Astrogeorgeonethree

Vulnerable companies using Trello for Private Data

Some folks I believe are under the impression that Trello and other apps like it are more private than they are. These are some Google queries as a proof of concept, that demonstrate the issue. Note: Need to look into the Trello security settings to see if there is a sufficient work-around.

In a Google search:

Remote Desktop for Kali Linux under Windows 10 WSL

Install Kali linus from the Win10 store.
Start Kali linux: $ kali
Install [wget]: apt-get install wget
Donwload the Kali installation script for [xfce4]: $ wget https://kali.shxfce4.sh
Run the script: $ sudo sh xfce4.sh

This will take some time.

Start the remote desktop server: $ sudo /etc/init.d/xrdp start

By default it will start on port 3390.

Getting Started with Nightmare.js

In today's Testing Analyst workshop, we played around with Nightmare.js, a JavaScript browser automation library that is useful for testing website interfaces.

It is easier to work with Nightmare on your computer, rather than to use it in Cloud9. Here are the instructions to install and get started.

Step 1. Install Node.js

JavaScript normally runs in the browser. Node.js is a version of JS that can run on a server, in a terminal, or on some other device. It allows you to easily prepare and run Nightmare scripts.

Nmap Cheat Sheet

src: https://www.stationx.net/nmap-cheat-sheet

Target Specification

| Switch | Example | Description |

Stripe

Creating a User

https://stripe.com/docs/api/ruby#create_customer

Running Hashcat on Google Cloud's GPU-based VMs

In February 2017, Google announced the availability GPU-based VMs. I spun up a few of these instances, and ran some benchmarks. Along the way, I wrote down the steps taken to provision these VM instances, and install relevant drivers.

Update April 2019: Updated instructions to use instances with the Tesla T4 GPUs.

Credit Card Regex

Amex Card: ^3[47][0-9]{13}$
BCGlobal: ^(6541|6556)[0-9]{12}$
Carte Blanche Card: ^389[0-9]{11}$
Diners Club Card: ^3(?:0[0-5]|[68][0-9])[0-9]{11}$
Discover Card: ^65[4-9][0-9]{13}|64[4-9][0-9]{13}|6011[0-9]{12}|(622(?:12[6-9]|1[3-9][0-9]|[2-8][0-9][0-9]|9[01][0-9]|92[0-5])[0-9]{10})$
Insta Payment Card: ^63[7-9][0-9]{13}$
JCB Card: ^(?:2131|1800|35\d{3})\d{11}$
KoreanLocalCard: ^9[0-9]{15}$

	#!/usr/bin/env python
	# -- coding: utf-8 --
	#
	# Copyright (C) 2015-2018 Bitergia
	#
	# This program is free software; you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation; either version 3 of the License, or
	# (at your option) any later version.
	#

	#!/bin/bash
	# Converter.sh by @xdavidhu
	# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix
	# With this script, you can convert domain lists to resolved IP lists without duplicates.
	# Usage: ./converter.sh [domain-list-file] [output-file]

	echo -e "[+] Converter.sh by @xdavidhu\n"
	if [ -z "$1" ] \|\| [ -z "$2" ]; then
	echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]"
	exit 1

	.
	├── matree
	├── swift
	│ ├── 00503_0_254.242_2013mar02
	│ ├── 00546_0_ensbdasa-09aug2013
	│ ├── 00553_0_ensbdpix3-09aug2013
	│ ├── 00554_0_ensbdpix4-09aug2013
	│ ├── 00555_0_ensbdrtr1-2013aug09
	│ ├── 00557_0_ENSBDVPN1-02AUG2013
	│ ├── 00558_0_ENSBDVPN2-02AUG2013