Jaacostan

Register for Ignite '20 to be eligible for free PaloAlto product training and certification prep courses. Specific product deep dive training sessions and free certification vouchers will only be available to those who attend the two-day, virtual Ignite '20 conference happening on November 16,17,18. After engaging in a full session, you’ll get a voucher to take the exam of your choice for free. Use your company email for registering this event.  Link for Ignite '20 Registration : https://ignite.paloaltonetworks.com/

Splunk is offering a limited time discounted certification exam offer. From August 1 through October 31, all eligible candidates can register for one certification exam for a $50 registration fee. Register your desired exam at PearsonVUE and use the code STUDYUPBUTTERCUP at checkout to avail this offer. Link for exam registration tutorial : https://www.splunk.com/pdfs/training/Exam-Registration-Tutorial.pdf Link for Promotion details : https://www.splunk.com/pdfs/training/Certify-in-Place-Promotion.pdf

I recently moved to a new place and bought a new mobile connection from one of the cellular providers. Number got activated and then I created a new WhatsApp account. After I successfully opened my new WhatsApp, daily I started receiving many messages from the people I never ever met, complete strangers. They thought that the number belongs to a person, let’s say X. Initially I thought, OK this might be a normal thing because they might be contacting the person after a long time, and unaware that the person might have changed his/her number. I started telling them "wrong number". I have no idea whether the previous owner of this number was a politician or a famous/infamous person. But I keep getting many calls and messages intended to that person X. Some added me in to a few WhatsApp groups (work/personal). Getting frustrated. People started sending sensitive documents, personal messages as well. And being a security pro, this led me to write a post regarding the possible s

Lets talk about PrintSpoofer tool. This tiny tool is used for Windows Privilege Escalation. If the target server having the SeImpersonatePrivilege enabled and by using this tool, you can perform the Privilege escalation. 1) Look for the ways to elevate the privileges in the target machine. Run whoami /priv  Check for the weakness in Windows Server where certain service accounts are required to run with elevated privileges utilizing the SeImpersonatePrivilege . Mostly people use Hot Potato to take advantage of this privilege function. But Hot Potato is successful only if the DCOM enabled in the target server. [ Read more on this]. Here comes the usage of PrintSpoofer tool. You can abuse and exploit this with PrintSpoofer tool, even if the DCOM is disabled in the target server. 1) Get the code from Github. https://github.com/itm4n/PrintSpoofer Clone the directory. Note that, if you are trying to compile the code in a Linux machine, you may encounter compile error as it requires window

Free courses and free contents. Build a skill. Invest some time and litt up. 1) GCFGlobal. 200+ courses ranging from MS office to Cyber Security. https://edu.gcfglobal.org/en/topics/ 2) OpenLearn Courses on , well almost everything. https://www.open.edu/openlearn/free-courses/full-catalogue 3) Alison Free and huge catalog of courses. https://alison.com/

When a user input something in the website such as adding a comment or uploading a file, these things can be verified for the validity and authenticity by using two methods. Client-Side or Server-Side filtering. When it is Client side, the filtering happens in the browser itself. Where as in Server side, the user input is sent back to the Server and then the server will validate the user input. Based on that, the user can successfully input something in to the website. Server side filtering are comparatively harder to figure out as the code won't be passed to the end user. But when in comes to Client side filtering, the user/attacker can easily find out the filtering methods and may bypass the filtering using various methods. There are four major ways to bypass the client-side file upload filter: Turn off JavaScript in your browser . Most of the filtering check is accomplished by using a java script. So disabling the JavaScript in your browser may disable any kind of checks. But th

Ok, I was trying to run a python script which is written in version 2 and while executing, i am getting the error " ImportError: No module named requests ". Which means the python script is calling to import the module named requests . This particular module doesn't comes inbuilt with the python installation. So i tried to install the module in my system. Since the script is in version python 2, i need to import the module for python 2. Unfortunately, the normal pip command seems deprecated (Python2 is End of Life as well) and spend some time to find the exact command.  Here is the way to fix.  root@kali:~/Desktop# sudo apt-get install python-pip python-dev build-essential This will download all the essential files. Then run the command to install your desired module. In my case " requests ". root@kali:~/Desktop# pip install requests For Python version 3, this is very easy and straight forward. No need to run the first command if your are running only python3.