Google Dork: inurl:/help/index.jsp?view=
The above view parameter is vulnerable to reflected XSS.
Payload: <script>alert("xss")</script>
Enjoy ;)Nerd face
The above view parameter is vulnerable to reflected XSS.
Payload: <script>alert("xss")</script>
Enjoy ;)Nerd face
Modern attacks on the Chrome browser : optimizations and deoptimizations https://doar-e.github.io/blog/2020/11/17/modern-attacks-on-the-chrome-browser-optimizations-and-deoptimizations/
#mehran_p51
#mehran_p51
doar-e.github.io
Modern attacks on the Chrome browser : optimizations and deoptimizations
efiXplorer v3.0 [#BHEU Edition] was released. Some new features:
- EFI modules dependency graph
- potential vulnerability checkers (SMM callout and GetVariable PEI/DXE/SMM)
https://github.com/binarly-io/efiXplorer/releases/tag/v3.0
#mehran_p51
#reverse
- EFI modules dependency graph
- potential vulnerability checkers (SMM callout and GetVariable PEI/DXE/SMM)
https://github.com/binarly-io/efiXplorer/releases/tag/v3.0
#mehran_p51
#reverse
GitHub
Release efiXplorer v3.0 [BHEU Edition] · binarly-io/efiXplorer
Release notes:
EFI modules dependency graph inside efiXloader
Potential vulnerability checkers:
SMM callout
GetVariable (PEI/DXE/SMM)
Multiple improvements and bugfixes
EFI modules dependency graph inside efiXloader
Potential vulnerability checkers:
SMM callout
GetVariable (PEI/DXE/SMM)
Multiple improvements and bugfixes
Learn Computer Networking with respect to Ethical Hacking
#mehran_p51
#network_hacking
https://www.udemy.com/course/learn-computer-networking-with-respect-to-ethical-hacking/?couponCode=DECEMBERBONANZA
#mehran_p51
#network_hacking
https://www.udemy.com/course/learn-computer-networking-with-respect-to-ethical-hacking/?couponCode=DECEMBERBONANZA
Udemy
Learn Networking with respect to Ethical Hacking for 2024
Learn Securing Network and Hacking from Basic to Master Level. How to attempt Sniffing, Spoofing, Scanning & Phishing
New video available! In this video, we will see the two basic scan methods for the Burp Bounty Pro. One of the scanning methods is an improvement incorporated in version 1.5. Burp Bounty Pro - Two Basic Scan Methods https://www.youtube.com/watch?v=xODLLBKMT0M
@mehran_p51
@mehran_p51
YouTube
Burp Bounty Pro - Two Basic Scan Methods
In this video, we will see the two basic scan for the Burp Bounty Pro,
* The first scan method is the smart scan. With this scanner you only search for vulnerabilies for common vulnerable parameters.
* The second is by means to Burpsuite active scanner…
* The first scan method is the smart scan. With this scanner you only search for vulnerabilies for common vulnerable parameters.
* The second is by means to Burpsuite active scanner…
Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO https://hackerone.com/reports/791775
HackerOne
Shopify disclosed on HackerOne: Email Confirmation Bypass in...
On February 9th, @ngalog reported that it was possible to bypass Shopify's email verification for a small subset of Shopify user accounts. Doing so would have allowed a user to access accounts they...
Project Zero: An iOS hacker tries Android https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html
#mehran_p51
#mehran_p51
Blogspot
An iOS hacker tries Android
Written by Brandon Azad, when working at Project Zero One of the amazing aspects of working at Project Zero is having the flexibility to dir...
MICROSOFT EXCHANGE REMOTE CODE EXECUTION - CVE-2020-16875
https://x41-dsec.de/security/advisory/exploit/research/2020/12/21/x41-microsoft-exchange-rce-dlp-bypass/
#mehran_p51
https://x41-dsec.de/security/advisory/exploit/research/2020/12/21/x41-microsoft-exchange-rce-dlp-bypass/
#mehran_p51
X41 D-Sec
Microsoft Exchange Remote Code Execution - CVE-2020-16875
The patch for CVE-2020-16875 in Microsoft Exchange can bypassed to gain remote code execution again.
Google hackers disclose exploit for an UNPATCHED Windows vulnerability (CVE-2020-0986) that was exploited as 0-day in the wild, for which Microsoft issued an incomplete patch and then failed to patch it again under the 90-day deadline.
Read — https://thehackernews.com/2020/12/google-discloses-poorly-patched-now.html
Read — https://thehackernews.com/2020/12/google-discloses-poorly-patched-now.html
#Recent_news❗️❗️
⭕️ A new flaw in Treck TCP / IP affects millions of Internet of Things (IoT) devices
💢 The US Cybersecurity and Security Agency (CISA) has warned of significant vulnerabilities in a low-level TCP / IP software library developed by Treck that attackers could remotely execute arbitrary commands and attacks. DoS
📌 These four defects are on Treck TCP / IP version 6.0.1.67 and above and have been reported to the company by Intel.
@World_Of_Security 🌐
⭕️ A new flaw in Treck TCP / IP affects millions of Internet of Things (IoT) devices
💢 The US Cybersecurity and Security Agency (CISA) has warned of significant vulnerabilities in a low-level TCP / IP software library developed by Treck that attackers could remotely execute arbitrary commands and attacks. DoS
📌 These four defects are on Treck TCP / IP version 6.0.1.67 and above and have been reported to the company by Intel.
@World_Of_Security 🌐
Which operating systems in 2019, according to research conducted by cyber security company Devcon, have the highest target of malware attacks?
The Windows operating system ranks first with 61%, and the Linux operating system has the lowest attack target.
@World_Of_Security 🌐
The Windows operating system ranks first with 61%, and the Linux operating system has the lowest attack target.
@World_Of_Security 🌐
🔥 WARNING — Hackers are abusing a weakness in Citrix NetScaler devices to launch amplified 🚀 DDoS attacks against several targets.
Read details ➤ https://thehackernews.com/2020/12/citrix-adc-ddos-attack.html
Affected Citrix customers can temporarily disable DTLS to stop the attack.
Read details ➤ https://thehackernews.com/2020/12/citrix-adc-ddos-attack.html
Affected Citrix customers can temporarily disable DTLS to stop the attack.