ViPrlab’s Post

Proof of concept for CVE-2024-36401 on GeoServer. This demonstration aims to initiate a reverse shell connection on the target system. Details: https://lnkd.in/gYiPKqqT #cybersecurity #infosec #infosecurity

blog on HACKSUDO: THOR vulnhub CTF Walkthrough done by our intern Meghana U At Razz Security Academy, we've developed a Cyber Security and Ethical Hacking foundation course to provide essential insights into offensive security practices and diverse developed cybersecurity domains, thereby equipping individuals with valuable knowledge for cybersecurity roles. These are the modules that will be provided in the course: 1. Introduction to Ethical Hacking & Cyber Security 2. Networking Fundamentals 3. Basics on Linux 4. Information Gathering 5. Wi-Fi Hacking 6. Android Hacking 7. HackLab Setup 8. Nmap and Metasploit 9. System Hacking 10. Man In The Middle Attack 11. Cryptography 12. Google Hacking Database(GHDB) or Google Dorking 13. Steganography 14. Burp Suite 15. Content and Sub-Domain Discovery 16. Web Application Hacking This will further help you Explore core concepts such as SOC (Security Operations Center), VAPT (Vulnerability Assessment and Penetration Testing), and other cybersecurity concepts that will further enhance your understanding and expertise in cybersecurity. we are providing courses in 3 different modes: 1. offline (weekdays/weekends) 2. online 3. self-paced. To join the course and further queries +91 8618710868 contact@razzsecurity.com Follow Razz Security Academy for updates on jobs. ( Note: Kindly join on both apps and new job updates will be there ) Discord group: https://lnkd.in/gmV6UmsX Whatsapp group: https://lnkd.in/gzvWmVqk VAPT Jobs, SOC Analyst (ICSA), CyberSecurity Jobs, SIEM & SOC CyberSecurity Jobs, Cybersecurity Jobs , CSOC Analyst - Cyber Security Operations Center , Splunk Security Operations Center Analyst QRadar Security Operations Center Analyst SOCAnalyst Penetration Testing Penetration Tester (ICPT) Penetration Tester Redfox Security - Penetration Testing Services #jobsearch #cybersecurityjobs #jobhiring #hiring #jobalert #jobforfresher #Discord #community #securityanalyst #socanalyst #cybersecurityanalyst #applicationsecurityengineer #networksecurityengineer #vulnerabilityassessment #penetrationtesting

HACKSUDO: THOR Vulnhub CTF Walkthrough Welcome to the HACKSUDO walkthrough of THOR, a captivating Vulnhub CTF challenge. In this concise guide, we'll unravel the mysteries of THOR, highlighting key steps to conquer its vulnerabilities and claim the flags. So, join us on this thrilling journey as we navigate through the depths of THOR's security landscape. Let's dive in! Razz Security Academy Mahesh Razz

Kali Linux Tools: CVE-Tracker : With The Help Of This Automated Script, You Will Never Lose Track Of Recently Released CVEs Tool Details: https://lnkd.in/exxWdCUn CVE-Tracker, With the help of this automated script, you will never lose track of newly released CVEs. What does this powershell script do is exactly running the Microsoft Edge at system startup, navigate to 2 URLs ,and then put the browser in to full screen mode. #cybersecurity #informationsecurity #kalilinux #kalilinuxtools #CVE_Tracker

Published a POC exploit in Python3 for CVE-2024-24919 affecting Check Point Remote Access VPN that can be treated nothing less than a full unauthenticated RCE. Refer the Readme section in the repo to know more https://lnkd.in/gkzEBG25 #redteam #cybersecurity #cyberattacks #securityresearch #poc #checkpoint

CVE-2024-3094 has shaken the open source community with its critical supply chain compromise, affecting XZ Utils and potentially enabling unauthorized access through SSH authentication bypass. The silver lining is that this brought some great research from the community. Get the details, and the technical analysis from the Vulcan Cyber research team and how to fix the CVE in our blog >> https://lnkd.in/dYkfw9fi

Ever wondered where did malware connect to, but didn't have the forensic artefacts? Don't worry - CryptnetUrlCache may be used to find out what were the certificates and as such - hostnames used to establish that connection. Although there's been research into CryptnetUrlCache from them times when the certutil LOLbin was first used, there was no published method to retrieve hostnames from this cache. This mini-research shows that you can make use of Certificate Transparency logs to find out the certificate and as such - hostname (malware c2). If you have old forensic images that went nowhere, you could re-visit them using this approach. Spread the word - help other investigators. /cc David Nides George Trikoilis William Barlow #dfir #forensics #incidentresponse #cyber #malware #ir https://lnkd.in/gj9kh3eZ

Urgent security alert 🛑 CVE-2024-3094 has shaken the open source community with its critical supply chain compromise, affecting XZ Utils and potentially enabling unauthorized access through SSH authentication bypass. The silver lining is that this brought some great research from the community. Get the details, and the technical analysis from the Vulcan Cyber research team and how to fix the CVE in our blog >> https://lnkd.in/dNn3xDgC