Information Security
@sec_nerd_en
413
subscribers
157
photos
5
videos
9
files
2.28K
links
Information Security News
we are
@sec_nerd
twin brother
Download Telegram
Join
Information Security
413 subscribers
Information Security
https://github.com/trimstray/nginx-admins-handbook
GitHub
GitHub - trimstray/nginx-admins-handbook: How to improve NGINX performance, security, and other important things.
How to improve NGINX performance, security, and other important things. - trimstray/nginx-admins-handbook
Information Security
https://iwantmore.pizza/posts/meterpreter-psattack.html
Information Security
http://ghostlulz.com/xss-svg/?fbclid=IwAR01ZcyLPUp3iEP_rtqmc_1sS1bNn2BPfIBYWnis19o16tXliZ7FkiEQCAc
Information Security
https://www.loosebyte.com/google-cloud-vulnerability/
LooseByte
LooseByte - Google Cloud Blog Platform Vulnerability
A write-up about one vulnerability found by our team in the Google Cloud Blog platform.
Information Security
https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/cybercriminal%20groups/TA505/04-10-2019/Malware%20Analysis%2004-10-2019.md
GitHub
CyberThreatIntel/Malware Analysis 04-10-2019.md at master · StrangerealIntel/CyberThreatIntel
Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups - CyberThreatIntel/Malware Analysis 04-10-2019.md at master · StrangerealIntel/CyberThreatIntel
Information Security
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
GitHub
GitHub - blaCCkHatHacEEkr/PENTESTING-BIBLE: articles
articles. Contribute to blaCCkHatHacEEkr/PENTESTING-BIBLE development by creating an account on GitHub.
Information Security
https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.html
Information Security
https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-KoikeChubachi.pdf
Information Security
https://github.com/CapacitorSet/box-js
box-js : A tool for studying JavaScript malware
GitHub
GitHub - CapacitorSet/box-js: A tool for studying JavaScript malware.
A tool for studying JavaScript malware. Contribute to CapacitorSet/box-js development by creating an account on GitHub.
Information Security
https://blog.sucuri.net/2019/10/an-indirect-way-to-change-cpanel-passwords.html
Sucuri Blog
An Indirect Way to Change cPanel Passwords
Our researcher describes how attackers can modify contact email addresses in cPanel to gain unauthorized access and plant backdoors on compromised websites.
Information Security
https://www.fortinet.com/blog/threat-research/d-link-routers-found-vulnerable-rce.html
Fortinet Blog
Multiple D-Link Routers Found Vulnerable To Unauthenticated Remote Code Execution
FortiGuard Labs has discovered an unauthenticated command injection vulnerability in D-Link products that could lead to Remote Code Execution (RCE) upon successful exploitation. Learn more.…
Information Security
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
portswigger.net
Cross-Site Scripting (XSS) Cheat Sheet - 2025 Edition | Web Security Academy
Interactive cross-site scripting (XSS) cheat sheet for 2025, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.
Information Security
https://darungrim.com/research/2019-10-10-vulnerability-root-cause-analysis-with-time-travel-debugging.html
Darungrim
Vulnerability Root Cause Analysis With Time Travel Debugging
There are many ways to find vulnerabilities. One of the most scalable methods is fuzzing. In essence, fuzzing is a brute-forcing. In many cases, malformed in...
Information Security
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
Information Security
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-16928-exploiting-an-exim-vulnerability-via-ehlo-strings/
Trendmicro
CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings - TrendLabs Security Intelligence Blog
In September, security researchers discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy…
Information Security
https://medium.com/bugbountywriteup/from-security-misconfiguration-to-gaining-access-of-smtp-server-ed833e757e6e
Medium
From Security Misconfiguration to Gaining Access of SMTP server
Hello Guys!
Information Security
https://www.kitploit.com/2019/10/smtptester-tool-to-check-common.html
KitPloit - PenTest & Hacking Tools
SMTPTester - Tool To Check Common Vulnerabilities In SMTP Servers
Information Security
https://pentester.land/cheatsheets/2019/03/25/compilation-of-recon-workflows.html
Pentester Land
Compilation of recon workflows
Hi, this is a compilation of recon workflows found online. Use it as inspiration for creating your own Web pentest / bug bounty recon workflow.
These are all the ones that I could find. So if yours is missing and you want to see it featured above too, please…
Information Security
https://securitycafe.ro/2015/12/14/introduction-to-windows-shellcode-development-part-2/
Security Café
Introduction to Windows shellcode development – Part 2
If you missed the first part of this series, where you can read about what is a shellcode and how it works, you can find it here: Part I. In this part, I will cover required information in order to…
Information Security
https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
Medium
Arbitrary File Reading in Next.js < 2.4.1
Next.js is a quite popular (>13k stars on GitHub) framework for server-rendered React applications. It includes a NodeJS server which allows to render HTML pages dynamically. While digging into…
