How to do mobile application penetration testing:-
Part I:-
https://t.co/8J6ouL9Quk
Part 2:-
https://t.co/HzvijVY8oH
Part 3:-
https://t.co/vnaXsfPAcY
Part I:-
https://t.co/8J6ouL9Quk
Part 2:-
https://t.co/HzvijVY8oH
Part 3:-
https://t.co/vnaXsfPAcY
YouTube
How to do mobile application penetration testing, Part I
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device. Episode 2 - Return of the Network/Back-end Co...
A Pentester's Guide - Part 3 (OSINT, Breach Dumps, & Password Spraying)
https://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/
https://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/
GitHub - cujanovic/SSRF-Testing: SSRF (Server Side Request Forgery) testing resources
https://github.com/cujanovic/SSRF-Testing
https://github.com/cujanovic/SSRF-Testing
GitHub
GitHub - cujanovic/SSRF-Testing: SSRF (Server Side Request Forgery) testing resources
SSRF (Server Side Request Forgery) testing resources - cujanovic/SSRF-Testing
GodOfWar - Malicious Java WAR Builder With Built-In Payloads
http://amp.kitploit.com/2019/04/godofwar-malicious-java-war-builder.html?amp=0
http://amp.kitploit.com/2019/04/godofwar-malicious-java-war-builder.html?amp=0
KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
GodOfWar - Malicious Java WAR Builder With Built-In Payloads
GitHub - nongiach/sudo_inject: [Linux] Two Privilege Escalation techniques abusing sudo token
https://github.com/nongiach/sudo_inject
https://github.com/nongiach/sudo_inject
GitHub
GitHub - nongiach/sudo_inject: [Linux] Two Privilege Escalation techniques abusing sudo token
[Linux] Two Privilege Escalation techniques abusing sudo token - nongiach/sudo_inject
Release 2.2.0 20190411 Chrome database · gentilkiwi/mimikatz · GitHub
https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20190411
https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20190411
GitHub
gentilkiwi/mimikatz
A little tool to play with Windows security. Contribute to gentilkiwi/mimikatz development by creating an account on GitHub.
Bug Bounty Methodology · 0xhelloworld/public Wiki · GitHub
https://github.com/0xhelloworld/public/wiki/Bug-Bounty-Methodology
https://github.com/0xhelloworld/public/wiki/Bug-Bounty-Methodology
GitHub
Bug Bounty Methodology
stuff i'm willing to share with the world lol. Contribute to 0xhelloworld/public development by creating an account on GitHub.
Chaining Multiple Vulnerabilities + WAF bypass to Account Takeover in almost all Alibaba’s websites
https://medium.com/@y.shahinzadeh/chaining-multiple-vulnerabilities-waf-bypass-to-account-takeover-in-almost-all-alibabas-websites-f8643eaa2855
https://medium.com/@y.shahinzadeh/chaining-multiple-vulnerabilities-waf-bypass-to-account-takeover-in-almost-all-alibabas-websites-f8643eaa2855
Need to escalate privs? Have access to PowerShell? Pull the command history. PS v5 now logs everything!
cat (Get-PSReadlineOption).HistorySavePath
or
cat (Get-PSReadlineOption).HistorySavePath | sls password
or
cat (Get-PSReadlineOption).HistorySavePath | sls accountpassword
cat (Get-PSReadlineOption).HistorySavePath
or
cat (Get-PSReadlineOption).HistorySavePath | sls password
or
cat (Get-PSReadlineOption).HistorySavePath | sls accountpassword
My Personal OSINT Techniques, Part 1 of 2: Key & Layer, Contingency Seeding - Reconnaissance - 0x00sec - The Home of the Hacker
http://0x00sec.org/t/my-personal-osint-techniques-part-1-of-2-key-layer-contingency-seeding/13033
http://0x00sec.org/t/my-personal-osint-techniques-part-1-of-2-key-layer-contingency-seeding/13033
0x00sec - The Home of the Hacker
My Personal OSINT Techniques, Part 1 of 2: Key & Layer, Contingency Seeding
We live in a world that is hyper communicative, with much of this communication occurring on the Internet. On the Internet, companies/products want to communicate their value to customers and people want to communicate with other people. Open Source Intelligence…
Emotet malware analysis. Part 1. | Persianov on Security
https://persianov.net/emotet-malware-analysis-part-1
https://persianov.net/emotet-malware-analysis-part-1
Persianov on Security
Emotet malware analysis. Part 1.
Analyzing Emotet malware, a trojan that is spread via phishing emails, malicious links and targets individuals, companies and governments.
File path traversal
https://portswigger.net/web-security/file-path-traversal
https://portswigger.net/web-security/file-path-traversal
portswigger.net
What is path traversal, and how to prevent it? | Web Security Academy
In this section, we explain: What path traversal is. How to carry out path traversal attacks and circumvent common obstacles. How to prevent path traversal ...
PHP deserialization techniques DRUPAL 1-CLICK TO RCE EXPLOIT CHAIN DETAILED
/sites/default/files/pictures/<YYYY-MM>/_0
instead of:
/sites/default/files/pictures/<YYYY-MM>/profile_pic.gif.
[Demo] https://t.co/ZkHof6sDzy
https://t.co/etmxwSWEBD
/sites/default/files/pictures/<YYYY-MM>/_0
instead of:
/sites/default/files/pictures/<YYYY-MM>/profile_pic.gif.
[Demo] https://t.co/ZkHof6sDzy
https://t.co/etmxwSWEBD
YouTube
Getting code execution through multiple Drupal vulnerabilities
Demonstrating how the bugs submitted through the ZDI Targeted Initiative Program (TIP) can be combined to get code execution on an affected Drupal server. An...
Invisi-Shell : Hide your Powershell script in plain sight (Bypass all Powershell security features) : https://t.co/Zsy5Bp4tJH
Presentation : Goodbye Obfuscation - Hello InvisiShell Hiding Your Powershell Script in Plain Sight : https://t.co/awYN09bcVE
Presentation : Goodbye Obfuscation - Hello InvisiShell Hiding Your Powershell Script in Plain Sight : https://t.co/awYN09bcVE
GitHub
OmerYa/Invisi-Shell
Hide your Powershell script in plain sight. Bypass all Powershell security features - OmerYa/Invisi-Shell
This repository contains all the noise and artifacts surrounding the development of a new implementation of #Meterpreter that is intended to run on the CLR.
https://t.co/8qKOnis9N7
https://t.co/8qKOnis9N7
GitHub
OJ/clr-meterpreter
The full story of the CLR implementation of Meterpreter - OJ/clr-meterpreter