Information Security
@sec_nerd_en
415 subscribers
157 photos
5 videos
9 files
2.28K links
Information Security News

we are @sec_nerd twin brother
Download Telegram
About
Blog
Apps
Platform
Join
Information Security
415 subscribers
Information Security
https://github.com/nikic/PHP-Fuzzer
GitHub
GitHub - nikic/PHP-Fuzzer: Experimental fuzzer for PHP libraries
Experimental fuzzer for PHP libraries. Contribute to nikic/PHP-Fuzzer development by creating an account on GitHub.
120 views
Information Security
http://ghostlulz.com/cross-origin-resource-sharing-cors/
121 views
Information Security
https://secrary.com/Random/windows_process_injection/
secrary[dot]com::blog
Windows Process Injection: Poisoned Explorer
https://secrary.com - Does it matter?
115 views
Information Security
https://nullsweep.com/http-security-headers-a-complete-guide/
Null Sweep
HTTP Security Headers - A Complete Guide
A description of each security header, why it is important, and how to configure your website in a secure way.
114 views
Information Security
https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters
Praetorian
Active Directory Visualization for Blue Teams and Threat Hunters | Praetorian
As a network defender, it can be easy to attribute a certain degree of omnipotence to attackers. Advanced threats have an uncanny knack for figuring out how to move through an environment without regards for passwords, roles, permissions, or what “should”…
108 views
Information Security
https://github.com/En14c/Erebus
GitHub
En14c/Erebus
Poc for ELF64 runtime infection via GOT poisoning technique by elfmaster - En14c/Erebus
101 views
Information Security
https://adsecurity.org/?p=2604
Active Directory Security
Detecting Offensive PowerShell Attack Tools
At DerbyCon V (2015), I presented on Active Directory Attack & Defense and part of this included how to detect & defend against PowerShell attacks. Update: I presented at BSides Charm (Baltimore) on PowerShell attack & defense in April 2016. More information…
103 views
Information Security
https://www.hahwul.com/2019/12/run-other-application-on-burp-suiteburp.html
91 views
Information Security
This media is not supported in your browser
VIEW IN TELEGRAM
Apereo Cas 4.2.X Remote Code Execution.(execution =xxx_ZXlKaGJH...):GIF
👇


and about the Apereo Cas 4.1.X Remote Code Execution.(execution =xxx_AAAAIg...):
https://twitter.com/pyn3rd/status/1001758511624212480
91 views
Information Security
https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/
90 views
Information Security
https://www.terabitweb.com/2019/03/20/analysis-of-a-chrome-zero-day-cve-2019-5786/
TerabitWeb Blog
Analysis of a Chrome Zero Day: CVE-2019-5786
Original Post from McAfee Author: Philippe Laulheret 1. Introduction On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019…
99 views
Information Security
https://media.ccc.de/v/36c3-10801-sigover_alpha

SigOver + alpha. Signal overshadowing attack on LTE and its applications
media.ccc.de
SigOver + alpha
As Long-Term Evolution (LTE) communication is based on over-the-air signaling, a legitimate signal can potentially be counterfeited by a ...
99 views
Information Security
Our 36c3 presentation video :
https://media.ccc.de/v/36c3-10505-the_great_escape_of_esxi#t=708
and slides:
https://url.cn/51kIMxY
😃
It's really a nice party. Hope to see you next year.
#36c3
media.ccc.de
The Great Escape of ESXi
VMware ESXi is an enterprise-class, bare-metal hypervisor developed by VMware for deploying and serving virtual computers. As the hypervi...
107 views
Information Security
109 views
Information Security
https://github.com/theori-io/pwnjs
GitHub
GitHub - theori-io/pwnjs: A Javascript library for browser exploitation
A Javascript library for browser exploitation. Contribute to theori-io/pwnjs development by creating an account on GitHub.
130 views
Information Security
https://media.ccc.de/v/36c3-10737-sim_card_technology_from_a-z
media.ccc.de
SIM card technology from A-Z
Billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is n...
109 views
Information Security
“Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty” by Omkar Bhagwat (th3_hidd3n_mist) https://link.medium.com/KABwitzpQ2
Medium
Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty
Hey everyone, I recently reported a dupe for a XSSI bug on a private program which paid out $300, to the original reporter. I believe the…
110 views
Information Security
https://wildfire.blazeinfosec.com/leveraging-web-application-vulnerabilities-to-steal-ntlm-hashes-2/
Blaze Information Security - Wildfire Labs
Leveraging web application vulnerabilities to steal NTLM hashes
Introduction NTLM authentication is the de-facto standard in corporate networks running Windows. There are a plethora of well-understood local attacks that take advantage of the way Windows perform automatic NTLM authentication, and abusing this feature is…
105 views
Information Security
https://github.com/alphaSeclab/awesome-rat/blob/master/Readme_en.md
GitHub
awesome-rat/Readme_en.md at master · alphaSeclab/awesome-rat
RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video. - alphaSeclab/awesome-rat
99 views
Information Security
https://gts3.org/2019/Real-World-CTF-2019-Safari.html
Systems Software and Security Lab
Hack The Real: An exploitation chain to break the Safari browser
Exploiting type confusion bugs in latest JSC and escaping the sandbox
94 views