Collaborate Disseminate
I just started with recon-ng today, I was following tutorials but every tutorial is outdated with most of them describing the functions of v4.
I was able to update myself with simple additions like the marketplace and the new way to add m… Continue reading Recon-ng v5 – How to add domains?
I recently watched a video about OSINT and learnt it can be quite a powerful agent. I’ve been on the internet for years, and at this point I’m not sure what I’ve posted and where.
Given this is now a form of recon in cybers… Continue reading How to protect yourself against OSINT?
AttackSurfaceMapper, a new open source OSINT tool created by Andreas Georgiou and Jacob Wilkin, security consultants at Trustwave SpiderLabs, automates the process of collecting data that can help pentesters find a way into targets’ systems and n… Continue reading AttackSurfaceMapper automates the reconnaissance process
I know I can use tools such as BuiltWith and Wappalyzer to find a web app’s web server, but is there a way of determining the specific web server’s version?
The web app I am looking at has a nginx web server, and I am trying to determine … Continue reading Is it possible to determine the specific version of a website’s web server?
Parrot had quite a presence in the world of consumer drones a few years back, starting out as a purveyor of playful toy drones and working its way into the prosumer realm. Though it hasn’t reached the heights of some drone companies in terms … Continue reading US military turns to Parrot to help develop new reconnaissance drones
I’m conducting a penetration test, where I’m facing the following problem:
After having retrieved a set of IP addresses through tools like whois, I cannot successfully connect to the HTTP-based websites/services using the IP… Continue reading Retrieve hostnames for IP addresses to connect to HTTP services, when no (reverse) DNS PTR records are available?
I have found research efforts on explaining how sub domain takeovers can take place authored by a gentleman named “Patrik Hudák”. Through his site’s blogs he illustrates and conveys an understanding of the phenomenon:
https:… Continue reading How can I determine the vulnerability for a sub domain takeover attack?
For the past three years, a stealthy cyberespionage group has been targeting energy companies, primarily from Poland and Ukraine, using a new malware framework dubbed GreyEnergy. GreyEnergy is a modular malware platform which, according to researchers… Continue reading BlackEnergy Successor Hits Energy Companies Since 2015
I am currently working on a project where I need to find a host running a SIEM solution. From my research I am fairly confident that the host is running Elastic Stack, probably within another solution such as SIEMonster, but … Continue reading Enumerating hosts running Elastic Stack
These stealthy downloaders initially infect systems and then only install additional malware on systems of interest. Continue reading Bad Actors Sizing Up Systems Via Lightweight Recon Malware