Remote Code Execution - From Recon to Root!
https://www.shawarkhan.com/2017/10/remote-code-execution-from-recon-to-root.html
🕴🏽 @Phantasm_Lab
Greetings everyone! This is Shawar Khan and today i'm going to share one of my recent findings. I'll show you how proper recon can lead to code execution. Recon and information gathering is an important part of penetration testing as knowing your target gives you more areas to attack.https://www.shawarkhan.com/2017/10/remote-code-execution-from-recon-to-root.html
🕴🏽 @Phantasm_Lab
Shawarkhan
Remote Code Execution - From Recon to Root!
Greetings everyone! This is Shawar Khan and today i'm going to share one of my recent findings. I'll show you how proper recon can lead to c...
Web Cache Deception Attack
https://www.youtube.com/watch?v=hR1isK3TFv4
🕴🏽 @Phantasm_Lab
Web Cache Deception Attack how to attack application load balancer to get sensitive information from the application. the attack was demonstrated in bsides conference.https://www.youtube.com/watch?v=hR1isK3TFv4
🕴🏽 @Phantasm_Lab
YouTube
Web Cache Deception Attack
Web Cache Deception Attack how to attack application load balancer to get sensitive information from the application. the attack was demonstrated in bsides c...
Web Cache Deception Attack - BlackHat
https://www.youtube.com/watch?v=mroq9eHFOIU
🕴🏽 @Phantasm_Lab
Web Cache Deception attack is a new web attack vector that puts various technologies and frameworks at risk. By manipulating behaviors of web servers and caching mechanisms, anonymous attackers can expose sensitive information of authenticated application users, and in certain cases to even take control over their accounts.https://www.youtube.com/watch?v=mroq9eHFOIU
🕴🏽 @Phantasm_Lab
YouTube
Web Cache Deception Attack
Web Cache Deception attack is a new web attack vector that puts various technologies and frameworks at risk. By manipulating behaviors of web servers and caching mechanisms, anonymous attackers can expose sensitive information of authenticated application…
Cracking the Lens: Targeting HTTP's Hidden Attack-Surface
https://www.youtube.com/watch?v=zP4b3pw94s0
🕴🏽 @Phantasm_Lab
Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been largely overlooked for years.https://www.youtube.com/watch?v=zP4b3pw94s0
🕴🏽 @Phantasm_Lab
YouTube
Cracking the Lens: Targeting HTTP's Hidden Attack-Surface
Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been largely overlooked for years.
By James Kettle
Full Abstract…
By James Kettle
Full Abstract…
Java Server Faces
https://www.owasp.org/index.php/Java_Server_Faces
🕴🏽 @Phantasm_Lab
JavaServer Faces (JSF) is a Java-based Web application framework that implements the Model-View-Controller pattern and simplifies the development of web interfaces for Java EE applications. https://www.owasp.org/index.php/Java_Server_Faces
🕴🏽 @Phantasm_Lab
🃏 łαbørαŧøriø Ŧαηŧαsмα
- Redx Blue Security
- Open Source & Free Software
- Exploitable tools
- Free Lancer Developers
- CTF
t.me/Phantasm_Lab
- Redx Blue Security
- Open Source & Free Software
- Exploitable tools
- Free Lancer Developers
- CTF
t.me/Phantasm_Lab
Telegram
@Phantasm_Lab
- Red x Blue Security
- Bug Bounty 💷 💵
- Exploitable tools
- Programming Languages
- Malware Analysis
🇺🇸 🇧🇷 🇪🇸
since 2017 ©
Parceiros:
@TIdaDepressaoOficial @acervoprivado @ReneGadesx @G4t3w4y
- Bug Bounty 💷 💵
- Exploitable tools
- Programming Languages
- Malware Analysis
🇺🇸 🇧🇷 🇪🇸
since 2017 ©
Parceiros:
@TIdaDepressaoOficial @acervoprivado @ReneGadesx @G4t3w4y
What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.
https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
🕴🏽 @Phantasm_Lab
The most underrated, underhyped vulnerability of 2015 has recently come to my attention, and I’m about to bring it to yours. No one gave it a fancy name, there were no press releases, nobody called Mandiant to come put out the fires. In fact, even though proof of concept code was released OVER 9 MONTHS AGO, none of the products mentioned in the noscript of this post have been patched, along with many more. In fact no patch is available for the Java library containing the vulnerability. In addition to any commercial products that are vulnerable, this also affects many custom applications.https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
🕴🏽 @Phantasm_Lab
Foxglovesecurity
What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.
By @breenmachine What? The most underrated, underhyped vulnerability of 2015 has recently come to my attention, and I’m about to bring it to yours. No one gave it a fancy name, there were no …
Bypassing Same Origin Policy (SOP)
https://resources.infosecinstitute.com/bypassing-same-origin-policy-sop/#gref
🕴🏽 @Phantasm_Lab
The same origin policy is an important concept in the web application information security domain. In this policy, a web browser allows noscripts contained in a first web page ‘A’ to access data/resources in a second web page ‘B’, however, only if both web pages have the same origin.An origin is defined as a combination of URI scheme, hostname, and port number. This policy prevents a malicious noscript on one page from obtaining access to sensitive data on another web page through that page’s DOM (document object model).https://resources.infosecinstitute.com/bypassing-same-origin-policy-sop/#gref
🕴🏽 @Phantasm_Lab
Forwarded from @Phantasm_Lab (Ag3nt-dpr)
#Perl #Course #Essentials
1 - https://youtu.be/ZFmdCnBUFy8
2 - https://youtu.be/g44D5ivndQU
3 - https://youtu.be/gcRTFjk8vdo
🕴 @Phantasm_Lab
Perl For Hacking and Pentest1 - https://youtu.be/ZFmdCnBUFy8
2 - https://youtu.be/g44D5ivndQU
3 - https://youtu.be/gcRTFjk8vdo
🕴 @Phantasm_Lab