#bugbounty
Bug Bounty Stories #1: Tale of CSP bypass in an electron app!
https://securitygoat.medium.com/bug-bounty-stories-1-tale-of-csp-bypass-in-an-electron-app-f669f6ecefc9
@geekcode
Bug Bounty Stories #1: Tale of CSP bypass in an electron app!
https://securitygoat.medium.com/bug-bounty-stories-1-tale-of-csp-bypass-in-an-electron-app-f669f6ecefc9
@geekcode
Medium
Bug Bounty Stories #1: Tale of CSP bypass in an electron app!
Talking of a bug I found a long time back which led to the bypassing of CSP in an electron app :)
What is Telnet?
Telnet is an application protocol which allows you, with the use of a telnet client, to connect to and execute commands on a remote machine that’s hosting a telnet server.
The telnet client will establish a connection with the server. The client will then become a virtual terminal- allowing you to interact with the remote host.
Telnet sends all messages in clear text and has no specific security mechanisms. Thus, in many applications and services, Telnet has been replaced by SSH in most implementations.
~ @geekcode
Telnet is an application protocol which allows you, with the use of a telnet client, to connect to and execute commands on a remote machine that’s hosting a telnet server.
The telnet client will establish a connection with the server. The client will then become a virtual terminal- allowing you to interact with the remote host.
Telnet sends all messages in clear text and has no specific security mechanisms. Thus, in many applications and services, Telnet has been replaced by SSH in most implementations.
~ @geekcode
Telnet Exploit?
Telnet, being a protocol and itself insecure for the reasons we talked about earlier(https://t.me/geekcode/2347). It lacks encryption, so sends all communication over plaintext, and for the most part has poor access control. There are CVE’s for Telnet client and server systems, however, so when exploiting you can check for those on:
🔗https://www.cvedetails.com/
🔗https://cve.mitre.org/
A CVE short for Common Vulnerabilities and Exposures is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they usually mean the CVE ID number assigned to a security flaw.
However, you’re far more likely to find a misconfiguration in how telnet has been configured or is operating that will allow you to exploit it.
@geekcode
Telnet, being a protocol and itself insecure for the reasons we talked about earlier(https://t.me/geekcode/2347). It lacks encryption, so sends all communication over plaintext, and for the most part has poor access control. There are CVE’s for Telnet client and server systems, however, so when exploiting you can check for those on:
🔗https://www.cvedetails.com/
🔗https://cve.mitre.org/
A CVE short for Common Vulnerabilities and Exposures is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they usually mean the CVE ID number assigned to a security flaw.
However, you’re far more likely to find a misconfiguration in how telnet has been configured or is operating that will allow you to exploit it.
@geekcode
Cyber criminals compromised 1 million cards
Beware! New Android Malware Hacks Thousands of Facebook Accounts
Phishing sites targeting scammers and Theives
Security matters when the network is the internet
If you want this kind of cyber security latest news join @cyberagents
By the way this is our channel #supportus
@cyberagents
@geekcode
Beware! New Android Malware Hacks Thousands of Facebook Accounts
Phishing sites targeting scammers and Theives
Security matters when the network is the internet
If you want this kind of cyber security latest news join @cyberagents
By the way this is our channel #supportus
@cyberagents
@geekcode
OTP bypass and Account takeover using response manipulation
https://infosecwriteups.com/otp-bypass-and-account-takeover-using-response-manipulation-685ad4e1ea76
@geekcode
https://infosecwriteups.com/otp-bypass-and-account-takeover-using-response-manipulation-685ad4e1ea76
@geekcode
Medium
OTP bypass and Account takeover using response manipulation
Who is Krishnadev P Melevila?
What is SSH?
SSH (Secure Shell), is a remote administration protocol that allows users to control and modify their remote servers over the Internet. The service was created as a secure replacement for the unencrypted Telnet and uses cryptographic techniques to ensure that all communication to and from the remote server happens in an encrypted manner. It provides a mechanism for authenticating a remote user, transferring inputs from the client to the host, and relaying the output back to the client.
In next post we will discuss "How ssh works ?"
@geekcode
SSH (Secure Shell), is a remote administration protocol that allows users to control and modify their remote servers over the Internet. The service was created as a secure replacement for the unencrypted Telnet and uses cryptographic techniques to ensure that all communication to and from the remote server happens in an encrypted manner. It provides a mechanism for authenticating a remote user, transferring inputs from the client to the host, and relaying the output back to the client.
In next post we will discuss "How ssh works ?"
@geekcode
Hello my beautiful subscriber's
i hope you guys are doing well
Which topic should we cover in future ?
Leave a comment ❤️
We will make a detailed presentation about that topic❤️
#supportus 🙏
@geekcode
i hope you guys are doing well
Which topic should we cover in future ?
Leave a comment ❤️
We will make a detailed presentation about that topic❤️
#supportus 🙏
@geekcode
Bahamut Threat Group Targeting Users Through Phishing Campaign
https://blog.cyble.com/2021/08/10/bahamut-threat-group-targeting-users-through-phishing-campaign/
@geekcode
https://blog.cyble.com/2021/08/10/bahamut-threat-group-targeting-users-through-phishing-campaign/
@geekcode
Cyble
Cyble - Bahamut Threat Group Targeting Users Through Phishing Campaign
A phishing campaign from a Twitter post. The Threat Actor (TA) hosts malicious Android APK files on a counterfeit version of Jamaat websites.