Hidden parameters discovery suite written in Rust.
Features:
A lot of things to customize: key template, value template, encodings, and even injection points.
Supports 6 main methods: GET, POST, PUT, PATCH, DELETE, HEAD.
Has built in 2 main body types: json, urlencode.
Able to discover parameters with not random value, like admin=true
Compares responses line-by-line.
Adds to every request cachebuster by default.
#Rust #CTF #redteaming #parameters #web
https://github.com/Sh1Yo/x8
Features:
A lot of things to customize: key template, value template, encodings, and even injection points.
Supports 6 main methods: GET, POST, PUT, PATCH, DELETE, HEAD.
Has built in 2 main body types: json, urlencode.
Able to discover parameters with not random value, like admin=true
Compares responses line-by-line.
Adds to every request cachebuster by default.
#Rust #CTF #redteaming #parameters #web
https://github.com/Sh1Yo/x8
GitHub
GitHub - Sh1Yo/x8: Hidden parameters discovery suite
Hidden parameters discovery suite. Contribute to Sh1Yo/x8 development by creating an account on GitHub.
The Race to Native Code Execution in PLCs
https://www.claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
https://www.claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
Claroty
Siemens PLC Software Vulnerabilities Uncovered | Team82
Claroty has found a severe memory protection bypass vulnerability (CVE-2020-15782) in Siemens PLC Software, the SIMATIC S7-1200 and S7-1500. Learn more.
Fuzzing the Office Ecosystem https://research.checkpoint.com/2021/fuzzing-the-office-ecosystem/
Check Point Research
Fuzzing the Office Ecosystem - Check Point Research
Research By: Netanel Ben-Simon and Sagi Tzadik Introduction Microsoft Office is a very commonly used software that can be found on almost any standard computer. It is also integrated inside many products of the Microsoft / Windows ecosystem such as Office…
PuzzleMaker attacks with Chrome zero-day exploit chain https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
Securelist
PuzzleMaker attacks with Chrome zero-day exploit chain
We detected a wave of highly targeted attacks that exploited a chain of Google Chrome and Microsoft Windows zero-day exploits.
SIP protocol abused to trigger XSS attacks via VoIP call monitoring software
SIP devices could become unwitting access points for remote attacks on critical systems.
https://portswigger.net/daily-swig/sip-protocol-abused-to-trigger-xss-attacks-via-voip-call-monitoring-software
SIP devices could become unwitting access points for remote attacks on critical systems.
https://portswigger.net/daily-swig/sip-protocol-abused-to-trigger-xss-attacks-via-voip-call-monitoring-software
The Daily Swig | Cybersecurity news and views
SIP protocol abused to trigger XSS attacks via VoIP call monitoring software
SIP devices could become unwitting access points for remote attacks on critical systems
CVE-2021–22201: Arbitrary file read on Gitlab
https://tradahacking.vn/cve-2021-22201-arbitrary-file-read-on-gitlab-d84d77cd83e3
https://tradahacking.vn/cve-2021-22201-arbitrary-file-read-on-gitlab-d84d77cd83e3
Are Virtual Machines the New Gold for Cyber Criminals? https://www.mcafee.com/blogs/other-blogs/mcafee-labs/are-virtual-machines-the-new-gold-for-cyber-criminals/
McAfee Blog
Are Virtual Machines the New Gold for Cyber Criminals? | McAfee Blog
Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT