BlueHat v18 - Microsoft Conference Center
https://blogs.technet.microsoft.com/bluehat/
🕴🏼 @Phantasm_Lab
Announcing the BlueHat v18 Schedule:
Where did the summer go? This year the BlueHat Security Conference moved forward in the schedule to late September. Next year it will settle into a steady orbit of early October moving forward. With that change in schedule, it is hard to believe that it is time to reveal the schedule for BlueHat v18. We had nearly one hundred fifty submissions spanning the gamut of security topics and presenters. That made for some tough choices for the content advisory board and a schedule that will leave wishing you could be in multiple talks at the same time. On behalf of the content advisory board, I want to thank everyone who submitted a paper for consideration. There were a lot of great ideas, but we could not put all of them on stage for this instance of BlueHat. We look forward to continuing the security conversation with you in the future.
https://blogs.technet.microsoft.com/bluehat/2018/08/02/announcing-the-bluehat-v18-schedule/https://blogs.technet.microsoft.com/bluehat/
🕴🏼 @Phantasm_Lab
Bugcrowd University Opens Its Doors to the Crowd
https://www.bugcrowd.com/press-release/bugcrowd-university-opens-its-doors-to-the-crowd/?utm_source=social&utm_medium=facebook&utm_content=press_release&utm_campaign=bcu
🕴 @Phantasm_Lab
Bugcrowd University addresses the skill shortage by introducing new researchers to the crowdsourced security field and upleveling the skills of the white hat hacker community across the board. In tandem, Bugcrowd is pushing forward with the Bugcrowd Ambassador Program to foster new researchers. Researchers who take part in this program will learn new skills and hone old ones, and help spread the skills needed to shorten the cybersecurity gap.
“Making Bugcrowd home for researchers is one of our highest priorities. The goal of Bugcrowd University is to empower researchers with training and content to strengthen the security community,” said Jason Haddix, VP of Trust & Security, Bugcrowd. “With this Bugcrowd University program we will not only train and empower our Crowd to find high-priority vulnerabilities, we will also introduce this model to would-be security researchers around the world to increase the number of skilled researchers looking for vulnerabilities.”https://www.bugcrowd.com/press-release/bugcrowd-university-opens-its-doors-to-the-crowd/?utm_source=social&utm_medium=facebook&utm_content=press_release&utm_campaign=bcu
🕴 @Phantasm_Lab
Types of firewall | network firewall security | TechTerms
🕴 @Phantasm_Lab
Learn different types of firewall
https://www.youtube.com/watch?v=aUPoA3MSajU🕴 @Phantasm_Lab
YouTube
What is firewall? | Types of firewall | network firewall security | TechTerms
Learn different types of firewall, types of firewall software, types of hardware firewall, different types of firewalls, types of firewalls, types firewall, types of firewalls in network security, different types of hardware firewalls, types of firewall,…
Forwarded from @Phantasm_Lab
Bypassing Web Application Firewalls (WAF)
https://github.com/frizb/Bypassing-Web-Application-Firewalls
🕴 @Phantasm_Lab
A series of python noscripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockershttps://github.com/frizb/Bypassing-Web-Application-Firewalls
🕴 @Phantasm_Lab
GitHub
GitHub - frizb/Bypassing-Web-Application-Firewalls: A series of python noscripts for generating weird character combinations for…
A series of python noscripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockers - frizb/Bypassing-Web-Application-Firewalls
Reverse Shell Cheat Sheet
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
🕴🏽 @Phantasm_Lab
If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell.If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding a shell to a TCP port. This page deals with the former.Your options for creating a reverse shell are limited by the noscripting languages installed on the target system – though you could probably upload a binary program too if you’re suitably well prepared.The examples shown are tailored to Unix-like systems. Some of the examples below should also work on Windows if you use substitute “/bin/sh -i” with “cmd.exe”.Each of the methods below is aimed to be a one-liner that you can copy/paste. As such they’re quite short lines, but not very readable.http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
🕴🏽 @Phantasm_Lab
John The Ripper Hash Formats
http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats
🕴🏽 @Phantasm_Lab
John the Ripper is a favourite password cracking tool of many pentesters.http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats
🕴🏽 @Phantasm_Lab
OWASP Top 10: XML External Entities
🕴🏽 @Phantasm_Lab
#4 vulnerability listed in this year's OWASP Top 10 Security Risks: XML External Entities. Learn about this security risk and how to guard against it.
https://www.youtube.com/watch?v=g2ey7ry8_CQ🕴🏽 @Phantasm_Lab
YouTube
2017 OWASP Top 10: XML External Entities
New 2021 OWASP Lightboard Series:
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ
Video 4/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #4 vulnerability listed in this year's OWASP Top 10 Security…
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ
Video 4/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #4 vulnerability listed in this year's OWASP Top 10 Security…
OWASP Top 10: Broken Access Control
https://www.youtube.com/watch?v=P38at6Tp8Ms
🕴🏽 @Phantasm_Lab
vulnerability listed in this year's OWASP Top 10 Security Risks: Broken Access Control. Learn about this security risk and how to guard against it.https://www.youtube.com/watch?v=P38at6Tp8Ms
🕴🏽 @Phantasm_Lab
YouTube
2017 OWASP Top 10: Broken Access Control
New 2021 OWASP Lightboard Series:
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ
Video 5/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #5 vulnerability listed in this year's OWASP Top 10 Security…
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ
Video 5/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #5 vulnerability listed in this year's OWASP Top 10 Security…
Forwarded from @Phantasm_Lab
Joomla Joomanager 2.0.0 Joomanager Arbitrary File Download Exploit
https://0day.today/exploit/29950
https://www.exploit-db.com/exploits/44252
https://cxsecurity.com/issue/WLB-2018030054
https://www.exploitalert.com/view-details.html?id=29114
https://www.phpsecure.info/go/162082.html
https://hackertor.com/2017/08/31/joomla-component-joomanager-2-0-0-arbitrary-file-download/
https://buzzreddit.com/post/82glkb
https://www.exploit-database.net/?id=96963
http://reader.centrodouniverso.com.br/archives/544371
https://github.com/Luth1er/COM_JOOMANAGER-ARBITRARY-FILE-DOWNLOAD
🕴🏽 @Phantasm_Lab
0day: AFD Risk: Security Risk High0day-ID: 29950 ExploitDB-id: 442520day db-id: 16348 CXSecurity-id: WLB-2018030054https://0day.today/exploit/29950
https://www.exploit-db.com/exploits/44252
https://cxsecurity.com/issue/WLB-2018030054
https://www.exploitalert.com/view-details.html?id=29114
https://www.phpsecure.info/go/162082.html
https://hackertor.com/2017/08/31/joomla-component-joomanager-2-0-0-arbitrary-file-download/
https://buzzreddit.com/post/82glkb
https://www.exploit-database.net/?id=96963
http://reader.centrodouniverso.com.br/archives/544371
https://github.com/Luth1er/COM_JOOMANAGER-ARBITRARY-FILE-DOWNLOAD
🕴🏽 @Phantasm_Lab
Cxsecurity
Joomla! Component Joomanager 2.0.0 com_Joomanager Arbitrary File Download - CXSecurity.com
Luth1er has realised a new security note Joomla! Component Joomanager 2.0.0 com_Joomanager Arbitrary File Download