Поиск по фото (2).txt
956 B
Ловите огромный пак мануалов по поиску информации
Lenovo XSS via Unrestricted File Upload PoC
POC is here: —> https://t.iss.one/brutsecurity_poc/42
#BugBounty #XSS
POC is here: —> https://t.iss.one/brutsecurity_poc/42
#BugBounty #XSS
Forwarded from APT
A cross-platforms tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts.
🚀 Features:
— Only requires a low privileges domain user account.
— Automatically gets the list of all domain controllers from the LDAP.
— Finds all the Group Policy Preferences Passwords present in SYSVOL share on each domain controller.
— Decrypts the passwords and prints them in cleartext.
— Outputs to a Excel file.
🔗 Source:
https://github.com/p0dalirius/FindGPPPasswords
#ad #windows #gpo #credentials
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3
𝗚𝗮𝗺𝗲 𝗼𝗳 𝗔𝗰𝘁𝗶𝘃𝗲 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘆
GOAD is a pentest active directory LAB project. This lab aims to give pentesters a vulnerable AD environment ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
GOAD is a pentest active directory LAB project. This lab aims to give pentesters a vulnerable AD environment ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
📖 Account Takeover на GitLab
Новый забавный дисклоз от гитлаба. Оказывается, в конце 2023 года им сдали баг на сброс пароля, в котором достаточно было поменять запрос на JSON и добавить вторую почту в массив.
Ссылка на отчет
#web #ato
Новый забавный дисклоз от гитлаба. Оказывается, в конце 2023 года им сдали баг на сброс пароля, в котором достаточно было поменять запрос на JSON и добавить вторую почту в массив.
Ссылка на отчет
#web #ato
👍3
Forwarded from Cat Seclist
Security Training for Web Developers by HackSplaining
Completely free, comprehensive security training for web developers. Covers every major security vulnerability you are likely to face. Concrete, no-nonsense advice for the developer in a hurry.
❗️The lessons + OWASP classificatory
📌The book
#web #AppSec
Completely free, comprehensive security training for web developers. Covers every major security vulnerability you are likely to face. Concrete, no-nonsense advice for the developer in a hurry.
❗️The lessons + OWASP classificatory
📌The book
#web #AppSec