⭕️ Using AWS security services to protect against, detect, and respond to the Log4j vulnerability
Post providing guidance to help customers who are responding to the recently disclosed log4j vulnerability.
https://aws.amazon.com/ru/blogs/security/using-aws-security-services-to-protect-against-detect-and-respond-to-the-log4j-vulnerability/
#aws #security #log4shell #log4j
@securation
Post providing guidance to help customers who are responding to the recently disclosed log4j vulnerability.
https://aws.amazon.com/ru/blogs/security/using-aws-security-services-to-protect-against-detect-and-respond-to-the-log4j-vulnerability/
#aws #security #log4shell #log4j
@securation
Amazon
Using AWS security services to protect against, detect, and respond to the Log4j vulnerability | Amazon Web Services
April 21, 2022: The blog post has been updated to include information on the updated version of the hotpatch. See this security advisory for more details. Overview In this post we will provide guidance to help customers who are responding to the recently…
👍7❤5👎2🤩1
⭕️ A Memory Visualiser Tool for iOS Security Research
In this post I want to share a recent project of mine — a memory visualiser tool for iOS security researchers.
- Live Memory Monitoring
- Visual Block Creation
- Contextual Typing
https://bellis1000.medium.com/a-memory-visualiser-tool-for-ios-security-research-bd8bb8c334c6
#ios #memory #security
@securation
In this post I want to share a recent project of mine — a memory visualiser tool for iOS security researchers.
- Live Memory Monitoring
- Visual Block Creation
- Contextual Typing
https://bellis1000.medium.com/a-memory-visualiser-tool-for-ios-security-research-bd8bb8c334c6
#ios #memory #security
@securation
👍3👎2🔥2
⭕️ Attacking Private Networks from the Internet with DNS Rebinding
https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
https://github.com/brannondorsey/dns-rebind-toolkit
#dnsrebinding #attacks #article
@securation
https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
https://github.com/brannondorsey/dns-rebind-toolkit
#dnsrebinding #attacks #article
@securation
👍7
⭕️ تغییرات جدیدی که توی نسخه ی جدید Nuclei ایجاد شده .
https://github.com/projectdiscovery/nuclei-templates/releases/tag/v8.8.2
#fuzzing #nuclei #web #tools
@securation
https://github.com/projectdiscovery/nuclei-templates/releases/tag/v8.8.2
#fuzzing #nuclei #web #tools
@securation
👍3🔥1
⭕️ PHP 7.3-8.1 disable_functions bypass using string concatenation
PHP 7.3-8.1 disable_functions bypass [concat_function]This exploit uses a bug in a function that handles string concatenation.
A statement such as $a.$b might result in memory corruption if certain conditions are met.
The bugreport provides a very thorough analysis of the vulnerability.
The PoC was tested on various php builds for Debian/Ubuntu/CentOS/FreeBSD with cli/fpm/apache2 server APIs and found to work reliably.
https://github.com/mm0r1/exploits/tree/master/php-concat-bypass
#PHP #bypass #disable_functions
@securation
PHP 7.3-8.1 disable_functions bypass [concat_function]This exploit uses a bug in a function that handles string concatenation.
A statement such as $a.$b might result in memory corruption if certain conditions are met.
The bugreport provides a very thorough analysis of the vulnerability.
The PoC was tested on various php builds for Debian/Ubuntu/CentOS/FreeBSD with cli/fpm/apache2 server APIs and found to work reliably.
https://github.com/mm0r1/exploits/tree/master/php-concat-bypass
#PHP #bypass #disable_functions
@securation
🔥2
برگ تقلب هایی از انواع تایپ های مختلف SQL Injection رو اینجا مطالعه کنید
https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet
#sqli
@securation
https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet
#sqli
@securation
GitHub
GitHub - kleiton0x00/Advanced-SQL-Injection-Cheatsheet: A cheat sheet that contains advanced queries for SQL Injection of all types.
A cheat sheet that contains advanced queries for SQL Injection of all types. - kleiton0x00/Advanced-SQL-Injection-Cheatsheet
👍11🤩3
SQL Injection in Wordpress core (CVE-2022–21661)
https://cognn.medium.com/sql-injection-in-wordpress-core-zdi-can-15541-a451c492897
https://cognn.medium.com/sql-injection-in-wordpress-core-zdi-can-15541-a451c492897
Medium
SQL Injection in Wordpress core (CVE-2022–21661)
Giới thiệu
🤩13😱5👎1
⭕️ این ابزار برای شبیه سازی حملات بعلاوه تحلیل و بررسی صحت عملکرد EDR و مباحث correlation کاربرد داره.
https://github.com/ScarredMonk/SysmonSimulator
#sysmon #loganalysis #EDR
@securation
https://github.com/ScarredMonk/SysmonSimulator
#sysmon #loganalysis #EDR
@securation
GitHub
GitHub - ScarredMonk/SysmonSimulator: Sysmon event simulation utility which can be used to simulate the attacks to generate the…
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams. - ScarredMonk/SysmonS...