Types of firewall | network firewall security | TechTerms
🕴 @Phantasm_Lab
Learn different types of firewall
https://www.youtube.com/watch?v=aUPoA3MSajU🕴 @Phantasm_Lab
YouTube
What is firewall? | Types of firewall | network firewall security | TechTerms
Learn different types of firewall, types of firewall software, types of hardware firewall, different types of firewalls, types of firewalls, types firewall, types of firewalls in network security, different types of hardware firewalls, types of firewall,…
Forwarded from @Phantasm_Lab
Bypassing Web Application Firewalls (WAF)
https://github.com/frizb/Bypassing-Web-Application-Firewalls
🕴 @Phantasm_Lab
A series of python noscripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockershttps://github.com/frizb/Bypassing-Web-Application-Firewalls
🕴 @Phantasm_Lab
GitHub
GitHub - frizb/Bypassing-Web-Application-Firewalls: A series of python noscripts for generating weird character combinations for…
A series of python noscripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockers - frizb/Bypassing-Web-Application-Firewalls
Reverse Shell Cheat Sheet
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
🕴🏽 @Phantasm_Lab
If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell.If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding a shell to a TCP port. This page deals with the former.Your options for creating a reverse shell are limited by the noscripting languages installed on the target system – though you could probably upload a binary program too if you’re suitably well prepared.The examples shown are tailored to Unix-like systems. Some of the examples below should also work on Windows if you use substitute “/bin/sh -i” with “cmd.exe”.Each of the methods below is aimed to be a one-liner that you can copy/paste. As such they’re quite short lines, but not very readable.http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
🕴🏽 @Phantasm_Lab
John The Ripper Hash Formats
http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats
🕴🏽 @Phantasm_Lab
John the Ripper is a favourite password cracking tool of many pentesters.http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats
🕴🏽 @Phantasm_Lab
OWASP Top 10: XML External Entities
🕴🏽 @Phantasm_Lab
#4 vulnerability listed in this year's OWASP Top 10 Security Risks: XML External Entities. Learn about this security risk and how to guard against it.
https://www.youtube.com/watch?v=g2ey7ry8_CQ🕴🏽 @Phantasm_Lab
YouTube
2017 OWASP Top 10: XML External Entities
New 2021 OWASP Lightboard Series:
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ
Video 4/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #4 vulnerability listed in this year's OWASP Top 10 Security…
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ
Video 4/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #4 vulnerability listed in this year's OWASP Top 10 Security…
OWASP Top 10: Broken Access Control
https://www.youtube.com/watch?v=P38at6Tp8Ms
🕴🏽 @Phantasm_Lab
vulnerability listed in this year's OWASP Top 10 Security Risks: Broken Access Control. Learn about this security risk and how to guard against it.https://www.youtube.com/watch?v=P38at6Tp8Ms
🕴🏽 @Phantasm_Lab
YouTube
2017 OWASP Top 10: Broken Access Control
New 2021 OWASP Lightboard Series:
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ
Video 5/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #5 vulnerability listed in this year's OWASP Top 10 Security…
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ
Video 5/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #5 vulnerability listed in this year's OWASP Top 10 Security…
Forwarded from @Phantasm_Lab
Joomla Joomanager 2.0.0 Joomanager Arbitrary File Download Exploit
https://0day.today/exploit/29950
https://www.exploit-db.com/exploits/44252
https://cxsecurity.com/issue/WLB-2018030054
https://www.exploitalert.com/view-details.html?id=29114
https://www.phpsecure.info/go/162082.html
https://hackertor.com/2017/08/31/joomla-component-joomanager-2-0-0-arbitrary-file-download/
https://buzzreddit.com/post/82glkb
https://www.exploit-database.net/?id=96963
http://reader.centrodouniverso.com.br/archives/544371
https://github.com/Luth1er/COM_JOOMANAGER-ARBITRARY-FILE-DOWNLOAD
🕴🏽 @Phantasm_Lab
0day: AFD Risk: Security Risk High0day-ID: 29950 ExploitDB-id: 442520day db-id: 16348 CXSecurity-id: WLB-2018030054https://0day.today/exploit/29950
https://www.exploit-db.com/exploits/44252
https://cxsecurity.com/issue/WLB-2018030054
https://www.exploitalert.com/view-details.html?id=29114
https://www.phpsecure.info/go/162082.html
https://hackertor.com/2017/08/31/joomla-component-joomanager-2-0-0-arbitrary-file-download/
https://buzzreddit.com/post/82glkb
https://www.exploit-database.net/?id=96963
http://reader.centrodouniverso.com.br/archives/544371
https://github.com/Luth1er/COM_JOOMANAGER-ARBITRARY-FILE-DOWNLOAD
🕴🏽 @Phantasm_Lab
Cxsecurity
Joomla! Component Joomanager 2.0.0 com_Joomanager Arbitrary File Download - CXSecurity.com
Luth1er has realised a new security note Joomla! Component Joomanager 2.0.0 com_Joomanager Arbitrary File Download
Remote Code Execution - From Recon to Root!
https://www.shawarkhan.com/2017/10/remote-code-execution-from-recon-to-root.html
🕴🏽 @Phantasm_Lab
Greetings everyone! This is Shawar Khan and today i'm going to share one of my recent findings. I'll show you how proper recon can lead to code execution. Recon and information gathering is an important part of penetration testing as knowing your target gives you more areas to attack.https://www.shawarkhan.com/2017/10/remote-code-execution-from-recon-to-root.html
🕴🏽 @Phantasm_Lab
Shawarkhan
Remote Code Execution - From Recon to Root!
Greetings everyone! This is Shawar Khan and today i'm going to share one of my recent findings. I'll show you how proper recon can lead to c...
Web Cache Deception Attack
https://www.youtube.com/watch?v=hR1isK3TFv4
🕴🏽 @Phantasm_Lab
Web Cache Deception Attack how to attack application load balancer to get sensitive information from the application. the attack was demonstrated in bsides conference.https://www.youtube.com/watch?v=hR1isK3TFv4
🕴🏽 @Phantasm_Lab
YouTube
Web Cache Deception Attack
Web Cache Deception Attack how to attack application load balancer to get sensitive information from the application. the attack was demonstrated in bsides c...
Web Cache Deception Attack - BlackHat
https://www.youtube.com/watch?v=mroq9eHFOIU
🕴🏽 @Phantasm_Lab
Web Cache Deception attack is a new web attack vector that puts various technologies and frameworks at risk. By manipulating behaviors of web servers and caching mechanisms, anonymous attackers can expose sensitive information of authenticated application users, and in certain cases to even take control over their accounts.https://www.youtube.com/watch?v=mroq9eHFOIU
🕴🏽 @Phantasm_Lab
YouTube
Web Cache Deception Attack
Web Cache Deception attack is a new web attack vector that puts various technologies and frameworks at risk. By manipulating behaviors of web servers and caching mechanisms, anonymous attackers can expose sensitive information of authenticated application…
Cracking the Lens: Targeting HTTP's Hidden Attack-Surface
https://www.youtube.com/watch?v=zP4b3pw94s0
🕴🏽 @Phantasm_Lab
Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been largely overlooked for years.https://www.youtube.com/watch?v=zP4b3pw94s0
🕴🏽 @Phantasm_Lab
YouTube
Cracking the Lens: Targeting HTTP's Hidden Attack-Surface
Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been largely overlooked for years.
By James Kettle
Full Abstract…
By James Kettle
Full Abstract…
Java Server Faces
https://www.owasp.org/index.php/Java_Server_Faces
🕴🏽 @Phantasm_Lab
JavaServer Faces (JSF) is a Java-based Web application framework that implements the Model-View-Controller pattern and simplifies the development of web interfaces for Java EE applications. https://www.owasp.org/index.php/Java_Server_Faces
🕴🏽 @Phantasm_Lab
🃏 łαbørαŧøriø Ŧαηŧαsмα
- Redx Blue Security
- Open Source & Free Software
- Exploitable tools
- Free Lancer Developers
- CTF
t.me/Phantasm_Lab
- Redx Blue Security
- Open Source & Free Software
- Exploitable tools
- Free Lancer Developers
- CTF
t.me/Phantasm_Lab
Telegram
@Phantasm_Lab
- Red x Blue Security
- Bug Bounty 💷 💵
- Exploitable tools
- Programming Languages
- Malware Analysis
🇺🇸 🇧🇷 🇪🇸
since 2017 ©
Parceiros:
@TIdaDepressaoOficial @acervoprivado @ReneGadesx @G4t3w4y
- Bug Bounty 💷 💵
- Exploitable tools
- Programming Languages
- Malware Analysis
🇺🇸 🇧🇷 🇪🇸
since 2017 ©
Parceiros:
@TIdaDepressaoOficial @acervoprivado @ReneGadesx @G4t3w4y
What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.
https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
🕴🏽 @Phantasm_Lab
The most underrated, underhyped vulnerability of 2015 has recently come to my attention, and I’m about to bring it to yours. No one gave it a fancy name, there were no press releases, nobody called Mandiant to come put out the fires. In fact, even though proof of concept code was released OVER 9 MONTHS AGO, none of the products mentioned in the noscript of this post have been patched, along with many more. In fact no patch is available for the Java library containing the vulnerability. In addition to any commercial products that are vulnerable, this also affects many custom applications.https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
🕴🏽 @Phantasm_Lab
Foxglovesecurity
What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.
By @breenmachine What? The most underrated, underhyped vulnerability of 2015 has recently come to my attention, and I’m about to bring it to yours. No one gave it a fancy name, there were no …
Bypassing Same Origin Policy (SOP)
https://resources.infosecinstitute.com/bypassing-same-origin-policy-sop/#gref
🕴🏽 @Phantasm_Lab
The same origin policy is an important concept in the web application information security domain. In this policy, a web browser allows noscripts contained in a first web page ‘A’ to access data/resources in a second web page ‘B’, however, only if both web pages have the same origin.An origin is defined as a combination of URI scheme, hostname, and port number. This policy prevents a malicious noscript on one page from obtaining access to sensitive data on another web page through that page’s DOM (document object model).https://resources.infosecinstitute.com/bypassing-same-origin-policy-sop/#gref
🕴🏽 @Phantasm_Lab