Information Security
@sec_nerd_en
408 subscribers
157 photos
5 videos
9 files
2.28K links
Information Security News

we are @sec_nerd twin brother
Download Telegram
About
Blog
Apps
Platform
Join
Information Security
408 subscribers
Information Security
https://sametsahin.net/posts/administrator-level-privilege-escalation-story/
173 views
Information Security
#ctf

https://t.co/VDO5Cfv3uq
https://t.co/5iF9mwjyke
https://t.co/TaLRxitwZa
https://t.co/Ei9ZTPQBmE
https://t.co/QrLjokc25O
https://t.co/brop8j5LcQ
https://t.co/rMK6Ejc9SG
https://t.co/FsKr1eKhJH
https://t.co/zWK4bDSaXK

#bugbounty
GitHub
Gallopsled/pwntools
CTF framework and exploit development library. Contribute to Gallopsled/pwntools development by creating an account on GitHub.
115 views
Information Security
https://medium.com/bugbountywriteup/reflected-xss-on-microsoft-com-subdomains-4bdfc2c716df
Medium
Reflected XSS on microsoft.com subdomains
Microsoft replied that this is out of scope of their security program as well as not deemed this as a security vulnerability at all, so I…
109 views
Information Security
https://blog.ropnop.com/practical-usage-of-ntlm-hashes/
ropnop blog
Practical Usage of NTLM Hashes
I’ve shown all the different ways to own a Windows environment when you have a password - but having a hash is just as good! Don’t bother cracking - PTH!
100 views
Information Security
https://linux-kernel-labs.github.io/refs/heads/master/index.html
117 views
Information Security
https://github.com/ajinabraham/NodeJsScan
GitHub
GitHub - ajinabraham/nodejsscan: nodejsscan is a static security code scanner for Node.js applications.
nodejsscan is a static security code scanner for Node.js applications. - ajinabraham/nodejsscan
100 views
Information Security
https://www.breachlock.com/how-to-use-nodejsscan-for-sast-step-by-step-guide/
BreachLock
How to use NodeJsScan for SAST – Step-by-step Guide - BreachLock
How you can use NodeJsScan for SAST.NodeJsScan is a static code scanner which is used to find security flaws specifically in Node.js applications.
102 views
Information Security
https://telegra.ph/API-DOCS-takeover-on-Readmeio-03-19
Telegraph
API DOCS takeover on Readme.io
i've been invited in some private bugbounty program on bugcrowd platform and the scope is limited, i mean no wildcard subdomain allowed for submission report but if found something-something good, " Just reach out to support@bugcrowd.com " - Policy Okay !…
97 views
Information Security
https://itm4n.github.io/cve-2020-0863-windows-diagtrack-info-disclo/
itm4n’s blog
CVE-2020-0863 - An Arbitrary File Read Vulnerability in Windows Diagnostic Tracking Service
Although this vulnerability doesn’t directly result in a full elevation of privileges with code execution as NT AUTHORITY\SYSTEM, it is still quite interesting because of the exploitation “tricks” involved. Diagnostic Tracking Service (a.k.a. Connected User…
98 views
Information Security
Reflected XSS on microsoft[.]com subdomains

<script src=”<%= ResolveUrl(“~/Script.js”) %>”></script>

/(A(%22onerror='alert%601%60'testabcd))/

https://medium.com/bugbountywriteup/reflected-xss-on-microsoft-com-subdomains-4bdfc2c716df
Medium
Reflected XSS on microsoft.com subdomains
Microsoft replied that this is out of scope of their security program as well as not deemed this as a security vulnerability at all, so I…
117 views
Information Security
https://blog.securitybreached.org/2020/03/17/getting-started-in-android-apps-pentesting/
Security Breached Blog
Getting Started in Android Apps Pen-testing (Part-1)
Pen-testing android apps require different methodologies than web applications. The difference is that you have to figure out by different methods.
114 views
Information Security
https://github.com/saeeddhqan/Maryam
GitHub
GitHub - saeeddhqan/Maryam: Maryam: Open-source Intelligence(OSINT) Framework
Maryam: Open-source Intelligence(OSINT) Framework. Contribute to saeeddhqan/Maryam development by creating an account on GitHub.
113 views
Information Security
https://fidusinfosec.com/xsslash-a-tale-of-playing-quiplash-at-work/
Fidus Information Security
XSSLash - A Tale of Playing Quiplash at Work - Fidus Information Security
What do you get when you cross security consultants and playing games at lunch? XSS bypasses and a pot of really good coffee.
114 views
Information Security
https://portswigger.net/research/detecting-and-exploiting-path-relative-stylesheet-import-prssi-vulnerabilities
PortSwigger Research
Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities
Early last year Gareth Heyes unveiled a fascinating new technique for attacking web applications by exploiting path-relative stylesheet imports, and dubbed it ‘Relative Path Overwrite’. This attack tr
114 views
Information Security
https://medium.com/@asdqwedev/remote-image-upload-leads-to-rce-inject-malicious-code-to-php-gd-image-90e1e8b2aada
Medium
Remote Image Upload Leads to RCE (Inject Malicious Code to PHP-GD Image)
بسم الله الرحمن الرحيم
120 views
Information Security
https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
Medium
Application Whitelisting Bypass and Arbitrary Unsigned Code Execution Technique in winrm.vbs
Bypass Technique Description
130 views
Information Security
https://blog.cobaltstrike.com/2018/02/08/in-memory-evasion/
Cobalt Strike
Blog - Cobalt Strike
The Cobalt Strike Blog. Read new featured content, get updates on the latest patches, and insights into the future of red teaming tools.
127 views
Information Security
https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell
GitHub
GitHub - onSec-fr/Http-Asynchronous-Reverse-Shell: [POC] Asynchronous reverse shell using the HTTP protocol.
[POC] Asynchronous reverse shell using the HTTP protocol. - onSec-fr/Http-Asynchronous-Reverse-Shell
129 views
Information Security
XSS Payload JSON:

"}]}';alert('oBonito')</script>

#BugBounty #bugbountytips
98 views
Information Security
http://raviramesh.info/xml-attacks.html

http://raviramesh.info/mindset.html
100 views