Forwarded from @Phantasm_Lab ([L]uth1er)
[Exploit] - Impropper Access Control - Arbitrary File Download + IDOR (0day Vulnerability) MEC
I found a IDOR Lead to Arbitrary File Download in a subdomain of the mec.gov.br, with this vulnerability we can generate random id and request to the server to discovery sensitive files, with this vulnerability it's possible to access, bidding for works,PDF Files sent via emails, information about City's of the country.
https://youtu.be/yOzoIGJJqvk
I found a IDOR Lead to Arbitrary File Download in a subdomain of the mec.gov.br, with this vulnerability we can generate random id and request to the server to discovery sensitive files, with this vulnerability it's possible to access, bidding for works,PDF Files sent via emails, information about City's of the country.
https://youtu.be/yOzoIGJJqvk
Forwarded from @Phantasm_Lab ([L]uth1er)
[Vulnerability] - Cookie Stored injection - XSS at Heroic Third Service, call cookies!
the application calls an external service to create the cookies and they are sent back to the server!
https://youtu.be/maatBdt8TPY
Youtube: @Phatansm_Lab
the application calls an external service to create the cookies and they are sent back to the server!
https://youtu.be/maatBdt8TPY
Youtube: @Phatansm_Lab
Top researchers are calling for a real investigation into the origin of covid-19
A group of prominent biologists say there needs to be
a “safe space” for asking whether the coronavirus came out of a lab.
https://www.technologyreview.com/2021/05/13/1024866/investigation-covid-origin-wuhan-china-lab-biologists-letter/MIT Technology Review
Top researchers are calling for a real investigation into the origin of covid-19
A group of prominent biologists say there needs to be a “safe space” for asking whether the coronavirus came out of a lab.
Opinion: Congress is finally investigating the lab accident covid-19 origin theory
https://www.washingtonpost.com/opinions/global-opinions/congress-is-finally-investigating-the-lab-accident-covid-19-origin-theory/2021/05/06/d7bfb0e4-aeaf-11eb-b476-c3b287e52a01_story.html
https://www.washingtonpost.com/opinions/global-opinions/congress-is-finally-investigating-the-lab-accident-covid-19-origin-theory/2021/05/06/d7bfb0e4-aeaf-11eb-b476-c3b287e52a01_story.html
Explained: What is the Wuhan lab coronavirus theory?
This video will tell you what we know and what we don't know about the origin of the coronavirus.
https://youtu.be/Tql2V7SR83g
This video will tell you what we know and what we don't know about the origin of the coronavirus.
https://youtu.be/Tql2V7SR83g
YouTube
Explained: What is the Wuhan lab coronavirus theory?
This video will tell you what we know and what we don't know about the origin of the coronavirus. (Subscribe: https://bit.ly/C4_News_Subscribe)
We know Covid-19 started in the city of Wuhan in China.
Most scientists think bats are the original source of…
We know Covid-19 started in the city of Wuhan in China.
Most scientists think bats are the original source of…
Was COVID Man-Made Or Natural? Nicholas Wade Speaks On China, WHO, & Wuhan Institute Of Virology
https://youtu.be/2jPYJqFczck
https://youtu.be/2jPYJqFczck
YouTube
Was COVID Man-Made Or Natural? Nicholas Wade Speaks On China, WHO, & Wuhan Institute Of Virology
#China #WHO #COVID-19 #Coronavirus #RepublicTV
Bringing back the focus on the origin of the SARS-CoV-2 (hereafter also referred to as SARS2), which has caused the ongoing Coronavirus pandemic and claimed over 3 million lives across the globe, noted British…
Bringing back the focus on the origin of the SARS-CoV-2 (hereafter also referred to as SARS2), which has caused the ongoing Coronavirus pandemic and claimed over 3 million lives across the globe, noted British…
Forwarded from w0rk3r's Windows Hacking Library (Jonhnathan Jonhnathan Jonhnathan)
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks
@WindowsHackingLibrary
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks
@WindowsHackingLibrary
Praetorian
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
Overview This article describes methods by which an attacker can induce a victim user into authenticating using the NT Lan Manager (NTLM) Authentication Protocol to an attacker-controlled “Intranet” site, even in instances where that site points to an external…
Forwarded from w0rk3r's Windows Hacking Library (Jonhnathan Jonhnathan Jonhnathan)
Dumping Stored Credentials with SeTrustedCredmanAccessPrivilege
https://www.tiraniddo.dev/2021/05/dumping-stored-credentials-with.html
@WindowsHackingLibrary
https://www.tiraniddo.dev/2021/05/dumping-stored-credentials-with.html
@WindowsHackingLibrary
www.tiraniddo.dev
Dumping Stored Credentials with SeTrustedCredmanAccessPrivilege
I've been going through the various token privileges on Windows trying to find where they're used. One which looked interesting is SeTruste...