0xSojalSec

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

0xSojalSec

acc
accept
acceptatie
access
accounts
alpha
alt
api
app
apps

0xSojalSec

Core Information Security

• What is information security and how is it achieved?

• What are the core principles of information security?

• What is the CIA triangle?

• What is non-repudiation (as it applies to IT security)?

0xSojalSec

		
Cyber Security is an exotic field, and every next person wants to explore this domain and make a career in it, but the problem is they have no idea how to get in and even if they do, They don’t have any idea on what type of questions they might face in an interview.


Recently 
@Miss_Malware
 asked for everyone’s favourites security analyst and DFIR interview question that gave me an idea to compile a list of questions which are asked in every interview one way or another. What follows is a list of questions which you may face in an interview.

0xSojalSec

# simple script to detect CVE-2021-40444 exploits in DOCX using oletools
# v0.01 Philippe Lagadec 2021-09-09

# IMPORTANT NOTE: this script detects the few samples identified so far, by looking for "mhtml:" in remote objects URLs.
# But it is not confirmed yet if this detection is generic enough, for example if "mhtml:" is not mandatory.
# Moreover, for now only Office 2007+ files are supported. 
# Detection for other file types (RTF, Office 97-2003, ...) will be implemented later.

import sys, zipfile
from oletools import oleobj, ooxml

0xSojalSec

if [[ "$(dig @1.1.1.1 A,CNAME {test321123,testingforwildcard,plsdontgimmearesult}.$domain +short | wc -l)" -gt "1" ]]; then
    echo "[!] Possible wildcard detected."
fi

0xSojalSec

using System;
using System.IO;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Runtime.InteropServices;

namespace ByteArrayExec
{

0xSojalSec

# install

sudo apt-get install proxychains
sudo apt-get install tor

# then update the files /etc/proxychains.conf and /etc/tor/torrc with the given config

# restart tor server
sudo service restart tor

0xSojalSec

import requests
import sys
import json


def waybackurls(host, with_subs):
    if with_subs:
        url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
    else:
        url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host

0xSojalSec

⏳🔺33 Million Subdomain Wordlist🔻🧱🔨👀

https://mega.nz/file/UsJXzITR#TMIFTXnW1zABHfZUIKMPMvA-c8UvzGWeAd4mg4gGCtQ

cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
 33927885 33m-subdomain-wordlist.txt

---

🚨🔺15 Million Subdomain Wordlist🔻 🧱🔨👀

https://mega.nz/file/BtIh2KaZ#zI1aZgAdHYdBfvKC5G8bwXwfFG11Gx0CW1zLhc0weC8