Telegram Web Link
bootg.com
»
United States
»
Information Security
» Telegram Web
Information Security
https://medium.com/bugbountywriteup/the-type-of-recon-that-you-may-skip-on-purpose-but-this-is-why-you-shouldnt-272aa74e08be
Medium
The type of recon that you may skip on purpose, but this is why you shouldn’t
, or why being too quick can lead to a false positive
Information Security
https://www.hackingarticles.in/android-penetration-testing-frida/
Hacking Articles
Android Penetration Testing: Frida - Hacking Articles
Introduction Frida is a dynamic instrumentation toolkit that is used by researchers to perform android hooking (intercepting IPC and modifying it to make a function
Information Security
https://iustin24.github.io/Cache-Key-Normalization-Denial-of-Service
Information Security
https://medium.com/@valeriyshevchenko/10-000-for-a-vulnerability-that-doesnt-exist-9dbc63684e94
Medium
$10,000 for a vulnerability that doesn’t exist
A couple of months ago, an interesting story happened to me. I caught a Path Traversal issue with no chance to reproduce it again.
Information Security
https://alex.studer.dev/2021/01/04/mw41-1
Alex Studer
Getting root on a 4G LTE mobile hotspot
I reverse engineered a special tool that lets you switch an Alcatel MW41 hotspot into a debug mode, granting root access to the device.
Information Security
https://x0r19x91.gitlab.io/post/reversing-go-part-1/
Information Security
https://microsoftedge.github.io/edgevr/posts/deep-dive-into-site-isolation-part-2/
Microsoft Browser Vulnerability Research
Deep Dive into Site Isolation (Part 2)
In the previous blog post, I explained how Site Isolation and related security features help mitigate attacks such as UXSS and Spectre. However, security bugs in a renderer process are really common, and therefore Chromium’s threat model assumes that a renderer…
Information Security
https://unit42.paloaltonetworks.com/bumblebee-webshell-xhunt-campaign
Unit 42
xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement
The BumbleBee webshell is used by the xHunt Campaign to upload and download files to a compromised server and to move laterally on the network.
Information Security
https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-www.tg-me.com/
bugs.xdavidhu.me
Stealing Your Private YouTube Videos, One Frame at a Time
David Schütz's bug bounty writeups
Information Security
https://www.ambionics.io/blog/laravel-debug-rce
Ambionics
Laravel <= v8.4.2 debug mode: Remote code execution
Ambionics Security team discovered an RCE in Laravel, when the framework is in debug mode.
Information Security
https://adepts.of0x.cc/shadowmove-hijack-socket/
Hijacking connections without injections: a ShadowMoving approach to the art of pivoting |
Hijacking connections without injections: a ShadowMoving approach to the art of pivoting | AdeptsOf0xCC
Proof of concept of hiding conections with ShadowMove technique
Information Security
https://blog.br0vvnn.io/pages/blogpost.aspx?id=5
Information Security
https://s0md3v.medium.com/deblurring-images-for-osint-part-2-ba564af8eb5d
Medium
Deblurring images for OSINT — Part 2
Let’s reverse Pixelize blur.
Information Security
https://medium.com/@kingkarankumarpnbe/10-000-for-automatic-email-confirmation-bug-in-microsofts-edge-browser-22f15ceccb4a
Medium
$10,000 for automatic email confirmation bug in Microsoft’s Edge browser
Hey folks, welcome to my first bug bounty writeup, which I found on Microsoft Edge (Chromium) browser.
Information Security
https://research.nccgroup.com/2021/01/21/mssql-lateral-movement/
NCC Group Research Blog
MSSQL Lateral Movement
Using discovered credentials to move laterally in an environment is a common goal for the NCC Group FSAS team. The ability to quickly and reliably use a newly gained set of credentials is essential…
Information Security
https://blog.shoebpatel.com/2021/01/23/The-Secret-Parameter-LFR-and-Potential-RCE-in-NodeJS-Apps/
CaptainFreak
The Secret Parameter, LFR, and Potential RCE in NodeJS Apps
TL;DRIf you are using ExpressJs with Handlebars as templating engine invoked via hbs view engine, for Server Side Rendering, you are likely vulnerable to Local File Read (LFR) and potential Remote Co
Information Security
https://c4ebt.github.io/2021/01/22/House-of-Rust.html
c4e's Blog
Bypassing GLIBC 2.32’s Safe-Linking Without Leaks into Code Execution: The House of Rust
The House of Rust is a heap exploitation technique that drops a shell against full PIE binaries that don’t leak any addresses.
Information Security
https://github.com/veeral-patel/how-to-secure-anything
GitHub
GitHub - veeral-patel/how-to-secure-anything: How to systematically secure anything: a repository about security engineering
How to systematically secure anything: a repository about security engineering - veeral-patel/how-to-secure-anything
Information Security
https://github.com/ea/bosch_headunit_root
GitHub
GitHub - ea/bosch_headunit_root: Documentation and code for rooting and extending a Bosch car head unit (lcn2kai)
Documentation and code for rooting and extending a Bosch car head unit (lcn2kai) - ea/bosch_headunit_root
Information Security
https://www.marketscreener.com/amp/quote/stock/QUALYS-INC-11612572/news/CVE-2021-3156-Heap-Based-Buffer-Overflow-in-Sudo-Baron-Samedit-32280840
2024/10/02 04:33:52
Back to Top
HTML Embed Code:
TW
HK
DE
US
CA
RU
NO
CN
UA
SG
YE
IN
SA
FR
IQ
UK
EG