NEW BOT Телеграм, страница - 180640730

HackerOne

11K subscribers

644 photos

31 videos

79 files

2.74K links

Community : @Sec0x01
@Bug0x

Download Telegram

About

Blog

Apps

Platform

11K subscribers

https://github.com/SecWiki/windows-kernel-exploits

GitHub - SecWiki/windows-kernel-exploits: windows-kernel-exploits Windows平台提权漏洞集合

windows-kernel-exploits Windows平台提权漏洞集合. Contribute to SecWiki/windows-kernel-exploits development by creating an account on GitHub.

1.43K viewsxDD, 18:06

http://www.blackstormsecurity.com/docs/DEFCON2018.pdf
Ring0/-2 Rootkits Defcon 2018

1.56K viewsxDD, edited 19:12

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/

media.defcon.org

All DEF CON video presentations, music, documentaries, pictures, villages, and Capture The Flag data that can be found.

1.37K viewsxDD, 23:53

The most complex exploit of the century 😐
https://www.exploit-db.com/exploits/45186/

2.03K viewsxDD, 09:42

https://2000.shodan.io/#/

2.1K viewsAmir Kiani, 19:48

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.

https://github.com/archerysec/archerysec

GitHub - archerysec/archerysec: ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.

ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec. - archerysec/archerysec

1.32K viewsxDD, 07:16

https://portswigger.net/blog/dynamic-analysis-of-javanoscript

PortSwigger Blog

Dynamic analysis of JavaScript

Burp's current Scanner can report a wide range of DOM-based vulnerabilities using static analysis techniques. Static analysis of JavaScript involves parsing the code to construct an abstract syntax tr

1.06K viewsxDD, 14:28

https://hackerone.com/reports/393615 :)))

Ed disclosed on HackerOne: Physical Laptop Takeover

At 6:16PM of August 11th of 2018, during H1-702, right before the sand storm beat the shit out of the rooftop party, we managed to perform a critical attack on Ed's infrastructure.
{F332214}

##...

1.01K viewsAmir Kiani, 15:08

https://0xpatrik.com/subdomain-takeover-basics/

Subdomain Takeover: Basics

Although I have written multiple [/subdomain-takeover-starbucks/] posts
[/takeover-proofs/] about subdomain takeover, I realized that there aren't many
posts covering basics of subdomain takeover and the whole "problem statement."
This post aims to explain…

1.03K viewsAmir Kiani, 15:16

https://0xpatrik.com/subdomain-takeover-starbucks-ii/

Subdomain Takeover: Yet another Starbucks case

Recently, I was repeatedly awarded $2,000 bounty for subdomain takeover on Starbucks. In this post, I explain the step-by-step process for the proof-of-concept.

1.04K viewsAmir Kiani, 15:16

https://hackerone.com/reports/388622

Starbucks disclosed on HackerOne: Subdomain takeover on...

Subdomain takeover possible on one of Starbucks's subdomain. The subdomain pointed to Microsoft Azure Traffic Manager which was no longer registered under Azure.

Detailed write-up:...

1.09K viewsAmir Kiani, 15:24

Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs
https://www.bleepingcomputer.com/news/security/researchers-disclose-new-foreshadow-l1tf-vulnerabilities-affecting-intel-cpus/

Academics and private sector researchers have revealed details today about three new vulnerabilities affecting Intel CPUs. [...]

BleepingComputer

Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs

Academics and private sector researchers have revealed details today about three new vulnerabilities affecting Intel CPUs.

1.29K viewsAwdel, 19:05

https://twitter.com/i/status/1029736793644703744

Abdulrhman Alqabandi

Firefox SSL lock spoof, writeup soon. https://t.co/nVg7bW7KcW

1.14K viewsAmir Kiani, 20:33

https://leucosite.com/Firefox-uXSS-and-CSS-XSS/

Firefox uXSS and CSS XSS

CSS XSS came back for a bit which lead to an unusual uXSS

1.23K viewsAmir Kiani, 20:38

https://portswigger.net/blog/practical-web-cache-poisoning

PortSwigger Research

Practical Web Cache Poisoning

In this paper I'll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems

1.37K viewsAmir Kiani, 20:41

Exploring, Exploiting Active Directory Admin Flaws
https://www.darkreading.com/vulnerabilities---threats/exploring-exploiting-active-directory-admin-flaws/d/d-id/1332593?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Common methods AD administrators use to protect their environments can easily be exploited. Here's how.

Exploring, Exploiting Active Directory Admin Flaws

Common methods AD administrators use to protect their environments can easily be exploited. Here's how.

1.45K viewsAwdel, 18:19

https://blog.path.network/fuzzing-cs-go-bsp-files/

Path Network, Inc - Blog

Fuzzing CS:GO BSP Files

We fuzzed BSP map files for Counter Strike: Global Offensive leading to the discovery of a stack-based buffer overflow. Through some reverse engineering and source code analysis, we discovered that the vulnerability can lead to remote code execution.

1.84K viewsAmir Kiani, 07:36

https://github.com/Souhardya/Uboat

UBoat-Botnet/UBoat

HTTP Botnet Project. Contribute to UBoat-Botnet/UBoat development by creating an account on GitHub.

1.52K viewsMir Saman Tajbakhsh, 10:04

https://hackerone.com/reports/395518

HackerOne disclosed on HackerOne: Internal usage of AdBlockPlus may...

Hello HackerOne team,

this is probably going to be a *different* kind of report than what you are used to: it looks to me this is more of an internal, operational security best-practice that you...

1.38K viewsAmir Kiani, 12:39

https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

1.28K viewsAmir Kiani, edited 19:44

https://www.blackhillsinfosec.com/how-to-hack-websockets-and-socket-io/

Black Hills Information Security, Inc.

How to Hack WebSockets and Socket.io - Black Hills Information Security, Inc.

Ethan Robish // WebSockets Overview WebSockets is a technology to allow browsers and servers to establish a single TCP connection and then asynchronously communicate in either direction. This is great […]

1.62K viewsAmir Kiani, 08:13