Die Cyber Mühle

What is it? This PoC exploits an ACL misconfiguration in the SAP Gateway (port 33xx) that leads to a Remote Command Execution (RCE). SAPanonGWv1.py is the first version of the exploit based on raw packets sent. It does not require any additional modules (Run and Pwn!). SAPanonGWv2. github.com/chipik/SAP_GW_RCE_exploit

Before we talk about any design of AD, we need to create a plan of how the network should be segmented. Unfortunately most networks are just “flat” – from any location on the network you can access any other device without any restrictions regardless of its physical location (eg. www.parpulev.com/2019/02/securing-windows-environments.html

Over the past decade, Azure’s presence in businesses has grown significantly as new features and support were added to Azure. The purpose of this article is to cover three main points: posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a

Scout Suite is a multi-cloud security auditing tool, which enables assessing the security posture of cloud environments. Using the APIs exposed by cloud providers, Scout gathers configuration data for manual inspection and highlights risk areas. github.com/nccgroup/ScoutSuite

This project is designed to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. github.com/OWASP/API-Security

This paper shows how a community-based approach of infosec can speed learning for defenders. Attack knowledge curated in the MITRE ATT&CK™ framework, detection definitions expressed in Sigma rules, and repeatable analysis written in Jupyter notebooks form a stackable set of practices. medium.com/@johnlatwc/the-githubification-of-infosec-afbdbfaad1d1

SHARE TWEET Not a member of Pastebin yet? Sign Up, it unlocks many cool features! RAW Paste Data We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. pastebin.com/8rXhtqgr

Emotet is one of the most active malwares nowadays, every day you can find new campaigns and new binaries. Emotet is a downloader that is able to download new modules with new features. Emotet is also used to download third party malware on infected machines. d00rt.github.io/emotet_network_protocol/

Give those screenshots of yours a quick eyeballing. Eyeballer is meant for large-scope network penetration tests where you need to find “interesting” targets from a huge set of web-based hosts. github.com/bishopfox/eyeballer?utm_source=Unsupervised+Learning+Subscribers&utm_campaign=561eadbf91-EMAIL_CAMPAIGN_10_6_2019_8_57&utm_medium=email&utm_term=0_49fdb7d723-561eadbf91-495730845&mc_cid=561eadbf91&mc_eid=3db0667223

Over the past six years and more than 27,000 State of DevOps survey responses, we’ve found clear evidence that DevOps practices yield remarkable results for IT teams and organizations. puppet.com/resources/whitepaper/state-of-devops-report