Comunidad Pen7esting
@Pen7esting
3.58K subscribers
510 photos
40 videos
142 files
5.08K links
@Anonimo501
Download Telegram
About
Blog
Apps
Platform
Join
Comunidad Pen7esting
3.58K subscribers
Comunidad Pen7esting
This media is not supported in your browser
VIEW IN TELEGRAM
207 viewsAnonimo501
Comunidad Pen7esting
National Vulnerability Database
CVE-2020-5783

In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms.
221 viewsAnonimo501
Comunidad Pen7esting
National Vulnerability Database
CVE-2020-4727

IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
205 viewsAnonimo501
Comunidad Pen7esting
>>) Free web penetration testing course‌‌

From basic to intermediate
(106 videos)

https://mega.nz/folder/EzgQXaQQ
mega.nz
File folder on MEGA
231 viewsAnonimo501
Comunidad Pen7esting
Kamerka: una herramienta de reconocimiento para dispositivos IoT e infraestructuras críticas | WeLiveSecurity
https://www.welivesecurity.com/la-es/2020/09/21/kamerka-herramienta-reconocimiento-dispositivos-iot-infraestructuras-criticas/
WeLiveSecurity
Kamerka: una herramienta de reconocimiento para dispositivos IoT e infraestructuras críticas
Kamerka es una herramienta de escaneo que permite descubrir dispositivos IoT, sistemas de control industrial y dispositivos de salud vulnerables a partir de recolectar información de varias fuentes.
228 viewsAnonimo501
Comunidad Pen7esting
Kerberos attacks cheatsheet
https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
+ Active Directory Attacks
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md
Gist
A cheatsheet with commands that can be used to perform kerberos attacks
A cheatsheet with commands that can be used to perform kerberos attacks - kerberos_attacks_cheatsheet.md
248 viewsAnonimo501
Comunidad Pen7esting
Dropbox Escalation of Privileges to SYSTEM on Windows

https://dreamlab.net/en/blog/post/dropbox-escalation-of-privileges-to-system-on-windows/
195 viewsAnonimo501
Comunidad Pen7esting
CVE-2020-0968:
IE 9, 11 - Scripting Engine Memory Corruption Vulnerability/Operation Domino (PoC)
https://ti.dbappsecurity.com.cn/blog/index.php/2020/09/18/cve-2020-0968/
Attack overview:
https://ti.dbappsecurity.com.cn/blog/index.php/2020/09/18/operation-domino/
207 viewsAnonimo501
Comunidad Pen7esting
Alien: el nuevo malware bancario para Android

https://unaaldia.hispasec.com/2020/09/alien-el-nuevo-malware-bancario-para-android.html
Una al Día
Alien: el nuevo malware bancario para Android
Se ha descubierto una nueva familia de malware que afecta a la plataforma móvil Android. Las grandes similitudes con el ya conocido Cerberus hacen sospechar que este nuevo malware no haya sido desarrollado desde cero. Alien, que así ha sido bautizado por…
204 viewsAnonimo501
Comunidad Pen7esting
National Vulnerability Database
CVE-2020-4607

IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
187 viewsAnonimo501
Comunidad Pen7esting
Obtener conversaciones de Whatsapp desde la nube
https://blog.segu-info.com.ar/2020/09/obtener-conversaciones-de-whatsapp.html
199 viewsAnonimo501
Comunidad Pen7esting
Threat Research:
Taking down the SSO, Account Takeover in the Websites
of Kolesa due to Insecure JSONP Call (PoC)
https://medium.com/bugbountywriteup/taking-down-the-sso-account-takeover-in-3-websites-of-kolesa-due-to-insecure-jsonp-call-facd79732e45
Medium
Taking down the SSO, Account Takeover in 3 websites of Kolesa due to Insecure JSONP Call
Hello, this post is about how I could take-over any account of Kolesa’s websites using Single Sign-On. There was an insecure JSONP call…
218 viewsAnonimo501
Comunidad Pen7esting
National Vulnerability Database
CVE-2020-9491

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.
205 viewsAnonimo501
Comunidad Pen7esting
Pentesting Mobile 101: Controlando de manera remota un Dispositivo Android con Scrcpy

http://feedproxy.google.com/~r/snifer/~3/B5gK-mc0sT4/srcpy-screen-mirroring-android-sin-root.html
228 viewsAnonimo501
Comunidad Pen7esting
Fortinet's Fortigate VPN solution running default settings leave over 200,000 businesses vulnerable to man-in-the-middle (MitM) attacks.

Learn how: https://thehackernews.com/2020/09/fortigate-vpn-security.html
The Hacker News
Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers
Fortinet's Fortigate VPN solution running default settings leave over 200,000 businesses vulnerable to man-in-the-middle (MitM) attacks.
199 viewsAnonimo501
Comunidad Pen7esting
CVE-2020-15702:
Race Condition vulnerability in handling of PID by apport in Ubuntu (PoC)
https://flattsecurity.hatenablog.com/entry/2020/09/30/130844
208 viewsAnonimo501
Comunidad Pen7esting
Fingerprintig de exploits

https://unaaldia.hispasec.com/2020/10/fingerprintig-de-exploits.html
Una al Día
Fingerprinting de exploits — Una al Día
Cuando vamos a desarrollar un programa informático lo más común es crear un equipo de personas con experiencia en diferentes ámbitos de la programación. Esto es así para maximizar la efectividad de…
203 viewsAnonimo501
Comunidad Pen7esting
Malware analysis:
1. Ttint: An IoT Remote Access Trojan spread through two Tenda router 0-day vulnerabilities
https://blog.netlab.360.com/ttint-an-iot-remote-control-trojan-spread-through-2-0-day-vulnerabilities/
2. Top Alexa Sites Infected With Malicious Coinminers
and Web Skimmer
https://unit42.paloaltonetworks.com/malicious-coinminers-web-skimmer/
360 Netlab Blog - Network Security Research Lab at 360
Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities
Author: Lingming Tu, Yanlong Ma, Genshen Ye



Background introduction


Starting from November 2019, 360Netlab Anglerfish system have successively monitored attacker using two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT) based…
198 viewsAnonimo501
Comunidad Pen7esting
National Vulnerability Database
CVE-2020-5989

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.
201 viewsAnonimo501
Comunidad Pen7esting
⚡️ Pentester Academy
Courses ⚡️


🖇 Download Link https://mega.nz/#F!ZA8x3KjL!aOhch9x--wvKoO8SgmmFng
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now
274 viewsAnonimo501
Comunidad Pen7esting
Tus chats de WhatsApp no son seguros: un nuevo «fallo» permite espiarlos
https://www.adslzone.net/noticias/whatsapp/chats-espiar-cifrado-copia-seguridad-nube/

#Whatsapp #Privacidad #Ciberseguridad
ADSLZone
Tus chats de WhatsApp no son seguros: un nuevo «fallo» permite espiarlos
Un usuario ha descubierto cómo se consiguen espiar los mensajes de los chats de WhatsApp que tengamos almacenados en la nube.
200 viewsAnonimo501