NEW BOT Телеграм, страница

2017 OWASP Top 10: Broken Access Control

New 2021 OWASP Lightboard Series:
https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ

Video 5/10 on the 2017 OWASP Top Ten Security Risks.

John Wagnon discusses the details of the #5 vulnerability listed in this year's OWASP Top 10 Security…

1.4K viewsAg3nt-dpr, 20:16

https://www.udemy.com/javanoscriptcourse/?couponCode=JAVASFREE4U

847 viewsS4fh1R, 23:42

https://www.udemy.com/the-complete-offensive-hacking-course-real-ethical-hacking/?couponCode=PROFICIENTSCHOOL

Online Courses - Anytime, Anywhere | Udemy

Udemy is the world's largest destination for online courses. Discover an online course on Udemy.com and start learning a new skill today.

902 viewsS4fh1R, 09:00

Forwarded from @Phantasm_Lab

49 viewsAg3nt-dpr, 05:01

Joomla! Component Joomanager 2.0.0 com_Joomanager Arbitrary File Download - CXSecurity.com

Forwarded from @Phantasm_Lab

Joomla Joomanager 2.0.0 Joomanager Arbitrary File Download Exploit

0day: AFD Risk: Security Risk High
0day-ID: 29950 ExploitDB-id: 44252
0day db-id: 16348 CXSecurity-id: WLB-2018030054

https://0day.today/exploit/29950
https://www.exploit-db.com/exploits/44252
https://cxsecurity.com/issue/WLB-2018030054
https://www.exploitalert.com/view-details.html?id=29114
https://www.phpsecure.info/go/162082.html
https://hackertor.com/2017/08/31/joomla-component-joomanager-2-0-0-arbitrary-file-download/
https://buzzreddit.com/post/82glkb
https://www.exploit-database.net/?id=96963
http://reader.centrodouniverso.com.br/archives/544371
https://github.com/Luth1er/COM_JOOMANAGER-ARBITRARY-FILE-DOWNLOAD

🕴🏽 @Phantasm_Lab

Cxsecurity

Luth1er has realised a new security note Joomla! Component Joomanager 2.0.0 com_Joomanager Arbitrary File Download

50 viewsAg3nt-dpr, 05:01

Bug Bounty Hunter Methodology

@Phantasm_Lab

5.9K viewsAg3nt-dpr, 00:18

Remote Code Execution - From Recon to Root!

Remote Code Execution - From Recon to Root!

Greetings everyone! This is Shawar Khan and today i'm going to share one of my recent findings. I'll show you how proper recon can lead to code execution. Recon and information gathering is an important part of penetration testing as knowing your target gives you more areas to attack.

https://www.shawarkhan.com/2017/10/remote-code-execution-from-recon-to-root.html

🕴🏽 @Phantasm_Lab

Shawarkhan

Greetings everyone! This is Shawar Khan and today i'm going to share one of my recent findings. I'll show you how proper recon can lead to c...

1.16K viewsAg3nt-dpr, 00:20

Web Cache Deception Attack

Web Cache Deception Attack how to attack application load balancer to get sensitive information from the application. the attack was demonstrated in bsides conference.

https://www.youtube.com/watch?v=hR1isK3TFv4

🕴🏽 @Phantasm_Lab

Web Cache Deception Attack

Web Cache Deception Attack how to attack application load balancer to get sensitive information from the application. the attack was demonstrated in bsides c...

851 viewsAg3nt-dpr, 01:54

Web Cache Deception Attack - BlackHat

Web Cache Deception attack is a new web attack vector that puts various technologies and frameworks at risk. By manipulating behaviors of web servers and caching mechanisms, anonymous attackers can expose sensitive information of authenticated application users, and in certain cases to even take control over their accounts.

https://www.youtube.com/watch?v=mroq9eHFOIU

🕴🏽 @Phantasm_Lab

Web Cache Deception Attack

Web Cache Deception attack is a new web attack vector that puts various technologies and frameworks at risk. By manipulating behaviors of web servers and caching mechanisms, anonymous attackers can expose sensitive information of authenticated application…

1.35K viewsAg3nt-dpr, 01:54

Cracking the Lens: Targeting HTTP's Hidden Attack-Surface

Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been largely overlooked for years.

https://www.youtube.com/watch?v=zP4b3pw94s0

🕴🏽 @Phantasm_Lab

Cracking the Lens: Targeting HTTP's Hidden Attack-Surface

Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been largely overlooked for years.

By James Kettle

Full Abstract…

1.43K viewsAg3nt-dpr, 02:01

Java Server Faces

JavaServer Faces (JSF) is a Java-based Web application framework that implements the Model-View-Controller pattern and simplifies the development of web interfaces for Java EE applications.

https://www.owasp.org/index.php/Java_Server_Faces

🕴🏽 @Phantasm_Lab

872 viewsAg3nt-dpr, 05:20

https://www.udemy.com/ipv6-subneteo-ita/?couponCode=ITA-IPV6FREE

IPv6 - Subneteo en 1 hora

Un curso de 1 hora en donde aprenderás todo lo necesario para poder entender IPv6 y sus características

949 viewsS4fh1R, 06:13

🃏 łαbørαŧøriø Ŧαηŧαsмα

- Redx Blue Security
- Open Source & Free Software
- Exploitable tools
- Free Lancer Developers
- CTF

t.me/Phantasm_Lab

- Red x Blue Security
- Bug Bounty 💷 💵
- Exploitable tools
- Programming Languages
- Malware Analysis

🇺🇸 🇧🇷 🇪🇸

since 2017 ©

Parceiros:
@TIdaDepressaoOficial @acervoprivado @ReneGadesx @G4t3w4y

3.26K viewsAg3nt-dpr, 21:18

https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

🕴🏽 @Phantasm_Lab

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.

The most underrated, underhyped vulnerability of 2015 has recently come to my attention, and I’m about to bring it to yours. No one gave it a fancy name, there were no press releases, nobody called Mandiant to come put out the fires. In fact, even though proof of concept code was released OVER 9 MONTHS AGO, none of the products mentioned in the noscript of this post have been patched, along with many more. In fact no patch is available for the Java library containing the vulnerability. In addition to any commercial products that are vulnerable, this also affects many custom applications.

Foxglovesecurity

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.

By @breenmachine What? The most underrated, underhyped vulnerability of 2015 has recently come to my attention, and I’m about to bring it to yours. No one gave it a fancy name, there were no …

1.8K viewsAg3nt-dpr, 09:59

https://www.udemy.com/el-curso-completo-de-github-para-desarrolladores/?couponCode=DOMINA-GITHUB-HOY

Fundamentos de GitHub: Aprendizaje Aplicado a Proyectos

Aprende a trabajar con GitHub paso a paso desde cero con proyectos prácticos y reales.

1.03K viewsS4fh1R, 22:00

Bypassing Same Origin Policy (SOP)

The same origin policy is an important concept in the web application information security domain. In this policy, a web browser allows noscripts contained in a first web page ‘A’ to access data/resources in a second web page ‘B’, however, only if both web pages have the same origin.

An origin is defined as a combination of URI scheme, hostname, and port number. This policy prevents a malicious noscript on one page from obtaining access to sensitive data on another web page through that page’s DOM (document object model).

https://resources.infosecinstitute.com/bypassing-same-origin-policy-sop/#gref

🕴🏽 @Phantasm_Lab

2.42K viewsAg3nt-dpr, 08:51

https://www.udemy.com/how-to-hack-websites/?couponCode=YOLOYOLO

1.35K viewsS4fh1R, 18:09

https://www.udemy.com/docker-con-linux/?couponCode=DOCKERFREE

Curso Básico de Docker con Linux

Comienza a trabajar con el sistema de virtualización que esta cambiando la manera de ver los sistemas en el mundo

1.42K viewsS4fh1R, 19:21