NEW BOT Телеграм, страница

کارکرد کد بالا چیه
آسیب پذیر هست یا نه
اگر هست اسم آسیب پذیری چیه و اکسپلویتش چجوریه؟
کامنت کنید.

👍4🔥1

2.96K viewsAdel, edited 19:49

⭕️Securing AWS Lambda function URLs

Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.

https://www.wiz.io/blog/securing-aws-lambda-function-urls
#aws #cloud #security
@securation

wiz.io

Securing AWS Lambda function URLs | Wiz Blog

Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.

2.4K viewsAdel, 08:39

Security Analysis

https://www.bleepingcomputer.com/news/security/bpfdoor-stealthy-linux-malware-bypasses-firewalls-for-remote-access/

BleepingComputer

BPFDoor: Stealthy Linux malware bypasses firewalls for remote access

A recently discovered backdoor malware called BPFDoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years.

👍2

2.43K viewsAdel, 16:20

Security Analysis

بررسی سه آسیب پذیری در فریمورک radare2

https://vrgl.ir/X8L85
#radare2 #r2
@securation

ویرگول

بررسی سه آسیب پذیری در فریمورک radare2

تو این پست سه تا آسیب پذیری کشف شده در فریمورک radare2 رو بررسی میکنیم

👍5👎1

2.83K viewsAdel, 07:30

Security Analysis

⭕️ Strings deobfuscator

https://github.com/Finch4/Malware-Analysis-Reports/tree/master/Eternity%20Deobfuscator
#Malware #Eternity
@securation

🤩3

2.49K viewsAdel, 14:44

Security Analysis

⭕️Combination of 2 PoCs for bypassing Credential Guard with in-memory invocation

PoC 1 (patch wdigest.dll):
https://gist.github.com/N4kedTurtle/8238f64d18932c7184faa2d0af2f1240

PoC 2 (find variable offsets in runtime):
https://github.com/itm4n/Pentest-Windows/blob/main/CredGuardBypassOffsets/poc.cpp

Merged:
https://gist.github.com/snovvcrash/43e976779efdd20df1596c6492198c99
#lsass #wdigest #credguard
@securation

👍2👎2

2.79K viewsAdel, edited 10:39

Security Analysis

⭕️ Debugging and Reversing ALPC

https://csandker.io/2022/05/29/Debugging-And-Reversing-ALPC.html

#windows #internals
@securation

👍1👎1

2.17K viewsAdel, 17:20

Security Analysis

سایت فیشینگه ؟

Rvnsndy.com

👍24

2.25K viewsAdel, 10:20

Security Analysis

https://www.alteredsecurity.com/post/fantastic-windows-logon-types-and-where-to-find-credentials-in-them

Altered Security

Fantastic Windows Logon types and Where to Find Credentials in Them

Hello All,In this blog post we will explore and learn about various Windows Logon Types and understand how are these logon type events are generated. We will also see if we can extract credentials from individual logon types. We will be using our Active Directory…

2.27K viewsAdel, 21:06

Security Analysis

CVE-2022-22954-main.zip

3.5 KB

⭕️VMware Workspace ONE Access and Identity Manager RCE via SSTI.

CVE-2022-22954 - PoC SSTI

*
exploit+payload+shodan
#vmware #cve
@securation

2.41K viewsAdel, edited 08:28

Security Analysis

https://twitter.com/NaserifardA/status/1532377352528969729

Twitter

Aydin Naserifard

XSS Payloads to bypass EncodeURIComponent #XSS #HTML #bugbountytips #bugbounty

2.25K viewsAdel, 13:24

Security Analysis

https://slate.com/technology/2022/06/instagram-meta-iran-protests-exceptions.html

Slate Magazine

How Instagram Is Failing Protesters in Iran

Meta’s deficiencies in content moderation in non-Western languages on their platforms range wide.

2.18K viewsAdel, 18:16

Security Analysis

⭕️CSP Bypass Techniques

https://csplite.com/csp320/
#csp #bypass
@securation

👍1

2.68K viewsAdel, 08:35

Security Analysis

https://securitycafe.ro/2022/06/06/security-source-code-review-manual-approaches/

Security Café

Security Source Code Review – Manual Approaches

Performing security source code reviews is part of the penetration tester’s life. Either that this is the whole scope of an engagement or you exfiltrated the source code of an application and…

2.46K viewsAdel, 11:31

Security Analysis

⭕️

New technique for shellcode injection to evade AVs and EDRs

https://github.com/Idov31/FunctionStomping
#shellcode #bypass #edr #av
@securation

GitHub

GitHub - Idov31/FunctionStomping: Shellcode injection technique. Given as C++ header, standalone Rust program or library.

Shellcode injection technique. Given as C++ header, standalone Rust program or library. - Idov31/FunctionStomping

2.72K viewsAdel, edited 12:42

Security Analysis

https://gccybermonks.com/posts/ssrfvision/

2.32K viewsAdel, 07:54

Security Analysis

⭕️ Malware development: persistence - part 1. Registry run keys. C++ example.

Malware development: persistence - part 2. Screensaver hijack. C++ example.

Malware development: persistence - part 3. COM DLL hijack.

Malware development: persistence - part 4. Windows services. Simple C++ example.

Malware development: persistence - part 5. AppInit_DLLs. Simple C++ example.

Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example.

Malware AV evasion: part 7. Disable Windows Defender. Simple C++ example.

#malware #dev #cpp
@securation

🔥3

2.62K viewsAdel, edited 21:43

Security Analysis

⭕️ اکسپلویت OOB XXE از طریق متد LOCK در HTTP
https://dhiyaneshgeek.github.io/web/security/2021/02/19/exploiting-out-of-band-xxe/

در ارائه زیر که مربوط به کنفرانس Zero Night میشه درباره WebDav XXE attacks صحبت شده ، که متد های PROPPATCH ، PROPFIND ، LOCK و ... XML رو به عنوان ورودی قبول میکنن . و به این موضوع که مخصوصا پیاده سازی های با جاوا آسیب پذیر اند اشاره میکنه.
https://2015.zeronights.org/assets/files/35-Egorov.pdf
#WebDav #LOCK #XXE
@securation

Geek Freak

Exploiting Out-Of-Band XXE on Wildfire

Data Exfiltration using XXE via HTTP LOCK Method

🔥7👍1

3.24K viewsAdel, 19:49

Security Analysis

https://github.com/4ra1n/tomcat-jmxproxy-rce-exp

#go #rce #tomcat #vulnerability
@securation

👍2

2.4K viewsAdel, edited 11:06

Security Analysis

https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Marco Ramilli Web Corner - Marco Ramilli: cyber security expert, digital entrepreneur and writer