عذرخواهی مدیرعامل تپسی از هک اخیر این شرکت، اما تا زمانی که برنامه بانتی نداشته باشن، امنیتشون پایین خواهد بود.
https://twitter.com/MMonshipour/status/1119214130794254343
https://twitter.com/MMonshipour/status/1119214130794254343
Cross-Site Request Forgery Cheat Sheet - TrustFoundry
https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/
@digmemore
https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/
@digmemore
TrustFoundry
Cross-Site Request Forgery Cheat Sheet - TrustFoundry
Cross-Site Request Forgery Cheat Sheet The Cross-Site Request Forgery (CSRF) Cheat Sheet is a flowchart...
GitLab 11.4.7 Remote Code Execution
https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018
@digmemore
https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018
@digmemore
LiveOverflow
GitLab 11.4.7 Remote Code Execution
Video write-up about the Real World CTF challenge "flaglab" that involved exploiting a GitLab 1day. Actually two CVEs were combined to achieve full remote code execution...
یه محقق امنیتی افشا کرده که اکسپلویتهای Shadow Brokers یک سال قبل توسط یک گروه هکری چینی استفاده میشدن. واقعا قدرت هک لذت بخش.
https://twitter.com/TheHackersNews/status/1125683411627139072?s=19
https://twitter.com/TheHackersNews/status/1125683411627139072?s=19
یارو یه باگ پیدا کرده تعداد آبجوهای موجود توی شرکت رو افشا میکرده، ۸۰۰ دلار بانتی گرفت 😂
https://hackerone.com/reports/419883
@digmemore
https://hackerone.com/reports/419883
@digmemore
HackerOne
Shopify disclosed on HackerOne: H1514 [beerify.shopifycloud.com]...
*Note: This report was submitted during our H1-514 live hacking event, which had an expanded scope compared to our public bug bounty program. The app mentioned in this report is not currently in...
WordPress 5.1 CSRF to Remote Code Execution
https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
پاک کردن کامنت در فیسبوک، ۱۲ هزار دلار بانتی
https://bugreader.com/joebalhis@18
https://bugreader.com/joebalhis@18
Bugreader
Delete any comment on Facebook
This bug allowed a malicious user to delete any comment on Facebook .
نظر پاول دروف راجع به آسیبپذیری اخیر Whatsapp. خیلی قشنگ گفته، کاش فرصت شه یکم راجع بش بنویسم.
https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15
https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15
Telegraph – Pavel Durov
Why WhatsApp Will Never Be Secure
The world seems to be shocked by the news that WhatsApp turned any phone into spyware. Everything on your phone – including photos, emails and texts – could be accessed by attackers just because you had WhatsApp installed [1]. This news didn’t surprise…
حملهای بسیار قشنگ روی اپلیکیشن دسکتاپ Slack، مهاجم با ساختن یک لینک مخرب، تنها نیاز دارد که قربانی روی لینک کلید کند. بعد از آن، محل دانلود فایلهای Slack به آدرس سرور مهاجم تغییر میکند و از طریق SMB فایلها ارسال میشود. نحوه کشف و اکسپلویت واقعا قشنگ، پیشنهاد میکنم بخونید:
https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63
https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63
Medium
Stealing Downloads from Slack Users
I’m going to go over an interesting feature abuse that could have been used to steal and even manipulate downloads from Slack users using the Slack desktop app on Windows. The vulnerability was…
defcon qualifiers 2019 pwn challenges walkthrough
https://www.youtube.com/watch?v=FWLD3Ne_CUc
https://www.youtube.com/watch?v=FWLD3Ne_CUc
YouTube
Defcon Quals 2019 (oooverflow.io) Speedrun pwn challenges || rop chaining || ret2libc || shellcoding
Walk-through of speedrun-001 speedrun-002 speedrun-003 pwn challenges from defcon qualifiers round 2019.
link: https://oooverflow.io/
ctftime: https://ctftime.org/event/762
Speedrun-001 is basically a statically compiled 64 bit binary. nx is enabled. we need…
link: https://oooverflow.io/
ctftime: https://ctftime.org/event/762
Speedrun-001 is basically a statically compiled 64 bit binary. nx is enabled. we need…
آسیبپذیری LFI در گوگل، ۱۳ هزار دلار باگ بانتی دریافت کرده.
https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/
@digmemore
https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/
@digmemore
پی پال توی ۷ ماه یک میلیون دلار باگ بانتی داده به هکرها توی پرتال هکروان .
https://www.hackerone.com/blog/paypal-thanks-hackers-1-million-7-months-hackerone-0
@digmemore
https://www.hackerone.com/blog/paypal-thanks-hackers-1-million-7-months-hackerone-0
@digmemore
HackerOne
PayPal Thanks Hackers with $1 Million in 7 Months on HackerOne
Since launching an independently run bug bounty program in 2012, PayPal’s program has evolved several times over, including transitioning to a platform, HackerOne, in 2018 to expand participation from 2,000 hackers to over 300,000 hackers on the platform.…