NEW BOT Телеграм, страница

Microsoft SharePoint Server Remote Code Execution Vulnerability

In a network-based attack, an authenticated attacker can gain access to create a site and could execute code remotely within the Sharepoint Server.

Security updates:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28474

1.9K viewsAdeL, 17:32

HackerOne

https://youtu.be/un_3xC2DX3U

YouTube

windows graphics component pivilege escalation | CVE-2021-26868 PoC

CVE-2021-26868 Windows Graphics Component Elevation of Privilege Vulnerability. It injects shellcode into winlogon.exe, resulting in SYSTEM level privilege escalation. Below, we test the base exploit (injects cmd.exe) and then modify it to inject a Covenant…

1.94K viewsAdeL, 11:21

HackerOne

https://youtu.be/Qy9SmCFUMjk

YouTube

Gateone ssh file read vulnerability | CVE-2020-35736 poc

#GateOne ssh is an HTML5 web-based terminal emulator and SSH client.

#CVE-2020-35746 - arbitrary file read vulnerability via download.
GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join…

1.79K viewsAdeL, 17:54

HackerOne

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-26855.html

1.73K viewsAdeL, 14:53

HackerOne

https://youtu.be/47OBH4N70f0

YouTube

Code snippets plugin vulnerability | CVE-2020-8417 PoC

Code Snippets Vulnerability : CVE-2020-8417
Code snippets plugin allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site. This is a Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) vulnerability.…

1.83K viewsAdeL, 16:18

HackerOne

https://fireshellsecurity.team/ssrf/

FireShell Security Team

Posts by tag: ssrf

The FireShell Security Team is an initiative created in 2017 that aims to disseminate knowledge in the areas of InfoSec, CTFs and Hacking.

1.78K viewsAmir Kiani, 08:46

HackerOne

https://youtu.be/xqzfNqMrFGQ

1.79K viewsAdeL, 11:48

HackerOne

#threatleak #malware

https://any.run/cybersecurity-blog/introduction-to-malware-analysis/

ANY.RUN's Cybersecurity Blog

Introduction to Malware Analysis - ANY.RUN's Cybersecurity Blog

Investigate malicious files with our guest writer. He will lead you through each step of Dridex and IcedID analysis, so you can repeat it by yourself.

1.92K viewsAdeL, 12:27

HackerOne

https://youtu.be/zDxCnzNAkAk

1.93K viewsAdeL, 12:18

HackerOne

https://mitre-engenuity.org/blog/2021/07/19/engenuity-releases-ics-security-tools/

1.98K viewsAdeL, 19:10

HackerOne

Automation in Reverse Engineering: String Decryption https://synthesis.to/2021/06/30/automating_string_decryption.html

1.86K viewsAdeL, 16:19

HackerOne

A good historic background of Pegasus, a weapon system by NSO Group and role of Israel 🇮🇱 (government) in supporting the cyber espionage and specifics to India 🇮🇳

Israeli government is trying to evade sanctioning NSO and similar companies under international pressure. Lobbying is not working for Israel. Public is aware and only thing in Israels favour is to stay quiet till the heat dies out.

https://youtu.be/0OWw8IEj9oQ

2.14K viewsAdeL, 17:30

HackerOne

https://www.trendmicro.com/en_us/research/21/g/updated-xcsset-malware-targets-telegram--other-apps.html

Trend Micro

Updated XCSSET Malware Targets Telegram, Other Apps

In our last update on the XCSSET campaign, we updated some of its features targeting latest macOS 11 (Big Sur). Since then, the campaign added more features to its toolset, which we have continually monitored. We have also discovered the mechanism used to…

👎1

1.94K viewsAdeL, 13:39

HackerOne

Fuzzing with Grammars

https://www.fuzzingbook.org/html/Grammars.html

www.fuzzingbook.org

Fuzzing with Grammars - The Fuzzing Book