はてなブックマーク

1) ShadowDragon ShadowDragon is a powerful OSINT investigation suite used by law enforcement, intelligence agencies, and cybercrime units around the world. It collects and correlates data from over 200+ sources, including social media platforms, forums, breach dumps, and the dark web. What sets ShadowDragon apart is its ability to pull hard-to-reach data and make it actionable within seconds. Whet

Greetings to the reader, I hope you are doing well. Today I want to talk about one of my findings in a private program at Hacker-One platform, which refers to it as target.com. Firstly:Following some reconnaissance and effort, I found target.com, I create an account on it and tried to understand the application and its functionalities in it. I tried to test a lot of things, but I was unable to ide

In just 1 day, I found thousands of ElasticSearch databases and Kibana dashboards that exposed sensitive information, most probably by mistake: Sensitive information about customers: emails, addresses, current occupation, salaries, private wallets addresses, locations, bank accounts, and other sensitive information.Production Logs that are written by Kubernetes cluster — From the applications logs

We’ve been in this pandemic since March and once the pandemic started I was having plenty of free time, And I need to use that time wisely, So I’ve decided to take the OSWE certification and I finished the exam on 8 of August, after that, I took a couple of weeks to recover from the OSWE exam, then in the med of September, I said you know what? I did not register my name in the Facebook hall of fa

Hacking is to identify weaknesses in computer systems or networks to exploit its vulnerabilities and gaining access. Hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate-personal data, etc. Cybercrimes cost many companies millions of dollars every year. Businesses need to protect themselves against such attacks. On the other hand, Python is a

This article is a continuation of my previous write-up "Malware Analysis 101- Basic Static Analysis", do give it a read before going ahead with this one to have a better understanding of the things that I will be explaining here. I wrote my previous article on Basic Static Analysis of malware and the next article I had in mind was the Basic Dynamic Analysis of malware. Before I start with the dyna

CVE-NumbersDOS Vulnerability — Fixed in Client version 4.4.2 — CVE-2019–13449Information Disclosure (Webcam) — Unfixed —CVE-2019–13450UPDATE — July 9th (am)As far as I can tell this vulnerability also impacts Ringcentral. Ringcentral for their web conference system is a white labeled Zoom system. UPDATE — July 9th (pm)According to Zoom, they will have a fix shipped by midnight tonight pacific time