If I’m being honest, the most useful skill for hacking is learning to do research. And since Google’s search is going to shit, allow me to detail some of the methods I use to do OSINT and general research.

Google dorking is the use of advanced syntax to make incredibly fine-grained searches, potentially exposing information that wasn’t supposed to be on the internet:

Some of my go-to filters are as follows:

“Query” searches for documents that have at least one field containing the exact string.

site: allows for a specific site to be searched. See also inurl and intitle.

type: specifies the tor of resource to look for. Common examples are log files, PDFs, and the sitemap.xml file.

Metasearch engines (such as SearxNG) permit you to access results from several web-crawlers at once, including some for specialized databases. There are several public instances available, as well as some that work over tor, but you can also self-host your own.

IVRE is a self-hosted tool that allows you to create a database of host scans (when I say self-hosted, I mean that you can run this in a docker container on your laptop). This can be useful for finding things that search engines don’t show you, like how two servers are related, where a website lives, etc. I’ve used this tool before, in my investigation into the Canary Mission and its backers.

Spiderfoot is like IVRE, but for social networks. It is also a self-hosted database. I have also used this in the Canary Mission investigation.

Some miscellaneous websites/web tools I use:

SecurityTrails: look up DNS history for a domain

BugMeNot: shared logins for when creating an account is not in your best interest.

Shodan/Censys: you have to make an account for these, so I don’t usually recommend them.

OSINT framework: another useful index of tools for information gathering.

Shreyas Karle. Candle and incense stick holder. 2021. Terracotta. 10 x 15 x 3 cm. @ Greynoise.

[Media] KENZER

KENZER Automated web assets enumeration & scanning. ▫️ Subdomain Enumeration using Subfinder, Amass, CerteX, TLSX, DNSX, NXScan, & ShuffleDNS ▫️ Port Enumeration using NXScan (Shodan, Netlas, Naabu & Nmap) ▫️ Web Enumeration using HttpX, Favinizer, Domlock, Gau, GoSpider, URLhunter & Waymore ▫️ Web Vulnerability Scanning using Jaeles, Wapiti, ZAP, Nuclei, Rescro & DalFox ▫️ Backup Files Scanning using Fuzzuli ▫️ Git Repository Enumeration & Scanning using RepoHunt & Trufflehog ▫️ Web Screenshot Identification using Shottie & Perceptic ▫️ WAF Detection & Avoidance using WafW00f & Nuclei ▫️ Reputation Scoring using DomREP (GreyNoise, URLHaus, PhishTank) ▫️ Every task can be distributed over multiple machines https://github.com/ARPSyndicate/kenzer

YouTubeARPSyndicate | Kenzer | Automated web assets enumeration & scanningKenzer (https://github.com/ARPSyndicate/kenzer) is a tool that aims to automate the workflow of web assets enumeration & scanning. This video demonstrates its basic usage & there are dozen of other things that could be done with it.

Ivanti は、2 つのゼロデイ脆弱性を悪用した継続的な攻撃に対して脆弱なままになるため、緩和策を適用した後に新しいデバイス構成をアプライアンスにプッシュするのをやめるよう管理者に警告しました。 同社は追加の詳細は明らかにしなかったが、これは構成をプッシュする際の既知の競合状態が原因で発生し、Webサービスが停止し、適用された緩和策が機能しなくなることが原因であると述べた。 「顧客はXMLを導入したアプライアンスへの構成のプッシュを中止し、アプライアンスにパッチが適用されるまで構成のプッシュを再開すべきではない」と Ivanti氏は土曜日に公開された新しいアップデートの中で、 述べた。 「構成がアプライアンスにプッシュされると、一部の主要な Web サービスの機能が停止し、緩和策の機能も停止します。これは、Pulse One または nSA を介した構成のプッシュを含め、構成をアプライアンスにプッシュする顧客にのみ適用されます。これは関係なく発生する可能性があります。」完全または部分的な構成プッシュの。」 Ivanti 社は、緩和策 XML を再適用すると緩和策が機能しなくなるかどうかをまだ明らかにしていませんが、新しい構成がアプライアンスにプッシュされるたびに競合状態が発生することを考えると、これはおそらくそうなると思われます。 この警告は、CISAが2024年最初の緊急指令を発行し、 複数の脅威アクターによる広範な攻撃で悪用されたIvanti Connect SecureとPolicy Secureの2つのゼロデイ欠陥に対する緩和策をただちに適用するよう米国政府機関に命じた後に発表された 。 Ivanti ICS および IPS アプライアンスは、 大規模な攻撃の標的と CVE-2023-46805 認証バイパスと CVE-2024-21887 コマンド インジェクション バグを連鎖させた 少なくとも 12 月以降、 なっています。 2 つのゼロデイが連鎖すると、攻撃者は侵害されたネットワーク内を横方向に移動し、データを収集して窃取し、バックドアを展開して侵害されたデバイスへの永続的なシステム アクセスを確立することができます。 同社はまだセキュリティパッチをリリースしていないが、 管理 攻撃の試みをブロックする緩和策と、 者が影響を受けたアプライアンスを復元してサービスを再開できるように設計された回復手順を リリースしている。 数千台のアプライアンスがオンラインに公開され、数百台がすでにハッキングされている 脅威監視プラットフォーム Shadowserver は現在、 インターネットに公開されている 21,400 台を超える ICS VPN アプライアンスを 追跡しており、 6,300 台を超えています 米国では (Shodan では、オンラインで公開されている18,500 台を超える Ivanti ICS デバイスも確認しています)。 、Shadowserver は、 また 世界中で毎日侵害されている Ivanti Connect Secure VPN インスタンスの数を監視しており、 700 を超える侵害されたアプライアンスが発見されています。 1 月 21 日だけで インターネットに公開された Ivanti アプライアンス (Shodan) 脅威インテリジェンス企業の Volexity は 、2 つのゼロデイを積極的に悪用している攻撃者の 1 つ (UTA0178 として追跡され、Mandiant によって UNC5221 として監視されている中国国家支援の疑いのある脅威グループ) が、すでに GIFTEDVISITOR WebShell 亜種を使用して 2,100 台を超える Ivanti アプライアンスにバックドアを仕掛けたと発表しました。 。 によると、攻撃者はまた、XMRig 暗号通貨マイナーと Rust ベースのマルウェア ペイロードを侵害されたデバイスに展開しました Volexity と GreyNoise 。

Ivanti: 軽減策後に設定をプッシュすると VPN アプライアンスに脆弱性が生じる

ThreatBlockr integrates with GreyNoise to guard against false positives

http://i.securitythinkingcap.com/SnmPB9

GreyNoise Attracts Major Investor Interest

GreyNoise Attracts Major Investor Interest

Home › Endpoint Security GreyNoise Attracts Major Investor Interest By Ryan Naraine on June 15, 2022 Tweet GreyNoise Intelligence, a startup competing in the crowded threat-intelligence space, has deposited $15 million in a new round of venture capital funding led by Radian Capital. The $15 million Series A, which was led by Radian Capital, comes less than a year after GreyNoise banked a $5…

View On WordPress

Grey Noise 

The grey noise has lots of power at the top and bottom end of the frequency spectrum and a slight dip around the mid frequencies, which gives a three-dimensional texture to the sound, it is calibrated to sound more balanced to the human ear. 

It is likely to be used in some new technologies to attain a particular sort of sound efficiently distributed over the entire sound spectrum, at lower decibel levels. 

Researchers are using Grey noise to study hearing difficulties, as it allows to assess how a specific person's hearing varies from the average.

GreyNoise announces $4.8M seed investment to filter harmless security alerts

GreyNoise announces $4.8M seed investment to filter harmless security alerts

Security professionals are constantly dealing with an onslaught of information as their various tools trigger alerts, some of which require their attention and some which don’t. Unfortunately, it requires addressing the alert to find that out. GreyNoise wants to help by filtering out benign security alerts, leaving security pros to deal with the ones that matter.

Today, the company announced a…

View On WordPress

The rise of Empiershipping / whitenoise shipping has given me hope that one day we will get a mix between blankshipping and that going. Blanknoise shipping? Greynoise shipping? Honestly, I don't even care, I am just amusing myself with the image of Piers waking up after a wild night out in a different town and looking to his left to see a fast asleep gray haired guy... Looking to his right to see the same fucking guy still fast asleep and smiling and then groaning and holding his head because the hangover is hitting him full force.

I'm aint gonna lie, but I've been hoping to someday see a scene like the following, except with Piers....or Volo or Melli or Elesa. Somebody getting both of them at the same time. -Haven't seen too much of that yet.

Art credit to: 지젤@Deluxe_Giselle Twitter.

Hey, I'm new here . #traditionalart #sketch #draw #l #fantasy #deathnote #serpent #war #peace #greynoise

Algunas sugerencias (personales) para #arcomadrid2018 en @glamourspain cc @sabrinaamrani - #artweek #madrid Gracias al equipo de #GlamourSpain y al #reinasofiamuseum para una sesión muy agradable y @gemahospido por la entrevista // #thegomagallery #guillermodeosmagallery #galeriarph #galeriaalegria #fernandezbraso #parra&romero #adngaleria #espaitactel #projectesd #hauser&wirth #morcharpentiergallery #peterkilchmanngallery #greynoise #gregorpodnar #marso

[Media] ​​IVRE

​​IVRE Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more! https://github.com/ivre/ivre

GreyNoise Attracts Major Investor Interest

GreyNoise Attracts Major Investor Interest

GreyNoise Intelligence, a startup competing in the crowded threat-intelligence space, has deposited $15 million in a new round of venture capital funding led by Radian Capital. read morehttp://dlvr.it/SSFSkX

View On WordPress

GreyNoise to expand its threat intel collection after securing $15M in funding – TechCrunch

GreyNoise to expand its threat intel collection after securing $15M in funding – TechCrunch

GreyNoise Intelligence, a Washington D.C.-based cybersecurity startup that analyses internet scanning traffic to help organizations separate threats from internet “background noise,” has landed $15 million in Series A funding to expand its threat collection capabilities and help protect organizations from emerging vulnerabilities. GreyNoise is a self-styled “anti-threat intelligence” company that…

View On WordPress

Top Cyber Security APIs

The standard method of integrating, improving, and sharing data via online services is Application Programming Interfaces-API.

For anything you can think of, APIs are available, including setting up e-commerce websites, payment wallets, digital coins, social network interaction, and email services. The current infosec and cybersecurity market is also boosted by the red team and blue team APIs.

The most popular security APIs:

Google Safe Browsing API

PhishTank API

VirusTotal API

Quttera API

Sucuri API

GreyNoise API

URLScan API

Cloudflare API

Shodan API

Metasploit API

AlienVault API

What is Security APIs useful for?

Detecting and cleaning malware or viruses:

To detect malicious files and code injections in your web apps, a lot of malware API services are useful. When a new app is infected with an illegal 3rd party code, you will be alerted quickly.

Exploring the reputation of any website:

This type of security API is useful for detecting phishing domains, or pages related to unusual downloads, networks that are infected, etc.

Exploring your attack surface area:

Using security APIs will allow you to investigate and track down the culprits behind fraudulent activities if you work for a public or private security agency.

Cyber fraud Investigation:

Some cybersecurity APIs allow you to explore and audit your DNS records, IP addresses, and domain names, allowing you to discover any abnormal changes to your DNS infrastructure to prevent harmful activities such as domain hijacking, as well as finding stale DNS records, reviewing information about SSL certificates, and more.

Brand monitoring:

Find and report illegal use within seconds of any brand name or trademark that your company has registered.

Copyright violation research:

Use your copyrighted materials to find and research 3rd party websites; locate IP addresses, records, domain names, and use web hosting checker features to find the actual people behind the operation.

Bug and data bounty programs:

To show their abilities while earning money with their hacking knowledge, ethical hackers participate in bug and data bounty programs. For these white hat hackers seeking valuable reconnaissance information about their targets, security APIs are the perfect tool.