Information Security
@sec_nerd_en
414
subscribers
157
photos
5
videos
9
files
2.28K
links
Information Security News
we are
@sec_nerd
twin brother
Download Telegram
Join
Information Security
414 subscribers
Information Security
https://clement.notin.org/blog/2020/11/16/ntlm-relay-of-adws-connections-with-impacket/
clement.notin.org
NTLM relay of ADWS (WCF) connections with Impacket | Clément Notin | Blog
The NTLM relay feature of Impacket’s ntlmrelayx.py used to offer only two servers, HTTP and SMB, for incoming NTLM authenticated connections using those two ...
Information Security
https://twitter.com/emgeekboy/status/1328685165816786944?s=20
Twitter
Geekboy
SubFinder | dnsx | naabu | httpx | nuclei https://t.co/UsjdJ4pkhN
Information Security
https://twitter.com/matteyeux/status/1329393193419419649?s=20
Twitter
matteyeux
Jailbreaks Never Die: Exploiting iOS 13.7 (slides) https://t.co/LCqBNPSVzE
Information Security
https://samy.pl/webscan/
Information Security
https://medium.com/@richardson.brad/slack-recon-and-phishing-with-slackhound-fd4052eacf26
Medium
Slack Recon and Phishing with “Slackhound”
Slack is a widely used communication platform relied on by many companies. During past red team engagements our team found ourselves…
Information Security
https://twitter.com/lobuhisec/status/1329705441883017218?s=20
Twitter
LoBuHi
My biggest contribution to github ever made: byp4xx, a simple bash script to bypass 403 forbidden error using methods mentioned in #bugbountytips: https://t.co/SIqr61piiu
Information Security
https://github.com/rmdavy/HeapsOfFun
GitHub
GitHub - rmdavy/HeapsOfFun: AMSI Bypass Via the Heap
AMSI Bypass Via the Heap. Contribute to rmdavy/HeapsOfFun development by creating an account on GitHub.
Information Security
https://www.activecyber.us/activelabs/nvidia-geforce-experience-local-privilege-escalation-cve-2020-5990
Active Cyber
NVIDIA GeForce Experience Local Privilege Escalation (CVE-2020-5990)
GeForce Experience is the companion application to your GeForce GTX graphics card. It keeps your drivers up to date, automatically optimizes your game settings, and gives you the easiest way to...
Information Security
https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
PT SWARM
Path Traversal on Citrix XenMobile Server
Citrix Endpoint Management, aka XenMobile, is used for managing employee mobile devices and mobile applications. Usually it is deployed on the network perimeter and has access to the internal network due to Active Directory integration. This makes XenMobile…
Information Security
https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
Blogspot
ImageMagick - Shell injection via PDF password
"Use ImageMagick
®
to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) includ...
Information Security
https://github.com/sting8k/BurpSuite_403Bypasser
GitHub
GitHub - sting8k/BurpSuite_403Bypasser: Burpsuite Extension to bypass 403 restricted directory
Burpsuite Extension to bypass 403 restricted directory - sting8k/BurpSuite_403Bypasser
Information Security
https://medium.com/@qazbnm456/cve-2020-2551-unauthenticated-remote-code-execution-in-iiop-protocol-via-malicious-jndi-lookup-119bac7c1eb2
Medium
CVE-2020-2551: Unauthenticated Remote Code Execution in IIOP protocol via Malicious JNDI Lookup
TL;DR
Information Security
https://blog.cloudflare.com/cache-poisoning-protection/
The Cloudflare Blog
How Cloudflare protects customers from cache poisoning
A few days ago, Cloudflare — along with the rest of the world — learned of a "practical" cache poisoning attack. In this post I’ll walk through the attack and explain how Cloudflare mitigated it for our customers.
Information Security
https://xploitprotocol.medium.com/exploiting-oauth-2-0-authorization-code-grants-379798888893
Information Security
https://docs.ioin.in/writeup/ceukelai.re/_a_tale_of_two_offline_chrome_uxss_vulns_/index.html
Information Security
https://medium.com/@brianna.joy.m/how-to-build-an-effective-red-team-e5a49aa4c0cc
Medium
How to build an effective red team
This post is a collaboration between myself and Samantha Davison, Trust Engineering Leader. Sam is an expert in transforming security…
Information Security
https://github.com/schlae/sb-firmware
GitHub
GitHub - schlae/sb-firmware
Contribute to schlae/sb-firmware development by creating an account on GitHub.
Information Security
https://ihack4falafel.github.io/Patch-Diffing-with-Ghidra/
Low-level Shenanigans
Patch Diffing with Ghidra
IntroductionThis blog post is intended for folks who are interested in reverse engineering security patches, but don’t have access to expensive tools such as IDA Pro to perform such tasks. First off, we will create a program that introduces a common bug class…
Information Security
https://github.com/Chudry/Xerror
GitHub
GitHub - Chudry/Xerror: fully automated pentesting tool
fully automated pentesting tool. Contribute to Chudry/Xerror development by creating an account on GitHub.
Information Security
https://github.com/elddy/Nim-SMBExec
GitHub
GitHub - elddy/Nim-SMBExec: SMBExec implementation in Nim - SMBv2 using NTLM Authentication with Pass-The-Hash technique
SMBExec implementation in Nim - SMBv2 using NTLM Authentication with Pass-The-Hash technique - GitHub - elddy/Nim-SMBExec: SMBExec implementation in Nim - SMBv2 using NTLM Authentication with Pass-...
Information Security
https://www.kitploit.com/2020/11/damn-vulnerable-bank-vulnerable-banking.html
KitPloit - PenTest & Hacking Tools
Damn-Vulnerable-Bank - Vulnerable Banking Application For Android