Bypassing 403s like a PRO! ($2,100): Broken Access control
This article highlights my way of dealing with 403s and how I managed to get a P1 in minutes!
Source
403 Bypasser Burp extension
#web
This article highlights my way of dealing with 403s and how I managed to get a P1 in minutes!
Source
403 Bypasser Burp extension
#web
👍2🔥2
🔥2👍1
Forwarded from CyberSecBastion
👍4
Forwarded from CyberSecBastion
JWT Attacks_2023.pdf
2 MB
PDF - JWT Attacks (intro , attacks , Real world scenario and Mitigation)
🔥3
Forwarded from CyberSecBastion
Nuclei Vuln Scanner
Fast and customisable vulnerability scanner based on simple YAML based DSL.
Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.
GitHub
#tools
Fast and customisable vulnerability scanner based on simple YAML based DSL.
Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.
GitHub
#tools
👍4
A Quick Guide to Information Security Standards.pdf
1.6 MB
A Quick Guide to Information Security Standards
👍3
Azure AD Security Config Analyzer (AADSCA)
We decided to take alternative approach for chapter 6 and we are not covering possible Azure AD attack path. This time, the focus is on on proactive side, how organizations can monitor and strengthen Azure AD's security posture. For this purpose we created 'Azure AD Security Config Analyzer' aka 'AADSCA' solution.
GitHub
Official page
#windows
We decided to take alternative approach for chapter 6 and we are not covering possible Azure AD attack path. This time, the focus is on on proactive side, how organizations can monitor and strengthen Azure AD's security posture. For this purpose we created 'Azure AD Security Config Analyzer' aka 'AADSCA' solution.
GitHub
Official page
#windows
🔥3👍1
Hack by HTML
HTML can be used for faking malicious phishing link, bypassing browser history etc. Here is my new article 'Hack by HTML' on it.
Source
#pentest #web
HTML can be used for faking malicious phishing link, bypassing browser history etc. Here is my new article 'Hack by HTML' on it.
Source
#pentest #web
Medium
Hack by HTML
The term ‘hack by HTML’ is often appears in hacking memes. However, there are certainly some HTML hacking techniques that are used in the…
🤔2🔥1
DNS Hacking
DNS has registry, something like Windows OS has registry. When a new website domain is registered, the domain and its IP address is technically written to a DNS zone file. This is the source for mapping domain to IP address (the actual DNS service) which is managed by DNS registry.
For example, when someone registers a domain in NameCheap, NameCheap will register the purchased domain in DNS registry using EPP protocol by exchanging XML messages. It has a security mechanism called 'EPP code' for authorizing the registrar. Even, EPP server communication is done over SSL/TLS (sometimes mTLS). Whois records are also updated this way. EPP maintains a kind of IAM or authorization where registrars can operate on only their controlled domains.
Programming languages like Python can used to communicate with EPP server. So, hackers can exploit EPP server by XXE attack.
Source
#pentest
DNS has registry, something like Windows OS has registry. When a new website domain is registered, the domain and its IP address is technically written to a DNS zone file. This is the source for mapping domain to IP address (the actual DNS service) which is managed by DNS registry.
For example, when someone registers a domain in NameCheap, NameCheap will register the purchased domain in DNS registry using EPP protocol by exchanging XML messages. It has a security mechanism called 'EPP code' for authorizing the registrar. Even, EPP server communication is done over SSL/TLS (sometimes mTLS). Whois records are also updated this way. EPP maintains a kind of IAM or authorization where registrars can operate on only their controlled domains.
Programming languages like Python can used to communicate with EPP server. So, hackers can exploit EPP server by XXE attack.
Source
#pentest
👍3