Information Security – Telegram

Information Security

420 subscribers

157 photos

5 videos

9 files

2.28K links

Information Security News

we are @sec_nerd twin brother

Download Telegram

About

Blog

Apps

Platform

Information Security

420 subscribers

Information Security

https://github.com/xairy/vmware-exploitation

GitHub - xairy/vmware-exploitation: A collection of links related to VMware escape exploits

A collection of links related to VMware escape exploits - xairy/vmware-exploitation

110 views16:51

Information Security

https://www.blackhat.com/docs/eu-17/materials/eu-17-Mandal-The-Great-Escapes-Of-Vmware-A-Retrospective-Case-Study-Of-Vmware-G2H-Escape-Vulnerabilities.pdf

107 views16:52

Information Security

https://github.com/devanshbatham/ArchiveFuzz

GitHub - devanshbatham/ArchiveFuzz: Hunt down the secrets from the WebArchives for Fun and Profit

Hunt down the secrets from the WebArchives for Fun and Profit - devanshbatham/ArchiveFuzz

116 views17:12

Information Security

Some Blogs for iot penetration test
http://iotpentest.com
https://blog.attify.com
https://payatu.com/blog/
http://jcjc-dev.com
https://w00tsec.blogspot.in
http://devttys0.com
https://rtl-sdr.com
https://keenlab.tencent.com/en/
https://courk.cc
https://iotsecuritywiki.com

IoT Pentesting | Mr-IoT

134 views17:26

Information Security

Server Side Request Forgery via HTML injection in PDF download
https://blog.appsecco.com/server-side-request-forgery-via-html-injection-in-pdf-download-90ee4053e911

OTP Bypass on India’s Biggest Video Sharing Site
https://link.medium.com/dkdKvYCSC5

Exploiting an SSRF: Trials and Tribulations by @abugzlife1

https://link.medium.com/eUqLk4Bzu5

#bugbounty #bubgountytips

Journey of a security bug — From a naive-looking PDF Download to SSRF via HTML Injection in AWS

A post about how I approached a novel security issue and now I feel I achieved an important milestone in my journey as a pentester.

122 views17:35

Information Security

http://blog.orange.tw/2018/08/how-i-chained-4-bugs-features-into-rce-on-amazon.html

How I Chained 4 Bugs (Features?) into RCE on Amazon Collaboration System

Hi! This is the case study in my Black Hat USA 2018 and DEFCON 26 talk, you can also check slides here: Breaking Parser Logic! Take Your Path Normalization Off and Pop 0days Out In past two yea

116 views18:45

Information Security

https://github.com/devanshbatham/ParamSpider

GitHub - devanshbatham/ParamSpider: Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing - GitHub - devanshbatham/ParamSpider: Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/f...

114 views18:46

Information Security

Grep hostnames from ssl certificate

echo | openssl s_client -connect example\.com | openssl x509 -noout -text | grep DNS

#infosec #pentest #bugbounty

130 views18:53

Information Security

https://github.com/orangetw/My-CTF-Web-Challenges

GitHub - orangetw/My-CTF-Web-Challenges: Collection of CTF Web challenges I made

Collection of CTF Web challenges I made. Contribute to orangetw/My-CTF-Web-Challenges development by creating an account on GitHub.

124 views18:53

Information Security

https://github.com/daeken/httprebind

GitHub - daeken/httprebind: Automatic tool for DNS rebinding-based SSRF attacks

Automatic tool for DNS rebinding-based SSRF attacks - daeken/httprebind

131 views19:24

Information Security

https://www.secjuice.com/reconnaissance-for-beginners/

Reconnaissance for Beginners (2)

A beginners guide to reconnaissance and how to investigate a target.

130 views06:56

Information Security

https://twitter.com/aisecureme/status/1249371809247444997?s=19

Simple Steps for LFI:

150 views07:04

Information Security

https://github.com/tomnomnom/unfurl

GitHub - tomnomnom/unfurl: Pull out bits of URLs provided on stdin

Pull out bits of URLs provided on stdin. Contribute to tomnomnom/unfurl development by creating an account on GitHub.

126 views06:49

Information Security

https://echopwn.com/road-to-recon-with-echopwn-sh/

134 views06:54

Information Security

https://codewhitesec.blogspot.com/2018/07/lethalhta.html

CODE WHITE | Blog: LethalHTA - A new lateral movement technique using DCOM and HTA

The following blog post introduces a new lateral movement technique that combines the power of DCOM and HTA. The research on this t...

132 views17:19

Information Security

http://blog.redxorblue.com/2019/12/no-shells-required-using-impacket-to.html

No Shells Required - a Walkthrough on Using Impacket and Kerberos to Delegate Your Way to DA

There are a ton of great resources that have been released in the past few years on a multitude of Kerberos delegation abuse avenues. Howe...

126 views17:27

Information Security

https://techblog.mediaservice.net/2020/04/brida-0-4-is-out/

123 views17:28

Information Security

https://blog.isec.pl/xss-fun-with-animated-svg/

XSS fun with animated SVG

Bypassing WAF by inserting a JavaScript URL in the middle of the SVG image.

133 views17:54

Information Security

https://challenge.intigriti.io/

X (formerly Twitter)

Intigriti (@intigriti) on X

⏰ It's CHALLENGE O'CLOCK!
👉 Capture the flag before Thursday the 26th of June
👉 Win €400 in SWAG prizes
👉 We'll release a tip for every 100 likes on this tweet

Thanks @Toogidog for the challenge 👇

https://t.co/7koFEiaTaA

131 views18:06

Information Security

default credentials:
• http://securityoverride.org
• http://routerpasswords.com
• http://w3dt.net
• http://cirt.net
• http://default-password.info
• http://defaultpassword.us
• http://passwordsdatabase.com
• https://hashes.org
• http://open-sez.me
#OSINT

147 views18:15