HackerOne – Telegram
HackerOne
@HackerOne
11K subscribers
644 photos
31 videos
79 files
2.74K links
Community : @Sec0x01
@Bug0x
Download Telegram
About
Blog
Apps
Platform
Join
HackerOne
11K subscribers
HackerOne
https://youtu.be/KH-xzqF1bY8
YouTube
Windows Logging | SANS ICS Concepts
In this SANS ICS Concept overview, we are joined by Mike Hoffman of Dragos. Mike has 20+ years experience as a controls and automation specificist. He has giving several talks at SANS ICS Summits and has several papers published in the SANS Reading Room.…
2.04K viewsAdeL
HackerOne
https://youtu.be/T3a6QN7p_UM
1.91K viewsAdeL
HackerOne
Microsoft SharePoint Server Remote Code Execution Vulnerability

In a network-based attack, an authenticated attacker can gain access to create a site and could execute code remotely within the Sharepoint Server.

Security updates:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28474
1.9K viewsAdeL
HackerOne
https://youtu.be/un_3xC2DX3U
YouTube
windows graphics component pivilege escalation | CVE-2021-26868 PoC
CVE-2021-26868 Windows Graphics Component Elevation of Privilege Vulnerability. It injects shellcode into winlogon.exe, resulting in SYSTEM level privilege escalation. Below, we test the base exploit (injects cmd.exe) and then modify it to inject a Covenant…
1.94K viewsAdeL
HackerOne
https://youtu.be/Qy9SmCFUMjk
YouTube
Gateone ssh file read vulnerability | CVE-2020-35736 poc
#GateOne ssh is an HTML5 web-based terminal emulator and SSH client.

#CVE-2020-35746 - arbitrary file read vulnerability via download.
GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join…
1.79K viewsAdeL
HackerOne
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-26855.html
1.73K viewsAdeL
HackerOne
https://youtu.be/47OBH4N70f0
YouTube
Code snippets plugin vulnerability | CVE-2020-8417 PoC
Code Snippets Vulnerability : CVE-2020-8417
Code snippets plugin allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site. This is a Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) vulnerability.…
1.83K viewsAdeL
HackerOne
https://fireshellsecurity.team/ssrf/
FireShell Security Team
Posts by tag: ssrf
The FireShell Security Team is an initiative created in 2017 that aims to disseminate knowledge in the areas of InfoSec, CTFs and Hacking.
1.78K viewsAmir Kiani
HackerOne
https://youtu.be/xqzfNqMrFGQ
1.79K viewsAdeL
HackerOne
#threatleak #malware

https://any.run/cybersecurity-blog/introduction-to-malware-analysis/
ANY.RUN's Cybersecurity Blog
Introduction to Malware Analysis - ANY.RUN's Cybersecurity Blog
Investigate malicious files with our guest writer. He will lead you through each step of Dridex and IcedID analysis, so you can repeat it by yourself.
1.92K viewsAdeL
HackerOne
https://youtu.be/zDxCnzNAkAk
1.93K viewsAdeL
HackerOne
https://mitre-engenuity.org/blog/2021/07/19/engenuity-releases-ics-security-tools/
1.98K viewsAdeL
HackerOne
Automation in Reverse Engineering: String Decryption https://synthesis.to/2021/06/30/automating_string_decryption.html
1.86K viewsAdeL
HackerOne
A good historic background of Pegasus, a weapon system by NSO Group and role of Israel 🇮🇱 (government) in supporting the cyber espionage and specifics to India 🇮🇳

Israeli government is trying to evade sanctioning NSO and similar companies under international pressure. Lobbying is not working for Israel. Public is aware and only thing in Israels favour is to stay quiet till the heat dies out.

https://youtu.be/0OWw8IEj9oQ
2.14K viewsAdeL
HackerOne
https://www.trendmicro.com/en_us/research/21/g/updated-xcsset-malware-targets-telegram--other-apps.html
Trend Micro
Updated XCSSET Malware Targets Telegram, Other Apps
In our last update on the XCSSET campaign, we updated some of its features targeting latest macOS 11 (Big Sur). Since then, the campaign added more features to its toolset, which we have continually monitored. We have also discovered the mechanism used to…
👎1
1.94K viewsAdeL
HackerOne
Fuzzing with Grammars

https://www.fuzzingbook.org/html/Grammars.html
www.fuzzingbook.org
Fuzzing with Grammars - The Fuzzing Book
In the chapter on "Mutation-Based Fuzzing", we have seen how to use extra hints – such as sample input files – to speed up test generation. In this chapter, we take this idea one step further, by providing a specification of the legal inputs to a program.…
1.79K viewsAdeL
HackerOne
Elasticsearch ECE 7.13.3 - Anonymous Database Dump

https://www.exploit-db.com/exploits/50152
Exploit Database
Elasticsearch ECE 7.13.3 - Anonymous Database Dump
Elasticsearch ECE 7.13.3 - Anonymous Database Dump. CVE-2021-22146 . webapps exploit for Multiple platform
1.75K viewsAdeL
HackerOne
Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

https://ift.tt/3zvPwgW
1.69K viewsAdeL
HackerOne
New PetitPotam attack
https://twitter.com/cyb3rops/status/1419193618745675776?s=19
Twitter
Florian Roth
Keep calm. This is much less serious than it initially appeared.
1.79K viewsDmitriy
HackerOne
Apple fixes zero-day affecting iPhones and Macs, exploited in the wild

https://ift.tt/3eYuZJY
BleepingComputer
Apple fixes zero-day affecting iPhones and Macs, exploited in the wild
Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs.
1.85K viewsAdeL
HackerOne
CVE-2021-27850 Exploit
https://github.com/kahla-sec/CVE-2021-27850_POC
GitHub
GitHub - kahla-sec/CVE-2021-27850_POC: A Proof of concept for CVE-2021-27850 affecting Apache Tapestry and leading to unauthencticated…
A Proof of concept for CVE-2021-27850 affecting Apache Tapestry and leading to unauthencticated remote code execution. - kahla-sec/CVE-2021-27850_POC
1.87K viewsAmir Kiani