Hack The Box - Wall Write-up by 0xRick
https://ift.tt/36febrk
Submitted December 07, 2019 at 08:37PM by Ahm3d_H3sham
via reddit https://ift.tt/2P2MWuF
https://ift.tt/36febrk
Submitted December 07, 2019 at 08:37PM by Ahm3d_H3sham
via reddit https://ift.tt/2P2MWuF
0xRick
Hack The Box - Wall
My write-up / walkthrough for Wall from Hack The Box.
HackTheBox: Wall -Writeup by Khaotic
https://ift.tt/2YpOeTo
Submitted December 07, 2019 at 08:29PM by Khaoticdude
via reddit https://ift.tt/2DZ5dCs
https://ift.tt/2YpOeTo
Submitted December 07, 2019 at 08:29PM by Khaoticdude
via reddit https://ift.tt/2DZ5dCs
Khaotic Developments
Hack The Box: Wall
Jump Ahead: Enum – Getting a Rev. Shell – Root – Resources – Shoutout TL;DR; To solve this machine we enumerate open ports – finding ports 80 and 22 open. Enumerating …
[threat hunting] badsec.io - An online domain permutation, certificate transparency lookup utility
https://ift.tt/38ky3LU
Submitted December 08, 2019 at 12:38AM by evo4ce
via reddit https://ift.tt/2Pmff61
https://ift.tt/38ky3LU
Submitted December 08, 2019 at 12:38AM by evo4ce
via reddit https://ift.tt/2Pmff61
Reddit
From the netsec community on Reddit: [threat hunting] badsec.io - An online domain permutation, certificate transparency lookup…
Posted by evo4ce - 50 votes and 2 comments
Tunneling traffic through MySQL service (or your mysqld is my new SOCKS5)
https://ift.tt/2YqveEi
Submitted December 08, 2019 at 03:24AM by gid0rah
via reddit https://ift.tt/2PlLaUc
https://ift.tt/2YqveEi
Submitted December 08, 2019 at 03:24AM by gid0rah
via reddit https://ift.tt/2PlLaUc
x-c3ll.github.io
Tunneling traffic through MySQL service (or your mysqld is my new SOCKS5) ::
DoomsDay Vault
DoomsDay Vault
Description of how to pivot though the MySQL service. Turning MySQL into a SOCKS5 that can be used by proxychains.
High performance WordPress login bruteforcer
https://ift.tt/38gINe6
Submitted December 08, 2019 at 08:05AM by lle-bout
via reddit https://ift.tt/38j5MFe
https://ift.tt/38gINe6
Submitted December 08, 2019 at 08:05AM by lle-bout
via reddit https://ift.tt/38j5MFe
GitHub
GitHub - llebout/wpbrute-rs: High performance WordPress login bruteforcer with automatic concurrency for maximum amount of tries…
High performance WordPress login bruteforcer with automatic concurrency for maximum amount of tries per second. - llebout/wpbrute-rs
Global Offshore Corporate Networks Exposed in Massive Data Leak - UNICORN RIOT
https://ift.tt/37Wh8yO
Submitted December 08, 2019 at 04:04PM by MayonaiseRemover
via reddit https://ift.tt/2s6ylFk
https://ift.tt/37Wh8yO
Submitted December 08, 2019 at 04:04PM by MayonaiseRemover
via reddit https://ift.tt/2s6ylFk
UNICORN RIOT
Global Offshore Corporate Networks Exposed in Massive Data Leak - UNICORN RIOT
LONDON, UK – Hundreds of thousands of documents from inside Formations House, a posh British finance firm located in central London, have been released online tonight. Formations House created thousands of companies for ultra-wealthy business-people for offshore…
Report: Millions of Americans at Risk After Huge Data and SMS Leak
https://ift.tt/34AlpWF
Submitted December 08, 2019 at 07:42PM by KoViPe
via reddit https://ift.tt/2sYldTd
https://ift.tt/34AlpWF
Submitted December 08, 2019 at 07:42PM by KoViPe
via reddit https://ift.tt/2sYldTd
vpnMentor
Report: Millions of Americans at Risk After Huge Data and SMS Leak
Introduction
Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a breached database belonging to the American communications company, TrueDialog.
TrueDialog
Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a breached database belonging to the American communications company, TrueDialog.
TrueDialog
A cookbook for hackers, forensic analyst, pentester, and security engineer
https://ift.tt/2rhLJXl
Submitted December 09, 2019 at 12:29AM by xcorshinex
via reddit https://ift.tt/36gJpyC
https://ift.tt/2rhLJXl
Submitted December 09, 2019 at 12:29AM by xcorshinex
via reddit https://ift.tt/36gJpyC
reddit
A cookbook for hackers, forensic analyst, pentester, and security...
[https://drive.google.com/file/d/0B-OpLAp8EyTfbEVfTm5OdkVXT2s/view?usp=sharing](https://drive.google.com/file/d/0B-OpLAp8EyTfbEVfTm5OdkVXT2s/view?u...
Pentesting Training Website Challenges Authentication Best Practices
https://ift.tt/352Lmyv
Submitted December 09, 2019 at 05:27AM by arrayleads
via reddit https://ift.tt/2E0iScI
https://ift.tt/352Lmyv
Submitted December 09, 2019 at 05:27AM by arrayleads
via reddit https://ift.tt/2E0iScI
Techwagyu
Pentesting Training Website Challenges Authentication Best Practices - Tech Wagyu
The penetration testing company Practical Pentest Labs has recently come under fire for how they handle user passwords. The passwords for user accounts were sent via email to users upon sign up in clear text. The argument was made that these could be intercepted…
Configuring MTA-STS and SMTP TLS-RPT
https://ift.tt/2LDHe0a
Submitted December 09, 2019 at 05:16AM by fmisle
via reddit https://ift.tt/36h1a0B
https://ift.tt/2LDHe0a
Submitted December 09, 2019 at 05:16AM by fmisle
via reddit https://ift.tt/36h1a0B
Faisalmisle
Configuring MTA-STS and SMTP TLS-RPT | Faisal Misle
Faisal's Blog
MalwinX: A framework for learning Malware and win32 functions
https://ift.tt/2RzlV3q
Submitted December 09, 2019 at 07:08AM by beyonderdabas
via reddit https://ift.tt/2DVg00L
https://ift.tt/2RzlV3q
Submitted December 09, 2019 at 07:08AM by beyonderdabas
via reddit https://ift.tt/2DVg00L
securityviacode.in
MalwinX: A framework for learning Malware and win32 functions
Just a normal flask web app to understand win32api with code snippets and references.
Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
https://ift.tt/2Pnna31
Submitted December 09, 2019 at 09:50AM by netsec_burn
via reddit https://ift.tt/2RzB4BO
https://ift.tt/2Pnna31
Submitted December 09, 2019 at 09:50AM by netsec_burn
via reddit https://ift.tt/2RzB4BO
GitHub
0vercl0k/CVE-2019-11708
Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit. - 0vercl0k/CVE-2019-11708
PHP Autloading: Local File Inclusion by Design
https://ift.tt/355roTw
Submitted December 09, 2019 at 01:11PM by ss2342-
via reddit https://ift.tt/2RzYHu0
https://ift.tt/355roTw
Submitted December 09, 2019 at 01:11PM by ss2342-
via reddit https://ift.tt/2RzYHu0
Medium
PHP Autloading: Local File Inclusion by Design
In the year 2009, PHP 5.3 was released, bringing with it major new features like namespaces and lambda functions. At the time, there was…
Spilling Local Files via XXE When HTTP OOB Fails
https://ift.tt/357TOfW
Submitted December 09, 2019 at 02:52PM by albinowax
via reddit https://ift.tt/2PpVQRW
https://ift.tt/357TOfW
Submitted December 09, 2019 at 02:52PM by albinowax
via reddit https://ift.tt/2PpVQRW
www.noob.ninja
Spilling Local Files via XXE When HTTP OOB Fails
Hello Everyone, Today I will be sharing a very interesting technique of exploiting an XXE which was discovered from what I know by https...
This is a story how I accidentally found a common vulnerability across similar web applications just by reusing cookies on different subdomains from the same web application.
https://ift.tt/38mjhnR
Submitted December 09, 2019 at 03:38PM by riramar
via reddit https://ift.tt/2LwS1sX
https://ift.tt/38mjhnR
Submitted December 09, 2019 at 03:38PM by riramar
via reddit https://ift.tt/2LwS1sX
Medium
Reusing Cookies
TL;DR: This is a story how I accidentally found a common vulnerability across similar web applications just by reusing cookies on…
The Githubification of InfoSec by John Lambert, Distinguished Engineer, Microsoft Threat Intelligence Center
https://ift.tt/2DUuLkq
Submitted December 09, 2019 at 08:21PM by digicat
via reddit https://ift.tt/2LS5gon
https://ift.tt/2DUuLkq
Submitted December 09, 2019 at 08:21PM by digicat
via reddit https://ift.tt/2LS5gon
Medium
The Githubification of InfoSec
Towards a more open, contributor friendly, vendor neutral model for accelerated learning in InfoSec
Made a tool to check on a graph approach network traffic (live capture or pcap)
https://ift.tt/2NlGHzY
Submitted December 09, 2019 at 10:02PM by michoo_42
via reddit https://ift.tt/2rtydQk
https://ift.tt/2NlGHzY
Submitted December 09, 2019 at 10:02PM by michoo_42
via reddit https://ift.tt/2rtydQk
GitHub
GitHub - michoo/pci: Packet communication investigator
Packet communication investigator. Contribute to michoo/pci development by creating an account on GitHub.
Breaking the chains on HTTP Request Smuggler
https://ift.tt/2s81qjK
Submitted December 10, 2019 at 12:17AM by digicat
via reddit https://ift.tt/36hvHLD
https://ift.tt/2s81qjK
Submitted December 10, 2019 at 12:17AM by digicat
via reddit https://ift.tt/36hvHLD
PortSwigger Research
Breaking the chains on HTTP Request Smuggler
We've all seen it - a conference presentation drops a fancy new technique, and a hot new tool is released. Then over the following months and years, the environment changes and the tool is left unmain
$10m GDPR Fine; Why we Need GDPR in Bug Bounties
https://ift.tt/2P4kEzE
Submitted December 10, 2019 at 12:38AM by arrayleads
via reddit https://ift.tt/2t37zyf
https://ift.tt/2P4kEzE
Submitted December 10, 2019 at 12:38AM by arrayleads
via reddit https://ift.tt/2t37zyf
Use by a large number of enterprises and users, Angular is a platform for building responsive, universal single page applications. Here are the vulnerabilities that can occur using Angula and the best ways to circumvent those
https://ift.tt/35bB2nK
Submitted December 10, 2019 at 02:35PM by xjueldta
via reddit https://ift.tt/345gJqS
https://ift.tt/35bB2nK
Submitted December 10, 2019 at 02:35PM by xjueldta
via reddit https://ift.tt/345gJqS
Amazon's Blink XT2 Camera System Command Injection Flaws
https://ift.tt/3582tyV
Submitted December 10, 2019 at 07:39PM by chicksdigthelongrun
via reddit https://ift.tt/2Pu4XAU
https://ift.tt/3582tyV
Submitted December 10, 2019 at 07:39PM by chicksdigthelongrun
via reddit https://ift.tt/2Pu4XAU
Medium
Blink XT2 Camera System Command Injection Flaws
Blink home security camera systems, owned and operated by Amazon, contain a number of security flaws that could allow attackers or other…