#tools #opensource
Let's check our community power 🙂
If you are involved in devsecops, please support this feature and write your +1 or any suggestion as well.
https://github.com/DefectDojo/django-DefectDojo/issues/5006
Let's check our community power 🙂
If you are involved in devsecops, please support this feature and write your +1 or any suggestion as well.
https://github.com/DefectDojo/django-DefectDojo/issues/5006
GitHub
APIv2: Add feature of linking manually created JIRA tasks to finding · Issue #5006 · DefectDojo/django-DefectDojo
Is your feature request related to a problem? Please describe This feature is not related to any problem directly, however, it may add useful functionalities. Describe the solution you'd li...
BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
https://asset-group.github.io/disclosures/braktooth/
https://asset-group.github.io/disclosures/braktooth/
Backdoor Office 365 and Active Directory - Golden SAML
https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
#ADFS #SAML #Azure #Office365
https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
#ADFS #SAML #Azure #Office365
Inversecos
Backdoor Office 365 and Active Directory - Golden SAML
Compromise of the AD FS server token-signing certificate could result in access to the Azure/Office365 environment by the attacker.
Ever wondered what happens when you type in a URL in an address bar in a browser? Here is a brief overview...
#programming #web #sketchnotes
#programming #web #sketchnotes
Offensive WMI
The Basics (Part 1)
# https://0xinfection.github.io/posts/wmi-basics-part-1/
# https://0xinfection.github.io/posts/wmi-classes-methods-part-2/
The Basics (Part 1)
# https://0xinfection.github.io/posts/wmi-basics-part-1/
# https://0xinfection.github.io/posts/wmi-classes-methods-part-2/
0xInfection's Blog
Offensive WMI - The Basics (Part 1)
This blog post is the first of a many part series on WMI and is intended for fairly new audiences. A basic understanding of Powershell will definitely help the reader while going through the blog, however, it is not a requirement. That’s it, let us jump into…
Gososerial - Dynamically Generates Ysoserial’s Payload
https://github.com/EmYiQing/Gososerial
#JavaDeserialization #Gososerial #Payload #Ysoserial
https://github.com/EmYiQing/Gososerial
#JavaDeserialization #Gososerial #Payload #Ysoserial
Dumping Plaintext RDP credentials from svchost.exe.
https://www.n00py.io/2021/05/dumping-plaintext-rdp-credentials-from-svchost-exe/
#dumpcreds #RDP #svchost
https://www.n00py.io/2021/05/dumping-plaintext-rdp-credentials-from-svchost-exe/
#dumpcreds #RDP #svchost
www.n00py.io
Dumping Plaintext RDP credentials from svchost.exe
Recently I was browsing Twitter and came across a very interesting tweet: A simple string search within the process memory for svchost.exe revealed the plaintext password that was used to connect to the system via RDP. After some testing, I was also able…
Kiterunner — Contextual Content Discovery Tool
Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning fast speeds, but also bruteforcing routes/endpoints in modern applications.
Modern application frameworks such as Flask, Rails, Express, Django and others follow the paradigm of explicitly defining routes which expect certain HTTP methods, headers, parameters and values.
When using traditional content discovery tooling, such routes are often missed and cannot easily be discovered.
By collating a dataset of Swagger specifications and condensing it into our own schema, Kiterunner can use this dataset to bruteforce API endpoints by sending the correct HTTP method, headers, path, parameters and values for each request it sends.
https://github.com/assetnote/kiterunner
#kiterunner #discovery #tools
Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning fast speeds, but also bruteforcing routes/endpoints in modern applications.
Modern application frameworks such as Flask, Rails, Express, Django and others follow the paradigm of explicitly defining routes which expect certain HTTP methods, headers, parameters and values.
When using traditional content discovery tooling, such routes are often missed and cannot easily be discovered.
By collating a dataset of Swagger specifications and condensing it into our own schema, Kiterunner can use this dataset to bruteforce API endpoints by sending the correct HTTP method, headers, path, parameters and values for each request it sends.
https://github.com/assetnote/kiterunner
#kiterunner #discovery #tools
GitHub
GitHub - assetnote/kiterunner: Contextual Content Discovery Tool
Contextual Content Discovery Tool. Contribute to assetnote/kiterunner development by creating an account on GitHub.
Backstab — Kill EDR Protected Processes
Tool capable of killing antimalware protected processes by leveraging sysinternals’ Process Explorer (ProcExp) driver, which is signed by Microsoft.
https://github.com/Yaxser/Backstab
#edr #bypass #kill #process #unload
Tool capable of killing antimalware protected processes by leveraging sysinternals’ Process Explorer (ProcExp) driver, which is signed by Microsoft.
https://github.com/Yaxser/Backstab
#edr #bypass #kill #process #unload
GitHub
GitHub - Yaxser/Backstab: A tool to kill antimalware protected processes
A tool to kill antimalware protected processes. Contribute to Yaxser/Backstab development by creating an account on GitHub.
Forwarded from PT SWARM
RCE on a backend IIS server via file upload with an atypical file extension.
More community curated payloads can be found at https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files/Extension%20ASP
More community curated payloads can be found at https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files/Extension%20ASP