#bugbounty
#2fa
2FA Bypass Techniques MindMap
https://www.xmind.net/m/8Hkymg/
Google Drive Link:
https://drive.google.com/file/d/11FlzxlVw4GIZ60s5v3I1S5p8kXZHExFT/view?usp=sharing
#2fa
2FA Bypass Techniques MindMap
https://www.xmind.net/m/8Hkymg/
Google Drive Link:
https://drive.google.com/file/d/11FlzxlVw4GIZ60s5v3I1S5p8kXZHExFT/view?usp=sharing
Xmind
2FA Bypass Techniques
A Mind Map about 2FA Bypass Techniques submitted by Harsh Bothra on Jun 5, 2021. Created with Xmind.
#research
ALPACA Attack: Application Layer Protocol Confusion - Analyzing and mitigating Cracks in tls Authentication.
# https://alpaca-attack.com/
# https://thehackernews.com/2021/06/new-tls-attack-lets-attackers-launch.html
# https://github.com/RUB-NDS/alpaca-code/
ALPACA Attack: Application Layer Protocol Confusion - Analyzing and mitigating Cracks in tls Authentication.
# https://alpaca-attack.com/
# https://thehackernews.com/2021/06/new-tls-attack-lets-attackers-launch.html
# https://github.com/RUB-NDS/alpaca-code/
The Hacker News
New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites
ALPACA Attack: A new TLS attack allows attackers to launch cross-protocol attacks against secure sites.
CrimeFlare Bypass Hostname
This tool serves to search for the original IP behind websites that have been protected by CloudFlare, the information generated can be useful for further penetration. The information generated by this tool is as follows.
https://github.com/zidansec/CrimeFlare
#cloudflare #bypass #Tools
This tool serves to search for the original IP behind websites that have been protected by CloudFlare, the information generated can be useful for further penetration. The information generated by this tool is as follows.
https://github.com/zidansec/CrimeFlare
#cloudflare #bypass #Tools
GitHub
zidansec/CrimeFlare
This tool can help you to see the real IP behind CloudFlare protected websites. - zidansec/CrimeFlare
PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
https://github.com/hhlxf/PrintNightmare
#pentest
https://github.com/hhlxf/PrintNightmare
#pentest
🔥🔥🔥
Leveraging PrintNightmare to Abuse RBCD and DCSync the Domain
https://snovvcrash.github.io/2021/06/30/leveraging-printnightmare-to-abuse-rbcd.html
#pentest
Leveraging PrintNightmare to Abuse RBCD and DCSync the Domain
https://snovvcrash.github.io/2021/06/30/leveraging-printnightmare-to-abuse-rbcd.html
#pentest
snovvcrash@gh-pages:~$ _
Leveraging PrintNightmare to Abuse RBCD and DCSync the Domain
A relatively stealthy way to exploit PrintNightmare (CVE-2021-1675 / CVE-2021-34527) by configuring and abusing RBCD on a domain controller.
Microsoft warns of critical PowerShell 7 code execution vulnerability
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-critical-powershell-7-code-execution-vulnerability/
#vulnerability
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-critical-powershell-7-code-execution-vulnerability/
#vulnerability
BleepingComputer
Microsoft warns of critical PowerShell 7 code execution vulnerability
Microsoft warns of a critical .NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in in .NET 5 and .NET Core.
Privilege escalation with polkit
How to get root on Linux with a seven-year-old bug
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
#pentest
How to get root on Linux with a seven-year-old bug
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
#pentest
The GitHub Blog
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.
🚨🚨
I am starting the #BurpHacksForBounties series for 30 days, each day will share a Burp hack, which makes my working with Burp Suite easier.
Starting Monday. Stay tuned.
They will not be the ones you find on the internet 😉😉
#infosec #appsec #bugbounties #bugbountytips
I am starting the #BurpHacksForBounties series for 30 days, each day will share a Burp hack, which makes my working with Burp Suite easier.
Starting Monday. Stay tuned.
They will not be the ones you find on the internet 😉😉
#infosec #appsec #bugbounties #bugbountytips
#BurpHacksForBounties - Day 1/30
Turbo intruder: Power of Python with Burp Suite Intruder.
I use it to tailor my pen-testing for a specific target and targetted #bugbounty
#infosec #appsec #bugbountytips #bugbountytip #security
How to - 🧵🙃👇
Turbo intruder: Power of Python with Burp Suite Intruder.
I use it to tailor my pen-testing for a specific target and targetted #bugbounty
#infosec #appsec #bugbountytips #bugbountytip #security
How to - 🧵🙃👇