Bugcrowd University Opens Its Doors to the Crowd
https://www.bugcrowd.com/press-release/bugcrowd-university-opens-its-doors-to-the-crowd/?utm_source=social&utm_medium=facebook&utm_content=press_release&utm_campaign=bcu
🕴 @Phantasm_Lab
Bugcrowd University addresses the skill shortage by introducing new researchers to the crowdsourced security field and upleveling the skills of the white hat hacker community across the board. In tandem, Bugcrowd is pushing forward with the Bugcrowd Ambassador Program to foster new researchers. Researchers who take part in this program will learn new skills and hone old ones, and help spread the skills needed to shorten the cybersecurity gap.
“Making Bugcrowd home for researchers is one of our highest priorities. The goal of Bugcrowd University is to empower researchers with training and content to strengthen the security community,” said Jason Haddix, VP of Trust & Security, Bugcrowd. “With this Bugcrowd University program we will not only train and empower our Crowd to find high-priority vulnerabilities, we will also introduce this model to would-be security researchers around the world to increase the number of skilled researchers looking for vulnerabilities.”https://www.bugcrowd.com/press-release/bugcrowd-university-opens-its-doors-to-the-crowd/?utm_source=social&utm_medium=facebook&utm_content=press_release&utm_campaign=bcu
🕴 @Phantasm_Lab
Types of firewall | network firewall security | TechTerms
🕴 @Phantasm_Lab
Learn different types of firewall
https://www.youtube.com/watch?v=aUPoA3MSajU🕴 @Phantasm_Lab
YouTube
What is firewall? | Types of firewall | network firewall security | TechTerms
Learn different types of firewall, types of firewall software, types of hardware firewall, different types of firewalls, types of firewalls, types firewall, types of firewalls in network security, different types of hardware firewalls, types of firewall,…
Forwarded from @Phantasm_Lab
Bypassing Web Application Firewalls (WAF)
https://github.com/frizb/Bypassing-Web-Application-Firewalls
🕴 @Phantasm_Lab
A series of python noscripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockershttps://github.com/frizb/Bypassing-Web-Application-Firewalls
🕴 @Phantasm_Lab
GitHub
GitHub - frizb/Bypassing-Web-Application-Firewalls: A series of python noscripts for generating weird character combinations for…
A series of python noscripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockers - frizb/Bypassing-Web-Application-Firewalls
Reverse Shell Cheat Sheet
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
🕴🏽 @Phantasm_Lab
If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell.If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding a shell to a TCP port. This page deals with the former.Your options for creating a reverse shell are limited by the noscripting languages installed on the target system – though you could probably upload a binary program too if you’re suitably well prepared.The examples shown are tailored to Unix-like systems. Some of the examples below should also work on Windows if you use substitute “/bin/sh -i” with “cmd.exe”.Each of the methods below is aimed to be a one-liner that you can copy/paste. As such they’re quite short lines, but not very readable.http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
🕴🏽 @Phantasm_Lab
John The Ripper Hash Formats
http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats
🕴🏽 @Phantasm_Lab
John the Ripper is a favourite password cracking tool of many pentesters.http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats
🕴🏽 @Phantasm_Lab
OWASP Top 10: XML External Entities
🕴🏽 @Phantasm_Lab
#4 vulnerability listed in this year's OWASP Top 10 Security Risks: XML External Entities. Learn about this security risk and how to guard against it.
https://www.youtube.com/watch?v=g2ey7ry8_CQ🕴🏽 @Phantasm_Lab
YouTube
2017 OWASP Top 10: XML External Entities
New 2021 OWASP Lightboard Series:
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ
Video 4/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #4 vulnerability listed in this year's OWASP Top 10 Security…
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ
Video 4/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #4 vulnerability listed in this year's OWASP Top 10 Security…
OWASP Top 10: Broken Access Control
https://www.youtube.com/watch?v=P38at6Tp8Ms
🕴🏽 @Phantasm_Lab
vulnerability listed in this year's OWASP Top 10 Security Risks: Broken Access Control. Learn about this security risk and how to guard against it.https://www.youtube.com/watch?v=P38at6Tp8Ms
🕴🏽 @Phantasm_Lab
YouTube
2017 OWASP Top 10: Broken Access Control
New 2021 OWASP Lightboard Series:
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ
Video 5/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #5 vulnerability listed in this year's OWASP Top 10 Security…
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ
Video 5/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #5 vulnerability listed in this year's OWASP Top 10 Security…
Forwarded from @Phantasm_Lab
Joomla Joomanager 2.0.0 Joomanager Arbitrary File Download Exploit
https://0day.today/exploit/29950
https://www.exploit-db.com/exploits/44252
https://cxsecurity.com/issue/WLB-2018030054
https://www.exploitalert.com/view-details.html?id=29114
https://www.phpsecure.info/go/162082.html
https://hackertor.com/2017/08/31/joomla-component-joomanager-2-0-0-arbitrary-file-download/
https://buzzreddit.com/post/82glkb
https://www.exploit-database.net/?id=96963
http://reader.centrodouniverso.com.br/archives/544371
https://github.com/Luth1er/COM_JOOMANAGER-ARBITRARY-FILE-DOWNLOAD
🕴🏽 @Phantasm_Lab
0day: AFD Risk: Security Risk High0day-ID: 29950 ExploitDB-id: 442520day db-id: 16348 CXSecurity-id: WLB-2018030054https://0day.today/exploit/29950
https://www.exploit-db.com/exploits/44252
https://cxsecurity.com/issue/WLB-2018030054
https://www.exploitalert.com/view-details.html?id=29114
https://www.phpsecure.info/go/162082.html
https://hackertor.com/2017/08/31/joomla-component-joomanager-2-0-0-arbitrary-file-download/
https://buzzreddit.com/post/82glkb
https://www.exploit-database.net/?id=96963
http://reader.centrodouniverso.com.br/archives/544371
https://github.com/Luth1er/COM_JOOMANAGER-ARBITRARY-FILE-DOWNLOAD
🕴🏽 @Phantasm_Lab
Cxsecurity
Joomla! Component Joomanager 2.0.0 com_Joomanager Arbitrary File Download - CXSecurity.com
Luth1er has realised a new security note Joomla! Component Joomanager 2.0.0 com_Joomanager Arbitrary File Download
Remote Code Execution - From Recon to Root!
https://www.shawarkhan.com/2017/10/remote-code-execution-from-recon-to-root.html
🕴🏽 @Phantasm_Lab
Greetings everyone! This is Shawar Khan and today i'm going to share one of my recent findings. I'll show you how proper recon can lead to code execution. Recon and information gathering is an important part of penetration testing as knowing your target gives you more areas to attack.https://www.shawarkhan.com/2017/10/remote-code-execution-from-recon-to-root.html
🕴🏽 @Phantasm_Lab
Shawarkhan
Remote Code Execution - From Recon to Root!
Greetings everyone! This is Shawar Khan and today i'm going to share one of my recent findings. I'll show you how proper recon can lead to c...
Web Cache Deception Attack
https://www.youtube.com/watch?v=hR1isK3TFv4
🕴🏽 @Phantasm_Lab
Web Cache Deception Attack how to attack application load balancer to get sensitive information from the application. the attack was demonstrated in bsides conference.https://www.youtube.com/watch?v=hR1isK3TFv4
🕴🏽 @Phantasm_Lab
YouTube
Web Cache Deception Attack
Web Cache Deception Attack how to attack application load balancer to get sensitive information from the application. the attack was demonstrated in bsides c...
Web Cache Deception Attack - BlackHat
https://www.youtube.com/watch?v=mroq9eHFOIU
🕴🏽 @Phantasm_Lab
Web Cache Deception attack is a new web attack vector that puts various technologies and frameworks at risk. By manipulating behaviors of web servers and caching mechanisms, anonymous attackers can expose sensitive information of authenticated application users, and in certain cases to even take control over their accounts.https://www.youtube.com/watch?v=mroq9eHFOIU
🕴🏽 @Phantasm_Lab
YouTube
Web Cache Deception Attack
Web Cache Deception attack is a new web attack vector that puts various technologies and frameworks at risk. By manipulating behaviors of web servers and caching mechanisms, anonymous attackers can expose sensitive information of authenticated application…
Cracking the Lens: Targeting HTTP's Hidden Attack-Surface
https://www.youtube.com/watch?v=zP4b3pw94s0
🕴🏽 @Phantasm_Lab
Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been largely overlooked for years.https://www.youtube.com/watch?v=zP4b3pw94s0
🕴🏽 @Phantasm_Lab
YouTube
Cracking the Lens: Targeting HTTP's Hidden Attack-Surface
Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been largely overlooked for years.
By James Kettle
Full Abstract…
By James Kettle
Full Abstract…
Java Server Faces
https://www.owasp.org/index.php/Java_Server_Faces
🕴🏽 @Phantasm_Lab
JavaServer Faces (JSF) is a Java-based Web application framework that implements the Model-View-Controller pattern and simplifies the development of web interfaces for Java EE applications. https://www.owasp.org/index.php/Java_Server_Faces
🕴🏽 @Phantasm_Lab