Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Tenda AC1200 input validation error vulnerability:
https://dailycve.com/tenda-ac1200-input-validation-error-vulnerability
https://dailycve.com/tenda-ac1200-input-validation-error-vulnerability
Dailycve
Tenda AC1200 input validation error vulnerability | CVE
Details:
A protection flaw is present on Tenda AC1200 (Model AC6) 15.03.06.51 multi smartphones. The weakness emerges from a huge HTTP POST request sent to the API for password update, which causes the router to crash and enter an endless initialization β¦
A protection flaw is present on Tenda AC1200 (Model AC6) 15.03.06.51 multi smartphones. The weakness emerges from a huge HTTP POST request sent to the API for password update, which causes the router to crash and enter an endless initialization β¦
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Recommended videos& pdfs for learn cross-site scripting :
https://www.youtube.com/watch?v=cWu_FJUrH5Y
31 min
https://www.youtube.com/watch?v=EoaDgUgS6QA
11 min
https://www.youtube.com/watch?v=IuzU4y-UjLw
11 min
https://owasp.org/www-pdf-archive/OWASP_IL_The_Universal_XSS_PDF_Vulnerability.pdf
https://www.exploit-db.com/docs/english/18895-complete-cross-site-scripting-walkthrough.pdf
https://www.cs.montana.edu/courses/csci476/topics/crosssite_attacks.pdf
https://www2.mmu.ac.uk/media/mmuacuk/content/documents/school-of-computing-mathematics-and-digital-technology/blossom/XSS.pdf
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Recommended videos& pdfs for learn cross-site scripting :
https://www.youtube.com/watch?v=cWu_FJUrH5Y
31 min
https://www.youtube.com/watch?v=EoaDgUgS6QA
11 min
https://www.youtube.com/watch?v=IuzU4y-UjLw
11 min
https://owasp.org/www-pdf-archive/OWASP_IL_The_Universal_XSS_PDF_Vulnerability.pdf
https://www.exploit-db.com/docs/english/18895-complete-cross-site-scripting-walkthrough.pdf
https://www.cs.montana.edu/courses/csci476/topics/crosssite_attacks.pdf
https://www2.mmu.ac.uk/media/mmuacuk/content/documents/school-of-computing-mathematics-and-digital-technology/blossom/XSS.pdf
β β β Uππ»βΊπ«Δπ¬πβ β β β
YouTube
What is Cross Site Scripting?| Cross Site Scripting Attack | Cross Site Scripting Tutorial | Edureka
( ** Edureka Online Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka "What is Cross Site Scripting?" video will give you an introduction to Cross Site Scripting Attacks. This video will give you an exhaustive on theβ¦
This Edureka "What is Cross Site Scripting?" video will give you an introduction to Cross Site Scripting Attacks. This video will give you an exhaustive on theβ¦
Forwarded from DailyCVE
π΅we found an issue in oneAPI Deep Neural Network Library expose a new bug:
https://dailycve.com/oneapi-deep-neural-network-library-expose-new-bug
https://dailycve.com/oneapi-deep-neural-network-library-expose-new-bug
Dailycve
oneAPI Deep Neural Network Library expose a new bug | CVE
Details:
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦11 WEEKS NETWORK HACKING/CRACKING LESSONS :/Created & uploaded to git
T O P I C S :
Week 1 Lessons:
Setting Up A Penetration Testing Environment - This will focus on setting up a lab environment, specifically VMWare, Kali Linux, and our lab VMs. The lesson will briefly introduce important aspects of each set up (e.g. Snapshots in VMWare, the Kali Linux toolset, etc.) with the intention to build upon those aspects in later lessons.
How to Keep Notes Effectively - This lesson will cover the importance of note taking from a pentester standpoint. The lesson will introduce the Kali Linux built-in note-taking application, KeepNote, and discuss how to take notes effectively. Taking notes during a penetration test is incredibly important as it allows a pentester reference points when writing their final report, discussing timelines with their team or manager, or even discussing specifics of a pentest with a client.
Week 2 & 3 Lessons:
Introductory Python - Similar to Linux, we will spend some time learning basic Python scripting, which will be essential to our future endeavors as penetration testers.
Week 4 Lessons:
The Art of Reconnaissance - This lesson will discuss reconnaissance in depth and cover common tools used in the process. Some of the tools that will be covered are the OSINT Framework, SET, theHarvester, Bluto, Google Dorks, and Shodan. More tools will likely be added as the lesson is written.
Week 5 Lesson:
Week 6 Lesson:
Enumeration for the win - The intent of this lesson is to provide an overview of basic enumeration tactics and then dive deep into specific tools used for common ports found in penetration testing. For example, if we find port 80 open on a scan (HTTP), we will likely want to know what service is running and enumerate that service for potential exploits at a high level.
Week 7 Lesson:
Gaining a Shell with Metasploit - This lesson will cover how to use Metasploit to gain shell access to a vulnerable machine. This builds upon the introductory Metasploit from section 8 as we move from the auxiliary/scanning portion of Metasploit to the exploit portion. This lesson is important as Metasploit is a common tool in nearly every penetration testers toolkit, especially at the beginner level.
Compiling Exploits - This lesson will add to exploitation learned in section 9, except that the exploitation is now done manually, without Metasploit. This will teach the reader how to safely download exploits from the web, generate shellcode, compile the exploit if necessary, and execute it against a vulnerable machine.
Week 8, 9, and 10 (Internal Pentesting):
Hello Enumeration, My Old Friend - This lesson will cover post-exploitation enumeration.
Active Directory Exploitation - This lesson focuses on the recognition of vulnerabilities and exploitation tactics in an internal Active Directory environment. Attacks that will be introduced include: LLMNR poisoning/hash cracking, SMB hash relaying, pass the hash, token impersonation, kerberoasting, GPP/c-password attacks, and PowerShell attacks. More attacks will likely be added as the lesson is written, but the most common have been provided.
Week 11 Lessons:
Maintaining Access / Pivoting / Cleanup - This lesson will discuss methods of maintaining access on a network, pivoting into other networks, and how to properly clean up as you exit a network.
Β«StartΒ» :
https://github.com/hmaverickadams/Beginner-Network-Pentesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦11 WEEKS NETWORK HACKING/CRACKING LESSONS :/Created & uploaded to git
T O P I C S :
Week 1 Lessons:
Setting Up A Penetration Testing Environment - This will focus on setting up a lab environment, specifically VMWare, Kali Linux, and our lab VMs. The lesson will briefly introduce important aspects of each set up (e.g. Snapshots in VMWare, the Kali Linux toolset, etc.) with the intention to build upon those aspects in later lessons.
How to Keep Notes Effectively - This lesson will cover the importance of note taking from a pentester standpoint. The lesson will introduce the Kali Linux built-in note-taking application, KeepNote, and discuss how to take notes effectively. Taking notes during a penetration test is incredibly important as it allows a pentester reference points when writing their final report, discussing timelines with their team or manager, or even discussing specifics of a pentest with a client.
Week 2 & 3 Lessons:
Introductory Python - Similar to Linux, we will spend some time learning basic Python scripting, which will be essential to our future endeavors as penetration testers.
Week 4 Lessons:
The Art of Reconnaissance - This lesson will discuss reconnaissance in depth and cover common tools used in the process. Some of the tools that will be covered are the OSINT Framework, SET, theHarvester, Bluto, Google Dorks, and Shodan. More tools will likely be added as the lesson is written.
Week 5 Lesson:
Week 6 Lesson:
Enumeration for the win - The intent of this lesson is to provide an overview of basic enumeration tactics and then dive deep into specific tools used for common ports found in penetration testing. For example, if we find port 80 open on a scan (HTTP), we will likely want to know what service is running and enumerate that service for potential exploits at a high level.
Week 7 Lesson:
Gaining a Shell with Metasploit - This lesson will cover how to use Metasploit to gain shell access to a vulnerable machine. This builds upon the introductory Metasploit from section 8 as we move from the auxiliary/scanning portion of Metasploit to the exploit portion. This lesson is important as Metasploit is a common tool in nearly every penetration testers toolkit, especially at the beginner level.
Compiling Exploits - This lesson will add to exploitation learned in section 9, except that the exploitation is now done manually, without Metasploit. This will teach the reader how to safely download exploits from the web, generate shellcode, compile the exploit if necessary, and execute it against a vulnerable machine.
Week 8, 9, and 10 (Internal Pentesting):
Hello Enumeration, My Old Friend - This lesson will cover post-exploitation enumeration.
Active Directory Exploitation - This lesson focuses on the recognition of vulnerabilities and exploitation tactics in an internal Active Directory environment. Attacks that will be introduced include: LLMNR poisoning/hash cracking, SMB hash relaying, pass the hash, token impersonation, kerberoasting, GPP/c-password attacks, and PowerShell attacks. More attacks will likely be added as the lesson is written, but the most common have been provided.
Week 11 Lessons:
Maintaining Access / Pivoting / Cleanup - This lesson will discuss methods of maintaining access on a network, pivoting into other networks, and how to properly clean up as you exit a network.
Β«StartΒ» :
https://github.com/hmaverickadams/Beginner-Network-Pentesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - hmaverickadams/Beginner-Network-Pentesting: Notes for Beginner Network Pentesting Course
Notes for Beginner Network Pentesting Course. Contribute to hmaverickadams/Beginner-Network-Pentesting development by creating an account on GitHub.
Forwarded from DailyCVE
π΅Oppia is an online learning platform showing a new bug:
https://dailycve.com/oppia-online-learning-platform-showing-new-bug
https://dailycve.com/oppia-online-learning-platform-showing-new-bug
Dailycve
Oppia is an online learning platform showing a new bug | CVE
Description:
Oppia is an open application framework for learning that allows everyone to build and upload immersive games (called 'explorations') quickly. These exercises mimic a one-on-one interaction with a teacher, enabling learners to learn and gainingβ¦
Oppia is an open application framework for learning that allows everyone to build and upload immersive games (called 'explorations') quickly. These exercises mimic a one-on-one interaction with a teacher, enabling learners to learn and gainingβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
FBI warns, "Swating with Internet of Things equipment is over"
#CyberAttacks
#CyberAttacks
UNDERCODE COMMUNITY
Photo
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Simple random DNS, HTTP/S internet traffic noise generator:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Install requests if you do not have it already installed, using pip:
2) pip install requests
1) git clone https://github.com/1tayH/noisy.git
Navigate into the noisy directory
3)cd noisy
4) Run the script
python noisy.py --config config.json
The program can accept a number of command line arguments:
$ python noisy.py --help
5) usage: noisy.py [-h] [--log -l] --config -c [--timeout -t]
optional arguments:
-h, --help show this help message and exit
--log -l logging level
--config -c config file
--timeout -t for how long the crawler should be running, in seconds
only the config file argument is required.
Output
$ docker run -it noisy --config config.json --log debug
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Simple random DNS, HTTP/S internet traffic noise generator:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Install requests if you do not have it already installed, using pip:
2) pip install requests
1) git clone https://github.com/1tayH/noisy.git
Navigate into the noisy directory
3)cd noisy
4) Run the script
python noisy.py --config config.json
The program can accept a number of command line arguments:
$ python noisy.py --help
5) usage: noisy.py [-h] [--log -l] --config -c [--timeout -t]
optional arguments:
-h, --help show this help message and exit
--log -l logging level
--config -c config file
--timeout -t for how long the crawler should be running, in seconds
only the config file argument is required.
Output
$ docker run -it noisy --config config.json --log debug
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - 1tayH/noisy: Simple random DNS, HTTP/S internet traffic noise generator
Simple random DNS, HTTP/S internet traffic noise generator - 1tayH/noisy
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Kong wordpress plugin, ssl revoked & outdated, data leak:
https://dailycve.com/kong-wordpress-plugin-ssl-revoked-outdated-data-leak
https://dailycve.com/kong-wordpress-plugin-ssl-revoked-outdated-data-leak
Dailycve
Kong wordpress plugin, ssl revoked & outdated, data leak | CVE
Details:
This plugin allows Kong to apply certificates from Let's Encrypt or any other ACMEv2 service and serve dynamically. Renewal is handled with a configurable threshold time.A bug could cause a possible leak of data due to outdated and revoqued ssl.β¦
This plugin allows Kong to apply certificates from Let's Encrypt or any other ACMEv2 service and serve dynamically. Renewal is handled with a configurable threshold time.A bug could cause a possible leak of data due to outdated and revoqued ssl.β¦
Forwarded from UNDERCODE NEWS
