Information Security
@sec_nerd_en
408 subscribers
157 photos
5 videos
9 files
2.28K links
Information Security News

we are @sec_nerd twin brother
Download Telegram
About
Blog
Apps
Platform
Join
Information Security
408 subscribers
Information Security
#WAF #ModSecurity #RCE #Payloads Detection #Bypass
;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?
121 views
Information Security
https://github.com/skysafe/reblog/blob/master/0000-defeating-a-laptops-bios-password/README.md
GitHub
reblog/0000-defeating-a-laptops-bios-password/README.md at main · skysafe/reblog
SkySafe Miscellaneous Reverse Engineering Blog. Contribute to skysafe/reblog development by creating an account on GitHub.
110 views
Information Security
https://research.nccgroup.com/2020/02/21/cve-2018-8611-diving-into-the-windows-kernel-transaction-manager-ktm-for-fun-and-exploitation/
NCC Group Research
CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation
Written by Cedric Halbronn On Saturday 15th February, I gave a talk titled “How CVE-2018-8611 Can be Exploited to Achieve Privilege Escalation on Windows 10 1809 (RS5) and Earlier”. Thi…
110 views
Information Security
https://mobile-security.gitbook.io/mobile-security-testing-guide/appendix/0x08-testing-tools
114 views
Information Security
https://mobile-security.gitbook.io/mobile-security-testing-guide/overview/0x04b-mobile-app-security-testing
113 views
Information Security
https://github.com/xHak9x/SocialPhish
113 views
Information Security
https://github.com/DarkSecDevelopers/HiddenEye
111 views
Information Security
https://codurance.com/2019/05/30/accessing-and-dumping-jenkins-credentials/
Codurance
Accessing and dumping Jenkins credentials | Codurance
Jenkins offers a credentials store where we can keep our secrets. Of someone stole your source code and dumped your databases, you might think it's game over, but that's not always true...
120 views
Information Security
https://blog.intigriti.com/2020/02/24/twitter-recap-1-bug-bounty-tips-by-the-intigriti-community/
Intigriti
Twitter Recap #1 - Bug Bounty Tips by the Intigriti Community
  Bug Bounty Tips Over the past years we have shared a lot of  tips to help our readers in one way or another. Thinking outside the box or trying a different approach could be the defining factor in...
134 views
Information Security
https://medium.com/@ozguralp/write-up-aws-document-signing-security-control-bypass-2b13a9c22a4d
Medium
Write-up: AWS Document Signing Security Control Bypass
While I prefer more to write/talk about far-going topics instead of just one vulnerability write-up, I decided to make an exception for…
124 views
Information Security
https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html
0x09AL Security blog
Bypassing Web-Application Firewalls by abusing SSL/TLS
During the latest years Web Security has become a very important topic in the IT Security field. The advantages the web offers resulted in very critical services being developed as web applications. The business requirements for their web applications security…
134 views
Information Security
https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf
136 views
Information Security
https://www.acunetix.com/blog/web-security-zone/old-java-libraries/
Acunetix
The curse of old Java libraries | Acunetix
Java is known for its backward-compatibility and modern projects use a wide range of old libraries. However, such libraries are often left unsupported by maintainers for a long time and highly insecure.
129 views
Information Security
JSON Web Tokens vs. Session Cookies for Authentication
https://t.co/ok14MFmdvL

Remembering the Shellshock Vulnerability
https://t.co/xUGGhKSvP5

4 Uncommon Python Tricks You Should Learn
https://t.co/bOOvVe92Us

#bugbountytips
129 viewsedited  
Information Security
https://smaranchand.com.np/2020/02/the-tricky-xss/
Smaran Chand
The Tricky XSS
Hello everyone, I would like to share a riveting issue regarding XSS (Cross-Site Scripting ) I endured a few months ago. Cross-site scripting (XSS) is a type of security vulnerability typically fou…
123 views
Information Security
http://www.labofapenetrationtester.com/2017/03/using-sql-server-for-attacking-forest-trust.html?m=1
Labofapenetrationtester
Using SQL Server for attacking a Forest Trust
Home of Nikhil SamratAshok Mittal. Posts about Red Teaming, Offensive PowerShell, Active Directory and Pen Testing.
120 views
Information Security
https://thephp.cc/news/2020/02/phpunit-a-security-risk
thephp.cc
PHPUnit: A Security Risk? | The PHP Consulting Company
Sebastian Bergmann explains why PHPUnit must not be installed on a webserver.
113 views
Information Security
https://www.kitploit.com/2020/02/mouse-framework-ios-and-macos-post.html
KitPloit - PenTest & Hacking Tools
Mouse Framework - An iOS And macOS Post Exploitation Surveillance Framework That Gives You A Command Line Session With Extra Functionality…
117 views
Information Security
#BashTools

command-line fuzzy finder
https://github.com/junegunn/fzf
the-art-of-command-line
https://github.com/jlevy/the-art-of-command-line
pure-bash-bible
https://github.com/dylanaraps/pure-bash-bible
a static analysis tool for shell scripts
https://github.com/koalaman/shellcheck
Awesome-shell
https://github.com/alebcay/awesome-shell

#bugbountytips,#bugbounty
GitHub
GitHub - junegunn/fzf: :cherry_blossom: A command-line fuzzy finder
:cherry_blossom: A command-line fuzzy finder. Contribute to junegunn/fzf development by creating an account on GitHub.
127 views
Information Security
https://www.acunetix.com/blog/articles/dns-zone-transfers-axfr/
Acunetix
What are DNS zone transfers (AXFR)?
DNS zone transfers using the AXFR protocol are the simplest mechanism to replicate DNS records across DNS servers. To avoid the need to edit information on multiple DNS servers, you can edit information on one server and use AXFR to copy information to other…
121 views