3 Steps to Implement Simple CSRF Token in PHP
https://code-boxx.com/simple-csrf-token-php/
🦠 @Phantasm_Lab
Welcome to a step-by-step tutorial on how to implement simple CSRF token in PHP. In this tutorial, we will walk through an example of what cross-site request forgery is, and how we can prevent that with a simple trick – In just 3 steps. Read on to find out!https://code-boxx.com/simple-csrf-token-php/
🦠 @Phantasm_Lab
Code-Boxx
CSRF Token in PHP (Very Simple Example)
This tutorial will walk through what CSRF is, and how to implement protection in PHP using a token. Free example code download included.
GraphQL IDOR leads to information disclosure
https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d
🦠 @Phantasm_Lab
https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d
🦠 @Phantasm_Lab
Medium
GraphQL IDOR leads to information disclosure
Hello World!, I’m Eshan Singh aka R0X4R. I’m here to share my recent findings on GraphQL IDOR (Insecure Direct Object Reference), which…
Forwarded from Programmer Humor
Empresa brasileira cria plataforma para treinar e contratar hackers de forma remota
https://www.tudocelular.com/seguranca/noticias/n150633/empresa-brasileira-plataforma-treinamento-hacker.html
🧬 @Phantasm_Lab
https://www.tudocelular.com/seguranca/noticias/n150633/empresa-brasileira-plataforma-treinamento-hacker.html
🧬 @Phantasm_Lab
Tudocelular.com
Empresa brasileira cria plataforma para treinar e contratar hackers de forma remota
Ideia é capacitar pessoas para trabalharem com segurança digital.
7 Online Port Scanners to Find Opened Ports on Server, IP
https://geekflare.com/port-scanner-server/
🧬 @Phantasm_Lab
Here are online FREE tools, which will help you to find out what all ports are opened so you can review and block them if not needed.https://geekflare.com/port-scanner-server/
🧬 @Phantasm_Lab
Geekflare
6 Online Port Scanners to Find Opened Ports on Server and IP
If you are hosting your web applications on managed or shared server, then you don’t have to worry about it. However, for VPS or dedicated, you must
Abusing ImageMagick to obtain RCE
https://strynx.org/imagemagick-rce/
🦠 @Phantasm_Lab
Remote Code Execution because of an image source? Is it Possible? Yes! Definitely. Here in this blog post, a Strynx team member found a variation of Remote Code Execution AKA RCE through ImageMagick which earned him a generous bounty of $5000. Amazingly, some tweaks inside the image source exfiltrated the data over DNS (also called side-channel attacks). Let’s see how was it done after a short introduction to ImageMagick.https://strynx.org/imagemagick-rce/
🦠 @Phantasm_Lab
How we hacked one of the worlds largest Cryptocurrency Website
https://strynx.org/insecure-crypto-code-execution/
🦠 @Phantasm_Lab
One of the world’s largest cryptocurrency site was hacked by the Strynx team to find a flaw exposing multiple vulnerabilities that could to lead loss of millions of dollars. One of the team members shared his point of view on how we discovered such a critical issue involving data of millions of users.https://strynx.org/insecure-crypto-code-execution/
🦠 @Phantasm_Lab
Por dentro do CDCiber, o Centro de Defesa Cibernética do Exército Brasileiro
https://medium.com/brasil/por-dentro-do-cdciber-o-centro-de-defesa-cibernetica-do-exercito-brasileiro-40ce637d119
🦠 @Phantasm_Lab
https://medium.com/brasil/por-dentro-do-cdciber-o-centro-de-defesa-cibernetica-do-exercito-brasileiro-40ce637d119
🦠 @Phantasm_Lab
Medium
Por dentro do CDCiber, o Centro de Defesa Cibernética do Exército Brasileiro
Chefe do Centro de Defesa Cibernética explica o funcionamento da estrutura que previne golpes digitais.
Forwarded from @Phantasm_Lab
The Hacker Playbook 2 - Practical Guide To Penetration Testing
https://drive.google.com/open?id=0B-OpLAp8EyTfV0JpS1MtX015aEU
🕴 @Phantasm_Lab
| PDF/EPUB/MOBI | 23/18/53 MB |https://drive.google.com/open?id=0B-OpLAp8EyTfV0JpS1MtX015aEU
🕴 @Phantasm_Lab