BhinnekaSec1337

🌎 propertyguideindia.com 🌎 🥷 root 🥷 🥷 BrickFolio@123 🥷

Exploit for W&B Weave Server - Remote Arbitrary File Leak (CVE-2024-7340)🥷 Description🔈 The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. Nuclei Template🌎 View the template here CVE-2024-7340.yaml Validate with Nuclei echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-7340.yaml References: https://nvd.nist.gov/vuln/detail/CVE-2024-7340 https://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-file-leak-jfsa-2024-001039248/ https://github.com/wandb/weave/pull/1657 https://github.com/advisories/GHSA-r49h-6qxq-624f

Forensic 👹 tool for processing, analyzing and visually presenting Google Chrome artifacts. Features 💻 ‼️Mounting of volume with Google Chrome data and preserving integrity trough manipulation process 🔹read only 🔹hash checking ‼️Suspect profile and behavior estimations including: 🔹personal information (emails, phone nums, date of birth, gender, nation, city, adress...) 🔹Chrome metadata 🔹Accounts 🔹Version ‼️Target system metadata 🔹Operating system 🔹Display resolution 🔹Mobile Devices ‼️Browsing history URL category classification using ML model Login data frequency (most used emails and credentials) ‼️Browsing activity during time periods (heatmap, barchart) ‼️Most visited websites ‼️Browsing history 🔹transition types 🔹visit durations 🔹avg. visit duration for most common sites ‼️Login data (including parsed metadata) Autofills 🔹estimated cities and zip codes 🔹estimated phone number 🔹other possible addresses 🔹geolocation API (needed to be registered to Google) ‼️Downloads (including default download directory, download statistics...) ‼️default download directory ‼️download statistics ‼️Bookmarks ‼️Favicons (including all subdomains used for respective favicon) ‼️Cache 🔹URLs 🔹content types 🔹payloads (images or base64) 🔹additional parsed metadata ‼️Volume 🔹volume structure data (visual, JSON) ‼️Shared database to save potential evidence found by investigators ✈️ BhinnekaSec.t.me 🪙 github.com/ChmaraX/forensix

Hacked By SukaJanda01 - Garuda Security message: Kami sangat kecewa dengan kurangnya tindakan konkret dari Kementerian Agama dalam menangani isu-isu mendesak seperti penyalahgunaan wewenang di lembaga-lembaga keagamaan. Ini menunjukkan ketidakmampuan dalam menjaga integritas dan akuntabilitas. Kami mendesak adanya reformasi menyeluruh untuk memastikan bahwa pengawasan dan penegakan hukum berjalan efektif. site: https://ptspmalangkota.kemenag.go.id/ #TegakanHukumYangSedangBerjalan #GarudaSecurity #HacktivistIndonesia #GanosecTeam

🔠🔠🔠 I need rdp 🖥 Rules support for hacking💻 Pay in 🪙

Open Source Threat Intelligence Tools💻 AbuseHelper - An open-source framework for receiving and redistributing abuse feeds and threat intel. AlienVault Open Threat Exchange - Share and collaborate in developing Threat Intelligence. Combine - Tool to gather Threat Intelligence indicators from publicly available sources. Fileintel - Pull intelligence per file hash. Hostintel - Pull intelligence per host. IntelMQ - A tool for CERTs for processing incident data using a message queue. IOC Editor - A free editor for XML IOC files. iocextract - Advanced Indicator of Compromise (IOC) extractor, Python library and command-line tool. ioc_writer - Python library for working with OpenIOC objects, from Mandiant. MalPipe - Malware/IOC ingestion and processing engine, that enriches collected data. Massive Octo Spice - Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs from various lists. Curated by the CSIRT Gadgets Foundation. MISP - Malware Information Sharing Platform curated by The MISP Project. Pulsedive - Free, community-driven threat intelligence platform collecting IOCs from open-source feeds. PyIOCe - A Python OpenIOC editor. RiskIQ - Research, connect, tag and share IPs and domains. (Was PassiveTotal.) threataggregator - Aggregates security threats from a number of sources, including some of those listed below in other resources. ThreatConnect - TC Open allows you to see and share open source threat data, with support and validation from our free community. ThreatCrowd - A search engine for threats, with graphical visualization. ThreatIngestor - Build automated threat intel pipelines sourcing from Twitter, RSS, GitHub, and more. ThreatTracker - A Python script to monitor and generate alerts based on IOCs indexed by a set of Google Custom Search Engines. TIQ-test - Data visualization and statistical analysis of Threat Intelligence feeds.

🔠🔠🔠 [ WANT TO SELL] 🌎 DOMAIN .org ‼️ DA 34 ‼️PA 27 ‼️SS 1% 🥷 @AgentSecAdmin

🔹🔹OSINT RESOURCE👁🔹🔹 🔻[Social media and photos💻] 🔻 Apps.skylens.io 💀

posts with geo-tags from five social networks at once on one map (Twitter, YouTube, Instagram, Flickr, Vkontakte).

photo-map.ru 💀

search geo-tagged photos from Vkontakte.

YouTube Geofind ☠️

view YouTube geo-tagged video on map.

Flickr Common Map 👺

displays only Flickr photos distributed under a Creative Commons license (250 of the latest for each location).

I know where your cat lives 👺

geo-tagged photo from Instagram with the cat hashtag.

Trendsmap.com 💻

explore most popular Twitter trends, hashtags and users on the world-map.

Pastvu.com 💻

view historical photos taken at a particular location on a map.

🔈HTTP recon automation with httpx🔈 ❓ Did you know that you can use httpx tool to request any URL path and see the status code and length and other details on the go, filter, or even perform exact matching on them? Here’s an example: cat domains.txt | httpx -path /swagger-api/ -status-code -content-length ⬇️ Download Tool ⬇️