Telegram Web Link
bootg.com
»
United States
»
Information Security
» Telegram Web
Information Security
https://afinepl.medium.com/testing-and-exploiting-java-deserialization-in-2021-e762f3e43ca2
Medium
Testing and exploiting Java Deserialization in 2021
Since 2015 when java deserialization was a major threat, lots of patches and improvements has been introduced. How to approach testing for…
Information Security
https://www.horizon3.ai/disclosures/librenms-second-order-sqli
Horizon3.ai
CVE-2020-35700: Exploiting a Second-Order SQL Injection in LibreNMS < 21.1.0 – Horizon3.ai | Blog
LibreNMS is an open source solution for network monitoring based on PHP, MySQL and SNMP. While reviewing its source code, we discovered a second-order SQL injection vulnerability, CVE-2020-35700, in the Dashboard feature.
Information Security
https://securitylab.github.com/advisories/GHSL-2020-214_223-onedev
GitHub Security Lab
GHSL-2020-214_223: 10 CVEs in OneDev ranging from pre-auth Remote Code Execution (RCE) to Arbitrary File Read/Write
Multiple vulnerabilities were found in the OneDev project ranging from pre-auth Remote Code Execution (RCE) to Arbitrary File Read/Write
Information Security
https://github.com/GameHackingAcademy
GitHub
Game Hacking Academy
Game Hacking Academy has 26 repositories available. Follow their code on GitHub.
Information Security
https://twitter.com/steventseeley/status/1359212311312035848?s=20
Twitter
ϻг_ϻε
CVE-2021-24071 is a patch bypass for CVE-2020-17120 “Microsoft SharePoint SPSqlDataSource Information Disclosure Vulnerability”. It allows an attacker to connect back to a rogue MySQL server and leak the web.config file for RCE if the MySQL driver is installed.
Information Security
https://igor-blue.github.io/2021/02/07/sybase.html
Igor's Blog
Abusing Sybase for lateral movement
A few years ago I was asked to help on a red-team exercise in a company doing hardware R&D.
Information Security
https://github.com/pkb1s/SharpRelay
GitHub
GitHub - pkb1s/SharpRelay
Contribute to pkb1s/SharpRelay development by creating an account on GitHub.
Information Security
https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/
My cool site
Learning Linux Kernel Exploitation - Part 1
The first part of the series about learning Linux kernel exploitation through hxpCTF2020 kernel-rop: Setting up the environment and the simplest technique of ret2usr
Information Security
https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/
PT SWARM
Swarm of Palo Alto PAN-OS vulnerabilities
Palo Alto Networks next-generation firewall (NGFW) is one of the leading enterprise firewalls used by companies around the world to protect against various cyber-attacks. It runs on its own operating system «PAN-OS». In this article, we will analyze the vulnerabilities…
Information Security
https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application
GitHub
GitHub - dolevf/Damn-Vulnerable-GraphQL-Application: Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL…
Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security. - dolevf/Damn-Vulnerable-GraphQL-Appli...
Information Security
https://halove23.blogspot.com/2021/02/windows-installer-file-read-0day_12.html
Information Security
https://labs.detectify.com/2021/02/18/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/
Labs Detectify
Middleware everywhere and misconfigurations to fix - Labs Detectify
We found some interesting middleware misconfigurations and potential exploits affecting Nginx web servers, load balancers, and proxies.
Information Security
https://sprocketfox.io/xssfox/2021/01/18/pipeline/
sprocketfox.io
Build Pipeline Security
Security concerns with PR build systems
Information Security
https://alephsecurity.com/2021/02/16/apport-lpe/
Alephsecurity
Exploiting crash handlers: LPE on Ubuntu
Information Security
https://www.secjuice.com/enterprise-powershell-protection-logging/
Information Security
https://pentestmag.com/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/
Pentestmag
Local Privilege Escalation in Rapid7’s Windows Insight IDR Agent - Pentestmag
Local Privilege Escalation in Rapid7’s Windows Insight IDR Agent by Florian Bogner With Insight IDR Rapid7 has created a very powerful, yet …
Information Security
https://github.com/PalindromeLabs/Java-Deserialization-CVEs
GitHub
GitHub - PalindromeLabs/Java-Deserialization-CVEs: Compiled dataset of Java deserialization CVEs
Compiled dataset of Java deserialization CVEs. Contribute to PalindromeLabs/Java-Deserialization-CVEs development by creating an account on GitHub.
Information Security
https://twitter.com/elfsixtyfour/status/1365149410787799050?s=20
Twitter
✨
elfsixtyfour
💫
POC: CVE-2021-69420 https://t.co/kcfNl2ys1L https://t.co/n7PCGE3nsd
Information Security
https://medium.com/@metnew/you-better-not-make-an-electron-app-to-wrap-a-website-dd3fe876481b
#Electron
Medium
You better not make an Electron app to “wrap” a website
TL;DR: Why investing in Electron apps might be a waste of time.
Information Security
https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce-with-cve-2020-1350-sigred
2024/10/02 00:35:36
Back to Top
HTML Embed Code:
TW
HK
DE
US
CA
RU
NO
CN
UA
SG
YE
IN
SA
FR
IQ
UK
EG