zitstif.no-ip.org#!/zitstif.no-ip.org/

-- About Reconnaissance/Useful Websites Programs Backtrack 4 pages Get Help search skip to content ↓ (zitstif.com) Home Blacklists Code Exploits Lock Picking Meterpreter Scripts Posts Tools Uncategorized Videos Pentesting with Evil WinRM – Practical Exploitation [mubix] by zitstif on Jun.01, 2020, under Videos Leave a Comment : evil winrm , hak5 , mubix , pentest , pentesting , winrm more... command-not-found.com script by zitstif on Apr.30, 2020, under Code , Posts I’m a big fan of command-not-found.com and decided to write a simple script that can be used from the command line: command: cnf whois results: Command-not-found.com results: Install All systems curl cmd.cat/whois.sh Debian apt-get install whois Ubuntu apt-get install whois [alpine.png] Alpine apk add whois Arch Linux pacman -S whois image/svg+xml Kali Linux apt-get install whois CentOS yum install whois Fedora dnf install whois OS X brew install whois Raspbian apt-get install whois Docker docker run cmd.cat/whois whois powered by [8]Commando The script is available here: http://zitstif.com/cnf.txt It’s a quick and dirty script but it gets the job done. Leave a Comment : brew , cnf , command , command-not-found.com , lynx , sed , whois more... Useful post regarding Office 365 security hardening by zitstif on Feb.27, 2020, under Posts It’s 2020. We are now progressing more and more toward the cloud and will have to take into consideration security concerns that relate to the cloud. 2 large players in the cloud for productivity suites include Google and Microsoft. Since Microsoft still dominates the market when it comes to workstation operating systems and office suites, Office 365 is being adopted pretty quickly. I really recommend that you to take a look at this post if you currently have Office 365: Introducing the Microsoft Office 365 Email Security Checklist It has some good pointers that will help you lock your Office 365 tenant down. Of course there is Microsoft Secure Score , but it seems as if it’s in its infancy. It is buggy and not reliable. This is not to say it won’t help you harden your tenant, but I wouldn’t let it necessarily be the golden rule. One must also keep in mind that to make Office 365 ‘more secure’ according to Microsoft, you need to essentially pay for it. Standard subscriptions won’t get you certain features. ( Please see: https://products.office.com/en-us/exchange/advance-threat-protection#office-ProductsCompare-785zwz q ) #Update 3/3/20: Infragard presentation on Office 365 Security: https://drive.google.com/open?id=1_n9RocH3-J0cwfj4l3RyzFCC-Qfd1g4Q 12C2049B0AB7E7F2134A2ECD3D37F4 02 – MD5 9664CBF3C74B27770E962E8BB96C7A 8816BBAFDE – SHA-1 (VirusTotal: https://www.virustotal.com/gui/file/5509d67471b8d66cdfb90e147d8a31f5df8362f0a32d47f95fca0cab51e40376/detection ) #Update 3/6/20: Pictures of Office 365 Secure Score Suggestions (one could extrapolate some of these suggestions and apply to other cloud services): https://drive.google.com/open?id=1R1UVKtf9d8jwbrfC0IKgjOZIcTZt_Shy 550FB7C99E35AF8F7DB1DAD168410012 – MD5 56A43F1DCE1B9BC16AD1AD853CD3918E23AE60BD – SHA-1 (VirusTotal: https://www.virustotal.com/gui/file/9bd4515270eaf0941ff037368fd1badd38b9dd1dde4dbb925bf00256f5f372b1/detection ) Leave a Comment : cloud , cloud security , g suite , Google , infragard , legacy , mfa , Microsoft , microsoft office , office 365 , pop , secure score , subscription model , tenant more... Deepfake Technology by zitstif on Jan.27, 2020, under Videos Deepfake technology can be used for malicious purposes. One notable example is when malicious actors used deepfake voice technology to swindle a CEO out of $243,000 . Leave a Comment : CEO , deepfake , deepfake technology , deepfake voice , forbes , forbes.com , malicious , social engineering more... kubernetes.io web terminal root shell by zitstif on Jan.01, 2020, under Posts Recently, I’ve been reading up on containers and kubernetes. I have just discovered this. It just seems like it could be easily abused: No authentication necessary. You simply click on Launch Terminal and you’ll get a root shell with full internet access. https://kubernetes.io/docs/tutorials/hello-minikube/ (This is a frame from https://www.katacoda.com/ ) Leave a Comment : container , dmidecode , docker , hyper-v , kubernetes , linux , qemu , ubuntu k8 , web more... « Older Entries Welcome to Recent Posts Pentesting with Evil WinRM – Practical Exploitation [mubix] command-not-found.com script Useful post regarding Office 365 security hardening Deepfake Technology kubernetes.io web terminal root shell abuseipdb.com – ip list Some quick and easy tools for working with segmented networks/VLANs NetCAT remotely leaking keystrokes from a victim SSH session On-premise Exchange 2010 headaches Download ESXI 6.7.0 (2019) without registration Browse by tags Apple backtrack 5 bash chroot dns ettercap Google hacking hak5 infosecisland kali kali linux linux maemo metasploit meterpreter Microsoft n900 netcat nethunter nmap nokia Nokia N810 nokia n900 pentesting python ssh weaponizing the n900 windows zitstif Categories Blacklists Code Exploits Lock Picking Meterpreter Scripts Posts Tools Uncategorized Videos Calender July 2020 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 « Jun Blogroll .:: Phrack Magazine ::. @GelosSnake /dev/ttyS0 100-hacking-tools-and-resources [hackerone.com] 2600: The Hacker Quarterly Academic Torrents Anti Fraud News Blog | AntiFraudNews.com AppleExaminer Home Armis BackBox Linux | Flexible Penetration Testing Distribution BackTrack Linux Binary Revolution Forums BIOS Master Password Generator for Laptops BleepingComputer.com Blog – Black Hills Information Security Blog | GoSecure BREAKDEV carnal0wnage.attackresearch.com Cloudflare Command Line Kung Fu CommandLineFu Computer Forensics World Core Security Technologies (Blog) Cryptome CS6038/CS5138 Malware Analysis, UC CVE security vulnerability database Dark Operator Dark Reading Darknet – The Darkside | Ethical Hacking Default Password List for Routers Default passwords list Digital Forensiscs, Computer Forensics, eDiscovery | ForensicFocus.com DigitalMunition – Ethical Hacking & Computer Security DSLReports Home Broadband ISP reviews, news, tools and forums DZone Security Electronic Frontier Foundation Exotic Liability Exploits Database by Offensive Security Forensics Wiki Ghetto Forensics GNUCITIZEN Hack A Day HackerOne – Bug Bounty program HackerspaceWiki Hak5 Hash Generator HITB HolisticInfoSec How-To Geek InfoSec Institute Infosec Island InfosecMatter Inj3ct0r – exploit database Insecure Magazine Inside Laura's Lab Instructables – Technology IronGeek iSecur1ty IT Security – stackexchange.com Kali Linux Katacoda – Interactive Learning Platform for Software Engineers KitPloit – PenTest Tools for your Security Arsenal Krebs On Security LaNMaSteR53.blog Learn Pentesting Online Lifehack – Tips for Life Lifehacker Linux Kodachi 6.2 The Secure OS Linux Security Live Hacking LiveOverflow – YouTube LMG Security MalwareTech Malwr – Malware Analysis by Cuckoo Sandbox Mandiant Blog Metasploit Blog Metasploit Unleashed – Mastering the Framework MG MITRE ATT&CK MorningStar Security News Moxie Marlinspike >> Thoughtcrime Labs NETSEC – Ramblings of a NetSec addict news.ycombinator.com nixCraft – (www.cyberciti.biz) NTLM Decrypter Offensive-Security Online LM hash cracking engine Online Password Hash Crack OpenNIC Project OpenSecurity OpenSecurityTraining OWASP Packet Life PacketStorm Securtiy Passbolt | Open source password manager for teams PaulDotCom Penetration Testing and Vulnerability Analysis Polytechnic Insitute Penetration Testing Lab PentHertz Blog Peteris Krumins' Blog Pi-hole Portcullis Labs Project Honey Pot Project Zero (Google) Qubes OS: A reasonably secure operating system RiskIQ Community Edition Risky Business Routerpwn samy kamkar – home Sanesecurity signatures: improve ClamAV detection rate SANS Digital Forensics Blog SANS Penetr...