Information Security
@sec_nerd_en
408 subscribers
157 photos
5 videos
9 files
2.28K links
Information Security News

we are @sec_nerd twin brother
Download Telegram
About
Blog
Apps
Platform
Join
Information Security
408 subscribers
Information Security
https://medium.com/@mastomi/xss-to-account-takeover-d5beddc5c704
Medium
XSS to Account Takeover
Bypassing CSRF Header Protection and HTTPOnly Cookie
99 views
Information Security
https://medium.com/@rrubymann/how-to-easily-find-reflected-xss-vulnerabilities-6377ab6f3e1f
Medium
How to easily find Reflected XSS vulnerabilities!
Hello everybody!
115 views
Information Security
https://github.com/zigoo0/JSONBee
GitHub
GitHub - zigoo0/JSONBee: A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites. - zigoo0/JSONBee
96 views
Information Security
https://blog.paloaltonetworks.com/2019/10/cloud-kubernetes-vulnerabilities/
Palo Alto Networks Blog
Analysis of Two Newly Patched Kubernetes Vulnerabilities
We highly recommend upgrading to Kubernetes builds 1.14.8, 1.15.5 or 1.16.2 to address two recently patched Kubernetes vulnerabilities.
100 views
Information Security
https://wwws.nightwatchcybersecurity.com/2019/10/24/nfc-beaming-bypasses-security-controls-in-android-cve-2019-2114/
Nightwatch Cybersecurity
NFC Beaming Bypasses Security Controls in Android [CVE-2019-2114]
Summary NFC beaming of applications between devices using Android OS bypasses some security controls (the “install unknown application” prompt). A rogue device like a payment terminal c…
98 views
Information Security
http://www.fuzzysecurity.com/tutorials/19.html
100 views
Information Security
https://twitter.com/issuemakerslab/status/1189657874491822080
Twitter
Simon Choi
This is North Korea's malware used in the attack on India's nuclear power plant. They had infiltrated the South Korean military's internal network in 2016 and stole classified information. And they once destroyed South Korean broadcasting stations and banking…
98 views
Information Security
https://omespino.com/write-up-private-bug-bounty-usd-rce-as-root-on-marathon-instance/
103 views
Information Security
https://blog.knownsec.com/2019/10/weblogic-ejbtaglibdescriptor-xxe%e6%bc%8f%e6%b4%9ecve-2019-2888%e5%88%86%e6%9e%90/

WebLogic XXE in EJBTaglibDescriptor (CVE-2019-2888)


(translate)
105 views
Information Security
https://medium.com/@z3roTrust/bypassing-windows-user-account-control-9051c6a85734
Medium
Bypassing Windows User Account Control
Look at you go with your badass hacker self, just hackity-hack-hackin’ away. As the quote from Sun Tzu’s Art of War suggests, however, if you can defeat your opponent without a fight or little-to-no…
96 views
Information Security
https://medium.com/bugbountywriteup/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968
Medium
5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
CVE-2019–18653 & CVE-2019–18654: The story when Reflected XSS was triggering from SSID Name (It also affected AVG AntiVirus since basically
135 views
Information Security
https://github.com/nyxgeek/ntlmscan
GitHub
GitHub - nyxgeek/ntlmscan: scan for NTLM directories
scan for NTLM directories. Contribute to nyxgeek/ntlmscan development by creating an account on GitHub.
88 views
Information Security
https://twitter.com/HackingDave/status/1189944817482108929
Twitter
Dave Kennedy (ReL1K)
Getting snagged by AV using regsvr32 /i:http(s)? Signatures are based on utilizing http within command. Don't use http or chain multiple commands together for same effect. https://t.co/ZbnYL00may
91 views
Information Security
https://ired.team/offensive-security/code-injection-process-injection/pe-injection-executing-pes-inside-remote-processes
www.ired.team
PE Injection: Executing PEs inside Remote Processes | Red Team Notes
Code Injection
93 views
Information Security
https://osandamalith.com/2019/10/12/bypassing-the-webarx-web-application-firewall-waf/
🔐Blog of Osanda
Bypassing the WebARX Web Application Firewall (WAF) | 🔐Blog of Osanda
WebARX is a web application firewall where you can protect your website from malicious attacks. As you can see it was mentioned in TheHackerNews as well and has good ratings if you do some Googling…
99 views
Information Security
https://medium.com/@rootxharsh_90844/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e
Medium
Vimeo SSRF with code execution potential.
Recently i discovered a semi responded SSRF on Vimeo with code execution possibility. This blog post explains how i found & exploited it…
102 views
Information Security
https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
Medium
Arbitrary File Reading in Next.js < 2.4.1
Next.js is a quite popular (>13k stars on GitHub) framework for server-rendered React applications. It includes a NodeJS server which allows to render HTML pages dynamically. While digging into…
98 views
Information Security
https://www.youtube.com/watch?v=Jm42OidT3Ac
YouTube
NEW iOS 13.1.3 / 13.0 / 12.4.1 Remote JAILBREAK Safari LPE PoC RELEASED! (A12 Too)
Enter the awesome iMyFone Halloween giveaway contest and get your iPhone 11 for FREE at this link*: http://bit.ly/2BKlKJI In this video, we're discussing @...
99 views
Information Security
https://pwnrip.com/windows-kernel-exploitation-part-1-stack-buffer-overflows/
107 views
Information Security
https://github.com/SpiderMate/Paper-on-Jenkins-Rce/
GitHub
SpiderMate/Paper-on-Jenkins-Rce
A detailed paper on Jenkins Pre-Auth RCE . Contribute to SpiderMate/Paper-on-Jenkins-Rce development by creating an account on GitHub.
90 views