Information Security

https://blog.ripstech.com/2018/php-object-injection/?utm_medium=Tweet&utm_campaign=Blog&utm_term=Security&utm_content=What%20is%20PHP%20Object%20Injection&utm_source=Twitter

119 views10:57

https://github.com/fireeye/commando-vm

GitHub

GitHub - mandiant/commando-vm: Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual…

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com - mandiant/commando-vm

120 views14:55

Information Security

https://www.evonide.com/vulncode-db-a-vulnerable-code-database/

136 views17:30

Information Security

Extracting SSH Private Keys from Windows 10 ssh-agent

https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/

ropnop blog

Extracting SSH Private Keys From Windows 10 ssh-agent

The newest Windows 10 update includes OpenSSH utilities, including ssh-agent. Here’s how to extract unencrypted saved private keys from the registry

187 views17:38

Information Security

https://unit42.paloaltonetworks.com/behind-the-scenes-with-oilrig/

Unit 42

Behind the Scenes with OilRig

Unit 42 digs into the recent OilRig data dump and finds new information on the breadth of attacks and OilRig’s toolset. Our analysis show OilRig attacks are broader than previously thought: 97 organizations in 27 countries, including the Middle East and China…

139 views15:04

Information Security

https://medium.com/@mattharr0ey/remote-code-execution-on-microsoft-edge-url-protocol-a67d0f96b32d

Medium

Remote code execution On Microsoft edge using URL Protocol

Introduction

103 views17:06

Information Security

EL3 Tour: Get the Ultimate Privilege of Android Phone

https://speakerdeck.com/hhj4ck/el3-tour-get-the-ultimate-privilege-of-android-phone

Speaker Deck

EL3 Tour: Get the Ultimate Privilege of Android Phone

Slides for INFILTRATE 2019

119 views17:09

Information Security

https://davidstorie.ca/using-lets-encrypt-with-powershell-empire/

David Storie

Using Let's Encrypt With PowerShell Empire - David Storie

Preface A friend had recently reached out to me for some assistance with using Let’s Encrypt with PowerShell Empire. They were attempting to follow the excellent article posted at one of my favourite blogs at Black Hills Information Security [ SOURCE ]. 95%…

132 views17:44

Information Security

https://ioactive.com/discovering-and-exploiting-a-vulnerability-in-androids-personal-dictionary/

195 views17:51

Information Security

How i was able to hack into databases of my university

https://medium.com/@fouadsarmi/how-i-was-able-to-hack-into-databases-of-my-university-669d6442a943

Medium

How i was able to hack into databases of my university

hello guys , after graduate from the high school i was interesting about hacking and penetration testing , so my full mind was surrounded…

164 views18:37

Information Security

A dive into Turla PowerShell usage

https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/

WeLiveSecurity

A dive into Turla PowerShell usage

ESET researchers show how, in a bid to evade detection, the Turla group leverages PowerShell scripts to inject malware directly into memory.

141 views18:53

Information Security

10 years of virtual dynamite: A high-level retrospective of ATM malware

https://blog.talosintelligence.com/2019/05/10-years-of-virtual-dynamite.html

Cisco Talos Blog

10 years of virtual dynamite: A high-level retrospective of ATM malware

ATM malware has evolved to include a number of different families and different actors behind them, ranging from criminal groups to actors affiliated with nation states.

182 views18:57

Information Security

I wonder if the driver knows how to exit ;)

665 views14:16

Information Security

https://github.com/microsoft/WSL2-Linux-Kernel

GitHub

GitHub - microsoft/WSL2-Linux-Kernel: The source for the Linux kernel used in Windows Subsystem for Linux 2 (WSL2)

The source for the Linux kernel used in Windows Subsystem for Linux 2 (WSL2) - microsoft/WSL2-Linux-Kernel

166 views08:06

Information Security

https://github.com/imuledx/OSINT_sources

GitHub

GitHub - imuledx/OSINT_sources

Contribute to imuledx/OSINT_sources development by creating an account on GitHub.

142 views10:59

Information Security

https://github.com/0xdevalias/wordlists

GitHub

GitHub - 0xdevalias/wordlists: A place to store my own wordlists, and link to others that are useful

A place to store my own wordlists, and link to others that are useful - GitHub - 0xdevalias/wordlists: A place to store my own wordlists, and link to others that are useful

148 views11:00

Information Security

https://github.com/internetwache/CT_subdomains

GitHub

GitHub - internetwache/CT_subdomains: An hourly updated list of subdomains gathered from certificate transparency logs

An hourly updated list of subdomains gathered from certificate transparency logs - internetwache/CT_subdomains

167 views11:01

Information Security

Сookie-based XSS exploitation | $2300 Bug Bounty story

https://medium.com/@iSecMax/%D1%81ookie-based-xss-exploitation-2300-bug-bounty-story-9bc532ffa564

Medium

Сookie-based XSS exploitation | $2300 Bug Bounty story

For quite a long time I have been hunting for vulnerabilities on the HackerOne platform, allocating a certain amount of time outside the…

141 views06:49

Information Security

Multiple vulnerabilities in Oracle Business Intelligence, admin session bypass trick

https://github.com/vah13/Oracle-BI-bugs#cve-2019-2768

GitHub

GitHub - vah13/Oracle-BI-bugs

Contribute to vah13/Oracle-BI-bugs development by creating an account on GitHub.

163 views06:56

Information Security

Payload to create a new user with Admin role exploiting Jenkins Metaprogramming RCE

https://gist.github.com/akhil-reni/e2116cc243af096ca3416168f49b3298

Gist

Jenkins Metaprogramming RCE Create new user

Jenkins Metaprogramming RCE Create new user . GitHub Gist: instantly share code, notes, and snippets.

138 views16:39

About

Blog

Apps

Platform