Forwarded from Programmer Humor
Forwarded from Tecnoblog
Falha em sistema da Huawei paralisa atividades de tribunal por uma semana – https://tecnoblog.net/317852/falha-sistema-huawei-paralisa-atividades-tribunal/
Tecnoblog
Falha em sistema da Huawei paralisa atividades de tribunal por uma semana
Uma falha no software da Huawei fez o Tribunal Regional do Trabalho do Paraná suspender boa parte de suas atividades entre 1º e 8 de dezembro.
MobSF/Mobile-Security-Framework-MobSF
https://github.com/MobSF/Mobile-Security-Framework-MobSF
🦠 @Phantasm_Lab
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment frameworkhttps://github.com/MobSF/Mobile-Security-Framework-MobSF
🦠 @Phantasm_Lab
GitHub
GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application…
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a...
Zero-day vulnerability in Bash - Suidbash Google CTF Finals 2019 (pwn)
https://www.youtube.com/watch?v=-wGtxJ8opa8
🦠 @Phantasm_Lab
An actual 0-day in /bin/bash due to a bug in the privilege dropping feature. It was discovered by Ian Pudney and turned into a CTF challenge for the Google CTF 2019 Finals.https://www.youtube.com/watch?v=-wGtxJ8opa8
🦠 @Phantasm_Lab
YouTube
Zero-day vulnerability in Bash - Suidbash Google CTF Finals 2019 (pwn)
An actual 0-day in /bin/bash due to a bug in the privilege dropping feature. It was discovered by Ian Pudney and turned into a CTF challenge for the Google CTF 2019 Finals.
CVE-2019-18276
-=[ 🔴 Stuff I use ]=-
→ Microphone:* https://geni.us/ntg3b
→ Graphics…
CVE-2019-18276
-=[ 🔴 Stuff I use ]=-
→ Microphone:* https://geni.us/ntg3b
→ Graphics…
3 Steps to Implement Simple CSRF Token in PHP
https://code-boxx.com/simple-csrf-token-php/
🦠 @Phantasm_Lab
Welcome to a step-by-step tutorial on how to implement simple CSRF token in PHP. In this tutorial, we will walk through an example of what cross-site request forgery is, and how we can prevent that with a simple trick – In just 3 steps. Read on to find out!https://code-boxx.com/simple-csrf-token-php/
🦠 @Phantasm_Lab
Code-Boxx
CSRF Token in PHP (Very Simple Example)
This tutorial will walk through what CSRF is, and how to implement protection in PHP using a token. Free example code download included.
GraphQL IDOR leads to information disclosure
https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d
🦠 @Phantasm_Lab
https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d
🦠 @Phantasm_Lab
Medium
GraphQL IDOR leads to information disclosure
Hello World!, I’m Eshan Singh aka R0X4R. I’m here to share my recent findings on GraphQL IDOR (Insecure Direct Object Reference), which…
Forwarded from Programmer Humor
Empresa brasileira cria plataforma para treinar e contratar hackers de forma remota
https://www.tudocelular.com/seguranca/noticias/n150633/empresa-brasileira-plataforma-treinamento-hacker.html
🧬 @Phantasm_Lab
https://www.tudocelular.com/seguranca/noticias/n150633/empresa-brasileira-plataforma-treinamento-hacker.html
🧬 @Phantasm_Lab
Tudocelular.com
Empresa brasileira cria plataforma para treinar e contratar hackers de forma remota
Ideia é capacitar pessoas para trabalharem com segurança digital.
7 Online Port Scanners to Find Opened Ports on Server, IP
https://geekflare.com/port-scanner-server/
🧬 @Phantasm_Lab
Here are online FREE tools, which will help you to find out what all ports are opened so you can review and block them if not needed.https://geekflare.com/port-scanner-server/
🧬 @Phantasm_Lab
Geekflare
6 Online Port Scanners to Find Opened Ports on Server and IP
If you are hosting your web applications on managed or shared server, then you don’t have to worry about it. However, for VPS or dedicated, you must
Abusing ImageMagick to obtain RCE
https://strynx.org/imagemagick-rce/
🦠 @Phantasm_Lab
Remote Code Execution because of an image source? Is it Possible? Yes! Definitely. Here in this blog post, a Strynx team member found a variation of Remote Code Execution AKA RCE through ImageMagick which earned him a generous bounty of $5000. Amazingly, some tweaks inside the image source exfiltrated the data over DNS (also called side-channel attacks). Let’s see how was it done after a short introduction to ImageMagick.https://strynx.org/imagemagick-rce/
🦠 @Phantasm_Lab
How we hacked one of the worlds largest Cryptocurrency Website
https://strynx.org/insecure-crypto-code-execution/
🦠 @Phantasm_Lab
One of the world’s largest cryptocurrency site was hacked by the Strynx team to find a flaw exposing multiple vulnerabilities that could to lead loss of millions of dollars. One of the team members shared his point of view on how we discovered such a critical issue involving data of millions of users.https://strynx.org/insecure-crypto-code-execution/
🦠 @Phantasm_Lab