Forwarded from itsecforu (Информационная безопасность)
🕵️♂️ Тестирование безопасности веб-приложений своими cилами
В связи с ростом числа всевозможных кибератак разумно инвестировать свое время в создание мер по безопасности веб-приложений.
Поэтому не менее важно вкладывать средства в тестирование безопасности веб-приложений, поскольку агентства, организации и компании все больше осознают постоянно присутствующие угрозы безопасности веб-приложений.
Читать
В связи с ростом числа всевозможных кибератак разумно инвестировать свое время в создание мер по безопасности веб-приложений.
Поэтому не менее важно вкладывать средства в тестирование безопасности веб-приложений, поскольку агентства, организации и компании все больше осознают постоянно присутствующие угрозы безопасности веб-приложений.
Читать
How I found (and fixed) a vulnerability in Python
https://tldr.engineering/how-i-found-and-fixed-a-vulnerability-in-python/
https://tldr.engineering/how-i-found-and-fixed-a-vulnerability-in-python/
https://youst.in/posts/cache-poisoning-at-scale/
Cache Poisoning at Scale
Identifying and Exploiting over 70 Cache Poisoning vulnerabilities
Cache Poisoning at Scale
Identifying and Exploiting over 70 Cache Poisoning vulnerabilities
The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console
https://www.reddit.com/r/netsec/comments/rxpcjk/the_jndi_strikes_back_unauthenticated_rce_in_h2/?utm_medium=android_app&utm_source=share
https://www.reddit.com/r/netsec/comments/rxpcjk/the_jndi_strikes_back_unauthenticated_rce_in_h2/?utm_medium=android_app&utm_source=share
reddit
The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console
Posted in r/netsec by u/SRMish3 • 137 points and 15 comments
Forwarded from Geek girl 👩💻
📮Vulnerable Web Applications for Practice📮
BodgeIt Store http://code.google.com/p/bodgeit/
Butterfly Security Project http://thebutterflytmp.sourceforge.net/
bWAPP http://www.mmeit.be/bwapp/
http://sourceforge.net/projects/bwapp/files/bee-box/
Commix https://github.com/stasinopoulos/commix-testbed
CryptOMG https://github.com/SpiderLabs/CryptOMG
Damn Vulnerable Node Application (DVNA) https://github.com/quantumfoam/DVNA/
Damn Vulnerable Web App (DVWA) http://www.dvwa.co.uk/
Damn Vulnerable Web Services (DVWS) http://dvws.professionallyevil.com/
Drunk Admin Web Hacking Challenge https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
Exploit KB Vulnerable Web App http://exploit.co.il/projects/vuln-web-app/
Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
GameOver http://sourceforge.net/projects/null-gameover/
hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
Hackazon https://github.com/rapid7/hackazon
LAMPSecurity http://sourceforge.net/projects/lampsecurity/
Moth http://www.bonsai-sec.com/en/research/moth.php
NOWASP / Mutillidae 2 http://sourceforge.net/projects/mutillidae/
OWASP BWA http://code.google.com/p/owaspbwa/
OWASP Hackademic http://hackademic1.teilar.gr/
OWASP SiteGenerator https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks http://sourceforge.net/projects/owaspbricks/
OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd
PentesterLab https://pentesterlab.com/
PHDays iBank CTF http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
SecuriBench http://suif.stanford.edu/~livshits/securibench/
SentinelTestbed https://github.com/dobin/SentinelTestbed
SocketToMe http://digi.ninja/projects/sockettome.php
sqli-labs https://github.com/Audi-1/sqli-labs
MCIR (Magical Code Injection Rainbow) https://github.com/SpiderLabs/MCIR
sqlilabs https://github.com/himadriganguly/sqlilabs
VulnApp http://www.nth-dimension.org.uk/blog.php?id=88
PuzzleMall http://code.google.com/p/puzzlemall/
WackoPicko https://github.com/adamdoupe/WackoPicko
WAED http://www.waed.info
WebGoat.NET https://github.com/jerryhoff/WebGoat.NET/
WebSecurity Dojo http://www.mavensecurity.com/web_security_dojo/
XVWA https://github.com/s4n7h0/xvwa
Zap WAVE http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
●▬۩❁ @geeekgirls ❁۩▬●
BodgeIt Store http://code.google.com/p/bodgeit/
Butterfly Security Project http://thebutterflytmp.sourceforge.net/
bWAPP http://www.mmeit.be/bwapp/
http://sourceforge.net/projects/bwapp/files/bee-box/
Commix https://github.com/stasinopoulos/commix-testbed
CryptOMG https://github.com/SpiderLabs/CryptOMG
Damn Vulnerable Node Application (DVNA) https://github.com/quantumfoam/DVNA/
Damn Vulnerable Web App (DVWA) http://www.dvwa.co.uk/
Damn Vulnerable Web Services (DVWS) http://dvws.professionallyevil.com/
Drunk Admin Web Hacking Challenge https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
Exploit KB Vulnerable Web App http://exploit.co.il/projects/vuln-web-app/
Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
GameOver http://sourceforge.net/projects/null-gameover/
hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
Hackazon https://github.com/rapid7/hackazon
LAMPSecurity http://sourceforge.net/projects/lampsecurity/
Moth http://www.bonsai-sec.com/en/research/moth.php
NOWASP / Mutillidae 2 http://sourceforge.net/projects/mutillidae/
OWASP BWA http://code.google.com/p/owaspbwa/
OWASP Hackademic http://hackademic1.teilar.gr/
OWASP SiteGenerator https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks http://sourceforge.net/projects/owaspbricks/
OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd
PentesterLab https://pentesterlab.com/
PHDays iBank CTF http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
SecuriBench http://suif.stanford.edu/~livshits/securibench/
SentinelTestbed https://github.com/dobin/SentinelTestbed
SocketToMe http://digi.ninja/projects/sockettome.php
sqli-labs https://github.com/Audi-1/sqli-labs
MCIR (Magical Code Injection Rainbow) https://github.com/SpiderLabs/MCIR
sqlilabs https://github.com/himadriganguly/sqlilabs
VulnApp http://www.nth-dimension.org.uk/blog.php?id=88
PuzzleMall http://code.google.com/p/puzzlemall/
WackoPicko https://github.com/adamdoupe/WackoPicko
WAED http://www.waed.info
WebGoat.NET https://github.com/jerryhoff/WebGoat.NET/
WebSecurity Dojo http://www.mavensecurity.com/web_security_dojo/
XVWA https://github.com/s4n7h0/xvwa
Zap WAVE http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
●▬۩❁ @geeekgirls ❁۩▬●
Forwarded from Geek girl 👩💻
🔰 Best websites to test your hacking skills 🔰
https://pwnable.kr/
https://hack.me/
https://ctflearn.com/
https://google-gruyere.appspot.com/
https://www.root-me.org/en/
https://www.hackthebox.eu/
https://www.hacking-lab.com/
http://www.gameofhacks.com/
https://overthewire.org/
https://microcorruption.com/
https://xss-game.appspot.com/
https://www.hackthissite.org/pages/index/index.php
https://crackmes.one/
https://pentest.training/
https://www.hellboundhackers.org/
http://hax.tor.hu/
https://thisislegal.com/
https://tryhackme.com/
●▬۩❁ @geeekgirls ❁۩▬●
https://pwnable.kr/
https://hack.me/
https://ctflearn.com/
https://google-gruyere.appspot.com/
https://www.root-me.org/en/
https://www.hackthebox.eu/
https://www.hacking-lab.com/
http://www.gameofhacks.com/
https://overthewire.org/
https://microcorruption.com/
https://xss-game.appspot.com/
https://www.hackthissite.org/pages/index/index.php
https://crackmes.one/
https://pentest.training/
https://www.hellboundhackers.org/
http://hax.tor.hu/
https://thisislegal.com/
https://tryhackme.com/
●▬۩❁ @geeekgirls ❁۩▬●
Forwarded from S.E.Reborn
🔖 Хорошая подборка материала по информационной безопасности и этичному хикингу (тулзы, мануалы и другая информация): https://github.com/thelikes/ownlist
https://github.com/thelikes/ownlist/blob/master/2021/ownlist_024.md
#ИБ #Red_Team
https://github.com/thelikes/ownlist/blob/master/2021/ownlist_024.md
#ИБ #Red_Team
https://kmb.cybber.ru/
КМБ (Курс молодого бойца) CTF - ресурс, посвященный соревнованиям в области информационной безопасности
КМБ (Курс молодого бойца) CTF - ресурс, посвященный соревнованиям в области информационной безопасности
Forwarded from LeakInfo
Проблема в KCodes NetUSB угрожает множеству домашних роутеров
https://xakep.ru/2022/01/11/kcodes-netusb/
https://xakep.ru/2022/01/11/kcodes-netusb/
XAKEP
Проблема в KCodes NetUSB угрожает множеству домашних роутеров
В модуле ядра KCodes NetUSB, используемом множеством маршрутизаторов различных производителей, обнаружена серьезная уязвимость, связанная с удаленным выполнением произвольного кода.