آسیب پذیری کشف شده در
Smartermail
و توضیحات فنی اون
https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/
@digmemore
Smartermail
و توضیحات فنی اون
https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/
@digmemore
بررسی دور زدن مکانیزم احزار هویت GWT و توضیحات فنی این آسیب پذیری کشف شده در گوگل گروپ.
https://www.komodosec.com/post/google-groups-authorization-bypass
@digmemore
https://www.komodosec.com/post/google-groups-authorization-bypass
@digmemore
KomodoSec
Discovering Google Groups Auth-Bypass: My Security Research Journey
Tl;dr: I’ve recently been playing around with Google services, poking here and there for security vulnerabilities. It’s been a quite a roller-coaster experience with some interesting results as well as some devastating rejections (I should definitely write…
عذرخواهی مدیرعامل تپسی از هک اخیر این شرکت، اما تا زمانی که برنامه بانتی نداشته باشن، امنیتشون پایین خواهد بود.
https://twitter.com/MMonshipour/status/1119214130794254343
https://twitter.com/MMonshipour/status/1119214130794254343
Cross-Site Request Forgery Cheat Sheet - TrustFoundry
https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/
@digmemore
https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/
@digmemore
TrustFoundry
Cross-Site Request Forgery Cheat Sheet - TrustFoundry
Cross-Site Request Forgery Cheat Sheet The Cross-Site Request Forgery (CSRF) Cheat Sheet is a flowchart...
GitLab 11.4.7 Remote Code Execution
https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018
@digmemore
https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018
@digmemore
LiveOverflow
GitLab 11.4.7 Remote Code Execution
Video write-up about the Real World CTF challenge "flaglab" that involved exploiting a GitLab 1day. Actually two CVEs were combined to achieve full remote code execution...
یه محقق امنیتی افشا کرده که اکسپلویتهای Shadow Brokers یک سال قبل توسط یک گروه هکری چینی استفاده میشدن. واقعا قدرت هک لذت بخش.
https://twitter.com/TheHackersNews/status/1125683411627139072?s=19
https://twitter.com/TheHackersNews/status/1125683411627139072?s=19
یارو یه باگ پیدا کرده تعداد آبجوهای موجود توی شرکت رو افشا میکرده، ۸۰۰ دلار بانتی گرفت 😂
https://hackerone.com/reports/419883
@digmemore
https://hackerone.com/reports/419883
@digmemore
HackerOne
Shopify disclosed on HackerOne: H1514 [beerify.shopifycloud.com]...
*Note: This report was submitted during our H1-514 live hacking event, which had an expanded scope compared to our public bug bounty program. The app mentioned in this report is not currently in...
WordPress 5.1 CSRF to Remote Code Execution
https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
پاک کردن کامنت در فیسبوک، ۱۲ هزار دلار بانتی
https://bugreader.com/joebalhis@18
https://bugreader.com/joebalhis@18
Bugreader
Delete any comment on Facebook
This bug allowed a malicious user to delete any comment on Facebook .
نظر پاول دروف راجع به آسیبپذیری اخیر Whatsapp. خیلی قشنگ گفته، کاش فرصت شه یکم راجع بش بنویسم.
https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15
https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15
Telegraph – Pavel Durov
Why WhatsApp Will Never Be Secure
The world seems to be shocked by the news that WhatsApp turned any phone into spyware. Everything on your phone – including photos, emails and texts – could be accessed by attackers just because you had WhatsApp installed [1]. This news didn’t surprise…
حملهای بسیار قشنگ روی اپلیکیشن دسکتاپ Slack، مهاجم با ساختن یک لینک مخرب، تنها نیاز دارد که قربانی روی لینک کلید کند. بعد از آن، محل دانلود فایلهای Slack به آدرس سرور مهاجم تغییر میکند و از طریق SMB فایلها ارسال میشود. نحوه کشف و اکسپلویت واقعا قشنگ، پیشنهاد میکنم بخونید:
https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63
https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63
Medium
Stealing Downloads from Slack Users
I’m going to go over an interesting feature abuse that could have been used to steal and even manipulate downloads from Slack users using the Slack desktop app on Windows. The vulnerability was…
defcon qualifiers 2019 pwn challenges walkthrough
https://www.youtube.com/watch?v=FWLD3Ne_CUc
https://www.youtube.com/watch?v=FWLD3Ne_CUc
YouTube
Defcon Quals 2019 (oooverflow.io) Speedrun pwn challenges || rop chaining || ret2libc || shellcoding
Walk-through of speedrun-001 speedrun-002 speedrun-003 pwn challenges from defcon qualifiers round 2019.
link: https://oooverflow.io/
ctftime: https://ctftime.org/event/762
Speedrun-001 is basically a statically compiled 64 bit binary. nx is enabled. we need…
link: https://oooverflow.io/
ctftime: https://ctftime.org/event/762
Speedrun-001 is basically a statically compiled 64 bit binary. nx is enabled. we need…