Joas A Santos

𝐎𝐟𝐟𝐞𝐧𝐬𝐢𝐯𝐞 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐍𝐨𝐭𝐞𝐬 𝐂𝐨𝐮𝐫𝐬𝐞 𝐚𝐧𝐝 𝐄𝐱𝐚𝐦

OSCP AD (Offensive Security Professional)
https://lnkd.in/dysx6wb3

OSWE Notes (Offensive Security Web Expert
https://lnkd.in/d7avScUu

OSWA Notes (Offensive Security Web Assessor)
https://lnkd.in/dUYWAzs3

OSEP Notes (Offensive Security Experienced PenTester)
https://lnkd.in/d6bN8yHK

OSED Notes (Offensive Security Exploit Development)
https://lnkd.in/dB7n45K6

OSDA Notes (Offensive Security Defense Analyst)
https://lnkd.in/daS2iNZ2

OSMR Notes (Offensive Security MAC Research)
https://lnkd.in/dzXt7DkC

#offensivesecurity #cybersecurity #informationsecurity #redteam #oscp #pentest #oswe #osed #osep #osmr #oswa #osce #penetrationtesting #exploitdevelopment

SSHD Backdoor - CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

[UPDATE] FAQ on the xz-utils backdoor: https://lnkd.in/dmuQiFab

Checker vulnerability: https://lnkd.in/dQRMgZYQ

Detection: https://lnkd.in/de83RD7Z

More details: https://lnkd.in/d2ccb9wQ

#hacking #redteam #cybersecurity #blueteam #cve20243094 #sshdbackdoor #sshd

My Notes eLearnSecurity Certification (eJPT, eCPPT, eMAPT, eWPT, eWPTX, eCXD, eCPTXv2)

eJPT: https://lnkd.in/epAG2R39
eCPPT: https://lnkd.in/dRCVbvMT
eMAPT: https://lnkd.in/dgamWrJd
eWPT: https://lnkd.in/d5g4w22n
eWPTX: https://lnkd.in/dhEvuNuW
eCXD: https://lnkd.in/dwN_q6y4
eCPTXv2: https://lnkd.in/dEiVaZBG

#ecppt #ejpt #emapt #ecxd #hacking #redteam #cybersecurity #informationsecurity #pentest #ecptxv2

Damn Vulnerabilities List Lab

#AWSGoat : A Damn Vulnerable AWS Infrastructure
 https://lnkd.in/dq2cYPG2

#AzureGoat : A Damn Vulnerable Azure Infrastructure
 https://lnkd.in/dKMMrESA

#Webpentest: A Damn Vulnerable Web Application
https://lnkd.in/dNJxX-Fe

#API: A Damn Vulnerable Web Sockets
https://lnkd.in/dMbJgP5h

#Mobile: Damn Vulnerable Hybrid Mobile App
https://lnkd.in/dSMZMuzZ

#CICD: Deliberately vulnerable CI/CD environment
https://lnkd.in/dCxZb88q

#GraphQL: Damn Vulnerable GraphQL Application
https://lnkd.in/d5V6P9HA

#Webservice: Damn Vulnerable Web Services
https://lnkd.in/dAu8HAyd

#VamPI: Vulnerable API
https://lnkd.in/dRPpBNjj

#DVSA: Damn Vulnerable Serverless Application
https://lnkd.in/dnvdNcfq

#DVTA: DVTA is a Vulnerable Thick Client Application 
https://lnkd.in/dDhEDgdx

#DVJA: Damn Vulnerable Java Application
https://lnkd.in/dqFyjYWP

#DVID: Damn Vulnerable IoT Device
https://lnkd.in/dNV2RjUj

#DVPWA: Damn Vulnerable Python Web Application
https://lnkd.in/diDvsz8u

#DVAS: Damn Vulnerable Application Scanner
https://lnkd.in/dq_aC4pX

#DVB: Damn Vulnerable Bank
https://lnkd.in/dyGWJzxD

#DVWPS: Damn Vulnerable WordPress Site
https://lnkd.in/dkY-tXHe

#DVNA: Damn Vulnerable NodeJS Application
https://lnkd.in/ds3JReM5

#DVRA: Damn Vulnerable Ruby on Rails
https://lnkd.in/djQ_ehzi

#DVGM: Damn Vulnerable Grade Management
https://lnkd.in/dAepn4K7

#Tiredful
https://lnkd.in/d3NjivMu

#DVCSharp: Damn Vulnerable C# Application
https://lnkd.in/d8cZxdnr

#DVHMA: Damn Vulnerable Hybrid Mobile App
https://lnkd.in/dSMZMuzZ

#DVIA: Damn Vulnerable iOS App
https://lnkd.in/dJqPp-d9

#DVIA2: Damn Vulnerable iOS App 2
https://lnkd.in/dhGUXurv

#DVRF: Damn Vulnerable Router Firmware
https://lnkd.in/dUda_XsF

#DVFaaS: Damn Vulnerable Functions as a Service
https://lnkd.in/drVpszwD

#DVCA: Damn Vulnerable Cloud Application
https://lnkd.in/dPyKYKw4

#cybersecurity #redteam #blueteam #bugbounty