⭕️ Multiple HTTP Redirects to Bypass SSRF Protections
https://infosecwriteups.com/multiple-http-redirects-to-bypass-ssrf-protections-45c894e5d41c
#SSRF #Exploit #Infosec
@securation
https://infosecwriteups.com/multiple-http-redirects-to-bypass-ssrf-protections-45c894e5d41c
#SSRF #Exploit #Infosec
@securation
👍1
⭕️ An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug IDAPython Scripts
https://github.com/ioncodes/idacode
#IDA #debug #idapython
@securation
https://github.com/ioncodes/idacode
#IDA #debug #idapython
@securation
⭕️Permissions:
A Primer, or: DACL, SACL, Owner, SID and ACE Explained
https://helgeklein.com/blog/permissions-a-primer-or-dacl-sacl-owner-sid-and-ace-explained/
#SID #ACL #ACE
@securation
A Primer, or: DACL, SACL, Owner, SID and ACE Explained
https://helgeklein.com/blog/permissions-a-primer-or-dacl-sacl-owner-sid-and-ace-explained/
#SID #ACL #ACE
@securation
Helge Klein
Permissions: A Primer, or: DACL, SACL, Owner, SID and ACE Explained • Helge Klein
Tools & knowledge for IT pros
👍1
Automatic string formatting deobfuscation
https://maxkersten.nl/binary-analysis-course/malware-analysis/automatic-string-formatting-deobfuscation/
https://maxkersten.nl/binary-analysis-course/malware-analysis/automatic-string-formatting-deobfuscation/
👍1
Attack Surface’s of Industrial Control Systems
https://medium.com/@berkdusunur/attack-surfaces-of-industrial-control-systems-47c78c35d7d8
https://medium.com/@berkdusunur/attack-surfaces-of-industrial-control-systems-47c78c35d7d8
Medium
Attack Surface’s of Industrial Control Systems
Hello everybody. I am so happy to announce you my first post of 2022 about Attack Surface’s of Industrial Control Systems. I will use ICS…
👍2
⭕️Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution
https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution/
#PHP #RCE
@securation
https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution/
#PHP #RCE
@securation
Wordfence
Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution
On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed…
👍1
⭕️Windows Event Log Jam
https://www.hawk.io/blog/unicode-reflection-event-null-byte-injection
#evtx #blind #log #jam
@securation
https://www.hawk.io/blog/unicode-reflection-event-null-byte-injection
#evtx #blind #log #jam
@securation
👍3
Reverse Engineering My Home Security System: Decompiling Firmware Updates
1. Reverse engineer the binaries in an attempt to discovery exploitable vulnerabilities, and learn more about the device.
2. Set up a test environment to execute the binaries so I can actively identify the attack surface, fuzz where possible, and really dig into it.
https://markclayton.github.io/reverse-engineering-my-home-security-system-decompiling-firmware-updates.html
#Hardware #Electronic #Reverse_Engineering #Article
@securation
Conclusion:
Starting from a software update, and some critical thinking, I was able to decompile the firmware update for my Honeywell Tuxedo. As a result, I have access to the proprietary binaries, and additional components that make up the device. My next two approaches are:1. Reverse engineer the binaries in an attempt to discovery exploitable vulnerabilities, and learn more about the device.
2. Set up a test environment to execute the binaries so I can actively identify the attack surface, fuzz where possible, and really dig into it.
https://markclayton.github.io/reverse-engineering-my-home-security-system-decompiling-firmware-updates.html
#Hardware #Electronic #Reverse_Engineering #Article
@securation
_bullz3ye
Reverse Engineering My Home Security System: Decompiling Firmware Updates
A few weeks ago I got a home security system installed in my home. The package included a 7-inch tablet called the Honeywell Tuxedo that...
👍2
چطوری اتومیشن خودمون رو با bash noscript بنویسیم تا توی recon به ما کمک کنه ؟
https://youtu.be/keK99avGLvQ
#bash #recon #bugbounty
@securation
https://youtu.be/keK99avGLvQ
#bash #recon #bugbounty
@securation
YouTube
Automate Recon with Your Own Bash Script [Tutorial]
Get Our Premium Ethical Hacking Bundle (90% Off): https://nulb.app/cwlshop
How to Write a Bash Script to Automate Reconnaissance
Full Tutorial: https://nulb.app/x726n
Subscribe to Null Byte: https://goo.gl/J6wEnH
Nick's Twitter: https://twitter.com/nickgodshall…
How to Write a Bash Script to Automate Reconnaissance
Full Tutorial: https://nulb.app/x726n
Subscribe to Null Byte: https://goo.gl/J6wEnH
Nick's Twitter: https://twitter.com/nickgodshall…
👍6
This media is not supported in your browser
VIEW IN TELEGRAM
⭕️ POC for CVE-2022-0435:
Remote Stack Overflow in Linux Kernel TIPC
https://www.openwall.com/lists/oss-security/2022/02/10/1
#CVE #linuxkernel #TIPC
@securation
Remote Stack Overflow in Linux Kernel TIPC
https://www.openwall.com/lists/oss-security/2022/02/10/1
#CVE #linuxkernel #TIPC
@securation