How to use ffuf - Hacker Toolbox
ffuf is quickly becoming a key tool for bug bounty hunters, but how do you use it? In this video I start at the basics showing some really neat features of ffuf and how you can use some simple one-liners to do rather complex fuzzing!
https://youtu.be/aN3Nayvd7FU
ffuf is quickly becoming a key tool for bug bounty hunters, but how do you use it? In this video I start at the basics showing some really neat features of ffuf and how you can use some simple one-liners to do rather complex fuzzing!
https://youtu.be/aN3Nayvd7FU
YouTube
How to use ffuf - Hacker Toolbox
ffuf is quickly becoming a key tool for bug bounty hunters, but how do you use it? In this video I start at the basics showing some really neat features of ffuf and how you can use some simple one-liners to do rather complex fuzzing!
Did you know this episode…
Did you know this episode…
Who, What, Where, When, Wordlist by @TomNomNom #NahamCon2020
00:25 what is a wordlist ? its a list of words, used for guessing things instead 01:04 WHY are they useful ? 02:21 WHERE, subdomain enumeration 02:41 path guessing, ffuf 02:49 authentication guessing, kind of the oldest use case username and passwords 02:57 API, RPC 03:17 headers 03:35 Pre-baked lists 04:49 what's the problem with those wordlists 06:25 custom wordlist 07:28 manually curated list 08:17 target-specific lists 09:36 Getting path data 12:08 google dorking 12:56 webpaste 15:28 i just show a little bit of the configuration of this webpaste extension 18:55 processing path data, unfurl 20:37 sed, extract all the parts 22:45 Using the list, ffuf is good, burp intruder, meg, concurl 24:50 finding words unique to a target 26:35 tokenizing
https://youtu.be/W4_QCSIujQ4
00:25 what is a wordlist ? its a list of words, used for guessing things instead 01:04 WHY are they useful ? 02:21 WHERE, subdomain enumeration 02:41 path guessing, ffuf 02:49 authentication guessing, kind of the oldest use case username and passwords 02:57 API, RPC 03:17 headers 03:35 Pre-baked lists 04:49 what's the problem with those wordlists 06:25 custom wordlist 07:28 manually curated list 08:17 target-specific lists 09:36 Getting path data 12:08 google dorking 12:56 webpaste 15:28 i just show a little bit of the configuration of this webpaste extension 18:55 processing path data, unfurl 20:37 sed, extract all the parts 22:45 Using the list, ffuf is good, burp intruder, meg, concurl 24:50 finding words unique to a target 26:35 tokenizing
https://youtu.be/W4_QCSIujQ4
YouTube
Who, What, Where, When, Wordlist by @TomNomNom #NahamCon2020
Live Every Tuesday, Saturday and Sunday on Twitch:
https://twitch.tv/nahamsec
Slides:
https://tomnomnom.com/talks/wwwww.pdf
Follow me on social media:
https://twitter.com/nahamsec
https://instagram.com/nahamsec
https://twitch.com/nahamsec
https://hacke…
https://twitch.tv/nahamsec
Slides:
https://tomnomnom.com/talks/wwwww.pdf
Follow me on social media:
https://twitter.com/nahamsec
https://instagram.com/nahamsec
https://twitch.com/nahamsec
https://hacke…
Forwarded from Cyber Threat Intelligence
BleepingComputer
Insurance giant CNA fully restores systems after ransomware attack
Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that hits its network during late March and disrupted online services and business operations.
WordPress File Manager Plugin Exploit | CVE-2020-25213
WordPress File Manager plugin before 6.9 allows an unauthenticated attacker to gain remote code execution by uploading and executing the arbitrary PHP code.
https://youtu.be/x20LJRg2akQ
WordPress File Manager plugin before 6.9 allows an unauthenticated attacker to gain remote code execution by uploading and executing the arbitrary PHP code.
https://youtu.be/x20LJRg2akQ
YouTube
WordPress File Manager Plugin Exploit | CVE-2020-25213
WordPress File Manager plugin before 6.9 allows an unauthenticated attacker to gain remote code execution by uploading and executing the arbitrary PHP code.
Note:
Neither I have found this critical vulnerability nor taking any credits of the CVE (CVE-2020…
Note:
Neither I have found this critical vulnerability nor taking any credits of the CVE (CVE-2020…
Defesa do Trabalho de Graduação (TCC) em Engenharia da Computação no ITA em 2020
https://youtu.be/Pnjjm65N-DA
https://youtu.be/Pnjjm65N-DA
YouTube
Defesa do Trabalho de Graduação (TCC) em Engenharia da Computação no ITA em 2020