Information Security – Telegram

Information Security

408 subscribers

157 photos

5 videos

9 files

2.28K links

Information Security News

we are @sec_nerd twin brother

Download Telegram

About

Blog

Apps

Platform

Information Security

408 subscribers

Information Security

https://evasions.checkpoint.com/

Evasion techniques

Malware Evasion Encyclopedia

98 views19:15

Information Security

https://www.bugcrowd.com/blog/hacking-unicode-like-a-boss/

Hacking Unicode Like a Boss | @Bugcrowd

This guest post was authored by Charlie Eriksen, Bugcrowd researcher and CTO of Adversary. Adversary delivers a platform that provides technical security training and education opportunities with a focus on hands-on learning. In this blog he’s sharing a fantastic…

99 views19:40

Information Security

https://opensource.googleblog.com/2020/03/fuzzbench-fuzzer-benchmarking-as-service.html

Google Open Source Blog

FuzzBench: Fuzzer Benchmarking as a Service

103 views19:58

Information Security

#SQLi
SQLiScanner
https://github.com/0xbug/SQLiScanner
Fox-scan
https://github.com/fengxuangit/Fox-scan
Atlas
https://github.com/m4ll0k/Atlas
Sqli-hunter
https://github.com/zt2/sqli-hunter
AutoSQLi
https://github.com/sheldoncoupeheure/AutoSQLi
Sqlmap4burp++
https://github.com/c0ny1/sqlmap4burp-plus-plus
Sqlmap tamper api
https://github.com/KINGSABRI/sqlmap-tamper-api

#bugbounty.#bugbountytips

GitHub - 0xbug/SQLiScanner: Automatic SQL injection with Charles and sqlmap api

Automatic SQL injection with Charles and sqlmap api - 0xbug/SQLiScanner

141 views20:03

Information Security

https://github.com/hartator/wayback-machine-downloader

GitHub - hartator/wayback-machine-downloader: Download an entire website from the Wayback Machine.

Download an entire website from the Wayback Machine. - hartator/wayback-machine-downloader

109 views20:04

Information Security

https://github.com/fairyming/CVE-2020-9548/

GitHub - fairyming/CVE-2020-9548: CVE-2020-9548：FasterXML/jackson-databind 远程代码执行漏洞

CVE-2020-9548：FasterXML/jackson-databind 远程代码执行漏洞. Contribute to fairyming/CVE-2020-9548 development by creating an account on GitHub.

103 views06:47

Information Security

https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

Vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially…

107 views07:12

Information Security

https://github.com/alebcay/awesome-shell

GitHub - alebcay/awesome-shell: A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome…

A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php. - alebcay/awesome-shell

115 views07:17

Information Security

https://ngailong.wordpress.com/2019/04/07/old-but-gold-dot-dot-slash-to-get-the-flag-uber-microservice/amp/?__twitter_impression=true

Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice

Uber is built on a bunch of microservices, naturally, if you want to interact with microservice, you may want to use some REST apis to do it. Say you want to fetch the driver’s past trip hist…

105 views16:22

Information Security

https://www.leadroyal.cn/?p=914

http://scz.617.cn/misc/201911011122.txt

#xxe

107 views18:37

Information Security

https://medium.com/@kenanistaken/sop-bypass-ecae7f4a5c00

101 views19:00

Information Security

https://osandamalith.com/2019/08/26/converting-an-exe-to-a-dll/

🔐Blog of Osanda

Converting an EXE to a DLL | 🔐Blog of Osanda

I’ve been doing some crazy experiments on running an EXE as a DLL. Here are some parts of my research. Case #1 Let’s take a simple example like a MessageBox. [crayon-66755c969f20e947920713/] After …

102 views19:38

Information Security

https://redcanary.com/blog/heavens-gate-technique-on-linux/

Unlocking the Heaven's Gate Technique on Linux

Attackers may evade user-mode Linux security instrumentation by directly invoking 32-bit and 64-bit syscall interfaces.

112 views08:56

Information Security

Here's some Forensics Resources.

Windows Forensic Artifacts:
1. https://raw.githubusercontent.com/ForensicArtifacts/artifacts/master/data/windows.yaml
2. https://sans.org/security-resources/posters/windows-forensic-analysis/170/download
3. https://digital-forensics.sans.org/media/SANS_Poster_2018_Hunt_Evil_FINAL.pdf

Linux Forensic Artifacts:
1. https://raw.githubusercontent.com/ForensicArtifacts/artifacts/master/data/linux.yaml

MacOS X Forensic Artifacts:
1. https://raw.githubusercontent.com/ForensicArtifacts/artifacts/master/data/macos.yaml

134 views09:03

Information Security

https://medium.com/@ryancor/extracting-embedded-payloads-from-malware-aaca8e9aa1a9

Extracting Embedded Payloads From Malware

One of my all time favorite subfields of reverse engineering is the dissection of viruses. In this article I will be exploring malware…

114 views09:08

Information Security

https://www.xda-developers.com/jailbreak-apple-iphone-using-checkra1n-rooted-android-phone/

Your rooted Android phone can jailbreak an iPhone with checkra1n

You can now jailbreak several popular iPhones using your rooted Android smartphone, thanks to checkra1n and its recent Linux support. Check it out!

110 views11:06

Information Security

https://jesspomfret.com/automatedlab-sql-server/

Using AutomatedLab to setup a SQL Server Lab

Using AutomatedLab to quickly spin up some SQL Server VMs for testing.

108 views11:08

Information Security

https://vullnerability.com/blog/microsoft-subdomain-account-takeover

100 views12:26

Information Security

https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/

Clickjacking on Google MyAccount Worth 7,500$

Recently, I got surprised from google, I found bug Clickjacking On Google My account. And they reward me 7,500$ for single bug. Amazing, right?. This bug I’ve found on March 2018, but the cli…

109 views12:43

Information Security

Exfiltrate data from a blind SQL Injection in SELECT clause.

SELECT SLEEP(ASCII(SUBSTRING((SELECT password FROM users WHERE name = 'admin'),1,1)/2));

Converts output of SUBSTRING query to ASCII code, divides it by two, then sleeps for that long (see response time for char code)

115 views19:35