Information Security

Java is known for its backward-compatibility and modern projects use a wide range of old libraries. However, such libraries are often left unsupported by maintainers for a long time and highly insecure.

129 views15:44

JSON Web Tokens vs. Session Cookies for Authentication
https://t.co/ok14MFmdvL

Remembering the Shellshock Vulnerability
https://t.co/xUGGhKSvP5

4 Uncommon Python Tricks You Should Learn
https://t.co/bOOvVe92Us

#bugbountytips

129 viewsedited 19:43

Information Security

https://smaranchand.com.np/2020/02/the-tricky-xss/

Smaran Chand

The Tricky XSS

Hello everyone, I would like to share a riveting issue regarding XSS (Cross-Site Scripting ) I endured a few months ago. Cross-site scripting (XSS) is a type of security vulnerability typically fou…

123 views05:29

Information Security

http://www.labofapenetrationtester.com/2017/03/using-sql-server-for-attacking-forest-trust.html?m=1

Labofapenetrationtester

Using SQL Server for attacking a Forest Trust

Home of Nikhil SamratAshok Mittal. Posts about Red Teaming, Offensive PowerShell, Active Directory and Pen Testing.

120 views15:37

Information Security

https://thephp.cc/news/2020/02/phpunit-a-security-risk

thephp.cc

PHPUnit: A Security Risk? | The PHP Consulting Company

Sebastian Bergmann explains why PHPUnit must not be installed on a webserver.

113 views15:42

Information Security

https://www.kitploit.com/2020/02/mouse-framework-ios-and-macos-post.html

KitPloit - PenTest & Hacking Tools

Mouse Framework - An iOS And macOS Post Exploitation Surveillance Framework That Gives You A Command Line Session With Extra Functionality…

117 views15:44

Information Security

#BashTools

command-line fuzzy finder
https://github.com/junegunn/fzf
the-art-of-command-line
https://github.com/jlevy/the-art-of-command-line
pure-bash-bible
https://github.com/dylanaraps/pure-bash-bible
a static analysis tool for shell scripts
https://github.com/koalaman/shellcheck
Awesome-shell
https://github.com/alebcay/awesome-shell

#bugbountytips,#bugbounty

GitHub

GitHub - junegunn/fzf: :cherry_blossom: A command-line fuzzy finder

:cherry_blossom: A command-line fuzzy finder. Contribute to junegunn/fzf development by creating an account on GitHub.

127 views16:48

Information Security

https://www.acunetix.com/blog/articles/dns-zone-transfers-axfr/

Acunetix

What are DNS zone transfers (AXFR)?

DNS zone transfers using the AXFR protocol are the simplest mechanism to replicate DNS records across DNS servers. To avoid the need to edit information on multiple DNS servers, you can edit information on one server and use AXFR to copy information to other…

121 views17:13

Information Security

https://nordicapis.com/understanding-the-hidden-powers-of-curl/

Nordic APIs

Understanding the Hidden Powers of curl | Nordic APIs |

Most API developers are well aware of curl, but did you realize just how many features it has? We uncover the hidden features behind curl, HTTP’s Swiss Army Knife.

115 views19:59

Information Security

https://medium.com/@malavsharma/magic-of-shodan-15dd17854099

Medium

MAGIC OF SHODAN

Information on how to recon on shodan

120 views15:08

Information Security

https://medium.com/@pravinponnusamy/ssrf-payloads-f09b2a86a8b4

Medium

SSRF payloads

Payloads with localhost

140 views15:16

Information Security

#RCE

https://t.co/F9of890IQh
https://t.co/dTuAIHIk7t
https://t.co/LNe2A8xwOM
https://t.co/8BCSrzAo72
https://t.co/qPB62I7qNo
https://t.co/XdwFJjUCVX
https://t.co/j9Db6GVmp7
https://t.co/NdhxcUnIs6
https://t.co/Z364swmX8G

#bugbounty,#bugbountytips

spaceraccoon.dev

A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell — spaceraccoon.dev

XML and ZIP - A Tale as Old As Time While researching a bug bounty target, I came across a web application that processed a custom file ...

106 views17:59

Information Security

https://ray-cp.github.io/archivers/browser-pwn-cve-2020-6418%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90

https://github.com/ray-cp/browser_pwn/tree/master/cve-2020-6418

GitHub

ray-cp/browser_pwn

browser pwn, main work now. Contribute to ray-cp/browser_pwn development by creating an account on GitHub.

101 views18:01

Information Security

https://nafod.net/blog/2020/02/29/zdi-19-421-uhci.html

nafod

Pwning VMware, Part 2: ZDI-19-421, a UHCI bug

Though we’re now almost to March, I’m still spending my free time working though VMware pwning as part of my 2019 advent calendar. I’d given myself 3 VMware challenges to look at, including one CTF challenge from Real World CTF Finals in 2018, and two n-days…

98 views18:02

Information Security

https://medium.com/@markmotig/uglyexe-bypass-some-avs-4a10313277aa

Medium

UglyEXe — bypass some AVs

This is for educational purposes only.

96 views18:20

Information Security

An interesting way to use https://lolbas-project.github.io/lolbas/Libraries/Advpack/

a dropped INF, loading your local dll without it being shown in the rundll32.exe command line

then deleting the INF.

Demo:

https://pastebin.com/3De4bNQR

Pastebin

@echo off echo [version]>>"%temp%\drp.inf" echo signature="$CHICAGO$">>"%temp% - Pastebin.com

97 views18:22

Information Security

https://blog.doyensec.com/2020/02/19/solokeys-audit.html

Doyensec

Security Analysis of the Solo Firmware

We engaged Doyensec to perform a security assessment of our firmware, v3.0.1 at the time of testing. During a 10 person/days project, Doyensec discovered and reported 3 vulnerabilities in our firmware. While two of the issues are considered informational…

100 views18:53

Information Security

https://docs.alephdata.org/guide/vis-desktop

#osint

docs.alephdata.org