GraphQL IDOR leads to information disclosure
https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d
🦠 @Phantasm_Lab
https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d
🦠 @Phantasm_Lab
Medium
GraphQL IDOR leads to information disclosure
Hello World!, I’m Eshan Singh aka R0X4R. I’m here to share my recent findings on GraphQL IDOR (Insecure Direct Object Reference), which…
Forwarded from Programmer Humor
Empresa brasileira cria plataforma para treinar e contratar hackers de forma remota
https://www.tudocelular.com/seguranca/noticias/n150633/empresa-brasileira-plataforma-treinamento-hacker.html
🧬 @Phantasm_Lab
https://www.tudocelular.com/seguranca/noticias/n150633/empresa-brasileira-plataforma-treinamento-hacker.html
🧬 @Phantasm_Lab
Tudocelular.com
Empresa brasileira cria plataforma para treinar e contratar hackers de forma remota
Ideia é capacitar pessoas para trabalharem com segurança digital.
7 Online Port Scanners to Find Opened Ports on Server, IP
https://geekflare.com/port-scanner-server/
🧬 @Phantasm_Lab
Here are online FREE tools, which will help you to find out what all ports are opened so you can review and block them if not needed.https://geekflare.com/port-scanner-server/
🧬 @Phantasm_Lab
Geekflare
6 Online Port Scanners to Find Opened Ports on Server and IP
If you are hosting your web applications on managed or shared server, then you don’t have to worry about it. However, for VPS or dedicated, you must
Abusing ImageMagick to obtain RCE
https://strynx.org/imagemagick-rce/
🦠 @Phantasm_Lab
Remote Code Execution because of an image source? Is it Possible? Yes! Definitely. Here in this blog post, a Strynx team member found a variation of Remote Code Execution AKA RCE through ImageMagick which earned him a generous bounty of $5000. Amazingly, some tweaks inside the image source exfiltrated the data over DNS (also called side-channel attacks). Let’s see how was it done after a short introduction to ImageMagick.https://strynx.org/imagemagick-rce/
🦠 @Phantasm_Lab
How we hacked one of the worlds largest Cryptocurrency Website
https://strynx.org/insecure-crypto-code-execution/
🦠 @Phantasm_Lab
One of the world’s largest cryptocurrency site was hacked by the Strynx team to find a flaw exposing multiple vulnerabilities that could to lead loss of millions of dollars. One of the team members shared his point of view on how we discovered such a critical issue involving data of millions of users.https://strynx.org/insecure-crypto-code-execution/
🦠 @Phantasm_Lab
Por dentro do CDCiber, o Centro de Defesa Cibernética do Exército Brasileiro
https://medium.com/brasil/por-dentro-do-cdciber-o-centro-de-defesa-cibernetica-do-exercito-brasileiro-40ce637d119
🦠 @Phantasm_Lab
https://medium.com/brasil/por-dentro-do-cdciber-o-centro-de-defesa-cibernetica-do-exercito-brasileiro-40ce637d119
🦠 @Phantasm_Lab
Medium
Por dentro do CDCiber, o Centro de Defesa Cibernética do Exército Brasileiro
Chefe do Centro de Defesa Cibernética explica o funcionamento da estrutura que previne golpes digitais.
Forwarded from @Phantasm_Lab
The Hacker Playbook 2 - Practical Guide To Penetration Testing
https://drive.google.com/open?id=0B-OpLAp8EyTfV0JpS1MtX015aEU
🕴 @Phantasm_Lab
| PDF/EPUB/MOBI | 23/18/53 MB |https://drive.google.com/open?id=0B-OpLAp8EyTfV0JpS1MtX015aEU
🕴 @Phantasm_Lab
Forwarded from @Phantasm_Lab
The Hacker PlayBook 3 - Pratical Guide To Penetration Testing
🕴🏽 @Phantasm_Lab
This is the third iteration of The Hacker Playbook (THP) series. Below is an overview of all the new vulnerabilities and attacks that will be discussed. In addition to the new content, some attacks and techniques from the prior books (which are still relevant today) are included to eliminate the need to refer back to the prior books. So, what's new? Some of the updated topics from the past couple of years include:- Abusing Active Directory- Abusing Kerberos- Advanced Web Attacks- Better Ways to Move Laterally- Cloud Vulnerabilities- Faster/Smarter Password Cracking- Living Off the Land- Lateral Movement Attacks- Multiple Custom Labs- Newer Web Language Vulnerabilities- Physical Attacks- Privilege Escalation- PowerShell Attacks- Ransomware Attacks- Red Team vs Penetration Testing- Setting Up Your Red Team Infrastructure- Usable Red Team Metrics- Writing Malware and Evading AV- And so much more🕴🏽 @Phantasm_Lab