GraphQL é uma query language criada pelo Facebook, seu objetivo é melhorar a forma como aplicações consomem recursos, em especial aplicações de frontend.

GraphQL possui implementações em diversas linguagens de programação como PHP, JavaScript, Java, GO, Elixir, Ruby...
É comum relacionar o GraphQL com algo para "consumir o banco de dados" porém é uma visão equivocada.
Não há relação direta entre o GraphQL e o banco.

Características como auto documentação e auto validação baseada em seu sistema de tipos, fizeram o GraphQL uma das tecnologias mais adotadas nos últimos anos.

Participe do grupo do telegram dedicado ao GraphQL, tire dúvidas e troque ideia, todos são bem vindos.

GraphQL Brasil
https://news.1rj.ru/str/GraphQLBrasil

[Meme] The perfect programmer
https://redd.it/e6p8aq

by @programmer_humor

Credit Card Scammers on the Dark Web

https://youtu.be/jT-jmq8KBw0

🧪 @Phantasm_Lab

Falha em sistema da Huawei paralisa atividades de tribunal por uma semana – https://tecnoblog.net/317852/falha-sistema-huawei-paralisa-atividades-tribunal/

MobSF/Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework

https://github.com/MobSF/Mobile-Security-Framework-MobSF

🦠 @Phantasm_Lab

Zero-day vulnerability in Bash - Suidbash Google CTF Finals 2019 (pwn)

An actual 0-day in /bin/bash due to a bug in the privilege dropping feature. It was discovered by Ian Pudney and turned into a CTF challenge for the Google CTF 2019 Finals.

https://www.youtube.com/watch?v=-wGtxJ8opa8

🦠 @Phantasm_Lab

3 Steps to Implement Simple CSRF Token in PHP

Welcome to a step-by-step tutorial on how to implement simple CSRF token in PHP. In this tutorial, we will walk through an example of what cross-site request forgery is, and how we can prevent that with a simple trick – In just 3 steps. Read on to find out!

https://code-boxx.com/simple-csrf-token-php/

🦠 @Phantasm_Lab

GraphQL IDOR leads to information disclosure

https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d

🦠 @Phantasm_Lab

rip threads
https://redd.it/85goq1

by @programmer_humor

Teorias de Mr. Robot - O PODCAST FINAL

https://www.youtube.com/watch?v=pcTIscePUJw

🦠 @Phantasm_Lab

🧬 @Phantasm_Lab

Empresa brasileira cria plataforma para treinar e contratar hackers de forma remota

https://www.tudocelular.com/seguranca/noticias/n150633/empresa-brasileira-plataforma-treinamento-hacker.html

🧬 @Phantasm_Lab

https://www.cyberpunk.rs/wifibroot-wifi-pentest-cracking-tool-wpa-wpa2

🧬 @Phantasm_Lab

7 Online Port Scanners to Find Opened Ports on Server, IP

Here are online FREE tools, which will help you to find out what all ports are opened so you can review and block them if not needed.

https://geekflare.com/port-scanner-server/

🧬 @Phantasm_Lab

Abusing ImageMagick to obtain RCE

Remote Code Execution because of an image source? Is it Possible? Yes! Definitely. Here in this blog post, a Strynx team member found a variation of Remote Code Execution AKA RCE through ImageMagick which earned him a generous bounty of $5000. Amazingly, some tweaks inside the image source exfiltrated the data over DNS (also called side-channel attacks). Let’s see how was it done after a short introduction to ImageMagick.

https://strynx.org/imagemagick-rce/

🦠 @Phantasm_Lab