Posts

Know what is Shodan Exactly !

Image
 What Is Shodan Exactly? Shodan is a search engine for Internet-connected devices. It is different from search engines like Google and Bing because Google and Bing are great for finding websites but Shodan helps in finding different things like popular versions of Microsoft IIS, control servers for Malware, how many host are affected with the new CVEs, which countries are becoming more connected, SSL certificates of the websites etc. Difference between Shodan and Google : The major difference between Shodan and Google is that, that Shodan analyzes the internet and Google analyzes the Word Wide Web.        Description : Shodan is the most popular search engine ever seen. It has the capability to index small desktops, CCTVs, nuclear power plants etc. Nowadays shodan has become very popular in the world of penetration testing, bug bounties, digital forensics, threat hunting etc. Shodan’s Search Query Insights : Shodan gathers information by interacting with web services and this informati

Do Reconnaissance in More Deep !

Image
              Thank you @Nahamsec

Cheatsheet to examine any file upload functionality !

Image
 

GitHub Dorking methodology

Image
  Manual Approach ; Let’s start with how you can get sensitive information leak Sensitive information is as follows ; "Company name" credentials                   Keywords 👇 {User_names , password, token , Secret key , backup file , pwd, credentials, ftp, JDBC, LDAP, key , pass , pw, user_auth } GitHub Dorks for Finding Files: “company name” filename:database “company name” filename:secrets.yml “company name” filename:passwd “company name” filename:LocalSettings.php “company name” filename:config.php “company name” filename:config.inc.php “company name” filename:configuration.php “company name” filename:shadow “company name” filename:.env “company name” filename:wp-config.php “company name” filename:credentials “company name” filename:id_rsa “company name” filename:id_dsa “company name” filename:.sqlite “company name” filename:secret_token.rb “company name” filename:settings.py “company name” filename:credentials.xml GitHub Dorks for Finding information sensitive from progra

Identifying threats and attacks !

Image
 

Pentesting Methodology and Cyber Security Domain !

Image
Pentesting Mindmap  Cyber security domain!  

Server Side request Forgery

Server-side request forgery ! Common injection parameters "access=", "admin=", "dbg=", "debug=", "edit=", "grant=", "test=", "alter=", "clone=", "create=", "delete=", "disable=", "enable=", "exec=", "execute=", "load=", "make=", "modify=", "rename=", "reset=", "shell=", "toggle=", "adm=", "root=", "cfg=", "dest=", "redirect=", "uri=", "path=", "continue=", "url=", "window=", "next=", "data=", "reference=", "site=", "html=", "val=", "validate=", "domain=", "callback=", "return=", "page=", "feed=", "host=", "port=", "to=", &q

Some cool bypass for the endpoints !

Image
                       Thank you !

Centralized Log Management

Image
What is Centralized Log Management? In case of a cyber security incident, logs play a vital role in various activities such as establishing the point of compromise, tracing the actions of an attacker, further investigation, and regulatory proceedings before an authority, etc. Logs are generated by every application, let it be a general application like performance monitoring or security specific application like a firewall. Logs assist in understanding how changes have taken place in a particular system. By searching, sorting, and filtering the log data, it becomes easy to pinpoint errors, issues, loopholes, or gaps that might have occurred. Manually doing so can be an extremely time-consuming process as one needs to look at thousands of log entries coming from hundreds of log files. In order to make this entire process easy, you need a Centralized Log Management system. Collecting Evidence from Network Infrastructure Devices You can collect a lot of information from network infrastruc

Recon Methodology !

Image
 

Testing Mindmap !

Image
                Thank you !

Endpoints to look while testing !

Image
                     Thank you ! Via  https://twitter.com/ManieshNeupane/status/1575890241285947393?s=19

Android Application Pentesting Checklist

Image
  Thank you ! Via ; https://twitter.com/ManieshNeupane/status/1576791692216217600?t=sauvUTyKWa9gZzIe-YSyCA&s=19

Search Engines for Pentesters !

Image
                 Thank you !                    Maniesh Neupane 🇳🇵 Via: https://twitter.com/ManieshNeupane/status/1569647860421099520?t=G7-1NnF6qZOQmlsvVfYxJg&s=19

Testing Authentication Flaws in Web Application !

Image
                      Thank you !                         Maniesh Neupane 🇳🇵