[glance] Path Traversal in glance static file server allows to read content of arbitrary file
https://hackerone.com/reports/310106
🕴 @Phantasm_Lab
Denoscriptionglance serves files from the server where was installed. No path sanitization is implemented, thus malicious user is able to read content of any file from the server using simple curl command (adjust number of ../ to reflect your system):https://hackerone.com/reports/310106
🕴 @Phantasm_Lab
HackerOne
Node.js third-party modules disclosed on HackerOne: [glance] Path...
Hi Guys,
There is Path Traversal vulnerability in ```glance``` module. This issue allows to read arbitrary files from the server, where ```glance``` is installed.
## Module
**glance**
a quick...
There is Path Traversal vulnerability in ```glance``` module. This issue allows to read arbitrary files from the server, where ```glance``` is installed.
## Module
**glance**
a quick...
Forwarded from Hacking Brasil (Ryoon Ivo)
Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort
Os administradores de sistemas precisam ficar à frente de novas vulnerabilidades de segurança que deixam suas redes expostas todos os dias. Um firewall e um sistema de detecção de intrusão(IDS) são duas armas importantes nessa batalha, o que lhe permite negar proativamente o acesso e monitorar o tráfego da rede para detectar sinais de um ataque.
No livro Linux Firewalls discute os detalhes técnicos do firewall iptables e do framework Netfilter incorporados ao kernel do Linux, e explica como fornecem recursos sólidos de filtragem, conversão de endereços de rede(NAT), controle de estado e capacidades de inspeção de camada de aplicativos que rivalizam com muitos ferramentas comerciais. Você aprenderá a implantar iptables como um IDS com psad e fwsnort e também como construir uma camada de autenticação passiva forte em torno de iptables com fwknop.
Os administradores de sistemas precisam ficar à frente de novas vulnerabilidades de segurança que deixam suas redes expostas todos os dias. Um firewall e um sistema de detecção de intrusão(IDS) são duas armas importantes nessa batalha, o que lhe permite negar proativamente o acesso e monitorar o tráfego da rede para detectar sinais de um ataque.
No livro Linux Firewalls discute os detalhes técnicos do firewall iptables e do framework Netfilter incorporados ao kernel do Linux, e explica como fornecem recursos sólidos de filtragem, conversão de endereços de rede(NAT), controle de estado e capacidades de inspeção de camada de aplicativos que rivalizam com muitos ferramentas comerciais. Você aprenderá a implantar iptables como um IDS com psad e fwsnort e também como construir uma camada de autenticação passiva forte em torno de iptables com fwknop.
Forwarded from Hacking Brasil (Ryoon Ivo)
9781593271411(1).pdf
6.5 MB
Joomla Joomanager 2.0.0 Joomanager Arbitrary File Download Exploit
https://0daydb.com/exploit/16348
🕴 @Phantasm_Lab
https://0daydb.com/exploit/16348
🕴 @Phantasm_Lab
#Pentest #SANS #SecurityGuildes
SANS Security Guildes
https://www.sans.org/reading-room/whitepapers/testing/
🕴 @Phantasm_Lab
SANS Security Guildes
https://www.sans.org/reading-room/whitepapers/testing/
🕴 @Phantasm_Lab
www.sans.org
SANS Institute: Reading Room - Penetration Testing
Computer security training, certification and free resources. We specialize in computer/network security, digital forensics, application security and IT audit.
Forwarded from The Bug Bounty Hunter
How I gained access to Sony’s database
https://medium.com/bugbountywriteup/how-i-gained-access-to-sonys-database-f3ba08d0e035
https://medium.com/bugbountywriteup/how-i-gained-access-to-sonys-database-f3ba08d0e035
Medium
How I gained access to Sony’s database
This was a bug that I found back in 2017. This started when a friend of mine (a.k.a 1337) showed me a T-Shirt that he got from Sony . So I…
Forwarded from @Phantasm_Lab (Deleted Account)
Advanced Penetration Testing - Hacking the World's Most Secure Networks | PDF/EPUB | 6/6 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfMy05SjhEaWpGODQ
Black Hat Python | PDF/EPUB | 3/3 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfbHY0dWVSVURMVE0
Defensive security handbook | PDF/EPUB/AZW3 | 29/27/4 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfT1JBa1VFMFBnVDg
Ethical Hacking and Penetration Testing Guide | PDF | 22 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfQVUwczFMU2JMWGc
Hacking - The Art of Explotation | PDF | 4 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfeXNUbl96ZEt3Mk0
Hash Crack - Password Cracking Manual | PDF/EPUB/AZW3 | 6/2/3 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfZDV1V251UzVtMmc
Kali Linux Revealed - Mastering the Penetration Testing Distribution | PDF | 26 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfSGpUSWk0QVJTUVU
RTFM - Red Team Field Manual | PDF | 3 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfaFB5LVpsOGlMS00
The Hacker Playbook 2 - Practical Guide To Penetration Testing | PDF/EPUB/MOBI | 23/18/53 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfV0JpS1MtX015aEU
The Shellcoders's Handbook - Discovering and Exploiting Security Holes | PDF | 4 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfeXFvX1YzdG8zMVU
Violent Python - A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers | PDF | 8 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfNnYtUHQycGZwS28
Black Hat Python | PDF/EPUB | 3/3 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfbHY0dWVSVURMVE0
Defensive security handbook | PDF/EPUB/AZW3 | 29/27/4 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfT1JBa1VFMFBnVDg
Ethical Hacking and Penetration Testing Guide | PDF | 22 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfQVUwczFMU2JMWGc
Hacking - The Art of Explotation | PDF | 4 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfeXNUbl96ZEt3Mk0
Hash Crack - Password Cracking Manual | PDF/EPUB/AZW3 | 6/2/3 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfZDV1V251UzVtMmc
Kali Linux Revealed - Mastering the Penetration Testing Distribution | PDF | 26 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfSGpUSWk0QVJTUVU
RTFM - Red Team Field Manual | PDF | 3 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfaFB5LVpsOGlMS00
The Hacker Playbook 2 - Practical Guide To Penetration Testing | PDF/EPUB/MOBI | 23/18/53 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfV0JpS1MtX015aEU
The Shellcoders's Handbook - Discovering and Exploiting Security Holes | PDF | 4 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfeXFvX1YzdG8zMVU
Violent Python - A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers | PDF | 8 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfNnYtUHQycGZwS28
Forwarded from Hacking Brasil (Ryoon Ivo)
No plano foi sugerido que a Agência de Segurança Nacional(NSA) realizasse ataques cibernéticos para neutralizar sites russos e o hacker Guccifer 2.0 que hackearia o email da sede da campanha de Hillary Clinton e do Comitê Nacional do Partido Democrata.
https://hackingbrasil.wordpress.com/2018/03/11/a-casa-branca-planejava-um-ataque-cibernetico-massivo-contra-a-russia/
https://hackingbrasil.wordpress.com/2018/03/11/a-casa-branca-planejava-um-ataque-cibernetico-massivo-contra-a-russia/
We are Zerodium
http://zerodium.com/
The premium acquisition program for zero-day exploits and advanced cybersecurity research.http://zerodium.com/
Zerodium
ZERODIUM - The Premium Exploit Acquisition Platform
ZERODIUM is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research. Our platform allows security researchers to sell their 0day (zero-day) exploits for the highest rewards.
Stored XSS when you read eamils. <style>
https://hackerone.com/reports/274844
🕴 @Phantasm_lab
Reported To: Mail.Ruhttps://hackerone.com/reports/274844
🕴 @Phantasm_lab
HackerOne
Mail.ru disclosed on HackerOne: Stored XSS when you read eamils....
XSS via crafted block style.
Demonstrated attack vector was eliminated on the date of reporintg, final solution changes parsing algorythm to eliminate similar attacks.
Demonstrated attack vector was eliminated on the date of reporintg, final solution changes parsing algorythm to eliminate similar attacks.