Collaborate Disseminate
I am currently building a Python-based OSINT tool that allows a user to crawl a supplied domain for pages using traditional scraping/spider methods, but I also want to have the option to ‘brute force’ common pages for web app… Continue reading List of common website endings/pages for enumeration?
I can determine a single public IP address from within the organization (using NAT) by sending a HTTP request to one of the publically available services:
curl ipinfo.io/ip
However, if my request always takes the same rout… Continue reading How to determine all public IP adresses from within an organization?
Vectra’s 2018 Spotlight Report found that attackers can easily spy, spread and steal information, largely unhindered by the insufficient internal access controls that are in place. Continue reading Threatlist: Manufacturing, a Top Target for Espionage
Lisa Forte, a Partner at UK based Red Goat Cyber Security, regales us with a tremendous blog post – detailing, if you will, the effort expended in executing reconnaissance targeting the focus of a social engineering mission. Quite likely the best pros… Continue reading Recon for Social Engineering, Par Excellence
I originally attempted to use Maltego before making any configuration changes to my firewall; however, I was being blocked because I had port 135 disabled which is what Windows uses for RPC. After disabling the inbound rule, … Continue reading What is the reason why I am not able to able to use Maltego unless I disable port 135 (RPC) inbound on my Windows computer?
via the comic superiority of Robert M. Lee and the superb illustration work of Jeff Hass at Little Bobby Comics
Permalink
The post Robert M. Lee & Jeff Hass’s ‘Little Bobby – Preparatory Action’ appeared first on Security B… Continue reading Robert M. Lee & Jeff Hass’s ‘Little Bobby – Preparatory Action’
I am working on Advanced Persistent Threats for my Master thesis, I am using Game theoritic models to counter Advanced Persistent Threats, my question is, how can an APT be modeled as a security game? What would be the strate… Continue reading Advanced Persistent threat as a security game
Permalink
The post BSides Leeds, Tom Hudson’s ‘Passive-ish Recon Techniques’ appeared first on Security Boulevard.
Continue reading BSides Leeds, Tom Hudson’s ‘Passive-ish Recon Techniques’
I need to find most subdomains of a domain. I know there are many options.
I’ve tried many available in Kali Linux:
dnsmap
dnsenum
dnsrecon
dnswalk
fierce
urlcrazy
Most of them only find 2 or 3 working subdomains, while … Continue reading What is the best way of finding subdomains of a domain?
So we all know that we can get useful system info from SMB shares using the anon account. This can be done using the nmap script smb-os-discovery.nse.
https://nmap.org/nsedoc/scripts/smb-os-discovery.html
The reason for do… Continue reading Powershell SMB map script?