#tools
A cool contribution to the open source security community.
NS takeover, admin finder, 403 bypasser and other cool stuff.
Let's retweet it!
https://twitter.com/whitespots/status/1330469521468121089?s=19
A cool contribution to the open source security community.
NS takeover, admin finder, 403 bypasser and other cool stuff.
Let's retweet it!
https://twitter.com/whitespots/status/1330469521468121089?s=19
Decrypting OpenSSH sessions for fun and profit
https://research.nccgroup.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/
https://research.nccgroup.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Do you have problems with security requirements related to any business feature?
Anonymous Poll
16%
No, everything is ok. I suggest improvements to each product feature without any problems
17%
Yes. I want to find a complete set of them
19%
Yes. I want classified set of requirements with references to test-cases
3%
Yes. Other
6%
I'm not from defence side at all
39%
See results
https://twitter.com/jonasLyk/status/1347900440000811010?s=19
Don't even try on your host (only FYI):
Don't even try on your host (only FYI):
cd c:\:$i30:$bitmapTwitter
Jonas L
NTFS VULNERABILITY CRITICALITY UNDERESTIMATED - There is a specially nasty vulnerability in NTFS right now. Triggerable by opening special crafted name in any folder anywhere.' The vulnerability will instant pop up complaining about yuor harddrive is corrupted…
#education It is never too late to learn android security assessment basics
https://manifestsecurity.com/android-application-security/
https://manifestsecurity.com/android-application-security/
#Tools
Something cool (as always) from Google. Hope it will be supported
https://github.com/google/osv
Something cool (as always) from Google. Hope it will be supported
https://github.com/google/osv
#bugbounty #tools Abusing JWT public keys without the public key https://blog.silentsignal.eu/2021/02/08/abusing-jwt-public-keys-without-the-public-key/
#bugbounty XSS cheatsheet from one good guy from Google security team
https://netsec.expert/posts/xss-in-2021/
https://netsec.expert/posts/xss-in-2021/
Sam's Hacking Wonderland
Cheatsheet: XSS that works in 2021
XSS Cheatsheet for 2021 and onwards.
#bugbounty #cloud
Sometimes, you may find such directories with interesting data and try to dig deeper
https://notsosecure.com/hacking-aws-cognito-misconfigurations/
Sometimes, you may find such directories with interesting data and try to dig deeper
https://notsosecure.com/hacking-aws-cognito-misconfigurations/
NotSoSecure
Hacking AWS Cognito Misconfigurations
In this blog, Sunil Yadav, our lead trainer for “Advanced Web Hacking” training class, will discuss a case study of AWS account takeover via misconfigured AWS Cognito. TL;DR The application under