Forwarded from @Phantasm_Lab ([L]uth1er)
THE HACKER PLAYBOOK.pdf
26.1 MB
Forwarded from @Phantasm_Lab
The Hacker Playbook 2 - Practical Guide To Penetration Testing
https://drive.google.com/open?id=0B-OpLAp8EyTfV0JpS1MtX015aEU
🕴 @Phantasm_Lab
| PDF/EPUB/MOBI | 23/18/53 MB |https://drive.google.com/open?id=0B-OpLAp8EyTfV0JpS1MtX015aEU
🕴 @Phantasm_Lab
Forwarded from @Phantasm_Lab
The Hacker PlayBook 3 - Pratical Guide To Penetration Testing
🕴🏽 @Phantasm_Lab
This is the third iteration of The Hacker Playbook (THP) series. Below is an overview of all the new vulnerabilities and attacks that will be discussed. In addition to the new content, some attacks and techniques from the prior books (which are still relevant today) are included to eliminate the need to refer back to the prior books. So, what's new? Some of the updated topics from the past couple of years include:- Abusing Active Directory- Abusing Kerberos- Advanced Web Attacks- Better Ways to Move Laterally- Cloud Vulnerabilities- Faster/Smarter Password Cracking- Living Off the Land- Lateral Movement Attacks- Multiple Custom Labs- Newer Web Language Vulnerabilities- Physical Attacks- Privilege Escalation- PowerShell Attacks- Ransomware Attacks- Red Team vs Penetration Testing- Setting Up Your Red Team Infrastructure- Usable Red Team Metrics- Writing Malware and Evading AV- And so much more🕴🏽 @Phantasm_Lab
Forwarded from @Phantasm_Lab
YouTube
What's up Hong Kong?
During our last visit to Hong Kong, not only did we take a lot of awesome pictures, but we also made a video that was shot a few hours before our flight to Tokyo. The venue is the very heart of Hong Kong, a skyscraper with a huge billboard.
It was a real…
It was a real…
Forwarded from ExploitHub
Content Security Policy (CSP) Bypasses http://ghostlulz.com/content-security-policy-csp-bypasses/
Forwarded from ExploitHub
Exploiting Imported Libraries to Bypass Cloudflare WAF
https://medium.com/bugbountywriteup/exploiting-imported-libraries-to-bypass-cloudflare-waf-7aed99186c5a
https://medium.com/bugbountywriteup/exploiting-imported-libraries-to-bypass-cloudflare-waf-7aed99186c5a
Medium
Exploiting Imported Libraries to Bypass WAF
Turning a P5 Content Injection into P3 Reflected XSS
Forwarded from ExploitHub
■■■□□ Arbitrary code execution on Facebook for Android.
https://medium.com/@dPhoeniixx/arbitrary-code-execution-on-facebook-for-android-through-download-feature-fb6826e33e0f
https://medium.com/@dPhoeniixx/arbitrary-code-execution-on-facebook-for-android-through-download-feature-fb6826e33e0f
Source: Twitter | Sayed AbdelhafizMedium
Arbitrary code execution on Facebook for Android through download feature
TL;DR
Forwarded from ExploitHub
Hacking HTTP CORS from inside out: a theory to practice approach
https://medium.com/bugbountywriteup/hacking-http-cors-from-inside-out-512cb125c528
https://medium.com/bugbountywriteup/hacking-http-cors-from-inside-out-512cb125c528
Medium
Hacking HTTP CORS from inside out
A theory to practice approach
Forwarded from ExploitHub
"RCE via LFI Log Poisoning - The Death Potion" https://shahjerry33.medium.com/rce-via-lfi-log-poisoning-the-death-potion-c0831cebc16d
Medium
RCE via LFI Log Poisoning - The Death Potion
Hello everyone, I would like to share one of my recent findings on a Vulnerability Disclosure Program. It is related to how I escalated to…