Xiaomi URL spoofing w/ SSL vulnerability or, CVE-2019-10875 - Was it intentionally kept in the global versions by Xiaomi? - Andmp | A blog about infosec, bug hunting and more!
https://www.andmp.com/2019/04/xiaomi-url-spoofing-w-ssl-vulnerability.html?m=1
https://www.andmp.com/2019/04/xiaomi-url-spoofing-w-ssl-vulnerability.html?m=1
Andmp | A blog about infosec, bug hunting and more!
Xiaomi URL Address Bar spoofing w/ SSL vulnerability or, CVE-2019-10875 - Was it intentionally kept in the global versions by Xiaomi?
Writeup and PoC for Xiaomi URL spoofing w/ SSL vulnerability or, CVE-2019-10875
Wordpress cve 2019 8942 · Issue #11587 · rapid7/metasploit-framework · GitHub
https://github.com/rapid7/metasploit-framework/pull/11587
https://github.com/rapid7/metasploit-framework/pull/11587
Bypassing Network Restrictions Through RDP Tunneling « Bypassing Network Restrictions Through RDP Tunneling | FireEye Inc
https://www.fireeye.com/blog/threat-research/2019/01/bypassing-network-restrictions-through-rdp-tunneling.html
https://www.fireeye.com/blog/threat-research/2019/01/bypassing-network-restrictions-through-rdp-tunneling.html
Google Cloud Blog
Bypassing Network Restrictions Through RDP Tunneling | Mandiant | Google Cloud Blog
GitHub - sailay1996/eternal-pulsar: Eternalblue-Doublepulsar without Metasploit or python
https://github.com/sailay1996/eternal-pulsar
https://github.com/sailay1996/eternal-pulsar
GitHub
GitHub - sailay1996/eternal-pulsar: Eternalblue-Doublepulsar without Metasploit or python
Eternalblue-Doublepulsar without Metasploit or python - GitHub - sailay1996/eternal-pulsar: Eternalblue-Doublepulsar without Metasploit or python
Mimikatz C# Wrapper
https://t.co/amYFILWWCh
Mimikatz in XSL
https://t.co/TRotg1HPgr
If it can run .NET, or JScript, or VBScript, or ... it can run Mimikatz...
https://t.co/amYFILWWCh
Mimikatz in XSL
https://t.co/TRotg1HPgr
If it can run .NET, or JScript, or VBScript, or ... it can run Mimikatz...
Gist
Updated Katz.cs - Latest Mimikatz, I mean honestly it is 2018...
Updated Katz.cs - Latest Mimikatz, I mean honestly it is 2018... - katz.cs
Lynis : Security auditing tool for Linux, macOS, and UNIX-based systems (Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional ) : https://t.co/JKnJuZXJ2d
Repo : https://t.co/MBl98ddJ4b
Repo : https://t.co/MBl98ddJ4b
Cisofy
Lynis - Security auditing and hardening tool for Linux/Unix
Lynis is an open source security auditing tool. Part of Lynis Enterprise Suite, its main goal is to audit and harden Unix and Linux based systems.
0day Alert: Bypassing CVE-2019-10875 or, Xiaomi's Mint Browser's URL Spoofing patch: Discovered by Renwa - Andmp | A blog about infosec, bug hunting and more!
https://www.andmp.com/2019/04/bypassing-cve-2019-10875-or-xiaomis.html?m=1
https://www.andmp.com/2019/04/bypassing-cve-2019-10875-or-xiaomis.html?m=1
Andmp | A blog about infosec, bug hunting and more!
0day Alert: Bypassing CVE-2019-10875 or, Xiaomi's Mint Browser's URL Spoofing patch: Discovered by Renwa
Infosec ramblings. Bug Bounty, vulnerability research and random things.
A Pentester’s Guide – Part 1 (OSINT – Passive Recon and Discovery of Assets) : https://t.co/JrGxbI6Wew
Part 2 : (OSINT – LinkedIn is Not Just for Jobs) : https://t.co/llKKseBYV4
Part 2 : (OSINT – LinkedIn is Not Just for Jobs) : https://t.co/llKKseBYV4
Sequoia
A Pentester's Guide - Part 1 (OSINT - Passive Recon and Discovery of Assets) | Sequoia
Sequoia Cyber Solutions is now known as NaviSec. Technical articles like this have been moved to delta.navisec.io https://delta.navisec.io/osint-for-p...
How regular expression and fuzzing change my approach for finding vulnerabilities (Series part 1.)
http://securityviacode.in/view_article/How%20regular%20expression%20and%20fuzzing%20change%20my%20approach%20for%20finding%20vulnerabilities%20(Series%20part%201.)
http://securityviacode.in/view_article/How%20regular%20expression%20and%20fuzzing%20change%20my%20approach%20for%20finding%20vulnerabilities%20(Series%20part%201.)
securityviacode.in
How regular expression and fuzzing change my approach for finding vulnerabilities (Series part 1.)
So I m starting my blog with this technical writeup. I have tried to write this blog for a long time. but as I was coding and reading different books in Freetime. it took me a bit of time but here am I with this.
How to do mobile application penetration testing:-
Part I:-
https://t.co/8J6ouL9Quk
Part 2:-
https://t.co/HzvijVY8oH
Part 3:-
https://t.co/vnaXsfPAcY
Part I:-
https://t.co/8J6ouL9Quk
Part 2:-
https://t.co/HzvijVY8oH
Part 3:-
https://t.co/vnaXsfPAcY
YouTube
How to do mobile application penetration testing, Part I
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device. Episode 2 - Return of the Network/Back-end Co...
A Pentester's Guide - Part 3 (OSINT, Breach Dumps, & Password Spraying)
https://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/
https://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/
GitHub - cujanovic/SSRF-Testing: SSRF (Server Side Request Forgery) testing resources
https://github.com/cujanovic/SSRF-Testing
https://github.com/cujanovic/SSRF-Testing
GitHub
GitHub - cujanovic/SSRF-Testing: SSRF (Server Side Request Forgery) testing resources
SSRF (Server Side Request Forgery) testing resources - cujanovic/SSRF-Testing
GodOfWar - Malicious Java WAR Builder With Built-In Payloads
http://amp.kitploit.com/2019/04/godofwar-malicious-java-war-builder.html?amp=0
http://amp.kitploit.com/2019/04/godofwar-malicious-java-war-builder.html?amp=0
KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
GodOfWar - Malicious Java WAR Builder With Built-In Payloads
GitHub - nongiach/sudo_inject: [Linux] Two Privilege Escalation techniques abusing sudo token
https://github.com/nongiach/sudo_inject
https://github.com/nongiach/sudo_inject
GitHub
GitHub - nongiach/sudo_inject: [Linux] Two Privilege Escalation techniques abusing sudo token
[Linux] Two Privilege Escalation techniques abusing sudo token - nongiach/sudo_inject
Release 2.2.0 20190411 Chrome database · gentilkiwi/mimikatz · GitHub
https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20190411
https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20190411
GitHub
gentilkiwi/mimikatz
A little tool to play with Windows security. Contribute to gentilkiwi/mimikatz development by creating an account on GitHub.
Bug Bounty Methodology · 0xhelloworld/public Wiki · GitHub
https://github.com/0xhelloworld/public/wiki/Bug-Bounty-Methodology
https://github.com/0xhelloworld/public/wiki/Bug-Bounty-Methodology
GitHub
Bug Bounty Methodology
stuff i'm willing to share with the world lol. Contribute to 0xhelloworld/public development by creating an account on GitHub.
Chaining Multiple Vulnerabilities + WAF bypass to Account Takeover in almost all Alibaba’s websites
https://medium.com/@y.shahinzadeh/chaining-multiple-vulnerabilities-waf-bypass-to-account-takeover-in-almost-all-alibabas-websites-f8643eaa2855
https://medium.com/@y.shahinzadeh/chaining-multiple-vulnerabilities-waf-bypass-to-account-takeover-in-almost-all-alibabas-websites-f8643eaa2855
Need to escalate privs? Have access to PowerShell? Pull the command history. PS v5 now logs everything!
cat (Get-PSReadlineOption).HistorySavePath
or
cat (Get-PSReadlineOption).HistorySavePath | sls password
or
cat (Get-PSReadlineOption).HistorySavePath | sls accountpassword
cat (Get-PSReadlineOption).HistorySavePath
or
cat (Get-PSReadlineOption).HistorySavePath | sls password
or
cat (Get-PSReadlineOption).HistorySavePath | sls accountpassword