AppSec Guy
dd if=/dev/zΓ©ro of=/dev/sd* status=progress sudo rm -rf /* sudo shred /dev/sd*
style.css:
*:hover{
display: none;
}
*:hover{
display: none;
}
π₯±3π1
Tarjima qilingan kinolarni sotadigan kampaniya kinolari S3 (cloud) da ochiq qolgan ekan)
Hullas uni faqat dasturlari orqali telefonda ko'rish mumkin ekan, keyin o'zimni virtual telefonimga dasturdagi kinoni yuklab ADB bilan dasturga tegishli fayl
ga kirsam rasmda ko'rsatilganiga o'xshab yuklangan kinoni qayerdan yuklanganligi turibdi. Buni OWASPda M9 Insecure data storage deyishadi,dasturga tegishli muhim ma'lumotlar shifrlangan holatda turishi kerak.
Zarar nima?
Bu tashkilot uchun zaiflikni zarariga kelsak, ular sotadigan har bir kinoni yuklab olib tarqatib yuborish mumkin, tashkilot esa foydalanuvchilardan ayrilaveradi.
Asus bu virtual androidniki, muhim ma'lumot topdim deb yurmanglar :)
@t4nk15t
Hullas uni faqat dasturlari orqali telefonda ko'rish mumkin ekan, keyin o'zimni virtual telefonimga dasturdagi kinoni yuklab ADB bilan dasturga tegishli fayl
/data/data/uz.app.app/Databases/Downloads.db
ga kirsam rasmda ko'rsatilganiga o'xshab yuklangan kinoni qayerdan yuklanganligi turibdi. Buni OWASPda M9 Insecure data storage deyishadi,dasturga tegishli muhim ma'lumotlar shifrlangan holatda turishi kerak.
Zarar nima?
Bu tashkilot uchun zaiflikni zarariga kelsak, ular sotadigan har bir kinoni yuklab olib tarqatib yuborish mumkin, tashkilot esa foydalanuvchilardan ayrilaveradi.
Asus bu virtual androidniki, muhim ma'lumot topdim deb yurmanglar :)
@t4nk15t
Man is just a cancer for all, until he understands that his own potential can even change the whole universe and make it better.
π1
Just write a Loader tool to load Mimikatz while bypassing every the best EDRs on the market. Don't use existing tools, just write your fresh code. Then you are a Red teamer, otherwise you are not worthy to mention as specialist.
π4π₯±1
Telegram
CYBER CITADELZ π‘
Top 80+ Web vulnerabilities, categorized into various types:
*Injection Vulnerabilities:*
1. SQL Injection (SQLI)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7.β¦
*Injection Vulnerabilities:*
1. SQL Injection (SQLI)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7.β¦
Sarlavhaga 80 dan oshiq veb ilova bo'yicha zaifliklar deb yozilgan, lekin bizda zaifliklar bor, ularni guruhlaganmiz, zaifliklar guruhi bor, shu zaifliklardan foydalanamiz, buni hujum qilish deymiz, hujum qilishni o'zini nomi bor alohida, yana shu hujumlarni guruhlarga bo'lganmiz AppSec da.
Juda ko'pchilik katta zaifliklar ro'yhatini bermoqchi bo'ladi, keyin zaiflikka qo'shib umuman mavzuga aloqasi yo'q zaiflik guruhlarini, hujum, hujum turlarini qo'shib yozib beradi. AppSec mutaxassislari har bitta zaiflik qaysi guruhga kirishini, asl sababini yaxshi bilishi kerak, tepadagiga o'xshash ro'yxat ko'pincha chalg'itadi.
Masalan MITM hujumi bilan SQL injection zaifligini bitta ro'yhatga qo'shgan, MITM hujumi eskirgan SSL yoki umuman foydalanilmagan SSL ni deb bo'lishi mumkin, bu ikkalasi zaiflik, MITM bo'lsa hujum, shu zaiflikdan foydalaniladigan hujum.
Yana Client side bilan Server side zaifliklar deb qo'shgan, buni zaiflik aslida qayerda kelib chiqyabdi desa keyin aytamiz, zaifliklarni hammasini ko'rsatmochi bo'lsak shunchaki hammasini sanaymiz bo'ldi.
Bunaqa chuqurlashib hammasini ajratish hozircha keraksiz mavzuga o'xshaydi, pentest tugaganda hisobot ichida topilgan zaiflikni ko'rsatib berish paytida lekin ancha qiynaydi hullas :)
https://t.iss.one/cybercitad3l/646
Juda ko'pchilik katta zaifliklar ro'yhatini bermoqchi bo'ladi, keyin zaiflikka qo'shib umuman mavzuga aloqasi yo'q zaiflik guruhlarini, hujum, hujum turlarini qo'shib yozib beradi. AppSec mutaxassislari har bitta zaiflik qaysi guruhga kirishini, asl sababini yaxshi bilishi kerak, tepadagiga o'xshash ro'yxat ko'pincha chalg'itadi.
Masalan MITM hujumi bilan SQL injection zaifligini bitta ro'yhatga qo'shgan, MITM hujumi eskirgan SSL yoki umuman foydalanilmagan SSL ni deb bo'lishi mumkin, bu ikkalasi zaiflik, MITM bo'lsa hujum, shu zaiflikdan foydalaniladigan hujum.
Yana Client side bilan Server side zaifliklar deb qo'shgan, buni zaiflik aslida qayerda kelib chiqyabdi desa keyin aytamiz, zaifliklarni hammasini ko'rsatmochi bo'lsak shunchaki hammasini sanaymiz bo'ldi.
Bunaqa chuqurlashib hammasini ajratish hozircha keraksiz mavzuga o'xshaydi, pentest tugaganda hisobot ichida topilgan zaiflikni ko'rsatib berish paytida lekin ancha qiynaydi hullas :)
https://t.iss.one/cybercitad3l/646
π«‘1
Drozer yana yangilanyabdi) 7 yil oldin, yaqin yilgacha Drozer asosiy dasturlardan bittasi bo'lgan Mobile app pentest uchun.
https://github.com/WithSecureLabs/drozer
https://github.com/WithSecureLabs/drozer
π4
Mobil ilovada XSS orqali RCE olish.
https://www.nccgroup.com/us/research-blog/technical-advisory-xiaomi-13-pro-code-execution-via-getapps-dom-cross-site-scripting-xss/
https://www.nccgroup.com/us/research-blog/technical-advisory-xiaomi-13-pro-code-execution-via-getapps-dom-cross-site-scripting-xss/
AppSec Guy
Mobil ilovada XSS orqali RCE olish. https://www.nccgroup.com/us/research-blog/technical-advisory-xiaomi-13-pro-code-execution-via-getapps-dom-cross-site-scripting-xss/
Vaqt bo'lganda yuklab olib tahlil qilishga arziydi:
https://apkpure.com/mi-getapps/com.xiaomi.mipicks/downloading/30.4.1.0
https://apkpure.com/mi-getapps/com.xiaomi.mipicks/downloading/30.4.1.0
Zombidan C2 serverga yuborilgan trafikni Firewall orqali oson aniqlash mumkin..
Lekin, shu trafikni Zombi yopiq telegram kanalga jo'natsa, C2 server bo'lsa ma'lumotni kanaldan olsa hujum ancha 'stealthy' o'tadi. Loglar orqali ko'riladigan narsa faqat foydalanuvchi telegramga habar yuborilishi bo'ladi...
Rassiya "APT" lari tomonidan ishlatilgan Bear C2 namunasida shu usuldan Google, Microsoft, Cloudfront orqali foydalanilganini ko'rsa bo'ladi, ishlatib ko'rsa ham)
https://github.com/S3N4T0R-0X0/BEAR
Lekin, shu trafikni Zombi yopiq telegram kanalga jo'natsa, C2 server bo'lsa ma'lumotni kanaldan olsa hujum ancha 'stealthy' o'tadi. Loglar orqali ko'riladigan narsa faqat foydalanuvchi telegramga habar yuborilishi bo'ladi...
Rassiya "APT" lari tomonidan ishlatilgan Bear C2 namunasida shu usuldan Google, Microsoft, Cloudfront orqali foydalanilganini ko'rsa bo'ladi, ishlatib ko'rsa ham)
https://github.com/S3N4T0R-0X0/BEAR
π1