Forwarded from SHELL SHOCK
Curso online gratuito de pruebas de penetración (avanzado) | WeLiveSecurity
https://www.welivesecurity.com/la-es/2019/04/10/curso-online-gratuito-pruebas-penetracion-avanzado/
https://www.welivesecurity.com/la-es/2019/04/10/curso-online-gratuito-pruebas-penetracion-avanzado/
WeLiveSecurity
Curso online de pruebas de penetración (avanzado)
Compartimos un curso online de pentesting dirigido a usuarios con un nivel avanzado
Hands on with WebLogic Serialization Vulnerability
https://zonksec.com/blog/hands-on-with-weblogic-serialization-vulnerability/
https://zonksec.com/blog/hands-on-with-weblogic-serialization-vulnerability/
ZonkSec
ZonkSec - Hands on with WebLogic Serialization Vulnerability
After reading up on the recent Java serialization exploits, I had to start playing with it! I decided to jump into the WebLogic exploit and update the exploit code a bit!
Discovering GraphQL endpoints and SQLi vulnerabilities
https://medium.com/@localh0t/discovering-graphql-endpoints-and-sqli-vulnerabilities-5d39f26cea2e
https://medium.com/@localh0t/discovering-graphql-endpoints-and-sqli-vulnerabilities-5d39f26cea2e
Medium
Discovering GraphQL endpoints and SQLi vulnerabilities
Introduction
Forwarded from Phantasm_Lab - Group
ABIN | The island of Security
🃏 OFF Topic Division.
https://news.1rj.ru/str/joinchat/Dl9N3EKESA1gWZMxTEM-xA
🃏 OFF Topic Division.
https://news.1rj.ru/str/joinchat/Dl9N3EKESA1gWZMxTEM-xA
Forwarded from Phantasm_Lab - Group
Coder X Coder
🏴 The Division: Divisão criada para agregar projetos OpenSource de desenvolvedores nacionais, Divisão especial para discurssões sobre Programação.. Divulgações de vagas relacionadas há TI e Desenvolvimento Free Lancer!
🕴 [ Desktop : Web ] 🕴
https://news.1rj.ru/str/joinchat/Dl9N3ELSSvYheBd-xynS_w
🏴 The Division: Divisão criada para agregar projetos OpenSource de desenvolvedores nacionais, Divisão especial para discurssões sobre Programação.. Divulgações de vagas relacionadas há TI e Desenvolvimento Free Lancer!
🕴 [ Desktop : Web ] 🕴
https://news.1rj.ru/str/joinchat/Dl9N3ELSSvYheBd-xynS_w
Telegram
🏴 Coder X Coder | #PL
🏴 Division: Divisão criada para agregar projetos OpenSource de desenvolvedores nacionais, Divisão especial para discurssões sobre Programação.. Divulgações de vagas relacionadas há TI e Desenvolvimento Free Lancer!
🕴 [ Desktop : Web : Mobile ] 🕴
🕴 [ Desktop : Web : Mobile ] 🕴
3 Ways to Exploit Misconfigured Cross-Origin Resource Sharing (CORS)
https://www.we45.com/blog/3-ways-to-exploit-misconfigured-cross-origin-resource-sharing-cors
https://www.we45.com/blog/3-ways-to-exploit-misconfigured-cross-origin-resource-sharing-cors
Forwarded from DARKNET BR
This media is not supported in your browser
VIEW IN TELEGRAM
🎬 #Video
~ Israel impede ciberataque e explode prédio com hackers
https://www.tecmundo.com.br/seguranca/140964-israel-impede-ciberataque-explodindo-predio-hackers.htm
~ Israel impede ciberataque e explode prédio com hackers
https://www.tecmundo.com.br/seguranca/140964-israel-impede-ciberataque-explodindo-predio-hackers.htm
Forwarded from Hunter X Hunter
Advanced Penetration Testing - Hacking the World's Most Secure Networks | PDF/EPUB | 6/6 MB | https://drive.google.com/open?id=0B-OpLAp8EyTfMy05SjhEaWpGODQ
Practical JSONP Injection
JSONP injection is a lesser known but quite widespread and dangerous vulnerability and it surfaced in the last years due to the high rate of adoption of JSON, web APIs and the urging need for cross-domain communications.
https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
🕴🏽 @Phantasm_Lab
JSONP injection is a lesser known but quite widespread and dangerous vulnerability and it surfaced in the last years due to the high rate of adoption of JSON, web APIs and the urging need for cross-domain communications.
https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
🕴🏽 @Phantasm_Lab
Security Café
Practical JSONP Injection
JSONP injection is a lesser known but quite widespread and dangerous vulnerability and it surfaced in the last years due to the high rate of adoption of JSON, web APIs and the urging need for cross…
Tricking blind Java deserialization for a treat
https://securitycafe.ro/2017/11/03/tricking-java-serialization-for-a-treat/#more-1839
🕴🏽 @Phantasm_Lab
During a black-box penetration test we encountered a Java web application which presented us with a login screen. Even though we managed to bypass the authentication mechanism, there was not much we could do. The attack surface was still pretty small, there were only a few things we could tamper with.https://securitycafe.ro/2017/11/03/tricking-java-serialization-for-a-treat/#more-1839
🕴🏽 @Phantasm_Lab
Security Café
Tricking blind Java deserialization for a treat
During a black-box penetration test we encountered a Java web application which presented us with a login screen. Even though we managed to bypass the authentication mechanism, there was not much w…
Insufficient sanitizing can lead to arbitrary commands execution
https://hackerone.com/reports/494979
🕴🏽 @Phantasm_Lab
Notepad++ is vulnerable to a command injection attack. Let's look at this command execution for example in NppCommand.cpphttps://hackerone.com/reports/494979
🕴🏽 @Phantasm_Lab
HackerOne
Notepad++ disclosed on HackerOne: Insufficient sanitizing can lead...
##Information:
**Summary:**
Notepad++ is vulnerable to a command injection attack.
**Debug Info:**
Notepad++ v7.6.3 (32-bit)
Build time : Jan 27 2019 - 17:20:30
Path : C:\Program Files...
**Summary:**
Notepad++ is vulnerable to a command injection attack.
**Debug Info:**
Notepad++ v7.6.3 (32-bit)
Build time : Jan 27 2019 - 17:20:30
Path : C:\Program Files...
H2HC - Hackers to Hackers Conference
Site: www.h2hc.com.br
Twitter: @h2hconference
Grupo do Telegram: https://news.1rj.ru/str/h2hconference
Foi Anunciado os keynotes desse ano galera... chequem o site Site: www.h2hc.com.br
Twitter: @h2hconference
Grupo do Telegram: https://news.1rj.ru/str/h2hconference