Information Security – Telegram

Information Security

412 subscribers

157 photos

5 videos

9 files

2.28K links

Information Security News

we are @sec_nerd twin brother

Download Telegram

About

Blog

Apps

Platform

Information Security

412 subscribers

Information Security

https://jesspomfret.com/automatedlab-sql-server/

Using AutomatedLab to setup a SQL Server Lab

Using AutomatedLab to quickly spin up some SQL Server VMs for testing.

109 views11:08

Information Security

https://vullnerability.com/blog/microsoft-subdomain-account-takeover

101 views12:26

Information Security

https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/

Clickjacking on Google MyAccount Worth 7,500$

Recently, I got surprised from google, I found bug Clickjacking On Google My account. And they reward me 7,500$ for single bug. Amazing, right?. This bug I’ve found on March 2018, but the cli…

110 views12:43

Information Security

Exfiltrate data from a blind SQL Injection in SELECT clause.

SELECT SLEEP(ASCII(SUBSTRING((SELECT password FROM users WHERE name = 'admin'),1,1)/2));

Converts output of SUBSTRING query to ASCII code, divides it by two, then sleeps for that long (see response time for char code)

116 views19:35

Information Security

https://www.inputzero.io/2020/03/fuzzing-vim.html

www.inputzero.io

Fuzzing VIM with AFL

113 views11:30

Information Security

https://github.com/atmoner/TwitWork

GitHub - atmoner/TwitWork: ✨ Monitor twitter stream from nodejs electron

✨ Monitor twitter stream from nodejs electron. Contribute to atmoner/TwitWork development by creating an account on GitHub.

130 views11:32

Information Security

https://github.com/advisories/GHSA-h4mf-75hf-67w4

CVE-2020-5251 - GitHub Advisory Database

Information disclosure in parse-server

110 views14:11

Information Security

https://pentester.land/newsletter/2020/03/05/the-5-hacking-newsletter-95.html

The 5 Hacking NewsLetter 95

Our weekly favorite websec videos, articles, tips, tweets and more, curated with love for hackers by a hacker!

113 views14:14

Information Security

https://gist.github.com/davydany/0ad377f6de3c70056d2bd0f1549e1017

IP Tables (iptables) Cheat Sheet

IP Tables (iptables) Cheat Sheet. GitHub Gist: instantly share code, notes, and snippets.

125 views18:25

Information Security

https://zon8.re/posts/exploiting-an-accidentally-discovered-v8-rce/

Exploiting an Accidentally Discovered V8 RCE

Please start opening your eyes, if you have something that crashes, don’t just ignore it, don’t just click away…
Take the time to look at what happened, if you surf to a page with your web browser and your web browser disappears, and you surf to the page…

111 views09:11

Information Security

https://docs.microsoft.com/en-us/windows-hardware/drivers/network/packet-injection-functions

Packet Injection Functions - Windows drivers

114 views09:24

Information Security

https://medium.com/@ismailtasdelen/sql-injection-payload-list-b97656cfd66b

SQL Injection Payload List

116 views10:28

Information Security

https://github.com/blabla1337/skf-labs

GitHub - blabla1337/skf-labs: Repo for all the SKF Docker lab examples

Repo for all the SKF Docker lab examples. Contribute to blabla1337/skf-labs development by creating an account on GitHub.

115 views10:30

Information Security

https://github.com/scriptingxss/IoTGoat

GitHub - scriptingxss/IoTGoat: IoTGoat is a deliberately insecure firmware based on OpenWrt.

IoTGoat is a deliberately insecure firmware based on OpenWrt. - GitHub - scriptingxss/IoTGoat: IoTGoat is a deliberately insecure firmware based on OpenWrt.

115 views12:04

Information Security

https://www.zerodayinitiative.com/blog/2020/3/5/cve-2020-2555-rce-through-a-deserialization-bug-in-oracles-weblogic-server

Zero Day Initiative

Zero Day Initiative — CVE-2020-2555: RCE Through a Deserialization Bug in Oracle’s WebLogic Server

Insecure deserialization vulnerabilities have become a popular target for attackers/researchers against Java web applications. These vulnerabilities often lead to reliable remote code execution and are generally difficult to patch. In this blog post, we will…

112 views12:04

Information Security

https://packetstormsecurity.com/files/156642/php_fpm_rce.rb.txt

Packetstormsecurity

PHP-FPM 7.x Remote Code Execution ≈ Packet Storm

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

113 views12:06

Information Security

Univ of Cincinnati makes graduate-level Malware Analysis course public

https://class.malware.re

113 views12:10

Information Security

https://www.bugcrowd.com/blog/hacking-unicode-like-a-boss/

Hacking Unicode Like a Boss | @Bugcrowd

This guest post was authored by Charlie Eriksen, Bugcrowd researcher and CTO of Adversary. Adversary delivers a platform that provides technical security training and education opportunities with a focus on hands-on learning. In this blog he’s sharing a fantastic…

111 views18:15

Information Security

https://www.imperva.com/blog/remote-file-inclusion-rfi-detecting-the-undetectable/

Remote File Inclusion (RFI) - Detecting the Undetectable | Imperva

Intro Remote File Inclusion [RFI] is an attack exploiting the functionality in web applications which allows the inclusion of external source code without validating its content or origin. An RFI payload is a link that points to a malicious file that an application…

114 views18:16

Information Security

https://medium.com/@andripwn/wordpress-multiple-vulnerabilities-in-simple-login-log-plugin-19dc6560ca51

Wordpress: Multiple Vulnerabilities in Simple Login Log Plugin

WordPress: Multiple Vulnerabilities in Simple Login Log Plugin

114 views18:32