rffuste

Infosec | Cybersecurity | Pentesting | CTFs | Bug Bounty | Piano | Gtd | Chess

2024-06-10

Kali Linux 2024.2 released
The latest release of Kali Linux, version 2024.2, brings significant updates and improvements. Key highlights include:

t64 Transition: Full implementation of 64-bit time_t type for better future compatibility, especially for 32-bit ARM architectures.

Desktop Enhancements: GNOME 46 update and Xfce improvements for a more polished user experience.

New Tools: Addition of 18 ne
rffuste.com/2024/06/10/kali-li
#Noticias #kali

2024-03-25

WSTG Checklist
If you are looking for a nice checklist for your web app pentest, this one can help you a lot.

In this case, user @CristiVlad25 published on X a checklist based on the OWASP Web Security Testing Guide (WSTG).

As CristiVlad25 explain, this checklist includes many test cases explain and how to test them.Also can be great when your client asks you to test against a methodology.

WSTG Checklist
rffuste.com/2024/03/25/wstg-ch
#Pills #checklist #WSTG

2024-02-19

Caido.io
Caido.io is a lightweight web security auditing toolkit.

According to the documentation:

Caido is available as both a desktop application and a standalone command-line interface (CLI) binary, offering users the flexibility to choose the installation method that best suits their needs.

Pricing

The basic version of this tool is free to use but has some limitations.

Up to 2 projects

Up to 5
rffuste.com/2024/02/19/caido-i
#Tutoriales #caido #tools

2024-02-05

Cvemap from ProjectDiscovery
Introduction

Cvemap is a new tool developed by Project Discovery to deliver a structured and easily navigable interface to Common Vulnerabilities and Exposures (CVEs) within multiple databases.

It takes a comprehensive approach to prioritize CVEs, moving beyond the usual Common Vulnerability Scoring System (CVSS) score. It looks at
rffuste.com/2024/02/05/cvemap-
#General #Tutoriales #cve #cvemap #projectDiscovery #tools

2024-01-29

Parrot OS 6.0 Revealed
Last week, one of the premier security-oriented operating systems received a significant upgrade to version 6.0.

Updates

Main System

Debian 12

Linux Kernel 6.5

Advanced DKMS and Wi-Fi Drivers

Updated Pentesting Tools

Updated Libraries and Python 3.11

Refreshed System Appearance

Experimental Containerization for Unsupported Tools

Grub Fail-Safe Boot Options

rffuste.com/2024/01/29/parrot-
#Noticias #parrot

2024-01-22

Packet Crafting and Network Exploration with Scapy
According to its main page,

Scapy is a powerful interactive packet manipulation library written in Python. Scapy is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.
scapy.net/

Install

Depending on your OS a
rffuste.com/2024/01/22/packet-
#General #Tutoriales #scapy #tools

2024-01-15

ZXPY – Shell scripts made simple
Zxpy is a tool that simplifies the integration of shell commands into Python, making your scripting experience smoother and more efficient.

Installation

❯ pip install zxpy

If you have pipx installed, you can try out zxpy without installing it, by running:

❯ pipx run zxpy

If you have an Arch-like distro you can as well use AUR

❯ yay -Ss zxpy

rffuste.com/2024/01/15/zxpy-sh
#Tutoriales #python #zxpy

2024-01-08

OWASP Juicy Shop – Score Board Challenge
Some time ago we explained how to install the OWASP Juicy Shop.

This first post of 2024 will explain how to start with this nice vulnerable application.

The first step is finding the scoreboard.

To find it, we observe several matches in the Javascript files using the browser inspector just searching for "score".Checking some of those matches we
rffuste.com/2024/01/08/owasp-j
#CTFs #juicyshop

2023-12-25

Merry Catmas! See You After the Holidays
Hi everyone!

We wish you a wonderful pawsome Christmas. Thank you for being part of our community this year.

To celebrate the holidays, we're taking a short break. There are no new articles for now, but we'll return with fresh content soon!

Have a merry Christmas and a happy New Year! See you in 2024.

Warm wishes from rffuste.com
rffuste.com/2023/12/25/merry-c
#Noticias

2023-12-18

AWS Penetration Testing Checklist
Today I will share a nice AWS pentest checklist I found at guide.offsecnewbie.com/cloud-p.

You can find on this site much information and notes from many other aspects such as Recon phases, attack types, shells, SQL, password cracking... It is worth checking out.

Test for Unauthenticated Bucket Access

Test for Semi-Public Bucket access
rffuste.com/2023/12/18/aws-pen
#Wiki #aws #checklist

2023-12-11

Kali 2023.4
2023 is coming to its end but before that, it's time again to update our Kalis with version 2023.4

What can be found in this new version?

New platforms are supported:

Amazon AWS and Microsoft Azure Cloud ARM64

Vagrant Hyper-V

Raspberry Pi 5

Gnome 45 support.

Internal Infrastructure improvements

New tools:

cabby - TAXII client implementation

cti-taxii-client - TAXII 2 client library

rffuste.com/2023/12/11/kali-20
#Noticias #kali

2023-12-04

Lazynvim
LazyVim is a Neovim setup powered by lazy.nvim to make it easy to customize and extend your config.

LazyVim is a curated configuration for Vim that integrates various plugins, settings, and key mappings to simplify the Vim experience. By bundling together popular plugins and optimizing configurations, LazyVim provides a powerful, ready-to-use setup that eliminates the hassle of manually configuring Vim.

rffuste.com/2023/12/04/lazynvi
#Tutoriales #lazynvim #nvim

2023-11-27

Latest security Vulnerabilities in ownCloud
Disclosure of Sensitive Credentials and Configuration in Containerized Deployments

Risk: Critical

CVE ID: CVE-2023-49103

CVSS v3 Base Score: 10

CWE ID: CWE-200

Description

A vulnerability in the "graphapi" app exposes PHP environment configuration, potentially revealing sensitive data like admin passwords, mai
rffuste.com/2023/11/27/latest-
#Noticias #owncloud #vulnerabilities

2023-11-20

Google Hacking Database
The Google Hacking Database (GHDB) is a collection of search queries that use Google’s search syntax in creative ways to uncover vulnerabilities, exposed databases, login portals with default credentials, sensitive files, and other information that might not be intended for public access.

All contained Dorks are categorized in several categories:

Footholds

rffuste.com/2023/11/20/google-
#General #Wiki #dorks #ghdb #tools

2023-11-13

Tor install and usage (Arch based distro)
Install and configuration

$ yay -S tor nyx torsocks torbrowser-launcher

Sync Explicit (4): tor-0.4.8.7-1, nyx-2.1.0-7, torsocks-2.4.0-1, torbrowser-launcher-0.3.6-2
resolviendo dependencias...
buscando conflictos entre paquetes...

Paquete (5)             Versión nueva  Diferencia neta  Tamaño de la descarga
core/python-gpgme       1.2
rffuste.com/2023/11/13/tor-ins
#General #tools #tor

2023-11-06

Yay mind map cheat-sheet
Today I share a small sheet sheet to learn to use yay.

Yay is an AUR helper and Pacman wrapper that streamlines the management of packages on Arch Linux. It acts as a bridge between the official Arch repositories and the AUR, making it easier for users to install, update, and remove software.
rffuste.com/2023/11/06/yay-min
#General #Wiki #arch #yay

2023-10-30

Unlimited history in Zsh and Bash
It's a common saying that you don't miss something until you realize you don't have it.This is what happens with shell history.You execute many commands in your daily tasks but at least from my side, keeping the history and the need to search through all past commands haven't been a need until I had needed them and I realized that all commands were gone.

So it's tim
rffuste.com/2023/10/30/unlimit
#Wiki #bash #zsh

2023-10-23

Nuclei v3 is here
Last week nuclei was uptated to v3.

This is a summary of the Nuclei v3 new features:

Code Protocol: Execute trusted code and scripts across various engines, including custom ones.

Template Signing & Verification: Enhance template security with digital signatures.

JavaScript Protocol: Craft complex exploits using JavaScript for maximum flexibility.

Multi-Protocol Engine: Seamle
rffuste.com/2023/10/23/nuclei-
#Noticias #nuclei #tools

2023-10-16

Rengine 2.0 has finally arrived
After some waiting, Rengine 2.0 is here and it comes with many changes:

New additions overview:

Projects: Projects help you better organize your efforts to explore and understand web applications.

Roles and Permissions: You can assign different jobs to your team members.

GPT-powered Report Generation: Thanks to OpenAI's GPT technology, reNgine now c
rffuste.com/2023/10/16/rengine
#Tutoriales #reNgine #tools

2023-10-09

OWASP Juice Shop
According to its Github description:

OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!
github.com/juice-s
rffuste.com/2023/10/09/owasp-j
#Tutoriales #learn #tools

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst