⚡️Exploiting XSS using Polyglot JPEGs+Javascript to bypass CSP

📝This vulnerability allows an attacker to use a JPEG polyglot with JavaScript to hide the malicious JavaScript payload in the image successfully without corrupting the image to bypass the site’s CSP. For this exploit you will need two parameters, one to call the malicious image and the other one to upload it.

🔗https://en.hacks.gr/2023/12/27/exploiting-xss-using-polyglot-jpegsjavascript-to-bypass-csp/

🟢@hacker_habesha🇪🇹

🏹Exploiting FTP

📝FTP (File Transfer Protocol) is a service or so-called protocol for transferring files between computers via the Transmission Control Protocol / Internet Protocol (TCP / IP). It is considered as an Application Layer Protocol.

🔗https://en.hacks.gr/2023/12/27/exploiting-ftp/

Join:🟢@hacker_habesha🇪🇹

☣️ Free Labs to Train Your Pentest / CTF Skills ☣️

🔸 Academy Hackaflag -BR https://academy.hackaflag.com.br

🔸 Try Hack Me https://tryhackme.com

🔸 Attack-Defense https://attackdefense.com

🔸 alert to win https://alf.nu/alert1

🔸 CTF Komodo Security https://ctf.komodosec.com

🔸 CMD Challenge https://cmdchallenge.com

🔸 Explotation Education https://exploit.education

🔸 Google CTF https://capturetheflag.withgoogle.com

🔸 HackTheBox https://www.hackthebox.eu

🔸 Hackthis https://www.hackthis.co.uk

🔸 Hacksplaining https://www.hacksplaining.com/exercises

🔸 Hacker101 https://ctf.hacker101.com

🔸 Hacker Security https://capturetheflag.com.br

🔸 Hacking-Lab https://www.hacking-lab.com/index.html

🔸 HSTRIKE https://hstrike.com

🔸 ImmersiveLabs https://immersivelabs.com

🔸 Labs Wizard Security https://labs.wizard-security.net

🔸 NewbieContest https://www.newbiecontest.org

🔸 OverTheWire http://overthewire.org

🔸 Practical Pentest Labs https://practicalpentestlabs.com

🔸 Pentestlab https://pentesterlab.com

🔸 Penetration Testing Practice Labs http://www.amanhardikar.com/mindmaps/Practice.html

🔸 PentestIT LAB https://lab.pentestit.ru

🔸 PicoCTF https://picoctf.com

🔸 PWNABLE https://pwnable.kr/play.php

🔸 Root-Me https://www.root-me.org

🔸 Root in Jail http://ctf.rootinjail.com

🔸 Shellter https://shellterlabs.com/pt

🔸 SANS Challenger https://www.holidayhackchallenge.com

🔸 SmashTheStack http://smashthestack.org/wargames.html

🔸 Try Hack Me https://tryhackme.com

🔸 The Cryptopals Crypto Challenges https://cryptopals.com

🔸 Vulnhub https://www.vulnhub.com

🔸 W3Challs https://w3challs.com

🔸 WeChall http://www.wechall.net

🔸 Zenk-Security https://www.zenk-security.com/epreuves.php


Join🟢@hacker_habesha🇪🇹

🔒 Support our hackers AND cybersecurity professionals channel by sharing it with a friend.😊 Unleash their digital prowess!

ከተመቻቹ react ያድርጉ 😉

And don't forget to react if you like the contents 🤗
💻🔐 #HackerCommunity

https://t.me/hacker_habesha?boost

🟢@hacker_habesha

Web Crawlers & Directory Brute Force ⚡

🔹Dirbrute
🔗https://github.com/Xyntax/DirBrute

🔹Dirb
🔗https://dirb.sourceforge.net/

🔹ffuf
🔗https://github.com/ffuf/ffuf

🔹Dirbuster
🔗https://sourceforge.net/projects/dirbuster/

🔹Dirsearch
🔗https://github.com/maurosoria/dirsearch

🔹Gobuster
🔗https://github.com/OJ/gobuster

🔹WebPathBrute
🔗https://github.com/7kbstorm/7kbscan-WebPathBrute

🔹wfuzz
🔗https://github.com/xmendez/wfuzz

🔹Dirmap
🔗https://github.com/H4ckForJob/dirmap

🔹YJdirscan
🔗https://github.com/foryujian/yjdirscan

Join:🟢@hacker_habesha🇪🇹

Sql Injection 💉


🔹 Sqlmap
🔗https://github.com/sqlmapproject/sqlmap

🔹 SSQLInjection
🔗https://github.com/shack2/SuperSQLInjectionV1

🔹Jsql-injection
🔗https://github.com/ron190/jsql-injection

🔹NoSQLMap
🔗https://github.com/codingo/NoSQLMap

🔹Sqlmate
🔗https://github.com/s0md3v/sqlmate

🔹SQLiScanner
🔗https://github.com/0xbug/SQLiScanner

🔹sql-injection-payload-list
🔗https://github.com/payloadbox/sql-injection-payload-list

🔹Advanced-SQL-Injection-Cheatsheet
🔗https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet

Join:🟢@hacker_habesha🇪🇹

Wordlists 📄


🔹 wordlists - Real-world infosec wordlists, updated regularly.
🔗https://github.com/trickest/wordlists/

🔹psudohash - Password list generator that focuses on keywords mutated by commonly used password creation patterns.
🔗https://github.com/t3l3machus/psudohash

🔹wister - A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.
🔗https://github.com/cycurity/wister

🔹Rockyou - wordlists packaging for Kali Linux.
🔗https://gitlab.com/kalilinux/packages/wordlists

🔹Weakpass - For any kind of bruteforce find wordlists.
🔗https://weakpass.com/


Join:🟢@hacker_habesha🇪🇹

🌐Search Engines For PenTesters

Cross-Site Scripting (XSS)

🔹Data Theft
🔹Session Hijacking
🔹Phishing
🔹Defacement
🔹Keylogging
🔹Remote Code Execution
🔹Bypass Security Measures

🟢@hacker_habesha🇪🇹

🩸Domain Takeover with PetitPotam Exploit

📝Petitpotam is a vulnerability that allows a domain user to take over domain controllers through triggering authentications using the MS-EFSRPC protocol.

🔗https://en.hacks.gr/2023/12/27/domain-takeover-with-petitpotam-exploit/

JOIN:🟢@hacker_habesha🇪🇹

🧬Networking Essentials

🔖#infosec #cybersecurity #hacking #pentesting #security

JOIN:🟢@hacker_habesha🇪🇹

🛠Red Team Toolkit

🔴Privilege Escalation
🔴Phishing
🔴OSINT
🔴Exfiltration

🔖#infosec #cybersecurity #hacking #pentesting #security

JOIN:🟢@hacker_habesha🇪🇹

🛠Blue Team Toolkit

🔵Network Analysis
🔵EDR
🔵OS Analysis
🔵Honeypots
🔵SIEM

🔖#infosec #cybersecurity #hacking #pentesting #security

JOIN:🟢@hacker_habesha🇪🇹

Offensive Security Bookmarks
My security bookmarks collection.
All that things I need to pass OSCP, i think =)
Security Blogs
My Security OPML
Security Forums
http://securityoverride.org/forum/index.php
https://www.hackthissite.org/forums/index.php
https://www.ethicalhacker.net/forums/index.php
https://evilzone.org/
http://forum.antichat.ru/
https://forum.xeksec.com/
https://rdot.org/forum/
https://forum.zloy.bz/
https://forum.reverse4you.org/
https://rstforums.com/forum/
http://www.truehackers.ru/forum/index.php
http://garage4hackers.com/forum.php
https://www.hellboundhackers.org/
http://www.lockpicking101.com/
https://www.xploitworld.com/index.php

👉Join: @hacker_habesha🇪🇹
👉Join: @hacker_habesha🇪🇹

🐧Linux Privileges Escalation Techniques (Basic to Advanced) Series

🔹Part 1: http://hacklido.com/blog/158
🔹Part 2: http://hacklido.com/blog/162
🔹Part 3: http://hacklido.com/blog/210
🔹Part 4: http://hacklido.com/blog/224
🔹Part 5: https://hacklido.com/blog/286


Join 👉@hacker_habesha

**🚀 Exciting News! PicoCTF-Africa Online Training Series**

Hey everyone! 🌟

Hope you're all doing well! 🚀 I've got some exciting news - the PicoCTF-Africa online training series is kicking off on Jan 27! 🖥️ It's a fantastic opportunity for university undergrads & high schoolers interested in diving into the world of cybersecurity.

🔗 Register here: https://forms.gle/JhgPHzCVPWEx4uPNA

📅 Training starts: Jan 27

🌐 About:
🖥️Introduction to the cyber-Security concepts focusing on practical skills using a Capture The Flag (CTF) approach.
🖥️ Familiarizing with PicoCTF platform and getting ready for PicoCTF2024 competition.

📌 Poster Attached: Check out the poster and feel free to share this amazing opportunity with your friends and peers!

📢 Kindly share with your undergrad and high school colleagues! Let's make sure everyone gets a chance to join this cybersecurity adventure.


Got questions or need more info? Drop them here, and let's get ready for an awesome learning experience together! 🛡️✨

41% attacks bypass network security.

Defense-in-Depth isn't enough. Use AI-powered Cyber Threat Intelligence (CTI) and Breach & Attack Simulation (BAS) to test defenses against real-world attacks, uncover vulnerabilities.

Read to find the key: https://thehackernews.com/2024/01/perfecting-defense-in-depth-strategy.html

📋Cyber Security Periodic Table

🔖#infosec #cybersecurity #hacking #pentesting #security

👉Join: @hacker_habesha