Forwarded from CTF Community | Hints
Heavy-duty and Advanced Cross Site Scripting Scanner
https://github.com/haroonawanofficial/XSS-Finder
#web #xss #tool
@ctfplay
https://github.com/haroonawanofficial/XSS-Finder
#web #xss #tool
@ctfplay
RCE with Burp Suite intruder + Regex https://www.youtube.com/watch?v=Xm77r80NxZo
YouTube
RCE with Burp Suite intruder + Regex
Detection RCE technique with Burp suite.
I am useing regex for detection vulns and errors in response.
Regex: https://github.com/ghsec/webHunt/blob/master/ErrorsAndVulnsDetect.md
Payloads: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/C…
I am useing regex for detection vulns and errors in response.
Regex: https://github.com/ghsec/webHunt/blob/master/ErrorsAndVulnsDetect.md
Payloads: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/C…
Abusing ImageMagick to obtain RCE
Remote Code Execution because of an image source? Is it Possible? Yes! Definitely. Here in this blog post, a Strynx team member found a variation of Remote Code Execution AKA RCE through ImageMagick which earned him a generous bounty of $5000. Amazingly, some tweaks inside the image source exfiltrated the data over DNS (also called side-channel attacks). Let’s see how was it done after a short introduction to ImageMagick.
https://strynx.org/imagemagick-rce/Iranian Cyberattacks Feared After Killing of Top General
https://ift.tt/2ZPgLCs
https://ift.tt/2ZPgLCs
Securityweek
Iranian Cyberattacks Feared After Killing of Top General | SecurityWeek.Com
Iran’s retaliation for the United States' targeted killing of general Qassem Soleimani is likely to include cyberattacks, security experts warned.
U.S. CISA Agency warns of possible cyber attacks from Iran
https://ift.tt/36tacIg
https://ift.tt/36tacIg
Security Affairs
U.S. CISA Agency warns of possible cyber attacks from Iran
US Government fears a new wave of cyber attacks as retaliation for the airstrike that killed Maj. Gen. Qassim Suleimani at the Baghdad airport in Iraq.
new version of Boneh-Shoup's magnificent book is out!
https://crypto.stanford.edu/~dabo/cryptobook/BonehShoup_0_5.pdf
https://crypto.stanford.edu/~dabo/cryptobook/BonehShoup_0_5.pdf
Fuzzing JavaScript WebAssembly APIs with Dharma/Domato (Chrome/v8)
https://webassembly-security.com/fuzzing-wasm-javanoscript-dharma-chrome-v8/
https://webassembly-security.com/fuzzing-wasm-javanoscript-dharma-chrome-v8/
Fuzzing Labs
Fuzzing JavaScript WebAssembly APIs Of V8 With Dharma/Domato
Blogpost about Fuzzing JavaScript WebAssembly APIs using Dharma/Domato and example with Fuzzing V8 engine by Patrick Ventuzelo - Fuzzing Labs.
Forwarded from CTF Community | Hints
PoisonHandler
lateral movement techniques that can be used during red team exercises.
https://github.com/Mr-Un1k0d3r/PoisonHandler
#tools #redteaming #windows
lateral movement techniques that can be used during red team exercises.
https://github.com/Mr-Un1k0d3r/PoisonHandler
#tools #redteaming #windows
GitHub
GitHub - Mr-Un1k0d3r/PoisonHandler: lateral movement techniques that can be used during red team exercises
lateral movement techniques that can be used during red team exercises - Mr-Un1k0d3r/PoisonHandler
HideProcess
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
https://blog.landhb.dev/posts/v9eRa/a-basic-windows-dkom-rootkit-pt-1/
https://github.com/landhb/HideProcess
#windows #persistence #redteaming #evasion
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
https://blog.landhb.dev/posts/v9eRa/a-basic-windows-dkom-rootkit-pt-1/
https://github.com/landhb/HideProcess
#windows #persistence #redteaming #evasion
[PHP] Exposing DB Credentials / HttpOnly Bypass / FPD
https://hackking.net/threads/php-exposing-db-credentials-httponly-bypass-fpd.29/
https://hackking.net/threads/php-exposing-db-credentials-httponly-bypass-fpd.29/
The NSA found a dangerous Windows 10 flaw and alerted Microsoft - rather than weaponise it
Washington: The National Security Agency recently discovered a major flaw in Microsoft's Windows operating system - one that could potentially expose computer users to significant breaches or surveillance, and alerted the firm to the problem rather than turn it into a hacking weapon, according to people familiar with the matter.
The disclosure represents a major shift in the NSA's approach, choosing to put computer security ahead of building up its arsenal of hacking tools that allow the agency to spy on adversaries' networks, according to the people familiar with the matter who spoke on condition of anonymity because of the sensitivity of the matter.
https://www.smh.com.au/technology/the-nsa-found-a-dangerous-windows-10-flaw-and-alerted-microsoft-rather-than-weaponise-it-20200115-p53rip.html
Washington: The National Security Agency recently discovered a major flaw in Microsoft's Windows operating system - one that could potentially expose computer users to significant breaches or surveillance, and alerted the firm to the problem rather than turn it into a hacking weapon, according to people familiar with the matter.
The disclosure represents a major shift in the NSA's approach, choosing to put computer security ahead of building up its arsenal of hacking tools that allow the agency to spy on adversaries' networks, according to the people familiar with the matter who spoke on condition of anonymity because of the sensitivity of the matter.
https://www.smh.com.au/technology/the-nsa-found-a-dangerous-windows-10-flaw-and-alerted-microsoft-rather-than-weaponise-it-20200115-p53rip.html
The Sydney Morning Herald
The NSA found a dangerous Windows 10 flaw and alerted Microsoft - rather than weaponise it
The major flaw in the Windows 10 operating system could potentially expose computer users to significant breaches or surveillance.