HackerOne
@HackerOne
11K
subscribers
644
photos
31
videos
79
files
2.74K
links
Community :
@Sec0x01
@Bug0x
Download Telegram
Join
HackerOne
11K subscribers
HackerOne
Forwarded from
Amir Kiani
https://blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot/
Sonarsource
NodeBB 1.18.4 - Remote Code Execution With One Shot
We recently discovered three interesting code vulnerabilities in NodeBB 1.18.4, allowing attackers to compromise servers. Find out about the details in this article!
❤
1
HackerOne
https://learnfrida.info/
learnfrida.info
Frida HandBook
Frida handbook, resource to learn the basics of binary instrumentation in desktop systems (Windows, Linux, MacOS) with real-world examples.
HackerOne
We can do serious things
💀
HackerOne
HackerOne
https://cyber.bgu.ac.il/advanced-cyber/airgap
HackerOne
https://github.com/epsylon/fuzzssh
GitHub
GitHub - epsylon/fuzzssh: FuzzSSH is a free software tool created to detect SSH (protocol) vulnerabilities.
FuzzSSH is a free software tool created to detect SSH (protocol) vulnerabilities. - GitHub - epsylon/fuzzssh: FuzzSSH is a free software tool created to detect SSH (protocol) vulnerabilities.
HackerOne
https://www.randorisec.fr/crack-linux-firewall/
HackerOne
https://www.youtube.com/watch?v=gfZRaftYKrk
YouTube
php 8.1 remote code execution
In this video we are going to solve one of the vulnmachines lab zero is cool.
PHP verion 8.1.0 backdoor was released with a backdoor on March 28th 2021, but the #backdoor was quickly discovered and removed. If this version of #php runs on a server, an #attackers…
HackerOne
https://shabarkin.medium.com/gsuite-domain-takeover-through-delegation-9d6664c91142
Medium
GSuite domain takeover through delegation
By exploiting a broken business logic of a web app, it can be possible to retrieve even Google service account credentials integrated through the OAuth flow and compromise all GSuite users by delegating specific permissions in the GSuite domain.
HackerOne
https://docs.google.com/presentation/d/1cMSRVlJJ5de6Pyv-09YgzOGS0OYrP6p7ggGl0f42wmw/edit
Google Docs
(pub)TBHM App v1
The Bug Hunter’s Methodology Application Hacking v1
HackerOne
https://github.com/hktalent/scan4all
GitHub
GitHub - GhostTroops/scan4all: Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints;…
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)... - ...
HackerOne
HackerOne
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javanoscript-commands-get-executed-in-an-in-app-browser
HackerOne
https://www.linkedin.com/posts/vulnmachines_python-exploit-rce-activity-6966651265690812416-MtbM?utm_source=linkedin_share&utm_medium=android_app
Linkedin
#python #exploit #rce #pentesting #github #infosecurity #infosec #cybersecurity #bugbounty #bugbountytips | Vulnmachines
Webmin remote code execution : CVE-2022-36446
A #python noscript to #exploit CVE-2022-36446 Software Package Updates #rce (Authenticated) on Webmin < 1.997.
Github : https://lnkd.in/djk4gxsc
Start your #pentesting journey with us
https://lnkd.in/dSsktqTR.…
HackerOne
https://github.com/hktalent/TOP
GitHub
GitHub - GhostTroops/TOP: TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things - GhostTroops/TOP
HackerOne
https://github.com/s0md3v/uro/
GitHub
GitHub - s0md3v/uro: declutters url lists for crawling/pentesting
declutters url lists for crawling/pentesting. Contribute to s0md3v/uro development by creating an account on GitHub.
HackerOne
https://github.com/Developer-Y/cs-video-courses
GitHub
GitHub - Developer-Y/cs-video-courses: List of Computer Science courses with video lectures.
List of Computer Science courses with video lectures. - Developer-Y/cs-video-courses
HackerOne
https://chuongdong.com/reverse%20engineering/2022/09/03/PLAYRansomware/
Chuong Dong
PLAY Ransomware
Malware Analysis Report - PLAY Ransomware
HackerOne
https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger
BlackBerry
The Curious Case of “Monti” Ransomware: A Real-World Doppelganger
While working a recent ransomware incident, BlackBerry identified a group whose name and TTPs mimicked the long-standing, popular ransomware crew Conti. Furthermore, the encryptor payload used in the attack was taken from the original group and modified for…
HackerOne
https://github.com/gtworek/PSBits/tree/master/PasswordStealing
GitHub
PSBits/PasswordStealing at master · gtworek/PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual. - gtworek/PSBits
HackerOne
https://github.com/wisoffe/exploits-predict
GitHub
GitHub - wisoffe/exploits-predict: Predicting the probability of an exploit being released after a CVE is published (by Machine…
Predicting the probability of an exploit being released after a CVE is published (by Machine learning algorithm) - wisoffe/exploits-predict
TWeb.init({scrollToPost:'HackerOne/3389'});
