Facebook's BountyCon 2020 CTF Writeup https://blog.shoebpatel.com/2020/01/31/Facebooks-BountyCon-2020-CTF-Writeup/
CaptainFreak
Facebook's BountyCon 2020 CTF Writeup
BountyCon2020BountyCon is an invitation-only application security conference arranged by Facebook annually in Singapore for the BugBounty Community of Asia-Pacific region. For more information about i
Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches
https://medium.com/@ozguralp/weird-vulnerabilities-happening-on-load-balancers-shallow-copies-and-caches-9194d4f72322
https://medium.com/@ozguralp/weird-vulnerabilities-happening-on-load-balancers-shallow-copies-and-caches-9194d4f72322
Medium
Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches
When looking for security vulnerabilities on a web application - either for bug hunting or a penetration test project -, I always check 2…
■■■■□ Exploiting #WebSocket [Application Wide XSS / CSRF]
https://medium.com/@osamaavvan/exploiting-websocket-application-wide-xss-csrf-66e9e2ac8dfa
https://medium.com/@osamaavvan/exploiting-websocket-application-wide-xss-csrf-66e9e2ac8dfa
Medium
Exploiting WebSocket [Application Wide XSS / CSRF]
Assalam u Alikum, it’s been a while I haven’t contributed to this wonderful community so I am back with a new write up about WebSocket…
■■■□□ #GoodReport
How We Found Another #XSS in #Google with #Acunetix
https://www.acunetix.com/blog/web-security-zone/xss-google-acunetix/
How We Found Another #XSS in #Google with #Acunetix
https://www.acunetix.com/blog/web-security-zone/xss-google-acunetix/
Acunetix
How We Found Another XSS in Google with Acunetix | Acunetix
Some time ago, we found an XSS in Google Cloud with the help of the Acunetix vulnerability scanner. Recently we found another XSS vulnerability. Here is how it happened.
■■□□□ #FaceBook #OUR | Open URL Redirect.
https://medium.com/@dwi.siswanto98/open-redirect-on-facebook-bypass-linkshim-4050f680d45c
https://medium.com/@dwi.siswanto98/open-redirect-on-facebook-bypass-linkshim-4050f680d45c
Medium
Open-redirect Vulnerability on Facebook
My Facebook personal account is blocked for up to a month because violating Facebook community standards for over-shitposting, LMAO.
■■■□□ Stored #XSS on Angular JS 1.4.9
https://medium.com/@vbharad/stored-xss-on-angular-js-1-4-9-b2f6121d8c59
https://medium.com/@vbharad/stored-xss-on-angular-js-1-4-9-b2f6121d8c59
Medium
Stored XSS on Angular JS 1.4.9
Introduction :
■■■■□ #ZeroDay | 0-day vulnerability (#backdoor) in firmware for #HiSilicon-based DVRs, NVRs and IP #cameras :
https://habr.com/en/post/486856/
https://habr.com/en/post/486856/
Habr
Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras
This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability...
■■■■□
From CSRF to RCE and WordPress-site takeover: CVE-2020-8417
https://blog.wpsec.com/csrf-to-rce-wordpress/
From CSRF to RCE and WordPress-site takeover: CVE-2020-8417
https://blog.wpsec.com/csrf-to-rce-wordpress/
WPSec
From CSRF to RCE and WordPress-site takeover: CVE-2020-8417 - WPSec
A high-severity Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2020–8417, exists in a popular WordPress plugin called Code Snippets, rendering over 200,000 websites vulnerable to site takeover. In this Blog-post, we will cover what caused…
■■■■□ #Samsung #ZeroDay being exploited by developers. Vulnerable version #SnapDragon processors leads to #root privileges and #SandboxEscape (#sbx) of #Knox.
https://www.xda-developers.com/samsung-galaxy-s9-galaxy-note-9-snapdragon-root/
https://www.xda-developers.com/samsung-galaxy-s9-galaxy-note-9-snapdragon-root/
XDA Developers
Developers have exploited the Samsung Galaxy S9 and Note 9 to get root access on the Snapdragon models
Developers have figured out how to root the Snapdragon models of the Samsung Galaxy S9 and Galaxy Note 9 thanks to an exploit, but there's a catch.
■■■■■ Internal #SSRF in #Microsoft's #Azure platform via template parameter upload. #Research by #CheckPoint's #CPR
https://cpr-zero.checkpoint.com/vulns/cprid-2140/
https://cpr-zero.checkpoint.com/vulns/cprid-2140/
CPR-Zero
CPR-Zero: CVE-2019-1234
Check Point Research Vulnerability Repository
■■■■□ #WashingtoPost Security vulnerability
State: Still un-patched
Severity: Medium / High
Details: https://blog.ckure.xyz/archives/51
Wild Exploitation: Most likely
Password: will be shared once the issue is fixed.
State: Still un-patched
Severity: Medium / High
Details: https://blog.ckure.xyz/archives/51
Wild Exploitation: Most likely
Password: will be shared once the issue is fixed.
■■■■■
Analyzing #iOS #WhatsApp Calls
Analysis of the network traffic + binary files + runtime behavior
https://link.medium.com/yi4uD2Q1P3
Analyzing #iOS #WhatsApp Calls
Analysis of the network traffic + binary files + runtime behavior
https://link.medium.com/yi4uD2Q1P3
Medium
Analyzing WhatsApp Calls
How I revealed parts of the VoIP protocol with Wireshark, radare2 and Frida.
■■■■□ #BlueTeam ops #Statistic
https://securityaffairs.co/wordpress/97380/hacking/microsoft-web-shells-report.html
https://securityaffairs.co/wordpress/97380/hacking/microsoft-web-shells-report.html
Security Affairs
Microsoft detects 77,000 active web shells on a daily basis
Microsoft published an interesting report that investigates web shell attacks, the IT giant says it detects 77,000 active web shells daily.
■■■□□ #DataBreach
https://www.bleepingcomputer.com/news/security/medicaid-cco-vendor-breach-exposes-health-personal-info-of-654k/
https://www.bleepingcomputer.com/news/security/medicaid-cco-vendor-breach-exposes-health-personal-info-of-654k/
BleepingComputer
Medicaid CCO Vendor Breach Exposes Health, Personal Info of 654K
Medicaid coordinated care organization (CCO) Health Share of Oregon today disclosed a data breach exposing the health and personal info of 654,362 individuals following the theft of a laptop owned by its transportation vendor GridWorks IC.
■■■■■
Bluetooth Vulnerability in Android (CVE-2020-0022)
Bug allows an attacker to execute arbitrary code with the privileges of the Bluetooth daemon
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Bluetooth Vulnerability in Android (CVE-2020-0022)
Bug allows an attacker to execute arbitrary code with the privileges of the Bluetooth daemon
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Insinuator.net
Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag
On November 3rd, 2019, we have reported a critical vulnerability affecting the Android Bluetooth subsystem. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:…