Telegram Web Link
bootg.com
»
United States
»
Information Security
» Telegram Web
Information Security
https://mksben.l0.cm/2020/10/discord-desktop-rce.html?m=1
mksben.l0.cm
Discord Desktop app RCE
A few months ago, I discovered a remote code execution issue in the Discord desktop application and I reported it via their Bug Bounty Prog...
Information Security
https://devcraft.io/2020/10/18/github-rce-git-inject.html
devcraft.io
GitHub - RCE via git option injection (almost) - $20,000 Bounty
It had been a while since I’d looked into GitHub, so I thought it would be good to spin up a fresh enterprise trial and see what I could find. The GHE code is obfuscated, but it’s just to discourage customers from messing around and if you do a bit of googling…
Information Security
https://www.ambionics.io/blog/symfony-secret-fragment
Ambionics
Secret fragments: Remote code execution on Symfony based websites
Remote code execution using Symfony's _fragment's page and unsecure secret values.
Information Security
https://devcraft.io/2020/10/19/github-gist-account-takeover.html
devcraft.io
GitHub Gist - Account takeover via open redirect - $10,000 Bounty
While looking into bypasses for the per form CSRF token in my last post, I was digging into every method that was used to generate urls, trying to find one that could be used to create the required token.
Information Security
https://github.com/BlackFan/client-side-prototype-pollution
GitHub
GitHub - BlackFan/client-side-prototype-pollution: Prototype Pollution and useful Script Gadgets
Prototype Pollution and useful Script Gadgets. Contribute to BlackFan/client-side-prototype-pollution development by creating an account on GitHub.
Information Security
https://twitter.com/trbughunters/status/1318145809750331392?s=20
Twitter
TR Bug Hunters
an XSS payload with script src for short length inputs <script src=//⑮.₨></script> #bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity #ethicalhacking
Information Security
https://www.youtube.com/watch?v=Zl2nUJA00Yc
YouTube
Understanding PE relocations in less than 10 min (with PE-bear)
RTO: Malware Development Intermediate course teaser
Link to the course: https://institute.sektor7.net/rto-maldev-intermediate
Other online courses from RED TEAM Operator series: https://institute.sektor7.net
Twitter: https://twitter.com/sektor7net
Labs:…
Information Security
https://devcraft.io/2020/10/18/github-rce-git-inject.html
devcraft.io
GitHub - RCE via git option injection (almost) - $20,000 Bounty
It had been a while since I’d looked into GitHub, so I thought it would be good to spin up a fresh enterprise trial and see what I could find. The GHE code is obfuscated, but it’s just to discourage customers from messing around and if you do a bit of googling…
Information Security
https://medium.com/@ahmdhalabi/my-bug-bounty-journey-ranking-1st-in-u-s-dod-achieving-top-100-hackers-in-1-year-f208c10144fc
Medium
My Bug Bounty Journey & Ranking 1st in U.S. DoD & Achieving top 100 hackers in 1 year
I am sharing some of my methodology, recourses, tips and advices to become a better bug bounty hunter.
Information Security
https://blog.technitium.com/2020/07/how-to-host-your-own-dns-over-https-and.html
Technitium
How To Host Your Own DNS-over-HTTPS, DNS-over-TLS, And DNS-over-QUIC Services
Updated: 26 Feb 2023 With Technitium DNS Server , you can not just consume DNS-over-HTTPS (DoH), DNS-over-TLS (DoT), or DNS-over-QUI...
Information Security
https://github.com/github/dmca/pull/8142
Information Security
https://blog.br0vvnn.io/pages/blogpost.aspx?id=2
Information Security
https://www.fireeye.com/blog/threat-research/2020/10/flare-on-7-challenge-solutions.html
Google Cloud Blog
Flare-On 7 Challenge Solutions | Mandiant | Google Cloud Blog
Information Security
https://securitylab.github.com/research/CVE-2020-6449-exploit-chrome-uaf/
GitHub Security Lab
Exploiting a textbook use-after-free in Chrome
In this post I’ll give details about how to exploit CVE-2020-6449, a use-after-free (UAF) in the WebAudio module of Chrome that I discovered in March 2020. I’ll give an outline of the general strategy to exploit this type of UAF to achieve a sandboxed RCE…
Information Security
https://research.nccgroup.com/2020/10/26/technical-advisory-pulse-connect-secure-rce-via-uncontrolled-gzip-extraction-cve-2020-8260/
NCC Group Research Blog
Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction (CVE-2020-8260)
Vendor: Pulse SecureVendor URL: affected: Pulse Connect Secure (PCS) 9.1Rx or belowSystems Affected: Pulse Connect Secure (PCS) AppliancesCVE Identifier: CVE-2020-8260Advisory URL: 7.2 High CVSS:3.…
Information Security
http://rez0.blog/hacking/2020/10/27/ffuf-filters.html
Information Security
https://www.youtube.com/watch?v=nvCd0Ee4FgE
YouTube
Finding security vulnerabilities in Java with CodeQL - GitHub Satellite 2020
CodeQL is GitHub's expressive language and engine for code analysis, which allows you to explore source code to find bugs and security vulnerabilities. During this beginner-friendly workshop, you will learn to write queries in CodeQL and find known security…
Information Security
https://hausec.com/2020/10/30/using-a-c-shellcode-runner-and-confuserex-to-bypass-uac-while-evading-av/
hausec
Using a C# Shellcode Runner and ConfuserEx to Bypass UAC
I was recently on an engagement where we phished in and ran into UAC which gave me more trouble than I expected. When a user logs onto Windows, a logon session is created and the credentials are ti…
Information Security
https://www.youtube.com/watch?v=gluSEBZpplQ&ab_channel=ekopartysecurityconference
YouTube
#Eko2020 Workshops | Rajanish Pathak, Rahul Maini & Harsh Jaiswal: Demystifying the Server Side
Some server-side mysteries, the unveiling of the lesser-known techniques, and how inconsistency in the URL parsing and treating of certain elements by the server-side components that usually go undetected and can open up big gaps are waiting to be demystified!…
Information Security
https://h0mbre.github.io/Fuzzing-Like-A-Caveman/
The Human Machine Interface
Fuzzing Like A Caveman
Introduction I’ve been passively consuming a lot of fuzzing-related material in the last few months as I’ve primarily tried to up my Windows exploitation game from Noob-Level to 1%-Less-Noob-Level, and I’ve found it utterly fascinating. In this post I will…
2024/10/02 10:24:38
Back to Top
HTML Embed Code:
TW
HK
DE
US
CA
RU
NO
CN
UA
SG
YE
IN
SA
FR
IQ
UK
EG