Hidden parameters discovery suite written in Rust.
Features:
A lot of things to customize: key template, value template, encodings, and even injection points.
Supports 6 main methods: GET, POST, PUT, PATCH, DELETE, HEAD.
Has built in 2 main body types: json, urlencode.
Able to discover parameters with not random value, like admin=true
Compares responses line-by-line.
Adds to every request cachebuster by default.
#Rust #CTF #redteaming #parameters #web
https://github.com/Sh1Yo/x8
Features:
A lot of things to customize: key template, value template, encodings, and even injection points.
Supports 6 main methods: GET, POST, PUT, PATCH, DELETE, HEAD.
Has built in 2 main body types: json, urlencode.
Able to discover parameters with not random value, like admin=true
Compares responses line-by-line.
Adds to every request cachebuster by default.
#Rust #CTF #redteaming #parameters #web
https://github.com/Sh1Yo/x8
GitHub
GitHub - Sh1Yo/x8: Hidden parameters discovery suite
Hidden parameters discovery suite. Contribute to Sh1Yo/x8 development by creating an account on GitHub.
The Race to Native Code Execution in PLCs
https://www.claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
https://www.claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
Claroty
Siemens PLC Software Vulnerabilities Uncovered | Team82
Claroty has found a severe memory protection bypass vulnerability (CVE-2020-15782) in Siemens PLC Software, the SIMATIC S7-1200 and S7-1500. Learn more.
Fuzzing the Office Ecosystem https://research.checkpoint.com/2021/fuzzing-the-office-ecosystem/
Check Point Research
Fuzzing the Office Ecosystem - Check Point Research
Research By: Netanel Ben-Simon and Sagi Tzadik Introduction Microsoft Office is a very commonly used software that can be found on almost any standard computer. It is also integrated inside many products of the Microsoft / Windows ecosystem such as Office…
PuzzleMaker attacks with Chrome zero-day exploit chain https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
Securelist
PuzzleMaker attacks with Chrome zero-day exploit chain
We detected a wave of highly targeted attacks that exploited a chain of Google Chrome and Microsoft Windows zero-day exploits.
SIP protocol abused to trigger XSS attacks via VoIP call monitoring software
SIP devices could become unwitting access points for remote attacks on critical systems.
https://portswigger.net/daily-swig/sip-protocol-abused-to-trigger-xss-attacks-via-voip-call-monitoring-software
SIP devices could become unwitting access points for remote attacks on critical systems.
https://portswigger.net/daily-swig/sip-protocol-abused-to-trigger-xss-attacks-via-voip-call-monitoring-software
The Daily Swig | Cybersecurity news and views
SIP protocol abused to trigger XSS attacks via VoIP call monitoring software
SIP devices could become unwitting access points for remote attacks on critical systems
CVE-2021–22201: Arbitrary file read on Gitlab
https://tradahacking.vn/cve-2021-22201-arbitrary-file-read-on-gitlab-d84d77cd83e3
https://tradahacking.vn/cve-2021-22201-arbitrary-file-read-on-gitlab-d84d77cd83e3
Are Virtual Machines the New Gold for Cyber Criminals? https://www.mcafee.com/blogs/other-blogs/mcafee-labs/are-virtual-machines-the-new-gold-for-cyber-criminals/
McAfee Blog
Are Virtual Machines the New Gold for Cyber Criminals? | McAfee Blog
Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT
The Cyber Swiss Army Knife.
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.
The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years.
https://github.com/gchq/CyberChef
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.
The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years.
https://github.com/gchq/CyberChef
GitHub
GitHub - gchq/CyberChef: The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis - gchq/CyberChef