This media is not supported in your browser
VIEW IN TELEGRAM
Happy Mother's Day.
Media is too big
VIEW IN TELEGRAM
๐ฅ4๐ฅฐ2
Forwarded from BlackEye๐ฅท
This media is not supported in your browser
VIEW IN TELEGRAM
โโbadsecrets
A library for detecting known secrets across many web frameworks.
https://github.com/blacklanternsecurity/badsecrets
Details:
https://blog.blacklanternsecurity.com/p/introducing-badsecrets
#cybersecurity #infosec #pentesting
A library for detecting known secrets across many web frameworks.
https://github.com/blacklanternsecurity/badsecrets
Details:
https://blog.blacklanternsecurity.com/p/introducing-badsecrets
#cybersecurity #infosec #pentesting
โโKovid Rootkit
A full-feature LKM intended for use against Linux kernel v5+.
https://github.com/carloslack/KoviD
#infosec #pentesting #redteam
A full-feature LKM intended for use against Linux kernel v5+.
https://github.com/carloslack/KoviD
#infosec #pentesting #redteam
โโNimbo-C2
Nimbo-C2 agent supports x64 Windows & Linux. It's written in Nim, with some usage of .NET on Windows (by dynamically loading the CLR to the process). Nim is powerful, but interacting with Windows is much easier and robust using Powershell, hence this combination is made. The Linux agent is slimer and capable only of basic commands, including ELF loading using the memfd technique.
https://github.com/itaymigdal/Nimbo-C2
#infosec #pentesting #redteam
Nimbo-C2 agent supports x64 Windows & Linux. It's written in Nim, with some usage of .NET on Windows (by dynamically loading the CLR to the process). Nim is powerful, but interacting with Windows is much easier and robust using Powershell, hence this combination is made. The Linux agent is slimer and capable only of basic commands, including ELF loading using the memfd technique.
https://github.com/itaymigdal/Nimbo-C2
#infosec #pentesting #redteam
Forwarded from BlackEye๐ฅท
10+ PK government websites h*-cked.
A perfect payback to pk from #indiancybertroops
https://cmdu.gob(.pk)/
https://forensic.sindhpolice.gov (.pk)/index.php
https://mppbeta.sindhpolice.gov (.pk)/
https://legal.sindhpolice.gov (.pk)/
https://demo.cmdu.gob (.pk)/
https://pphi.cmdu.gob (.pk)/
https://ekacheri.cmdu.gob (.pk)/
https://hubportal.cmdu.gob (.pk)/
https://rds.cmdu.gob (.pk)/
https://test.cmdu.gob (.pk)/
https://expl.kp.gov (.pk)/
A perfect payback to pk from #indiancybertroops
https://cmdu.gob(.pk)/
https://forensic.sindhpolice.gov (.pk)/index.php
https://mppbeta.sindhpolice.gov (.pk)/
https://legal.sindhpolice.gov (.pk)/
https://demo.cmdu.gob (.pk)/
https://pphi.cmdu.gob (.pk)/
https://ekacheri.cmdu.gob (.pk)/
https://hubportal.cmdu.gob (.pk)/
https://rds.cmdu.gob (.pk)/
https://test.cmdu.gob (.pk)/
https://expl.kp.gov (.pk)/
โค2
A new blog on Advance Snort Introduction Detection and Prevention System
https://techofide.com/blogs/mastering-snort-an-intrusion-detection-and-prevention-system-step-by-step-guide/
Join our group for more cyber security content.
t.me/ethicalhackingtechofide
https://techofide.com/blogs/mastering-snort-an-intrusion-detection-and-prevention-system-step-by-step-guide/
Join our group for more cyber security content.
t.me/ethicalhackingtechofide
๐2
MagSpoof
A portable device that can spoof/emulate any magnetic stripe, credit card or hotel card "wirelessly", even on standard magstripe (non-NFC/RFID) readers. It can disable Chip&PIN and predict AMEX card numbers with 100% accuracy.
A portable device that can spoof/emulate any magnetic stripe, credit card or hotel card "wirelessly", even on standard magstripe (non-NFC/RFID) readers. It can disable Chip&PIN and predict AMEX card numbers with 100% accuracy.
๐ด How to Become a RED TEAM HACKER ๐ด
โคท A red team hacker is an authorized individual or group that performs simulated cyberattacks to identify vulnerabilities in an organization's systems and help improve its security.
โ Link: bit.ly/RedTeamer
Share & Support โค๏ธ
โคท A red team hacker is an authorized individual or group that performs simulated cyberattacks to identify vulnerabilities in an organization's systems and help improve its security.
โ Link: bit.ly/RedTeamer
Share & Support โค๏ธ
๐ฝ๐ช๐ ๐๐ฎ๐ฅ๐: DOM based XSS
Link: https://youtu.be/gQ_gmgjEbJ0
Please Share your Views ๐๐ปโบ๏ธ & Subscribe to our YouTube channel for more Videos.
Really Thank you for your Support๐๐
Link: https://youtu.be/gQ_gmgjEbJ0
Please Share your Views ๐๐ปโบ๏ธ & Subscribe to our YouTube channel for more Videos.
Really Thank you for your Support๐๐
YouTube
07 DOM XSS
๐ด BE MY FRIEND
๐๐๐ฃ๐จ๐ฉ๐๐๐ง๐๐ข (thecybertix): https://www.instagram.com/thecybertix
๐๐๐ฌ๐๐ฉ๐ฉ๐๐ง: https://twitter.com/thecybertix
๐๐๐๐ฃ๐ ๐๐๐๐ฃ: https://www.linkedin.com/company/cybertix/
๐๐๐๐๐จ๐๐ฉ๐: https://cybertix.in
๐ด RESOURCES
๐๐๐ค๐ช๐ง๐๐ & ๐๐๐ฃ๐ ๐๐๐จ๐ฉ: https://โฆ
๐๐๐ฃ๐จ๐ฉ๐๐๐ง๐๐ข (thecybertix): https://www.instagram.com/thecybertix
๐๐๐ฌ๐๐ฉ๐ฉ๐๐ง: https://twitter.com/thecybertix
๐๐๐๐ฃ๐ ๐๐๐๐ฃ: https://www.linkedin.com/company/cybertix/
๐๐๐๐๐จ๐๐ฉ๐: https://cybertix.in
๐ด RESOURCES
๐๐๐ค๐ช๐ง๐๐ & ๐๐๐ฃ๐ ๐๐๐จ๐ฉ: https://โฆ
๐1
WebSocket Pentration Testing
@crackcodes
HTML5 has introduced many new powerful APIs, one of the more interesting components being websockets. These highlight a trend in web application development to remove or reduce the overhead of HTTP. Websockets are a direct TCP connection between the client browser and the webserver.
Read Article: https://bit.ly/WebSocket_PentrationTesting@crackcodes
XSS where you can inject the payload within the image file name and alert!.
๐๐๐ฃ๐ :
https://twitter.com/thecybertix/status/1658343842943496192?t=oDKM3yzg1SgmXFxPjIoLGA&s=19
๐๐๐ฃ๐ :
https://twitter.com/thecybertix/status/1658343842943496192?t=oDKM3yzg1SgmXFxPjIoLGA&s=19
X (formerly Twitter)
Cybertix (@thecybertix) on X
XSS where you can inject the payload within the image file name and alert!.
Payload: 12345-abc-1-23456<scr<script>ipt>alert(document.cookie)<%2Fscr<script>ipt>.img
Subscribe to our YouTube Channel:
https://t.co/c6zTMaPxRT
#bugbountytips #XSS #Securityโฆ
Payload: 12345-abc-1-23456<scr<script>ipt>alert(document.cookie)<%2Fscr<script>ipt>.img
Subscribe to our YouTube Channel:
https://t.co/c6zTMaPxRT
#bugbountytips #XSS #Securityโฆ
โค1
๐ฅNETGEAR Routers: A Playground for Hackers?
Overall, the security posture of custom binaries built by NETGEAR contained many vulnerabilities, largely due to the widespread usage of insecure C functions such as
Content:
๐พ Summary
๐พ Advisories
๐พ Vulnerabilities
๐ฝ Telnet
๐ PSV-2023-0008 โ Telnet Default Account Privilege Escalation Breakout
๐ฝ Web Application
๐ PSV-2022-???? โ JSON Response Stack Data Leak
๐ฝ SOAP Service
๐ PSV-2023-0009 โ Write HTTP Response Stack Pointer Leak
๐ PSV-2022-???? โ SOAPAction Stack Buffer Overflow
๐ PSV-2023-0010 โ HTTP Body Off-By-One NULL Terminator Stack Canary Corruption
๐ PSV-2023-0011 โ HTTP Protocol Stack Buffer Overflow
๐ PSV-2023-0012 โ SOAP Parameters Stack Buffer Overflow
๐พ Conclusion
Overall, the security posture of custom binaries built by NETGEAR contained many vulnerabilities, largely due to the widespread usage of insecure C functions such as
strcpy, strcat, sprintf, or from off-by-one errors. However, the majority of the binaries on the NETGEAR router were compiled with many protections in place, including stack canaries, non-executable stack (NX), position-independent code (PIE) and address layout randomization (ASLR) enabled. These protections made many of the vulnerabilities identified difficult to exploit on their own.Content:
๐พ Summary
๐พ Advisories
๐พ Vulnerabilities
๐ฝ Telnet
๐ PSV-2023-0008 โ Telnet Default Account Privilege Escalation Breakout
๐ฝ Web Application
๐ PSV-2022-???? โ JSON Response Stack Data Leak
๐ฝ SOAP Service
๐ PSV-2023-0009 โ Write HTTP Response Stack Pointer Leak
๐ PSV-2022-???? โ SOAPAction Stack Buffer Overflow
๐ PSV-2023-0010 โ HTTP Body Off-By-One NULL Terminator Stack Canary Corruption
๐ PSV-2023-0011 โ HTTP Protocol Stack Buffer Overflow
๐ PSV-2023-0012 โ SOAP Parameters Stack Buffer Overflow
๐พ Conclusion
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
โก1๐1
๐ Web Pentesting Roadmap for Success ๐
Web pentesting is a process of finding and exploiting security vulnerabilities in web applications or websites to ensure their security. It involves gathering information about the target, identifying weaknesses, and providing recommendations for improvement.
๐Link: bit.ly/Web-Pentesting-Roadmap
Share with Love๐
Web pentesting is a process of finding and exploiting security vulnerabilities in web applications or websites to ensure their security. It involves gathering information about the target, identifying weaknesses, and providing recommendations for improvement.
๐Link: bit.ly/Web-Pentesting-Roadmap
Share with Love๐
๐1
Forwarded from Tสษชแดแดส Pแดษดษขแดษชษด ( trickypenguin.ink )
Malware is a type of software that is designed to cause harm to a computer or its users. It can be used to steal personal information, damage files, or even take control of a computer.
Read Full Article
https://trickypenguin.ink/what-is-malware-and-how-to-protect-against-malware-attacks/
#malware #botnets #torjan
Read Full Article
https://trickypenguin.ink/what-is-malware-and-how-to-protect-against-malware-attacks/
#malware #botnets #torjan
โค5
Forwarded from CYBER TRICKS ZONE ๐ฎ๐ณ๐ฉ (๐๐ง๐ค๐ฉ๐ค๐๐ค๐ก ๐๐๐๐ )
CSO
Hackers exploit WordPress vulnerability within hours of PoC exploit release
The exploitation of the vulnerability leads to a cross-site scripting (XSS) attack in which a threat actor can inject malicious scripts, redirects, advertisements, and other forms of URL manipulation into a victim site.
๐ฅ PoC for CVE-2023-32233(tested under Ubuntu 23.04)
Once the PoC is started on a vulnerable system, it may leave that system in an unstable state with corrupted kernel memory. We strongly recommend to test the PoC on a dedicated system to avoid potential data corruptions.
Download: https://system32.ink/news-feed/p/367/
Once the PoC is started on a vulnerable system, it may leave that system in an unstable state with corrupted kernel memory. We strongly recommend to test the PoC on a dedicated system to avoid potential data corruptions.
Download: https://system32.ink/news-feed/p/367/
โค3