Information Security
@sec_nerd_en
414
subscribers
157
photos
5
videos
9
files
2.28K
links
Information Security News
we are
@sec_nerd
twin brother
Download Telegram
Join
Information Security
414 subscribers
Information Security
https://jlajara.gitlab.io/posts/2018/12/02/building_a_botnet_with_shodan.html
jlajara.gitlab.io
Building a botnet with Shodan · Jorge Lajara
Information Security
https://jlajara.gitlab.io/posts/2020/01/25/XSS_tag_event_analyzer.html
Information Security
https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157
Medium
Hacking Cryptocurrency Miners with OSINT Techniques
NOTE: All the methods I have explained are at your own risk
Information Security
https://mrr3boot.github.io/
Bug Bounty Repository
Bug Bounty Hunting:
A quick repo for any bug hunter
Information Security
https://whitton.io/articles/bypassing-google-authentication-on-periscopes-admin-panel/
Jack
Bypassing Google Authentication on Periscope's Administration Panel
Bug Bounty & Application Security
Information Security
https://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs/
shubs
High frequency security bug hunting: 120 days, 120 bugs
1) Intro & Motivations
At the start of of this year, I set myself a personal goal of finding 365 bugs in 365 days.
This was entirely motivated by wanting to challenge myself to find more security issues as I felt I'd been slacking off.
I thought back to…
Information Security
https://shubs.io/exploiting-markdown-syntax-and-telescope-persistent-xss-through-markdown-cve-2014-5144/
shubs
Exploiting Markdown Syntax and Telescope Persistent XSS through Markdown (CVE-2014-5144)
Exploiting Markdown Syntax
Markdown is wonderful. In fact, this blog post itself is written in Markdown. I don't need to use lengthy uneccessary HTML for simple things like links, tables, code blocks and lists. Nor do I need to go out of my way to do simple…
Information Security
https://www.exploit-db.com/docs/english/46515-file-transfer-skills-in-the-red-team-post-penetration-test.pdf
Information Security
https://nathandavison.com/blog/corsing-a-denial-of-service-via-cache-poisoning
Information Security
https://github.com/cloudfuzz/android-kernel-exploitation
GitHub
GitHub - cloudfuzz/android-kernel-exploitation: Android Kernel Exploitation
Android Kernel Exploitation. Contribute to cloudfuzz/android-kernel-exploitation development by creating an account on GitHub.
Information Security
https://www.reddit.com/r/graphql/comments/ea7zdj/new_security_risk_graphql_batching_attack/
reddit
New Security Risk: GraphQL Batching Attack
One of these documented but not commonly used behaviors is the ability to send multiple queries with a single GraphQL request, a.k.a....
Information Security
https://superevr.com/blog/2011/three-semicolon-vulnerabilities
Superevr
Three Semicolon Vulnerabilities — Superevr
I have three new web bugs to demonstrate. Each of them take advantage of how a semicolon character is interpreted by a web server or browser. Each of these bugs can be demonstrated on the latest release of Apache Tomcat 7.0.22, and the latest browsers. Exploitation…
Information Security
https://blog.yappare.com/2012/04/advance-oracle-blind-sql-injection.html
Yappare
Advance Oracle Blind SQL Injection
Had a job to test an application few days back. Its an application using java applet. Hurm..when I heard its an application via java applet...
Information Security
https://insomniasec.com/blog/auth0-jwt-validation-bypass
Information Security
https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training
GitHub
GitHub - appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training: Course content, lab setup instructions and documentation…
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training! - appsecco/breaking-and-pwning-apps-and-servers...
Information Security
https://blog.cm2.pw/exploiting-post-based-xssi/
Information Security
https://blog.yappare.com/2017/06/from-js-to-another-js-files-lead-to.html
Yappare
From JS to another JS files lead to authentication bypass
This was found in a private bug bounty. The scope is limited to a few of features that available to the public. Based on the previous repor...
Information Security
DNS Rebinding Filter Bypass
https://hackerone.com/reports/632101
HackerOne
GitLab disclosed on HackerOne: Server Side Request Forgery...
### Summary
This vulnerability allows attacker to send arbitrary requests to local network which hosts GitLab and read the response. This is possible due to flawed DNS rebinding protection.
The...
Information Security
https://updatefaker.com/
Updatefaker
Update Faker
Update Faker (updatefaker.com) is a harmless website to prank your friends, family or colleagues when they leave their computer unattended! It doesn't matter if they use Microsoft Windows, Apple OSX, or an older operating system, we've got you covered!
Information Security
https://www.notsosecure.com/exploiting-vlan-double-tagging/
NotSoSecure
Exploiting VLAN Double Tagging
We have all heard about VLAN double tagging attacks for a long time now. There have been many references and even a single packet proof of concept for VLAN double tagging attack but none of them
