رایت آپ کشف آسیب پذیری RCE و آنلاک مودم/روتر Seowon Slc-130
https://virgool.io/@maj0rmil4d/رایت-آپ-کشف-آسیب-پذیری-در-مودمروتر-seowon-slc-130-iggc9ij95vxz
@securation
https://virgool.io/@maj0rmil4d/رایت-آپ-کشف-آسیب-پذیری-در-مودمروتر-seowon-slc-130-iggc9ij95vxz
@securation
ویرگول
رایت آپ کشف آسیب پذیری RCE و آنلاک مودم/روتر های Seowon Slc-130 و SLR-120S
سلام ، با رایت آپ کشف RCE از روتر Seowon Slc-130 در خدمتتون هستیم .
Fuzzing JavaScript Engines with Aspect-preserving Mutation
https://github.com/sslab-gatech/DIE
#reverse #expdev #fuzzing #javanoscript @securation
https://github.com/sslab-gatech/DIE
#reverse #expdev #fuzzing #javanoscript @securation
GitHub
GitHub - sslab-gatech/DIE: Fuzzing JavaScript Engines with Aspect-preserving Mutation
Fuzzing JavaScript Engines with Aspect-preserving Mutation - sslab-gatech/DIE
Content-Type Research
Did you know that browsers support multiple Content-Type in HTTP response header?
https://github.com/BlackFan/content-type-research
#web #appsec #bugbounty #evasion @securation
Did you know that browsers support multiple Content-Type in HTTP response header?
https://github.com/BlackFan/content-type-research
#web #appsec #bugbounty #evasion @securation
GitHub
GitHub - BlackFan/content-type-research: Content-Type Research
Content-Type Research. Contribute to BlackFan/content-type-research development by creating an account on GitHub.
Browser based port scanner triggered via website.
the power of JS !
https://defuse.ca/in-browser-port-scanning.htm
@securation
the power of JS !
https://defuse.ca/in-browser-port-scanning.htm
@securation
defuse.ca
Port Scanning Local Network From a Web Browser
Malicious web pages can port scan your local network.
Cross-Site Scripting (XSS) Cheat Sheet
2020 Edition
Web Security Academy
https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet
@securation
2020 Edition
Web Security Academy
https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet
@securation
portswigger.net
Cross-Site Scripting (XSS) Cheat Sheet - 2025 Edition | Web Security Academy
Interactive cross-site noscripting (XSS) cheat sheet for 2025, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.
https://engineering.fb.com/security/pysa/
Pysa: An open source static analysis tool to detect and prevent security issues in Python code
#article #tools #opensource #python #security #staticanalysis
@securation
Pysa: An open source static analysis tool to detect and prevent security issues in Python code
#article #tools #opensource #python #security #staticanalysis
@securation
https://blog.bitsrc.io/how-to-hide-secrets-in-strings-modern-text-hiding-in-javanoscript-613a9faa5787?gi=cce14b3afd96
StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisible noscripts on webpages, texts on social media or for any other covert communication. Completely invisible!
Live demo :
https://stegcloak.surge.sh/
#tools #steganography #js
@securation
StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisible noscripts on webpages, texts on social media or for any other covert communication. Completely invisible!
Live demo :
https://stegcloak.surge.sh/
#tools #steganography #js
@securation
https://github.com/leoloobeek/COMRunner
A simple COM server which provides a component to run shellcode. Also includes a Windows JScript file to load the COM server and create the object with registration-free activation. This PoC COM server provides an object with a method that takes in base64 encoded shellcode and a method to run the shellcode.
#tools #opensource #shellcode
@securation
A simple COM server which provides a component to run shellcode. Also includes a Windows JScript file to load the COM server and create the object with registration-free activation. This PoC COM server provides an object with a method that takes in base64 encoded shellcode and a method to run the shellcode.
#tools #opensource #shellcode
@securation
GitHub
GitHub - leoloobeek/COMRunner: A simple COM server which provides a component to run shellcode
A simple COM server which provides a component to run shellcode - leoloobeek/COMRunner
Google Chrome for Android (starting from Chrome 85) now support DNS-over-HTTPS (DoH) feature that, when enabled, can automatically switch to DNS-over-HTTPS if your current DNS provider supports it, or users can also provide a custom server address to prevent miscreants from interfering with domain name lookups, eventually stopping network observers, including your ISPs and attackers, from figuring out what sites you visit.
@securation
@securation
در بسیاری از موارد به هنگام post exploitation آنتی ویروس سرور مثلا nc را trojan میشناسه و حذفش میکنه !
در این مواقع میشه از موارد مشابه استفاده کرد ، مثال زیر یکی از tool هایی هستش که در این زمینه توسعه داده شده :
https://github.com/schollz/croc
Easily and securely send things from one computer to another
@securation
در این مواقع میشه از موارد مشابه استفاده کرد ، مثال زیر یکی از tool هایی هستش که در این زمینه توسعه داده شده :
https://github.com/schollz/croc
Easily and securely send things from one computer to another
@securation
GitHub
GitHub - schollz/croc: Easily and securely send things from one computer to another :package:
Easily and securely send things from one computer to another :crocodile: :package: - GitHub - schollz/croc: Easily and securely send things from one computer to another :package:
سایتی برای تبدیل کدهای زبانهای مختلف به Instruction با قابلیت انتخاب کامپایلر با نسخههای متفاوت.
همچنین با اشاره کردن با موس روی خط مورد نظر از کدتون، Instruction اون تیکه کد مورد نظرتون، با رنگ آبی هایلایت خواهد شد.
لینک سایت: https://godbolt.org
#Reverse_Engineering #مهندسی_معکوس #RE
@securation
همچنین با اشاره کردن با موس روی خط مورد نظر از کدتون، Instruction اون تیکه کد مورد نظرتون، با رنگ آبی هایلایت خواهد شد.
لینک سایت: https://godbolt.org
#Reverse_Engineering #مهندسی_معکوس #RE
@securation
Android - SSL-Pinning.pdf
932.3 KB
در این مقاله کوتاه روش بایپس SSL-Pinning اندروید توسط فریمورک Frida نوشته شده رو میتونید بخونید.
#android #frida #ssl_pinning
@securation
#android #frida #ssl_pinning
@securation
در این مقاله مباحثی درباره امنیت مارکت اندرویدی کافه بازار توضیح و تحلیل هایی صورت گرفته از جمله سابقه هک شدن کافه بازار و بدافزارهایی که توسط کافه بازار منتشر میشن ، پیشنهاد میکنم حتما بخونید :
https://virgool.io/@moh53n/%D8%A8%D8%B1%D8%B1%D8%B3%DB%8C-%D8%A7%D9%85%D9%86%DB%8C%D8%AA-%D9%85%D8%A7%D8%B1%DA%A9%D8%AA-%D8%A7%D9%86%D8%AF%D8%B1%D9%88%DB%8C%D8%AF%DB%8C-%DA%A9%D8%A7%D9%81%D9%87-%D8%A8%D8%A7%D8%B2%D8%A7%D8%B1-z2hwghtzo2uo
@securation
https://virgool.io/@moh53n/%D8%A8%D8%B1%D8%B1%D8%B3%DB%8C-%D8%A7%D9%85%D9%86%DB%8C%D8%AA-%D9%85%D8%A7%D8%B1%DA%A9%D8%AA-%D8%A7%D9%86%D8%AF%D8%B1%D9%88%DB%8C%D8%AF%DB%8C-%DA%A9%D8%A7%D9%81%D9%87-%D8%A8%D8%A7%D8%B2%D8%A7%D8%B1-z2hwghtzo2uo
@securation
ویرگول
بررسی امنیت مارکت اندرویدی کافه بازار
در این تحقیق ما به بررسی امنیتی اپلیکیشن های موجود در کافه بازار پرداخته ایم.
UAC bypass (Privilege escalation)
Real Time Detection of User Account Control (UAC) bypass via hijacking The DiskCleanup Scheduled Task
https://github.com/elastic/detection-rules/blob/main/rules/windows/privilege_escalation_uac_bypass_diskcleanup_hijack.toml
#UAC_Bypass
@securation
Real Time Detection of User Account Control (UAC) bypass via hijacking The DiskCleanup Scheduled Task
https://github.com/elastic/detection-rules/blob/main/rules/windows/privilege_escalation_uac_bypass_diskcleanup_hijack.toml
#UAC_Bypass
@securation
Building a custom Mimikatz binary
This post will cover how to build a custom Mimikatz binary by doing source code modification to get past AV/EDR software.
https://s3cur3th1ssh1t.github.io/Building-a-custom-Mimikatz-binary/
#tools #windows #mimikatz #redteaming #evasion
@securation
This post will cover how to build a custom Mimikatz binary by doing source code modification to get past AV/EDR software.
https://s3cur3th1ssh1t.github.io/Building-a-custom-Mimikatz-binary/
#tools #windows #mimikatz #redteaming #evasion
@securation
s3cur3th1ssh1t.github.io
Building a custom Mimikatz binary | S3cur3Th1sSh1t
This post will cover how to build a custom Mimikatz binary by doing source code modification to get past AV/EDR software.
Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation
Paper:
https://raw.githubusercontent.com/quarkslab/conf-presentations/master/BlackHat-Asia-20/asia-20-Thomas-Dynamic-Binary-Instrumentation-Techniques-to-Address-Native-Code-Obfuscation-wp.pdf
Slides:
https://raw.githubusercontent.com/quarkslab/conf-presentations/master/BlackHat-Asia-20/asia-20-Thomas-Dynamic-Binary-Instrumentation-Techniques-to-Address-Native-Code-Obfuscation.pdf
#android #Obfuscation #binary
@securation
Paper:
https://raw.githubusercontent.com/quarkslab/conf-presentations/master/BlackHat-Asia-20/asia-20-Thomas-Dynamic-Binary-Instrumentation-Techniques-to-Address-Native-Code-Obfuscation-wp.pdf
Slides:
https://raw.githubusercontent.com/quarkslab/conf-presentations/master/BlackHat-Asia-20/asia-20-Thomas-Dynamic-Binary-Instrumentation-Techniques-to-Address-Native-Code-Obfuscation.pdf
#android #Obfuscation #binary
@securation
Forwarded from APA Ilam
intel vulnerability
1.9 MB
Unauthenticated Arbitrary File Read vulnerability in VMware vCenter. @securation