Information Security
@sec_nerd_en
408 subscribers
157 photos
5 videos
9 files
2.28K links
Information Security News

we are @sec_nerd twin brother
Download Telegram
About
Blog
Apps
Platform
Join
Information Security
408 subscribers
Information Security
https://github.com/triw0lf/urlscan_scripts/blob/master/urlscan_badfiles.sh
GitHub
triw0lf/urlscan_scripts
A bunch of scripts I use to work with urlscan.io. Contribute to triw0lf/urlscan_scripts development by creating an account on GitHub.
142 views
Information Security
https://medium.com/tenable-techblog/inadequate-patch-in-hewlett-packard-enterprise-imc-7-3-e0703-6aba36351ca3
Medium
Inadequate Patch in Hewlett Packard Enterprise iMC 7.3 E0703
Background
113 views
Information Security
https://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell/
1337red
Building and Attacking an Active Directory lab with PowerShell
Let me open this with a few questions Do you have your own penetration testing lab? Have you installed Windows Server 2016 before? Do you have Active Directory at home? What version of PowerShell a…
126 views
Information Security
https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b
Medium
Understanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exe
A dive into Windows processes, access tokens, SACLs, WinAPI and access token manipulation.
114 views
Information Security
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
Home
How a double-free bug in WhatsApp turns to RCE
In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informed this to Facebook. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244.…
123 views
Information Security
CloudFront ~`XSS´ payload, shake dice.
🎲


<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;>

#BugBounty #BugBountyTip #WAF #infosec
133 views
Information Security
[Script] Get-SSLCertInfo is a basic PowerShell function that can be used to scrape SSL certificate information using IP Ranges, domain lists, etc.

https://raw.githubusercontent.com/NetSPI/PowerShell/master/Get-SSLCertInfo-Scan.psm1
121 views
Information Security
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#onload
portswigger.net
Cross-Site Scripting (XSS) Cheat Sheet - 2025 Edition | Web Security Academy
Interactive cross-site scripting (XSS) cheat sheet for 2025, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.
118 views
Information Security
Safari:

<svg><a onload=alert(1337)>

https://jsfiddle.net/8gz4dtnk/1/
jsfiddle.net
Edit fiddle - JSFiddle - Code Playground
Test your JavaScript, CSS, HTML or CoffeeScript online with JSFiddle code editor.
114 views
Information Security
Java Debug Wire Protocol (JDWP) remote code execution #exploitation:
https://blog.csdn.net/caiqiiqi/article/details/83146415
https://github.com/IOActive/jdwp-shellifier
https://packetstormsecurity.com/files/151973/Java-Debug-Wire-Protocol-Remote-Code-Execution.html
GitHub
GitHub - IOActive/jdwp-shellifier
Contribute to IOActive/jdwp-shellifier development by creating an account on GitHub.
133 views
Information Security
https://rhinosecuritylabs.com/application-security/completeftp-server-local-privesc-cve-2019-16116/
Rhino Security Labs
CompleteFTP Server Local Privilege Escalation CVE-2019-16116
A walkthrough of CVE-2019-16116 in CompleteFTP, which allows an attacker to hijack the admin account & run arbitrary code with SYSTEM privileges.
221 views
Information Security
https://medium.com/bugbountywriteup/pulse-secure-ssl-vpn-post-auth-rce-to-ssh-shell-2b497d35c35b
Medium
Red Teamer’s Guide to Pulse Secure SSL VPN
A quick guide on exploiting pulse secure for red teaming purposes.
117 views
Information Security
https://github.com/vulnersCom/nmap-vulners
GitHub
GitHub - vulnersCom/nmap-vulners: NSE script based on Vulners.com API
NSE script based on Vulners.com API. Contribute to vulnersCom/nmap-vulners development by creating an account on GitHub.
135 views
Information Security
This media is not supported in your browser
VIEW IN TELEGRAM
[CVE-2019-11184] NetCAT(Network Cache ATtack)

Remotely leaking keystrokes from a victim SSH session
Intel Xeon E5/E7v2 DDIO

Does not require any malicious software
Leak the arrival time of the corresponding packet.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html
124 views
Information Security
Information Security
https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6
https://intx0x80.blogspot.com/2019/10/JWT.html
Blogspot
Introduction how to Exploit JWT
Introduction how to Exploit JWT  Introduction Authentication and authorization make developer overthinking how to implemen...
125 views
Information Security
https://github.com/zer0dx/cryptondie
123 views
Information Security
https://www.praetorian.com/blog/running-a-net-assembly-in-memory-with-meterpreter
Praetorian
Running a .NET Assembly in Memory with Meterpreter
In this blog post I will discuss leveraging Meterpreter’s powershell module to execute .NET assemblies in-memory. Metasploit and Meterpreter are effective and useful tools, but occasionally one encounters a situation where they lack features. Cobalt Strike…
130 views
Information Security
https://github.com/trimstray/nginx-admins-handbook
GitHub
GitHub - trimstray/nginx-admins-handbook: How to improve NGINX performance, security, and other important things.
How to improve NGINX performance, security, and other important things. - trimstray/nginx-admins-handbook
137 views
Information Security
https://iwantmore.pizza/posts/meterpreter-psattack.html
132 views
Information Security
http://ghostlulz.com/xss-svg/?fbclid=IwAR01ZcyLPUp3iEP_rtqmc_1sS1bNn2BPfIBYWnis19o16tXliZ7FkiEQCAc
116 views