Forwarded from Deleted Account
OWASP_API_Security_Top_10_Cheatsheet_pdf_1636948037.pdf
1.4 MB
⭕️ UAC bypass via dll hijacking and mock directories
https://daniels-it-blog.blogspot.com/2020/07/uac-bypass-via-dll-hijacking-and-mock.html?m=1
#uac #bypass
@securation
https://daniels-it-blog.blogspot.com/2020/07/uac-bypass-via-dll-hijacking-and-mock.html?m=1
#uac #bypass
@securation
Blogspot
UAC bypass via dll hijacking and mock directories
UAC
UAC Bypass
dll hijacking
mock folders
Daniel Gebert
SRP
Software Restiction Policies
dll
hijacking
Windows 10
UAC Bypass
dll hijacking
mock folders
Daniel Gebert
SRP
Software Restiction Policies
dll
hijacking
Windows 10
👍8
⭕️ Persistence with Azure Policy Guest Configuration
Use Azure Policy Guest Configuration to gain persistence in your target environment and how to detect such an attack as a defender.
https://cloudbrothers.info/en/azure-persistence-azure-policy-guest-configuration/
#azure
@securation
Use Azure Policy Guest Configuration to gain persistence in your target environment and how to detect such an attack as a defender.
https://cloudbrothers.info/en/azure-persistence-azure-policy-guest-configuration/
#azure
@securation
تغییرات جدید که توی نسخه جدید Ammas داده شده از جمله پشتیبانی از dns repo
https://github.com/OWASP/Amass/releases/tag/v3.16.0
#web #amass #tools
@securation
https://github.com/OWASP/Amass/releases/tag/v3.16.0
#web #amass #tools
@securation
GitHub
GitHub - owasp-amass/amass: In-depth attack surface mapping and asset discovery
In-depth attack surface mapping and asset discovery - owasp-amass/amass
اگه علاقه به حل معما و چالش توی امنیت دارید یه سری به اینجا هم بزنید و چالش هایی که با آسیب پذیری های جدید به وجود میاد براشون Lab نوشته میشه, سروکله بزنید :)
.
https://www.vulnmachines.com/
#vuln #machines
@securation
.
https://www.vulnmachines.com/
#vuln #machines
@securation
⭕️ Linux Kernel Exploitation 0x1 - Smashing Stack Overflows in the Kernel
https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x1-smashing.html
#linux #kernel #stackoverflow
@securation
https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x1-smashing.html
#linux #kernel #stackoverflow
@securation
⭕️ منبع جامعی درمورد تمرین و یادگیری heap exploitation از تیم شل فیش
https://github.com/shellphish/how2heap
#heap #expdev
@securation
https://github.com/shellphish/how2heap
#heap #expdev
@securation
GitHub
GitHub - shellphish/how2heap: A repository for learning various heap exploitation techniques.
A repository for learning various heap exploitation techniques. - shellphish/how2heap
This media is not supported in your browser
VIEW IN TELEGRAM
⭕️ Online PCAP file analyzer - An handy GUI tool for forensic investigation/penetration testing to analyze PCAP files on the go.
https://apackets.com
#pcap #packet
@securation
https://apackets.com
#pcap #packet
@securation
👍6
⭕️ Vulnerable AWS Lambda function - Initial access in cloud attacks
How a vulnerable AWS Lambda function could be used by attackers, and some best practices to mitigate these attacks.
https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/
#aws #cloud
@securation
How a vulnerable AWS Lambda function could be used by attackers, and some best practices to mitigate these attacks.
https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/
#aws #cloud
@securation
Sysdig
Lambda Threat – Best Practices for Lambda Security | Sysdig
The security research team explains the attack scenario with a vulnerable AWS Lambda function could be a threat used by attackers.
😱2
⭕️ ۱− آسیب پذیری HTTP Request Smuggling چیه و چطوری به وجود میاد ؟
اگه یه تارگت این آسیب پذیری رو داشته باشه باهاش چه کارهایی میشه انجام داد؟
۲− یه ابزار برای کشف و اکسپلویت کردن این آسیب پذیری :
۱− https://portswigger.net/web-security/request-smuggling
۲− https://github.com/neex/http2smugl
#http2smugl #smuggling
@securation
اگه یه تارگت این آسیب پذیری رو داشته باشه باهاش چه کارهایی میشه انجام داد؟
۲− یه ابزار برای کشف و اکسپلویت کردن این آسیب پذیری :
۱− https://portswigger.net/web-security/request-smuggling
۲− https://github.com/neex/http2smugl
#http2smugl #smuggling
@securation
👍7