CybrMonk’s Post

Apache Traffic Server: Incomplete field name check allows request smugglingAp...Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead ca... Apache, Traffic, Server:, Incomplete, field, name, check, allows, request, smugglingAp...

Today is day 21 of 50, where we learn how to be better at cybersecurity! 🚀 Let’s talk about enumeration tools because the better you are at enumeration, the better you’ll be at exploitation. Today, I want to highlight an awesome tool: httprobe by the legendary Tomnomnom, one of the great professionals in our field. When you’re dealing with asset discovery or subdomain enumeration, it’s common to end up with a massive list of hosts. But the real question is: Which of these are live and running HTTP or HTTPS services? This is where httprobe shines! It’s a fast and efficient tool designed to check a list of domains or IPs and determine which ones respond over HTTP or HTTPS. What Makes httprobe So Useful for Cybersecurity Professionals? 1. Saves Time ⏱️: No more manually checking if hosts are live. 2. Flexible Integration 🛠️: Pair it with tools like Sublist3r, Amass, or Assetfinder, and you’ll have a streamlined workflow to uncover live targets. 3. HTTPS Support 🌐: It doesn’t just stop at HTTP—it seamlessly checks for HTTPS services too. 4. Simplicity at Its Best 🖥️: With a single command, you can filter out dead targets and focus on the ones that matter. A Practical Tip for Professionals 💡 After running httprobe, take the list of live hosts and use it as input for tools like nmap, dirb, or Burp Suite. This ensures you’re spending time only on actionable targets, which is critical when handling large scopes in bug bounty programs or penetration tests. Let’s keep learning, keep growing, and get better at what we do. Enumeration is the foundation of every great exploit, so sharpen those skills! httprobe link: https://lnkd.in/geHhVskj Take a list of domains and probe for working http and https servers. Install ▶ go install https://lnkd.in/g_gCYzRk Happy Hacking! #CyberSecurity #HTTProbe #CyberSecJourney #EnumerationTools #LinkedIn50DayChallenge

Everyone wants to know if their ScreenConnect Endpoints and servers have been hacked. Well, we've got your back! Take a look at this guide that we put together to make sure you know exactly what to watch out for!

RegreSSHion (CVE-2024-6387) allows remote execution of arbitrary code on #OpenSSH servers. But not if you safeguard your systems. Learn how here. https://lnkd.in/eU9UZEY4

🚀 Mastering DNS Troubleshooting with nslookup! 🔍 Whether you're just getting started or diving deep into advanced DNS queries, nslookup is an essential tool for resolving network issues, verifying DNS configurations, and much more. Check out this visual breakdown of how nslookup works to query domain names and IP addresses! 🌐💻 #Networking #Cybersecurity #DNS #nslookup #NetworkTroubleshooting #TechTips #Proompt #CybersecurityTools

The latest update for #ProxyCompass includes "Best Web Scraping Courses Available in 2024" and "Learn How to Web Scrape: A Beginner's Guide". #Cybersecurity #NetworkSecurity https://lnkd.in/ehMTvMv8

The ISPCP OCTO-led Capacity Building hands-on lab is in session at #ICANN81! This training helps participants learn how to install a recursive DNS resolver, install and run BIND and Unbound DNS recursive servers with DNS Security Extensions (DNSSEC) validation, and much more. For session details >> https://bit.ly/4fcZs3P

Apache Traffic Server: Invalid Accept&Encoding can force forwarding requestsI...Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 th... Apache, Traffic, Server:, Invalid, Accept-Encoding, can, force, forwarding, requestsI...

🚀 Mastering DNS Troubleshooting with nslookup! 🔍 Whether you're just getting started or diving deep into advanced DNS queries, nslookup is an essential tool for resolving network issues, verifying DNS configurations, and much more. Check out this visual breakdown of how nslookup works to query domain names and IP addresses! 🌐💻 #Networking #Cybersecurity #DNS #nslookup #NetworkTroubleshooting #TechTips #Proompt #CybersecurityTools

Kamaji's RBAC Roles for `etcd` are not disjunctKamaji is the Hosted Control P...Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers b...Kamaji's RBAC Roles for `etcd` are not disjunctKamaji is the Hosted Control P...