.
Content:
https://thntools999.blogspot.com/2013/03/biggest-password-cracking-wordlist-with.html
Published: 2013 03 10 17:01:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

Cyber Tzar Re-Score Report

View our available products

Cyber Tzar Your Score Explained

Article: The Social-Engineer Toolkit (SET) v4.7 released - published over 11 years ago.
Content:
https://thntools999.blogspot.com/2013/03/the-social-engineer-toolkit-set-v47.html
Published: 2013 03 15 18:10:00
Received: 2021 06 06 09:05:31
Feed: Penetration Testing and Security Tools Download
Source: Penetration Testing and Security Tools Download
Category: News
Topic: Security Tooling

View our product reports

Article: Backdooring an AWS account - published over 8 years ago.
Content:
https://danielgrzelak.com/backdooring-an-aws-account-da007d36f8f9?source=rss----a08c5a243c01---4
Published: 2016 07 10 03:05:49
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Exploring an AWS account post-compromise - published over 8 years ago.
Content:
https://danielgrzelak.com/exploring-an-aws-account-after-pwning-it-ff629c2aae39?source=rss----a08c5a243c01---4
Published: 2016 07 10 03:06:02
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Top Ten Vulnerabilities Explained

View our product reports

Cyber Tzar Risk Groups Explained

Article: Disrupting AWS logging - published over 8 years ago.
Content:
https://danielgrzelak.com/disrupting-aws-logging-a42e437d6594?source=rss----a08c5a243c01---4
Published: 2016 07 10 03:06:19
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Our principles

Article: SLIDES: From zero to SYSTEM of full disk encrypted Windows system (Hack In Paris 2016) - published over 8 years ago.
Content:
http://blog.ahmednabeel.com/slides-hip16-from-zero-to-system-of-full-disk-encrypted-windows/
Published: 2016 07 10 03:27:22
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Top Ten Vulnerabilities Explained

Article: How I Could Steal Money from Instagram, Google and Microsoft - published over 8 years ago.
Content:
https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/
Published: 2016 07 17 05:09:03
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Top Ten Vulnerabilities Explained

Our principles

Cyber Tzar Change Over Time (Extended)

Article: How to Build Your Own Penetration Testing Drop Box - published over 8 years ago.
Content:
http://www.blackhillsinfosec.com/?p=5156
Published: 2016 08 21 04:55:12
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Read our FAQ

Article: Forensics Quickie: PowerShell Versions and the Registry - published over 8 years ago.
Content:
http://www.4n6k.com/2016/08/forensics-quickie-powershell-versions.html
Published: 2016 08 21 05:00:10
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Creating Real Looking User Accounts in AD Lab - published over 8 years ago.
Content:
http://www.darkoperator.com/blog/2016/7/30/creating-real-looking-user-accounts-in-ad-lab
Published: 2016 08 26 23:20:29
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Top Ten Vulnerabilities Explained

Read our FAQ

Cyber Tzar Change Over Time (Extended)

Article: ServiceNow workflow, Powershell and JSON - published about 8 years ago.
Content:
https://www.shellandco.net/servicenow-workflow-powershell-json/
Published: 2016 09 02 14:07:16
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

How we calculate your Cyber Risk Score

Article: Google Docs becomes Google SOCKS: C2 Over Google Drive - published about 8 years ago.
Content:
http://www.blackhillsinfosec.com/?p=5230
Published: 2016 09 05 15:25:01
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Using NetShell to execute evil DLLs and persist on a host - published about 8 years ago.
Content:
http://www.adaptforward.com/2016/09/using-netshell-to-execute-evil-dlls-and-persist-on-a-host/
Published: 2016 10 03 01:55:25
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Top Ten Vulnerabilities Explained

How we calculate your Cyber Risk Score

Cyber Tzar Change Over Time (Extended)

Article: Maltego 4 CE / Kali Linux release is ready for download! - published about 8 years ago.
Content:
http://maltego.blogspot.com/2016/09/maltego-4-ce-kali-linux-release-is.html
Published: 2016 10 03 03:29:13
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Understand your Cyber Tzar Risk Groups

Article: Call for Papers Open - published about 8 years ago.
Content:
http://shmoocon.org/2016/09/20/call-for-papers-open/
Published: 2016 10 03 03:29:51
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Slack Notifications for Cobalt Strike - published almost 8 years ago.
Content:
http://threatexpress.com/2016/12/slack-notifications-for-cobalt-strike/
Published: 2017 01 17 17:26:46
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Top Ten Vulnerabilities Explained

Understand your Cyber Tzar Risk Groups

Cyber Tzar Change Over Time (Extended)

Article: Arbitrary Code Execution at Ring 0 using CVE-2018-8897 - published over 6 years ago.
Content:
https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/
Published: 2018 05 14 05:21:39
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Using the Cyber Tzar platform; easy as 1, 2, 3, 4.

Article: Crack me if you can 2018 write-up - published over 6 years ago.
Content:
https://blog.cynosureprime.com/2018/08/crack-me-if-you-can-2018-write-up.html
Published: 2018 08 23 14:48:18
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Marketplace Benchmark

Article: The Dangers of Client Probing on Palo Alto Firewalls - published over 6 years ago.
Content:
https://www.n00py.io/2018/08/the-dangers-of-client-probing-on-palo-alto-firewalls/
Published: 2018 08 23 14:49:17
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Benchmark Summary

Using the Cyber Tzar platform; easy as 1, 2, 3, 4.

Cyber Tzar Change Over Time (Extended)

Article: High Performance Web Brute-Forcing 🕸🐏 - published about 6 years ago.
Content:
http://hiburn8.org/index.php/2018/09/13/high-performance-web-brute-forcing/
Published: 2018 10 11 17:43:06
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Validation is required for our most comprehensive scans

Article: Searching Instagram – part 2 - published almost 5 years ago.
Content:
https://osintcurio.us/2019/10/01/searching-instagram-part-2/
Published: 2019 12 18 21:05:18
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Change Over Time (Basic)

Article: Managing Active Directory groups from Linux - published almost 5 years ago.
Content:
https://www.n00py.io/2020/01/managing-active-directory-groups-from-linux/
Published: 2020 01 17 17:27:39
Received: 2021 06 06 09:05:30
Feed: from:mubix #SharedLinks - Twitter Search
Source: from:mubix #SharedLinks - Twitter Search
Category: News
Topic: Hacking

Cyber Tzar Port Vulnerability Scan Report

Validation is required for our most comprehensive scans

Cyber Tzar Change Over Time (Extended)

Article: Kubernetes: open etcd - published almost 6 years ago.
Content: Quick post on Kubernetes and open etcd (port 2379)"etcd is a distributed key-value store. In fact, etcd is the primary datastore of Kubernetes; storing and replicating all Kubernetes cluster state. As a critical component of a Kubernetes cluster having a reliable automated approach to its configuration and management is imperative."-from: https://coreos.com/...
https://blog.carnal0wnage.com/2019/01/kubernetes-open-etcd.html
Published: 2019 01 06 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

The Cyber Tzar technology stack

Article: Kubernetes: cAdvisor - published almost 6 years ago.
Content: "cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers."runs on port 4194Links:https://kubernetes.io/docs/tasks/debug-application-cluster/resource-usa...
https://blog.carnal0wnage.com/2019/01/kubernetes-cadvisor.html
Published: 2019 01 06 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Port Vulnerability Scan Report

Article: Kubernetes: Master Post - published almost 6 years ago.
Content: I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i'm missing blog posts or useful resources ping me here or twitter.Talks you should watch if you are interested in Kubernetes:Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesamanhttps://www.youtube.com/watch?v=vTgQLzeB...
https://blog.carnal0wnage.com/2019/01/kubernetes-master-post.html
Published: 2019 01 07 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Port Vulnerability Scan Report

The Cyber Tzar technology stack

Cyber Tzar Re-Score Report

Article: Kubernetes: Kubelet API containerLogs endpoint - published almost 6 years ago.
Content: How to get the info that kube-hunter reports for open /containerLogs endpointVulnerabilities+---------------+-------------+------------------+----------------------+----------------+| LOCATION CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE |+---------------+-------------+------------------+----------------------+---------------...
https://blog.carnal0wnage.com/2019/01/kubernetes-kubelet-api-containerlogs.html
Published: 2019 01 11 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Why Cyber Tzar?

Article: Kubernetes: Kubernetes Dashboard - published almost 6 years ago.
Content: Tesla was famously hacked for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do with it.Usually found on port 30000kube-hunter finding for it:Vulnerabilities+-----------------------+---------------+----------------------+----------------------+------------------+| LOCATION ...
https://blog.carnal0wnage.com/2019/01/kubernetes-kubernetes-dashboard.html
Published: 2019 01 11 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Port Vulnerability Scan Report

Article: Kubernetes: List of ports - published almost 6 years ago.
Content: Other Kubernetes portsWhat are some of the visible ports used in Kubernetes?44134/tcp - Helmtiller, weave, calico10250/tcp - kubelet (kublet exploit)No authN, completely open/pods/runningpods/containerLogs10255/tcp - kublet port (read-only)/stats/metrics/pods4194/tcp - cAdvisor2379/tcp - etcd (see it on other ports though)Etcd holds all the configsConfig sto...
https://blog.carnal0wnage.com/2019/01/kubernetes-list-of-ports.html
Published: 2019 01 14 21:31:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar SSL Certificate Health Check

Why Cyber Tzar?

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Kubernetes: unauth kublet API 10250 basic code exec - published almost 6 years ago.
Content: Unauth API access (10250)Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it's still pretty common to find it exposed via the "insecure API service" option.Everybody who has access to the service kubelet port (10250), even without a certificate, can execute any command inside the contain...
https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250.html
Published: 2019 01 16 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar: Our Vision

Article: Kubernetes: unauth kublet API 10250 token theft & kubectl - published almost 6 years ago.
Content: Kubernetes: unauthenticated kublet API (10250) token theft & kubectl access & execkube-hunter output to get us started: do a curl -s https://k8-node:10250/runningpods/ to get a list of running podsWith that data, you can craft your post request to exec within a pod so we can poke around. Example request:curl -k -XPOST "https://k8-node:10250/run/kube-...
https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250_16.html
Published: 2019 01 16 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar SSL Certificate Health Check

Article: Kubernetes: Kube-Hunter 10255 - published almost 6 years ago.
Content: Below is some sample output that mainly is here to see what open 10255 will give you and look like. What probably of most interest is the /pods endpointor the /metrics endpointor the /stats endpoint $ ./kube-hunter.pyChoose one of the options below:1. Remote scanning (scans one or more specific IPs or DNS names)2. Subnet scanning (scans subnets ...
https://blog.carnal0wnage.com/2019/01/kubernetes-kube-hunter-10255.html
Published: 2019 01 16 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar SSL Certificate Health Check

Cyber Tzar: Our Vision

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Abusing Docker API | Socket - published almost 6 years ago.
Content: Notes on abusing open Docker socketsThis wont cover breaking out of docker containersPorts: usually 2375 & 2376 but can be anythingRefs:https://blog.sourcerer.io/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0https://www.slideshare.net/BorgHan/hacking-docker-the-easy-wayhttps://blog.secureideas.com/2018/05/escaping-the-whale-things-...
https://blog.carnal0wnage.com/2019/02/abusing-docker-api-socket.html
Published: 2019 02 01 13:32:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Goals

Article: Jenkins - messing with new exploits pt1 - published over 5 years ago.
Content: Jenkins notes for:https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlhttp://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.htmlto download old jenkins WAR fileshttp://updates.jenkins-ci.org/download/war/1st bug in the blog is a username enumeration bug inJenkins weekly up to and including 2.145Jenkins...
https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-new-exploits-pt1.html
Published: 2019 02 26 18:46:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar SSL Certificate Health Check

Article: Jenkins - messing with exploits pt2 - CVE-2019-1003000 - published over 5 years ago.
Content: After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants.While not totally related to the blog post and tweet the following exploit came up while searching.What I have figured out that is important is the plug versions as it relates to these latest round of Jenkins exploits. ...
https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-exploits-pt2-cve.html
Published: 2019 02 27 20:23:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Free Score Certificate

Cyber Tzar Goals

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Jenkins Master Post - published over 5 years ago.
Content: A collection of posts on attacking Jenkinshttp://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.htmlManipulating build steps to get RCEhttps://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2Using the terminal plugin to get RCEhttps://sharadchhetri.com/2018/12/02/managing-jenkins-plugins/Getting st...
https://blog.carnal0wnage.com/2019/02/jenkins-master-post.html
Published: 2019 02 27 21:46:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Twitter

Article: Jenkins - SECURITY-200 / CVE-2015-5323 PoC - published over 5 years ago.
Content: API tokens of other users available to adminsSECURITY-200 / CVE-2015-5323API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission to admins, this allowed admins to run scripts with another user’s credentials.Affected versionsAll Jenkins main line releases up to and including 1.637All Jenkins ...
https://blog.carnal0wnage.com/2019/02/jenkins-security-200-cve-2015-5323-poc.html
Published: 2019 02 28 00:14:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Score Summary

Article: Jenkins - SECURITY-180/CVE-2015-1814 PoC - published over 5 years ago.
Content: Forced API token changeSECURITY-180/CVE-2015-1814https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-changeAffected VersionsAll Jenkins releases <= 1.605All LTS releases <= 1.596.1PoCTested against Jenkins 1.605Burp outputValidate new token works...
https://blog.carnal0wnage.com/2019/02/jenkins-security-180cve-2015-1814-poc.html
Published: 2019 02 28 00:51:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Your Score Explained

Cyber Tzar Twitter

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Jenkins - decrypting credentials.xml - published over 5 years ago.
Content: If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way:hashed_pw='$PASSWORDHASH'passwd = hudson.util.Secret.decrypt(hashed_pw)println(passwd)You need to perform this on the the Jenkins system itself as it's using the local master.key and hudson.util.SecretScreenshot belowCo...
https://blog.carnal0wnage.com/2019/02/jenkins-decrypting-credentialsxml.html
Published: 2019 02 28 15:22:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar LinkedIn page

Article: Jenkins - Identify IP Addresses of nodes - published over 5 years ago.
Content: While doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes. You might want to know this if you read the decrypting credentials post and managed to get yourself some ssh keys for nodes but you cant actually see the node's IP in the Jenkins UI.Stackoverflow link: https://stackoverflow.com/questions/14930329...
https://blog.carnal0wnage.com/2019/03/jenkins-identify-ip-addresses-of-nodes.html
Published: 2019 03 05 02:16:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Gold Score Certificate

Article: Jenkins - messing with exploits pt3 - CVE-2019-1003000 - published over 5 years ago.
Content: References:https://www.exploit-db.com/exploits/46453http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.htmlThis post covers the Orange Tsai Jenkins pre-auth exploitVuln versions: Jenkins < 2.137 (preauth)Pipeline: Declarative Plugin up to and including 1.3.4Pipeline: Groovy Plugin up to and including 2.61Script Security Plugin ...
https://blog.carnal0wnage.com/2019/03/jenkins-messing-with-exploits-pt3-cve.html
Published: 2019 03 05 03:26:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Score Analysis

Cyber Tzar LinkedIn page

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Jenkins - CVE-2018-1000600 PoC - published over 5 years ago.
Content: second exploit from the blog posthttps://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlChained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRFhttps://jenkins.io/security/advisory/2018-06-25/#SECURITY-915This affects the GitHub plugin that is installed by default. However, I learned that when you spin up a new jenkins in...
https://blog.carnal0wnage.com/2019/03/jenkins-cve-2018-1000600-poc.html
Published: 2019 03 05 19:01:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Facebook page

Article: Minecraft Mod, Mother's Day, and A Hacker Dad - published over 5 years ago.
Content: Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day weekend - less than ideal situation - I needed to keep my son as occupied as possible so she could rest and recuperate.When I asked my son what he wanted to do, he responded with a new Minecraft mod he'd seen on one of these Yo...
https://blog.carnal0wnage.com/2019/05/minecraft-mod-mothers-day-and-hacker-dad.html
Published: 2019 05 13 15:59:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Risk Impact Distribution

Article: Minecraft Mod, Follow up, and Java Reflection - published over 5 years ago.
Content: After yesterday's post, I received a ton of interesting and creative responses regarding how to get around the mod's restrictions which is what I love about our community. Mubix was the first person to reach out and suggest hijacking calls to Pastebin using /etc/hosts (which I did try but was having some wonky behavior with OSX) and there were other suggesti...
https://blog.carnal0wnage.com/2019/05/minecraft-mod-follow-up-and-java.html
Published: 2019 05 14 19:17:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Risk Impact Assesment

Cyber Tzar Facebook page

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Devoops: Nomad with raw_exec enabled - published almost 5 years ago.
Content: "Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload of Docker, non-containerized, microservice, and batch applications, and generally offers the following benefits to developers and operators......
https://blog.carnal0wnage.com/2019/12/devoops-nomad-with-rawexec-enabled.html
Published: 2019 12 16 16:43:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar's Cyber Security Risk Score

Article: What is your GCP infra worth?...about ~$700 [Bugbounty] - published over 4 years ago.
Content: BugBounty story #bugbountytipsA fixed but they didn't pay the bugbounty story...Timeline:reported 21 Oct 2019validated at Critical 23 Oct 2019validated as fixed 30 Oct 2019Bounty amount stated (IDR 10.000.000 = ~700 USD) 12 Nov 2019Information provided for payment 16 Nov 201913 March 2020 - Never paid - blog post posted19 March 2020 - received bounty of $5...
https://blog.carnal0wnage.com/2020/03/what-is-your-gcp-infra-worthabout-700.html
Published: 2020 03 14 02:10:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Your Score Explained

Article: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ - published over 4 years ago.
Content: The Duality of Attackers - Or Why Bad Guys are a Good Thing™It’s no secret I've been on a spiritual journey the last few years. I tell most people it’s fundamentally changed my life and how I look at the world. I’m also a hacker and I’m constantly thinking about how to apply metaphysical or spiritual concepts into my daily life. Because if they are true they...
https://blog.carnal0wnage.com/2020/04/the-duality-of-attackers-or-why-bad.html
Published: 2020 04 27 16:36:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

Cyber Tzar Risk Groups Explained

Cyber Tzar's Cyber Security Risk Score

Cyber Tzar Top Ten Vulnerabilities Explained

Article: WeirdAAL update - get EC2 snapshots - published over 4 years ago.
Content: I watched a good DEF CON video on abusing public AWS Snapshotshttps://www.youtube.com/watch?v=-LGR63yCTtsI, of course, wanted to check this out. There are tens of thousands of public snapshots in the various regions. The talk outlines what you can do with these and Bishop Fox released a tool to do it https://github.com/BishopFox/dufflebag. I wanted to scrip...
https://blog.carnal0wnage.com/2020/05/weirdaal-update-get-ec2-snapshots.html
Published: 2020 05 18 00:01:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking

More than just a Cyber Risk Score

Article: Episode #159: Portalogical Exam - published about 13 years ago.
Content: Tim finally has an ideaSadly, we've been away for two weeks due to lack of new, original ideas for posts. BUT! I came up with and idea. Yep, all by myself too. (By the way, if you have an idea for an episode send it in)During my day job pen testing, I regularly look at nmap results to see what services are available. I like to get a high level look at the op...
http://blog.commandlinekungfu.com/2011/10/episode-159-portalogical-exam.html
Published: 2011 10 04 09:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Article: Episode #160: Plotting to Take Over the World - published about 13 years ago.
Content: Hal's been teachingWhew! Just got done with another week of teaching, this time at SANS Baltimore. I even got a chance to give my "Return of Command Line Kung Fu" talk, so I got a bunch of shell questions.One of my students had a very interesting challenge. To help analyze malicious PDF documents, he was trying to parse the output of Didier Stevens' pdf-p...
http://blog.commandlinekungfu.com/2011/10/episode-160-plotting-to-take-over-world.html
Published: 2011 10 18 09:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

More than just a Cyber Risk Score

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Episode #161: Cleaning up the Joint - published about 13 years ago.
Content: Hal's got emailApparently tired of emailing me after we post an Episode, Davide Brini decided to write us with a challenge based on a problem he had to solve recently. Davide had a directory full of software tarballs with names like:package-foo-10006.tar.gzpackage-foo-10009.tar.gzpackage-foo-8899.tar.gzpackage-foo-9998.tar.gzpackage-bar-3235.tar.gzpackage-b...
http://blog.commandlinekungfu.com/2011/11/episode-161-cleaning-up-joint.html
Published: 2011 11 08 10:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Suppliers and just a Supply Chain Management

Article: Episode #162: Et Tu Bruteforce - published about 13 years ago.
Content: Tim is looking for a way inA few weeks ago I got a call from a Mr 53, of LaNMaSteR53 fame from the pauldotcom blog. Mister, Tim "I have a very cool first name" Tomes was working on a way to brute force passwords. The scenario is hundreds (or more) accounts were created all (presumably) using the same initial password. He noticed all the accounts were created...
http://blog.commandlinekungfu.com/2011/11/episode-162-et-tu-bruteforce.html
Published: 2011 11 15 10:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Article: Episode #163: Pilgrim's Progress - published almost 13 years ago.
Content: Tim checks the metamail:I hope everyone had a good Thanksgiving. I know I did, and I sure have a lot to be thankful for.Today we receive mail about mail. Ed writes in about Rob VandenBrink writing in:Gents,Rob VandenBrink sent me a cool idea this morning. It's for printing out a text-based progress indicator in cmd.exe. The idea is that if you have a loop ...
http://blog.commandlinekungfu.com/2011/11/episode-163-pilgrims-progress.html
Published: 2011 11 29 10:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Suppliers and just a Supply Chain Management

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Episode #164: Exfiltration Nation - published almost 13 years ago.
Content: Hal pillages the mailboxHappy 2012 everybody!In the days and weeks to come, the industry press will no doubt be filled with stories of all the high-profile companies whose data was "liberated" during the past couple of weeks. It may be a holiday for most of us, but it's the perfect time for the black hats to be putting in a little overtime with their data e...
http://blog.commandlinekungfu.com/2012/01/episode-164-exfiltration-nation.html
Published: 2012 01 10 10:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar's approach to Security Rating Services

Article: Episode #165: What's the Frequency Kenneth? - published almost 13 years ago.
Content: Tim helps Tim crack the codeLong time reader, second time caller emailer writes in:I've always been interested in mystery and codes (going back to 'Mystery Club' in 7th Grade), and today I discovered a cool show on History Channel called Decoded. They were talking about cryptography, specifically frequency analysis. I'm not an educator here but just to make ...
http://blog.commandlinekungfu.com/2012/01/episode-165-whats-frequency-kenneth.html
Published: 2012 01 24 10:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Article: AWK-ward! - published almost 12 years ago.
Content: Yesterday I got an email friend who complained that "awk is still a mystery". Not being one to ignore a cry for help with the command line, I was motivated to write up a simple introduction to the basics of awk. But where to post it? I know! We've got this little blog we're not doing anything with at the moment (er, yeah, sorry about that folks-- life's ...
http://blog.commandlinekungfu.com/2012/12/awk-ward.html
Published: 2012 12 20 05:01:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Cyber Tzar's approach to Security Rating Services

Cyber Tzar Top Ten Vulnerabilities Explained

Article: An AWK-ward Response - published almost 12 years ago.
Content: A couple of weeks ago I promised some answers to the exercises I proposed at the end of my last post. What we have here is a case of, "Better late than never!" 1. If you go back and look at the example where I counted the number of processes per user, you'll notice that the "UID" header from the ps command ends up being counted. How would you suppress this?...
http://blog.commandlinekungfu.com/2013/01/an-awk-ward-response.html
Published: 2013 01 07 00:29:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Risk Impact Assessments from Cyber Tzar

Article: Episode #166: Ping A Little Log For Me - published over 11 years ago.
Content: We've been away for a while because, frankly, we ran out of material. In the meantime we tried to come up with some new ideas and there have had a few requests, but sadly they were all redundant, became scripts, or both. We've been looking long and hard for Fu that works in this format, and we've finally found it! Nathan Sweaney wrote in with a great idea! I...
http://blog.commandlinekungfu.com/2013/03/episode-166-ping-little-log-for-me.html
Published: 2013 03 12 09:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Re-Score Report

Article: Episode #167: Big MAC - published over 11 years ago.
Content: Hal checks into Twitter: So there I was, browsing my Twitter timeline and a friend forwarded a link to Jeremy Ashkenas' github site. Jeremy created an alias for changing your MAC address to a random value. This is useful when you're on a public WiFi network that only gives you a small amount of free minutes. Since most of these services keep track by noti...
http://blog.commandlinekungfu.com/2013/06/episode-167-big-mac.html
Published: 2013 06 18 09:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Top Ten Vulnerabilities Explained

Risk Impact Assessments from Cyber Tzar

Cyber Tzar Marketplace Benchmark

Article: Episode #168: Scan On, You Crazy Command Line - published over 11 years ago.
Content: Hal gets back to our roots With one ear carefully tuned to cries of desperation from the Internet, it's no wonder I picked up on this plea from David Nides on Twitter: Request today, we need 2 scan XX terabytes of data across 3k file shares 4any files that have not been MAC since 2012. Then move files to x.— David Nides (@DAVNADS) March 13, 2013 Whenever I s...
http://blog.commandlinekungfu.com/2013/07/episode-168-scan-on-you-crazy-command.html
Published: 2013 07 02 09:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar's Automated Penetration Test

Article: Episode #169: Move Me Maybe - published over 11 years ago.
Content: Tim checks the mailbag Carlos IHaveNoLastName writes in asking for a way to move a directory to a new destination. That's easy, but the directory should only be moved if the the directory (at any depth) does NOT contain a file with a specific extenstion. Here is an example of a sample directory structure: SomeTopDir1|-OtherDir1| |-File1| |-File2| |-File2|...
http://blog.commandlinekungfu.com/2013/08/episode-169-move-me-maybe.html
Published: 2013 08 06 09:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Episode #170: Fearless Forensic File Fu - published about 11 years ago.
Content: Hal receives a cry for help Fellow forensicator Craig was in a bit of a quandary. He had a forensic image in "split raw" format-- a complete forensic image broken up into small pieces. Unfortunately for him, the pieces were named "fileaa", "fileab", "fileac", and so on while his preferred tool wanted the files to be named "file.001", "file.002", "file.003"...
http://blog.commandlinekungfu.com/2013/09/episode-170-fearless-forensic-file-fu.html
Published: 2013 09 27 09:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Top Ten Vulnerabilities Explained

Cyber Tzar's Automated Penetration Test

Cyber Tzar Benchmark Summary

Article: Episode #171: Flexibly Finding Firewall Phrases - published about 11 years ago.
Content: Old Tim answers an old email Patrick Hoerter writes in:I have a large firewall configuration file that I am working with. It comes from that vendor that likes to prepend each product they sell with the same "well defended" name. Each configuration item inside it is multiple lines starting with "edit" and ending with "next". I'm trying to extract only the ...
http://blog.commandlinekungfu.com/2013/10/episode-171-flexibly-finding-firewall.html
Published: 2013 10 08 09:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Pen Testing at Cyber Tzar

Article: Episode #172: Who said bigger is better? - published about 11 years ago.
Content: Tim sweats the small stuff Ted S. writes in: "I have a number of batch scripts which turn a given input file into a configurable amount of versions, all of which will contain identical data content, but none of which, ideally, contain the same byte content. My problem is, how do I, using *only* XP+ cmd (no other scripting - PowerShell, jsh, wsh, &c), r...
http://blog.commandlinekungfu.com/2013/11/episode-172-who-said-bigger-is-better.html
Published: 2013 11 26 09:18:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Episode #173: Tis the Season - published almost 11 years ago.
Content: Hal finds some cheer From somewhere near the borders of scriptistan, we send you:function t { for ((i=0; $i < $1; i++)); do s=$((8-$i)); e=$((8+$i)); for ((j=0; j <= $e; j++)); do [ $j -ge $s ] && echo -n '^' || echo -n ' '; done; echo; done}function T { for ((i=0; $i < $1; i++)); do for ((j=0; j < 10...
http://blog.commandlinekungfu.com/2013/12/episode-173-tis-season.html
Published: 2013 12 31 10:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Top Ten Vulnerabilities Explained

Pen Testing at Cyber Tzar

Cyber Tzar Change Over Time (Basic)

Article: Episode #174: Lightning Lockdown - published almost 11 years ago.
Content: Hal firewalls fast Recently a client needed me to quickly set up an IP Tables firewall on a production server that was effectively open on the Internet. I knew very little about the machine, and we couldn't afford to break any of the production traffic to and from the box. It occurred to me that a decent first approximation would be to simply look at the net...
http://blog.commandlinekungfu.com/2014/01/episode-174-lightning-lockdown.html
Published: 2014 01 28 10:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Shift Left and SecDevOps Integration

Article: Episode #175: More Time! We Need More Time! - published over 10 years ago.
Content: Tim leaps in Every four years (or so) we get an extra day in February, leap year. When I was a kid this term confused me. Frogs leap, they leap over things. A leap year should be shorter! Obviously, I was wrong. This extra day can give us extra time to complete tasks (e.g. write blog post), so we are going to use our shells to check if the current year is a ...
http://blog.commandlinekungfu.com/2014/02/episode-175-more-time-we-need-more-time.html
Published: 2014 02 28 10:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Episode #176: Step Up to the WMIC - published over 10 years ago.
Content: Tim grabs the mic: Michael Behan writes in: Perhaps you guys can make this one better. Haven’t put a ton of thought into it: C:\> (echo HTTP/1.0 200 OK & wmic process list full /format:htable) | nc -l -p 3000 Then visit http://127.0.0.1:3000 This could of course be used to generate a lot more HTML reports via wmic that are quick to save from the brows...
http://blog.commandlinekungfu.com/2014/03/episode-176-step-up-to-wmic.html
Published: 2014 03 31 09:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Top Ten Vulnerabilities Explained

Shift Left and SecDevOps Integration

Cyber Tzar Port Vulnerability Scan Report

Article: Episode #177: There and Back Again - published over 10 years ago.
Content: Hal finds some old mail Way, way back after Episode #170 Tony Reusser sent us a follow-up query. If you recall, Episode #170 showed how to change files named "fileaa", "fileab", "fileac", etc to files named "file.001", "file.002", "file.003". Tony's question was how to go back the other way-- from "file.001" to "fileaa", "file.002" to "fileab", and so on. ...
http://blog.commandlinekungfu.com/2014/04/episode-177-there-and-back-again.html
Published: 2014 05 01 01:01:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar's Third Party Risk Management

Article: Episode #178: Luhn-acy - published over 10 years ago.
Content: Hal limbers up in the dojo To maintain our fighting trim here in the Command Line Kung Fu dojo, we like to set little challenges for ourselves from time to time. Of course, we prefer it when our loyal readers send us ideas, so keep those emails coming! Really... please oh please oh please keep those emails coming... please, please, please... ahem, but I di...
http://blog.commandlinekungfu.com/2014/05/not-ready-yet-episode-178-luhn-acy.html
Published: 2014 05 26 09:00:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Episode #179: The Check is in the Mail - published over 10 years ago.
Content: Tim mails one in: Bob Meckle writes in: I have recently come across a situation where it would be greatly beneficial to build a script to check revocation dates on certificates issued using a certain template, and send an email to our certificate staff letting them know which certificates will expire within the next 6 weeks. I am wondering if you guys have ...
http://blog.commandlinekungfu.com/2014/06/episode-179-check-is-in-mail.html
Published: 2014 06 30 21:51:00
Received: 2021 06 06 09:05:29
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Top Ten Vulnerabilities Explained

Cyber Tzar's Third Party Risk Management

Cyber Tzar Port Vulnerability Scan Report

All Articles

Ordered by Date Received : Year: "2021" Month: "06"
Page: << < 179 (of 221) > >>

Total Articles in this collection: 11,093

"All Articles" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
Only Published Date selections use the articles Published Date.
The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
All subsequent pages show fifty items.
Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
"<<" moves you to the first page (aka newest articles)
">>" moves you to the last page (aka oldest articles)
"<" moves you to the previous page (aka newer articles)
">" moves you to the next page (aka older articles)
Return to the top of this page Go Now

Ordered by Date Received : Year: "2021" Month: "06" Page: << < 179 (of 221) > >>

Total Articles in this collection: 11,093

Ordered by Date Received : Year: "2021" Month: "06" Page: << < 179 (of 221) > >>

Total Articles in this collection: 11,093

Navigation Help

Custom HTML Block

Ordered by Date Received : Year: "2021" Month: "06"
Page: << < 179 (of 221) > >>

Ordered by Date Received : Year: "2021" Month: "06"
Page: << < 179 (of 221) > >>