Information Security
@sec_nerd_en
417
subscribers
157
photos
5
videos
9
files
2.28K
links
Information Security News
we are
@sec_nerd
twin brother
Download Telegram
Join
Information Security
417 subscribers
Information Security
https://medium.com/bugbountywriteup/bug-bounty-lets-bypass-an-entire-web-app-s-csrf-protection-friend-link-b69c43e9dcf7
Medium
Bug Bounty: Let’s Bypass an entire Web App’s CSRF protection
CSRF token is not always enough
Information Security
https://sid-500.com/2020/07/31/powershell-convert-ps1-files-to-exe-files/
SID-500.COM
PowerShell: Convert .ps1 Files to .exe Files
Have you ever dreamed of creating exe files out of your PowerShell scripts? If yes, read on. In this post I will show you how you can create exe files with a small and simple program called ps2exe.
Information Security
https://cloud.google.com/blog/products/identity-security/preventing-lateral-movement-in-google-compute-engine
Google Cloud Blog
Compute Engine: Prevent compromises and better defend against lateral movement | Google Cloud Blog
Best practices, including concrete “dos and don’ts,” that can help you prevent security misconfigurations on Google Compute Engine.
Information Security
https://www.bleepingcomputer.com/news/security/bypassing-windows-10-uac-with-mock-folders-and-dll-hijacking/
BleepingComputer
Bypassing Windows 10 UAC with mock folders and DLL hijacking
A new technique uses a simplified process of DLL hijacking and mock directories to bypass Windows 10's UAC security feature and run elevated commands without alerting a user.
Information Security
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/Cisco%20Password%20Cracking%20and%20Decrypting%20Guide%20-%20InfosecMatter.pdf
GitHub
blaCCkHatHacEEkr/PENTESTING-BIBLE
Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hackin...
Information Security
https://github.com/5h3r10ck/CTF_Writeups/tree/master/H%40ctivitycon_writeups
GitHub
ctf-writeups/H@ctivitycon_writeups at master · 5h3r10ck/ctf-writeups
Contribute to 5h3r10ck/ctf-writeups development by creating an account on GitHub.
Information Security
http://www.righto.com/2020/08/reverse-engineering-adder-inside-intel.html
Righto
Reverse-engineering the adder inside the Intel 8086
The Intel 8086 processor contains many interesting components that can be understood through reverse engineering. In this article, I'll di...
Information Security
https://www.trenchesofit.com/2020/08/01/data-exfiltration-with-base64/
Information Security
https://github.com/cr0hn/festin
GitHub
GitHub - cr0hn/festin: FestIn - Open S3 Bucket Scanner
FestIn - Open S3 Bucket Scanner. Contribute to cr0hn/festin development by creating an account on GitHub.
Information Security
https://github.com/irsl/CVE-2020-1313
GitHub
GitHub - irsl/CVE-2020-1313: Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability
Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability - irsl/CVE-2020-1313
Information Security
https://twitter.com/jas502n/status/1281631563017367552
Twitter
Jas502n
#CVE-2020-5902 bypass Rules /hsqldb; bypass /hsqldb%0a fix: https://t.co/i5VkDCunU0
Information Security
https://csea-iitb.github.io/IITBreachers-wiki/2020/08/01/Hacking-Sites.html
csea-iitb.github.io
Hacking sites - CTF-wiki
There are plethora of challenge/hacking sites where one could find cool challenges any time of the year.Some of them are ranked and have their own scoreboard...
Information Security
https://medium.com/@pranavvenkats/how-i-got-6000-from-google-a4670aa4158d
Medium
How I got 6000$ from #Google
Hey all ,
Information Security
http://www.economyofmechanism.com/office365-authbypass.html
Economy of mechanism
The road to hell is paved with SAML Assertions
Cross Domain Authentication Bypass in Office 365
Information Security
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-1.html
Blogspot
Exploiting Android Messengers with WebRTC: Part 1
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in We...
Information Security
https://github.com/odedshimon/BruteShark
GitHub
GitHub - odedshimon/BruteShark: Network Analysis Tool
Network Analysis Tool. Contribute to odedshimon/BruteShark development by creating an account on GitHub.
Information Security
https://github.com/jmdx/TLS-poison/
GitHub
GitHub - jmdx/TLS-poison
Contribute to jmdx/TLS-poison development by creating an account on GitHub.
Information Security
https://sidechannel.tempestsi.com/path-traversal-vulnerability-in-securenvoy-impacts-on-remote-command-execution-through-file-upload-ec2e731bd50a
Medium
Path Traversal Vulnerability in SecurEnvoy impacts on remote command execution through file upload
Tempest’s consulting team has found a vulnerability in the SecurMail module of the SecurEnvoy product. SecurMail promises to securely send…
Information Security
https://medium.com/@TheJulfikar/how-i-won-my-first-bounty-in-15-seconds-da5789f13258
Medium
How I Woned My First Bounty In 15 Seconds
Hello peoples, I’m Muhammad Julfikar Hyder from Bangladesh back again with my first bounty story today. You can also read my previous blog…
Information Security
https://medium.com/walmartglobaltech/hacking-cisco-sd-wan-vmanage-19-2-2-from-csrf-to-remote-code-execution-5f73e2913e77
Medium
Hacking Cisco SD-WAN vManage 19.2.2 — From CSRF to Remote Code Execution
Introduction
