Information Security – Telegram

Information Security

420 subscribers

157 photos

5 videos

9 files

2.28K links

Information Security News

we are @sec_nerd twin brother

Download Telegram

About

Blog

Apps

Platform

Information Security

420 subscribers

Information Security

https://osandamalith.com/2019/10/06/wql-injection/

🔐Blog of Osanda

WQL Injection | 🔐Blog of Osanda

Generally in application security, the user input must be sanitized. When it comes to SQL injection the root cause most of the time is because the input not being sanitized properly. I was curious …

121 views17:53

Information Security

https://techblog.mediaservice.net/2016/10/exploiting-ognl-injection/

109 views17:55

Information Security

https://techblog.mediaservice.net/2020/01/local-privilege-escalation-via-cde-dtsession/

111 views18:06

Information Security

https://twitter.com/chybeta/status/1217789114914725888?s=20

CVE-2020-2551 WebLogic RCE via IIOP protocol. https://t.co/WyKVkQASiL

147 views19:12

Information Security

https://media.ccc.de/v/Camp2019-10207-domain_computers_have_accounts_too

Domain computers have accounts, too!

In Microsoft Active Directory, computers also have their accounts. We used to consider them useless when they turned up during pentests, ...

124 views20:11

Information Security

https://github.com/Kudaes/LOLBITS

GitHub - Kudaes/LOLBITS: ** DISCONTINUED ** C2 framework that uses Background Intelligent Transfer Service (BITS) as communication…

** DISCONTINUED ** C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion. - Kudaes/LOLBITS

117 views20:11

Information Security

Authentication bypass

https://t.co/OIdGUOOH2k
https://t.co/99hgtbu1VF
https://t.co/gdwoqzKuWk
https://t.co/zZISYw8LWn
https://t.co/0taPKYA7bm
https://t.co/IWuP0H5qgC
https://t.co/mvf0GTQLT5
https://t.co/rLm72xTKd7
https://t.co/PxtfHsDKMZ
https://t.co/RQPOMH0wzH

#bugbounty #bugbountytips

Bypass Mobile PIN Verification

There was a 4 digit PIN for opening the app. First I thought this can be bypass using response manipulation. But wait ! not getting any…

151 viewsedited 16:12

Information Security

https://github.com/Mr-Un1k0d3r/PoisonHandler

GitHub - Mr-Un1k0d3r/PoisonHandler: lateral movement techniques that can be used during red team exercises

lateral movement techniques that can be used during red team exercises - Mr-Un1k0d3r/PoisonHandler

118 views18:05

Information Security

https://blog.ripstech.com/2019/magento-rce-via-xss/

Sonar's blogs showcase our solutions and products: SonarQube Cloud, SonarQube Server, and SonarQube for IDE - trusted by 400k+ organizations globally.

117 views18:05

Information Security

https://twitter.com/424f424f/status/1218044827314671617

I spent some time learning about blockdlls and parent process spoofing from @_RastaMouse and @_xpn_ . Using a recent sample from SubTee, I modified it to spoof the parent process and inject x64 shellcode from a dll on UNC into hidden iexplore.exe. https:…

118 views18:21

Information Security

https://brutelogic.com.br/blog/dom-based-xss-the-3-sinks/

DOM-based XSS - The 3 Sinks

The most common type of XSS (Cross-Site Scripting) is source-based. It means that injected JavaScript code comes from server side to execute in client side.
But there’s another main type, the DOM-based one, where injected malicious input does not come from…

121 views17:10

Information Security

https://www.kryptoslogic.com/blog/2020/01/rdp-to-rce-when-fragmentation-goes-wrong/

RDP to RCE: When Fragmentation Goes Wrong

Remote Desktop Gateway (RDG), previously known as Terminal Services Gateway, is a Windows Server component that provides routing for Remote Desktop (RDP). Rather then users connecting directly to an RDP Server, users instead connect and authenticate to the…

117 views17:50

Information Security

WebSocket attacks

1. https://t.co/1V2XJnYsrc
2. https://t.co/jbIZKoIflw
3. https://t.co/Fg7uUwd7YB
4. https://t.co/jOVTIFWUEk
5. https://t.co/iiVV2uzm0J
6. https://t.co/iiVV2uzm0J
7. https://t.co/iiVV2uzm0J
8. https://t.co/nRqwcFe4zX

#bugbounty #bugbountytips

cat ~/footstep.ninja/blog.txt

The HTML5 Herald

134 viewsedited 12:48

Information Security

https://twitter.com/mkp19901/status/1218787067708112896?s=20

Ease your pain of searching in searchsploit >> nmap -A -Pn -sV -p443,111,5038,878,22,3306,143,993,25 10.10.10.7 -oX result.xml >> searchsploit -x --nmap result.xml result.xml is the key

101 views19:09

Information Security

https://speakerdeck.com/riyazwalikar/api-security-testing-null-bangalore-january-2020

API Security Testing - null Bangalore January 2020

A list of checks/test cases you can run on API endpoints to discover security weaknesses. Talk presented at null Bangalore January 2020.

107 views19:10

Information Security

https://www.veracode.com/blog/research/exploiting-jndi-injections-java

Exploiting JNDI Injections in Java | Veracode

Application Security for the AI Era | Veracode

99 views19:11

Information Security

https://xss.pwnfunction.com/challenges/ww3/

97 views19:23

Information Security

https://medium.com/@Bank_Security/how-to-running-powershell-commands-without-powershell-exe-a6a19595f628

Run PowerShell without Powershell.exe — Best tools & techniques

To discover the best tool to run powershell script and malicious command line without using powershell.exe

118 views19:27

Information Security

https://github.com/ninoseki/mitaka

GitHub - ninoseki/mitaka: A browser extension for OSINT search

A browser extension for OSINT search. Contribute to ninoseki/mitaka development by creating an account on GitHub.

115 views19:30

Information Security

https://medium.com/@ditrizna/red-team-use-case-of-open-source-weaponization-5b22b0e287a5

Open-source based .NET malware development and AV evasion

Toxic combination of WebDav, donut, Covenant and TikiSpawn

119 views05:06