Forwarded from @Phantasm_Lab
XXE vulnerability demo
https://github.com/rgerganov/xxe-example
Simple web application which demonstrates XXE vulnerabitlity.https://github.com/rgerganov/xxe-example
GitHub
GitHub - rgerganov/xxe-example: XXE vulnerability demo
XXE vulnerability demo. Contribute to rgerganov/xxe-example development by creating an account on GitHub.
Forwarded from @Phantasm_Lab
The Mobile Application Hackers Handbook
🕴 @Phantasm_Lab
Mobile computing has changed the game. Your personal data is no longer just stored on your desktop in the sanctuary of your office or home. You now carry personally identifiable information, financial data, personal and corporate email, and much more in your pocket, wherever you go. The smartphone is quickly becoming ubiquitous, and with at least 40 applications installed on the average smartphone the attack surface is significant.The focus of this book is highly practical. Although we provide some background theory for you to understand the fundamentals of mobile application vulnerabilities, our primary concern is documenting the techniques you need to master to attack and exploit them. Where applicable, we include real-world examples derived from our many years of experience and from publically documented vulnerabilities.🕴 @Phantasm_Lab
The Hacker PlayBook 3 - Pratical Guide To Penetration Testing
🕴🏽 @Phantasm_Lab
This is the third iteration of The Hacker Playbook (THP) series. Below is an overview of all the new vulnerabilities and attacks that will be discussed. In addition to the new content, some attacks and techniques from the prior books (which are still relevant today) are included to eliminate the need to refer back to the prior books. So, what's new? Some of the updated topics from the past couple of years include:- Abusing Active Directory- Abusing Kerberos- Advanced Web Attacks- Better Ways to Move Laterally- Cloud Vulnerabilities- Faster/Smarter Password Cracking- Living Off the Land- Lateral Movement Attacks- Multiple Custom Labs- Newer Web Language Vulnerabilities- Physical Attacks- Privilege Escalation- PowerShell Attacks- Ransomware Attacks- Red Team vs Penetration Testing- Setting Up Your Red Team Infrastructure- Usable Red Team Metrics- Writing Malware and Evading AV- And so much more🕴🏽 @Phantasm_Lab
Forwarded from @Phantasm_Lab
The Hacker Playbook 2 - Practical Guide To Penetration Testing
https://drive.google.com/open?id=0B-OpLAp8EyTfV0JpS1MtX015aEU
🕴 @Phantasm_Lab
| PDF/EPUB/MOBI | 23/18/53 MB |https://drive.google.com/open?id=0B-OpLAp8EyTfV0JpS1MtX015aEU
🕴 @Phantasm_Lab
https://www.shakzee.com/courses/the-complete-php-course-from-core-php-to-php7-codeigniter/
coupon code: php-with-shakzee
coupon code: php-with-shakzee
Shakzee
The Complete PHP Course from Core PHP to PHP7 & Codeigniter
Do you want to learn web development especially server-side language..? if yes you are at the right place I will teach each and everything from basic to advance in this series.
APPSEC Cali 2018 - A Tour of API Underprotection
Author
https://youtu.be/lgAEJwgxe0Y
🕴 @Phantasm_Lab
Effective API protection is a growing concern, reflecting the popularity of RESTful Web APIs and richer front-end clients which stress current security and access authorization approaches. You’ll learn about potential threats resulting from undersecured Web APIs and techniques to strengthen your API security posture. You'll gain a clear understanding of user authorization via OAuth2, software authorization via static API keys and the critical interplay between them. Of particular concern are mobile API consumers whose code is statically published with secrets which are often poorly concealed. Practical advice with code examples will show how to improve mobile API security. TLS is necessary but insufficient to fully secure client-server communications. Certificate pinning is explained with code examples to show how to strengthen channel communications. Some advanced techniques will be discussed such as app hardening, white box cryptography and mobile app attestation. You should gain a good understanding of the underprotected API problem, with some immediately practical tips to improve your API security posture and a sense of emerging tools and technologies that enable a significant step change in API security.Author
Skip Hovsmith is a Principal Engineer and VP Americas for CriticalBlue, working on securing API usage between mobile apps and backend services. Previously, Skip consulted with CriticalBlue customers on accelerating mobile and embedded software running on multicore and custom coprocessor platforms in video, networking, and security modules. Prior to CriticalBlue, Skip worked in formal verification, FPGA design, reconfigurable hw/sw systems, and VLSI and mixed-signal chip design. He enjoys working directly with customers and is a writer at Hacker Noon, focused on API security topics such as “They reverse engineered 16k apps; here’s what we’d fix”, and "Mobile API Security".https://youtu.be/lgAEJwgxe0Y
🕴 @Phantasm_Lab
YouTube
APPSEC Cali 2018 - A Tour of API Underprotection
Abstract :
Effective API protection is a growing concern, reflecting the popularity of RESTful Web APIs and richer front-end clients which stress current security and access authorization approaches. You’ll learn about potential threats resulting from undersecured…
Effective API protection is a growing concern, reflecting the popularity of RESTful Web APIs and richer front-end clients which stress current security and access authorization approaches. You’ll learn about potential threats resulting from undersecured…
Forwarded from Hacking Brasil (Ryoon Ivo)
CCNA - The Complete Networking Fundamentals Course.
https://drive.google.com/folderview?id=0B6GbIqxDJgzoZ1FwaHl5dlVtRjQ
@HackingBr4sil
https://drive.google.com/folderview?id=0B6GbIqxDJgzoZ1FwaHl5dlVtRjQ
@HackingBr4sil
Forwarded from @Phantasm_Lab
Java secreto - Técnicas de descompilação, patching e Engenharia Reversa
🕴🏽 @Phantasm_Lab
Alex Kalinovsky: https://mega.nz/#!g8tCCLaQ!oZ9K5LBsxqPPu7EIcObOmjpEXYCBYLMTWakE-OOtJfc🕴🏽 @Phantasm_Lab
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now