Falla en Wireshark causa uso excesivo del CPU (ataque DOS) al inyectar un paquete malicioso en la red
https://noticiasseguridad.com/vulnerabilidades/falla-en-wireshark-causa-uso-excesivo-del-cpu-ataque-dos-al-inyectar-un-paquete-malicioso-en-la-red/
https://noticiasseguridad.com/vulnerabilidades/falla-en-wireshark-causa-uso-excesivo-del-cpu-ataque-dos-al-inyectar-un-paquete-malicioso-en-la-red/
Noticias de seguridad informática, ciberseguridad y hacking
Falla en Wireshark causa uso excesivo del CPU (ataque DOS) al inyectar un paquete malicioso en la red
Falla en Wireshark causa uso excesivo del CPU (ataque DOS) al inyectar un paquete malicioso en la red - Vulnerabilidades
F5 BigIP TMUI Critical RCE (CVE-2020-5902/5903):
https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/
PoC:
https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4
Security Advisory:
https://support.f5.com/csp/article/K52145254
https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/
PoC:
https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4
Security Advisory:
https://support.f5.com/csp/article/K52145254
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
AirPods Pro: Unas pruebas en casa de Safety & Security (II de III): Micrófonos espía
http://feedproxy.google.com/~r/ElLadoDelMal/~3/gEMXqWTsRHQ/airpods-pro-unas-pruebas-en-casa-de.html
http://feedproxy.google.com/~r/ElLadoDelMal/~3/gEMXqWTsRHQ/airpods-pro-unas-pruebas-en-casa-de.html
Elladodelmal
AirPods Pro: Unas pruebas en casa de Safety & Security (III de III): Micrófonos espía
Blog personal de Chema Alonso, CDCO Telefónica, 0xWord, MyPublicInbox, sobre seguridad, hacking, hackers y Cálico Electrónico.
🔰Information security courses 🔰
🔝 Bug Bounty Hunting: Guide to an Advanced Earning Method
https://drive.google.com/drive/folders/1t-hTqg0-02t0cnc5SypHnb8t3CfE3bXU
🔝 Bug Bounty: Android Hacking
https://mega.nz/#F!h4hHGIYa!2ta4n94iQNnVzpJToVPLVw
🔝 Bug Bounty : Web Hacking
https://drive.google.com/file/d/1Z6vX133ZA5DGIhrBJAuJfMJ2Gu7Y4C21/edit
🔝 Burp Suite Bug Bounty Web Hacking from Scratch
https://drive.google.com/file/d/1eWy5HVLw3tvw4lfsT7kYb5dnD1l0RsoW/view
🔝 Bug Bounty Hunting - Offensive Approach to Hunt Bugs
https://mega.nz/#F!Ge4gmSIL!lW-7XC2DnEKryjXie35APw!mGw30bCI
🔝 Bug Bounty Hunting: Guide to an Advanced Earning Method
https://drive.google.com/drive/folders/1t-hTqg0-02t0cnc5SypHnb8t3CfE3bXU
🔝 Bug Bounty: Android Hacking
https://mega.nz/#F!h4hHGIYa!2ta4n94iQNnVzpJToVPLVw
🔝 Bug Bounty : Web Hacking
https://drive.google.com/file/d/1Z6vX133ZA5DGIhrBJAuJfMJ2Gu7Y4C21/edit
🔝 Burp Suite Bug Bounty Web Hacking from Scratch
https://drive.google.com/file/d/1eWy5HVLw3tvw4lfsT7kYb5dnD1l0RsoW/view
🔝 Bug Bounty Hunting - Offensive Approach to Hunt Bugs
https://mega.nz/#F!Ge4gmSIL!lW-7XC2DnEKryjXie35APw!mGw30bCI
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now
Todo lo que debes saber sobre XSS – Guía para novatos
https://hackwise.mx/todo-lo-que-debes-saber-sobre-xss-guia-para-novatos/
https://hackwise.mx/todo-lo-que-debes-saber-sobre-xss-guia-para-novatos/
HackWise
Todo lo que debes saber sobre XSS – Guía para novatos - HackWise
Las secuencias de comandos entre sitios o Cross-site scripting (XSS) son un tipo de ataque clásico bien conocido
Vulnerabilidad crítica en TMUI de F5
https://unaaldia.hispasec.com/2020/07/vulnerabilidad-critica-en-tmui-de-f5.html
https://unaaldia.hispasec.com/2020/07/vulnerabilidad-critica-en-tmui-de-f5.html
Una al Día
Vulnerabilidad crítica en TMUI de F5
Investigadores de seguridad de Positive Technologies emitieron un comunicado advirtiendo a empresas y gobiernos de todo el mundo para que parchearan de inmediato una vulnerabilidad de ejecución remota de código que afecta a los dispositivos de red BIG-IP…
Privilege Escalation Scripts General:
https://github.com/swisskyrepo/PayloadsAllTheThings (A bunch of tools and payloads for every stage of pentesting)
Linux:
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ (a bit old but still worth looking at)
https://github.com/rebootuser/LinEnum( One of the most popular priv esc scripts)
https://github.com/diego-treitos/linux-smart-enumeration/blob/master/lse.sh (Another popular script)
https://github.com/mzet-/linux-exploit-suggester (A Script that's dedicated to searching for kernel exploits)
https://gtfobins.github.io (I can not overstate the usefulness of this for priv esc, if a common binary has special permissions, you can use this site to see how to get root perms with it.)
Windows:
https://www.fuzzysecurity.com/tutorials/16.html (Dictates some very useful commands and methods to enumerate the host and gain intel)
https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerUp (A bit old but still an incredibly useful script)
https://github.com/411Hall/JAWS (A general enumeration script "If you know any other scripts then comment"
https://github.com/swisskyrepo/PayloadsAllTheThings (A bunch of tools and payloads for every stage of pentesting)
Linux:
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ (a bit old but still worth looking at)
https://github.com/rebootuser/LinEnum( One of the most popular priv esc scripts)
https://github.com/diego-treitos/linux-smart-enumeration/blob/master/lse.sh (Another popular script)
https://github.com/mzet-/linux-exploit-suggester (A Script that's dedicated to searching for kernel exploits)
https://gtfobins.github.io (I can not overstate the usefulness of this for priv esc, if a common binary has special permissions, you can use this site to see how to get root perms with it.)
Windows:
https://www.fuzzysecurity.com/tutorials/16.html (Dictates some very useful commands and methods to enumerate the host and gain intel)
https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerUp (A bit old but still an incredibly useful script)
https://github.com/411Hall/JAWS (A general enumeration script "If you know any other scripts then comment"
GitHub
GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A list of useful payloads and bypass for Web Application Security and Pentest/CTF - swisskyrepo/PayloadsAllTheThings
Tu móvil y tu tele te vigilan con ultrasonidos – https://www.lavanguardia.com/tecnologia/20170504/422279139232/smartphones-seguridad-ultrasonidos-privacidad-uxdt.html
La Vanguardia
Tu móvil y tu tele te vigilan con ultrasonidos
Desde la universidad técnica de Brunswick en el centro de Alemania, han descubierto (PDF) hasta 234 aplicaciones distintas que están permanentemente escuchando
Microsoft Windows 10, Servers 2016, 2019 - MSHTA.EXE .HTA File XML Injection (PoC)
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MSHTA-HTA-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MSHTA-HTA-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
gratis curso de redes en linux con distro debian.
https://drive.google.com/drive/folders/1GKLrJT43Uvo-mNlWIIEWKzhNpaEK122X?usp=sharing
https://drive.google.com/drive/folders/1GKLrJT43Uvo-mNlWIIEWKzhNpaEK122X?usp=sharing
📃 "John the Ripper y las contraseñas de Linux" https://pixelmuerto.com/post/619072679033634816/john-the-ripper-y-las-contrase%C3%B1as-de-linux
🛠 https://www.openwall.com/john/
🛠 https://www.openwall.com/john/
>>Pixel Muerto
John the Ripper y las contraseñas de Linux
Cuando empiezas a informarte de herramientas para hacking hay muchas clásicas y con un renombre en la comunidad, este es el caso de John the Ripper.
John the Ripper básicamente es un programa para...
John the Ripper básicamente es un programa para...
Vulnerabilities in MikroTik's RouterOS (PoCs):
1. Memory corruption/assertion failure in console process
https://seclists.org/fulldisclosure/2020/Apr/7
2. Null Pointer Dereference/Division-By-Zero
https://packetstormsecurity.com/files/158359/mikrotik-nulldiv.txt
1. Memory corruption/assertion failure in console process
https://seclists.org/fulldisclosure/2020/Apr/7
2. Null Pointer Dereference/Division-By-Zero
https://packetstormsecurity.com/files/158359/mikrotik-nulldiv.txt
seclists.org
Full Disclosure: Re: Two vulnerabilities found in MikroTik's RouterOS
Suscribete y Comparte el canal entre mas suscriptores tenga mas contenido se subira.
Gracias y un saludo.
https://m.youtube.com/channel/UCnyWt6WHB8FyFX2N36uqWUg/videos
Gracias y un saludo.
https://m.youtube.com/channel/UCnyWt6WHB8FyFX2N36uqWUg/videos
Web App Penetration Testing "Bug Bounty" Roadmap
1. What is bug bounty?
Identification and reporting of bugs and vulns in a responsible way.
+All depends on interest and hardwork, not on degree, age, branch, college, etc.
2. What to study?
1. Internet, HTTP, TCP/IP
2. Networking ( CCNA )
3. Command line
4. Linux
5. Web technologies, "JAVASCRIPT" "PHP" "SQL"
6. Atleast 1 prog language (Python/C/JAVA/Ruby..)
3. Choose your path (imp)
1. Web pentesting
2. Mobile pentesting
3. Desktop apps
4. Resources
Books
For web
1. Web app hackers handbook
2. Web hacking 101
3. Hacker's playbook 1,2,3
4. Hacking art of exploitation
5. Mastering modern web pen testing
6. OWASP Testing guide
For mobile
1.Mobile application hacker's handbook
Youtube channels
1. Hacking
1. Live Overflow
2. Hackersploit
3. Bugcrowd
4. Hak5
5. Hackerone
2. Programming
1. thenewboston
2. codeacademy
3. Writeups, Articles, blogs
1. Medium (infosec writeups)
2. Hackerone public reports
3. owasp.org
4. Portswigger
5. Reddit (Netsec)
6. DEFCON conference videos
7. Forums
5. Practice (imp)
1. Tools
1. Burpsuite
2. nmap
3. dirbuster
4. sublist3r
5. Netcat
2. Testing labs
1. DVWA
2. bWAPP
3. Vulnhub
4. Metasploitable
5. CTF365
6. Hack the box
6. Start!
1. Select a platform
1. Hackerone
2. Bugcrowd
3. Open bug bounty
4. Zerocopter
5. Antihack
6. Synack (private)
Road:📷
1. Choose wisely (first not for bounty)
2. Select a bug for hunt
3. Exhaustive search
4. Not straightforward always
REPORT:
5. Create a descriptive report
6. Follow responsible disclosure
7. Create POC and steps to reproduce
Words of wisdom
1. PATIENCE IS THE KEY, takes years to master, don't fall for overnight success
2. Do not expect someone will spoon feed you everything.
3. Confidence
4. Not always for bounty
5. Learn a lot
6. Won't find at the beginning, don't lose hope
7. Stay focused
8. Depend on yourself
9. Stay updated with infosec world
1. What is bug bounty?
Identification and reporting of bugs and vulns in a responsible way.
+All depends on interest and hardwork, not on degree, age, branch, college, etc.
2. What to study?
1. Internet, HTTP, TCP/IP
2. Networking ( CCNA )
3. Command line
4. Linux
5. Web technologies, "JAVASCRIPT" "PHP" "SQL"
6. Atleast 1 prog language (Python/C/JAVA/Ruby..)
3. Choose your path (imp)
1. Web pentesting
2. Mobile pentesting
3. Desktop apps
4. Resources
Books
For web
1. Web app hackers handbook
2. Web hacking 101
3. Hacker's playbook 1,2,3
4. Hacking art of exploitation
5. Mastering modern web pen testing
6. OWASP Testing guide
For mobile
1.Mobile application hacker's handbook
Youtube channels
1. Hacking
1. Live Overflow
2. Hackersploit
3. Bugcrowd
4. Hak5
5. Hackerone
2. Programming
1. thenewboston
2. codeacademy
3. Writeups, Articles, blogs
1. Medium (infosec writeups)
2. Hackerone public reports
3. owasp.org
4. Portswigger
5. Reddit (Netsec)
6. DEFCON conference videos
7. Forums
5. Practice (imp)
1. Tools
1. Burpsuite
2. nmap
3. dirbuster
4. sublist3r
5. Netcat
2. Testing labs
1. DVWA
2. bWAPP
3. Vulnhub
4. Metasploitable
5. CTF365
6. Hack the box
6. Start!
1. Select a platform
1. Hackerone
2. Bugcrowd
3. Open bug bounty
4. Zerocopter
5. Antihack
6. Synack (private)
Road:📷
1. Choose wisely (first not for bounty)
2. Select a bug for hunt
3. Exhaustive search
4. Not straightforward always
REPORT:
5. Create a descriptive report
6. Follow responsible disclosure
7. Create POC and steps to reproduce
Words of wisdom
1. PATIENCE IS THE KEY, takes years to master, don't fall for overnight success
2. Do not expect someone will spoon feed you everything.
3. Confidence
4. Not always for bounty
5. Learn a lot
6. Won't find at the beginning, don't lose hope
7. Stay focused
8. Depend on yourself
9. Stay updated with infosec world