تغییر سیاست github در منتشر شدن اکسپلویت ها
https://thehackernews.com/2021/06/github-updates-policy-to-remove-exploit.html
در صورتی که اکسپلویت ها خطرناک و جزو اکسپلویت های APT باشد از گیت هاب پاک خواهند شد.
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://thehackernews.com/2021/06/github-updates-policy-to-remove-exploit.html
در صورتی که اکسپلویت ها خطرناک و جزو اکسپلویت های APT باشد از گیت هاب پاک خواهند شد.
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
The Hacker News
GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks
GitHub updates its policy to remove malware and exploit code used in active attacks.
https://thehackernews.com/2021/06/hackers-can-exploit-samsung-pre.html
system backdoor
CVE-2021-25356 - third-party authentication bypass in Managed Provisioning
CVE-2021-25388 - Arbitrary app installation vulnerability in Knox Core
CVE-2021-25390 - Intent redirection in PhotoTable
CVE-2021-25391 - Intent redirection in Secure Folder
CVE-2021-25392 - Possible to access notification policy file of DeX
CVE-2021-25393 - Possible to read/write access to arbitrary files as a system user (affects the Settings app)
CVE-2021-25397 - Arbitrary file write in TelephonyUI
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
system backdoor
CVE-2021-25356 - third-party authentication bypass in Managed Provisioning
CVE-2021-25388 - Arbitrary app installation vulnerability in Knox Core
CVE-2021-25390 - Intent redirection in PhotoTable
CVE-2021-25391 - Intent redirection in Secure Folder
CVE-2021-25392 - Possible to access notification policy file of DeX
CVE-2021-25393 - Possible to read/write access to arbitrary files as a system user (affects the Settings app)
CVE-2021-25397 - Arbitrary file write in TelephonyUI
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
The Hacker News
Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users
Flaws in Samsung Mobile preinstalled apps could give attackers access to a person's private information.
https://thehackernews.com/2021/06/instagram-bug-allowed-anyone-to-view.html
یکی از راه های جمع اوری اطلاعات برای سناریوهای مهندسی اجتماعی پیج های شخصی اینستاگرام هست و هر چقدر افراد زندگی خصوصی خود را بیشتر به نمایش می گذارند آسیب پذیر تر می شوند. باگ که صفحات شخصی هم می توان ویو کرد. یکی از روش های جمع آوری اطلاعات جالب می تونه باشه برای اینکار!
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
یکی از راه های جمع اوری اطلاعات برای سناریوهای مهندسی اجتماعی پیج های شخصی اینستاگرام هست و هر چقدر افراد زندگی خصوصی خود را بیشتر به نمایش می گذارند آسیب پذیر تر می شوند. باگ که صفحات شخصی هم می توان ویو کرد. یکی از روش های جمع آوری اطلاعات جالب می تونه باشه برای اینکار!
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html
CVE-2021-30761 - A memory corruption issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was addressed with improved state management.
CVE-2021-30762 - A use-after-free issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was resolved with improved memory management.
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
CVE-2021-30761 - A memory corruption issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was addressed with improved state management.
CVE-2021-30762 - A use-after-free issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was resolved with improved memory management.
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
The Hacker News
Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild
Apple releases emergency patches for two zero-day vulnerabilities found in the wild
کلاب پنتر طبق #سرفصل که طی چند هفته گذشته برگذار شد جمع بندی و مستند سازی شد البته تمامی جلسات هنوز تدوین نشده و به مرور قرار داده خواهند شد
جلسات عمومی مهندسی اجتماعی Pentesterschool
https://blog.peneter.com/clubhouse-general-social-engineering-1/
https://blog.peneter.com/socialengineering-phishing/
https://blog.peneter.com/social-engineering-with-malware/
جلسات تخصصی Peneter
تست نفوذ چیست مفاهیم ابتدایی
https://blog.peneter.com/what-is-penetration-test/
https://blog.peneter.com/what-is-hack-and-who-are-hackers/
ابزارهای تست نفوذ جلسه اول جمع آوری اطلاعات
https://blog.peneter.com/informationgathering/
https://blog.peneter.com/penetration-testing-scanning-enumeration/
https://blog.peneter.com/red-blue-team/
https://blog.peneter.com/dark-web/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
جلسات عمومی مهندسی اجتماعی Pentesterschool
https://blog.peneter.com/clubhouse-general-social-engineering-1/
https://blog.peneter.com/socialengineering-phishing/
https://blog.peneter.com/social-engineering-with-malware/
جلسات تخصصی Peneter
تست نفوذ چیست مفاهیم ابتدایی
https://blog.peneter.com/what-is-penetration-test/
https://blog.peneter.com/what-is-hack-and-who-are-hackers/
ابزارهای تست نفوذ جلسه اول جمع آوری اطلاعات
https://blog.peneter.com/informationgathering/
https://blog.peneter.com/penetration-testing-scanning-enumeration/
https://blog.peneter.com/red-blue-team/
https://blog.peneter.com/dark-web/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Peneter.com
مهندسی اجتماعی – جلسه اول (عمومی) - Peneter.com
مهندسی اجتماعی چیست ؟ social engineering یا مهندسی اجتماعی روش کسب اعتماد و سواستفاده از نقاط ضعف اشخاص و دریافت اطلاعات حساس و خصوصی از...
SoheilSec
کلاب پنتر طبق #سرفصل که طی چند هفته گذشته برگذار شد جمع بندی و مستند سازی شد البته تمامی جلسات هنوز تدوین نشده و به مرور قرار داده خواهند شد جلسات عمومی مهندسی اجتماعی Pentesterschool https://blog.peneter.com/clubhouse-general-social-engineering-1/ https:…
جلسه دوم توسعه ابزار تست نفوذ گام اسکن اضافه شد و پست های مرتبط
https://blog.peneter.com/penetration-testing-scanning-enumeration/
https://blog.peneter.com/dark-web/
https://blog.peneter.com/red-blue-team/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://blog.peneter.com/penetration-testing-scanning-enumeration/
https://blog.peneter.com/dark-web/
https://blog.peneter.com/red-blue-team/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Peneter.com
توسعه ابزار تست نفوذ – اسکن (گام 2 – تخصصی) - Peneter.com
در جلسه گذشته سعی کردیم به صورت کلی گامهای اولیه جهت توسعه ابزار تست نفوذ را شرح دهیم. همچنین به زبانهای برنامهنویسی و اسکریپتنویسی رایج...
Useful Dorks (Shodan)
https://github.com/jakejarvis/awesome-shodan-queries
https://www.osintme.com/index.php/2021/01/16/ultimate-osint-with-shodan-100-great-shodan-queries/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://github.com/jakejarvis/awesome-shodan-queries
https://www.osintme.com/index.php/2021/01/16/ultimate-osint-with-shodan-100-great-shodan-queries/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
GitHub
GitHub - jakejarvis/awesome-shodan-queries: 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io…
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻 - jakejarvis/awesome-shodan-queries
Forwarded from CISO as a Service (Alireza Ghahrood)
پيرو اين پست
يكسري محتوا ٢٠٢٠ حوزه امنيت
در مسير
https://ufile.io/hnwrd1m4
با پسورد:
Mybr0
تا بن نشده دانلود كنيد و استفاده🙏✌🏼
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30
يكسري محتوا ٢٠٢٠ حوزه امنيت
در مسير
https://ufile.io/hnwrd1m4
با پسورد:
Mybr0
تا بن نشده دانلود كنيد و استفاده🙏✌🏼
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30
ufile.io
Upload files for free - pdf.rar - ufile.io
Download pdf.rar for free from ufile.io instantly, no signup required and no popup ads
NSA Funds Development , Release of D3FEND
https://www.nsa.gov/news-features/press-room/Article/2665993/nsa-funds-development-release-of-d3fend/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://www.nsa.gov/news-features/press-room/Article/2665993/nsa-funds-development-release-of-d3fend/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
#redteam
It seems you like RDP password, also client side ?
#redteam Mimikatz update
https://twitter.com/i/status/1398633925715636224
https://github.com/gentilkiwi/mimikatz/releases
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
It seems you like RDP password, also client side ?
#redteam Mimikatz update
https://twitter.com/i/status/1398633925715636224
https://github.com/gentilkiwi/mimikatz/releases
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Twitter
🥝 Benjamin Delpy
It seems you like RDP password, also client side ? > github.com/gentilkiwi/mim… Just released a #mimikatz supporting clients embedding 'mstscax.dll', like mRemoteNG, Remote Dekstop Manager, RDCMan, ... and all others RDP credentials as well as with the classic…
استفاده از VPN خوب هست ولی باید توجه داشت در صورت آسیب پذیری روی VPN یا لو رفتن پسورد یک کاربر شبکه حتما به خطر میافته
https://cyber.gc.ca/en/alerts/exploitation-fortinet-fortios-vulnerabilities-cisa-fbi
https://thehackernews.com/2021/06/north-korea-exploited-vpn-flaw-to-hack.html
https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://cyber.gc.ca/en/alerts/exploitation-fortinet-fortios-vulnerabilities-cisa-fbi
https://thehackernews.com/2021/06/north-korea-exploited-vpn-flaw-to-hack.html
https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Canadian Centre for Cyber Security
Get quick, easy access to all Canadian Centre for Cyber Security services and information.
https://thehackernews.com/2021/06/unpatched-critical-flaw-affects-pling.html
https://positive.security/blog/hacking-linux-marketplaces
***For users of any of the mentioned Pling-based marketplaces, we recommend the following:
1)Do not run the PlingStore Electron application (best, remove the AppImage) until the RCE is fixed
2)Be aware that any listing on appimagehub.com/store.kde.org/gnome-look.org/xfce-look.org/pling.com could hijack your account on the platform via XSS and any of the downloadable assets might be compromised (best, log out of your account and do not use the websites until the issues have been fixed)
کشف آسیب پذیری stored XSS و RCE که روی PLING توسط positive sec
https://uploads-ssl.webflow.com/5f6498c074436c349716e747/60d0fd32558a10ac4a461932_pling_new_listing.png
https://uploads-ssl.webflow.com/5f6498c074436c349716e747/60d11669d91f9d5a6c93f93a_pling_xss.png
RCE
https://uploads-ssl.webflow.com/5f6498c074436c349716e747/60d11c6988d3736d6d4c281b_gnomelook_PlingStore.png
https://uploads-ssl.webflow.com/5f6498c074436c50c016e745/60d0a8dd9019016a68c8c867_websocket_poc-transcode.mp4
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://positive.security/blog/hacking-linux-marketplaces
***For users of any of the mentioned Pling-based marketplaces, we recommend the following:
1)Do not run the PlingStore Electron application (best, remove the AppImage) until the RCE is fixed
2)Be aware that any listing on appimagehub.com/store.kde.org/gnome-look.org/xfce-look.org/pling.com could hijack your account on the platform via XSS and any of the downloadable assets might be compromised (best, log out of your account and do not use the websites until the issues have been fixed)
کشف آسیب پذیری stored XSS و RCE که روی PLING توسط positive sec
https://uploads-ssl.webflow.com/5f6498c074436c349716e747/60d0fd32558a10ac4a461932_pling_new_listing.png
https://uploads-ssl.webflow.com/5f6498c074436c349716e747/60d11669d91f9d5a6c93f93a_pling_xss.png
RCE
https://uploads-ssl.webflow.com/5f6498c074436c349716e747/60d11c6988d3736d6d4c281b_gnomelook_PlingStore.png
https://uploads-ssl.webflow.com/5f6498c074436c50c016e745/60d0a8dd9019016a68c8c867_websocket_poc-transcode.mp4
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
The Hacker News
Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks
Unpatched Critical Flaw Affects Pling Store App for Linux Themes and Icons
#SecurityTips
https://github.com/hackerscrolls/SecurityTips
https://github.com/hackerscrolls/SecurityTips/blob/master/MindMaps/File_upload_bugs.xmind
#bypassuploader
https://github.com/barrracud4/image-upload-exploits
https://book.hacktricks.xyz/pentesting-web/file-upload
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://github.com/hackerscrolls/SecurityTips
https://github.com/hackerscrolls/SecurityTips/blob/master/MindMaps/File_upload_bugs.xmind
#bypassuploader
https://github.com/barrracud4/image-upload-exploits
https://book.hacktricks.xyz/pentesting-web/file-upload
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
GitHub
GitHub - hackerscrolls/SecurityTips
Contribute to hackerscrolls/SecurityTips development by creating an account on GitHub.
Mirage 1.2 is released, with a lot of new experimental features :) It supports InjectaBLE attacks, HackRF One, Sniffle (1.5) and a new Logitech Unifying MiTM attack. As usual, the tool is available here: github.com/RCayre/mirage
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
GitHub
GitHub - RCayre/mirage: Mirage is a powerful and modular framework dedicated to the security analysis of wireless communications.
Mirage is a powerful and modular framework dedicated to the security analysis of wireless communications. - GitHub - RCayre/mirage: Mirage is a powerful and modular framework dedicated to the sec...