Information Security
@sec_nerd_en
408
subscribers
157
photos
5
videos
9
files
2.28K
links
Information Security News
we are
@sec_nerd
twin brother
Download Telegram
Join
Information Security
408 subscribers
Information Security
https://github.com/hardenedlinux/harbian-qa/blob/master/syzkaller/kstate_resource.md
GitHub
hardenedlinux/harbian-qa
Bug hunting through fuzzer/*-sanitizer/etc... Contribute to hardenedlinux/harbian-qa development by creating an account on GitHub.
Information Security
https://twitter.com/citronneur/status/1286314161102872577
Twitter
Sylvain Peyrefitte
Capture NamedPipe traffic using #Wireshark #ETW and the fabulous file sytem filter driver from @kobyk ! #Windows #Internal github.com/airbus-cert/Wi…
Information Security
https://twitter.com/aboul3la/status/1286012324722155525
Twitter
Ahmed Aboul-Ela
Here is POC of CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. For example to read "/+CSCOE+/portal_inc.lua" file. https://<domain>/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../…
Information Security
https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf
Information Security
https://seanmelia.files.wordpress.com/2016/01/out-of-band-xml-external-entity-injection-via-saml-redacted.pdf
Information Security
https://www.anitian.com/owning-saml/
Anitian
Owning SAML
SAML Pentest and Implementaion demonstrates how insecure configurations combine to form a phishing attack that can give attackers access.
Information Security
https://www.a12d404.net/windows/2019/10/30/schedsvc-persist-without-task.html
www.a12d404.net
Persistence using Task Scheduler without a Scheduled Task
Task Scheduler service loads a non-existing DLL enabling persistence as `NT AUTHORITY\SYSTEM`.
Information Security
https://github.com/wintrmvte/Citadel
GitHub
GitHub - redcode-labs/Citadel: Collection of pentesting scripts
Collection of pentesting scripts. Contribute to redcode-labs/Citadel development by creating an account on GitHub.
Information Security
https://shells.systems/in-memory-shellcode-decoding-to-evade-avs/
Shells.Systems
In-Memory shellcode decoding to evade AVs/EDRs - Shells.Systems
Estimated Reading Time: 9 minutes During the previous week, I was doing some research about win32 APIs and how we can use them during weaponizing our attack, I already did some work related to process injection in the past, but I was looking for something…
Information Security
https://github.com/1d8/Android-Analysis
GitHub
GitHub - 1d8/Android-Analysis: Getting Genymotion & Burpsuite setup for Android Mobile App Analysis
Getting Genymotion & Burpsuite setup for Android Mobile App Analysis - 1d8/Android-Analysis
Information Security
https://medium.com/bugbountywriteup/tryhackme-overpass-writeup-af945ec29be9
Medium
TryHackMe Overpass Writeup
A beginner-friendly writeup on TryHackMe’s Overpass challenge
Information Security
https://hot3eed.github.io/2020/07/30/starling_p1_obfuscations.html
hot3eed.github.io
Reverse Engineering Starling Bank (Part I): Obfuscation Techniques
Reverse Engineering Starling Bank (Part I): Obfuscation Techniques 2020-07-30
Information Security
https://medium.com/bugbountywriteup/bug-bounty-lets-bypass-an-entire-web-app-s-csrf-protection-friend-link-b69c43e9dcf7
Medium
Bug Bounty: Let’s Bypass an entire Web App’s CSRF protection
CSRF token is not always enough
Information Security
https://sid-500.com/2020/07/31/powershell-convert-ps1-files-to-exe-files/
SID-500.COM
PowerShell: Convert .ps1 Files to .exe Files
Have you ever dreamed of creating exe files out of your PowerShell scripts? If yes, read on. In this post I will show you how you can create exe files with a small and simple program called ps2exe.
Information Security
https://cloud.google.com/blog/products/identity-security/preventing-lateral-movement-in-google-compute-engine
Google Cloud Blog
Compute Engine: Prevent compromises and better defend against lateral movement | Google Cloud Blog
Best practices, including concrete “dos and don’ts,” that can help you prevent security misconfigurations on Google Compute Engine.
Information Security
https://www.bleepingcomputer.com/news/security/bypassing-windows-10-uac-with-mock-folders-and-dll-hijacking/
BleepingComputer
Bypassing Windows 10 UAC with mock folders and DLL hijacking
A new technique uses a simplified process of DLL hijacking and mock directories to bypass Windows 10's UAC security feature and run elevated commands without alerting a user.
Information Security
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/Cisco%20Password%20Cracking%20and%20Decrypting%20Guide%20-%20InfosecMatter.pdf
GitHub
blaCCkHatHacEEkr/PENTESTING-BIBLE
Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hackin...
Information Security
https://github.com/5h3r10ck/CTF_Writeups/tree/master/H%40ctivitycon_writeups
GitHub
ctf-writeups/H@ctivitycon_writeups at master · 5h3r10ck/ctf-writeups
Contribute to 5h3r10ck/ctf-writeups development by creating an account on GitHub.
Information Security
http://www.righto.com/2020/08/reverse-engineering-adder-inside-intel.html
Righto
Reverse-engineering the adder inside the Intel 8086
The Intel 8086 processor contains many interesting components that can be understood through reverse engineering. In this article, I'll di...
Information Security
https://www.trenchesofit.com/2020/08/01/data-exfiltration-with-base64/
