Forwarded from vulners
Researcher Discloses New Zero-Day Affecting All Versions of Windows
A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system (including server editions) after the company failed to patch a responsibly disclosed bug within the 120-days deadline.
Discovered by Lucas Leong of the Trend Micro Security Research team, the zero-day vulnerability resides in Microsoft Jet Database Engine that could allow an attacker to remotely execute malicious code on any vulnerable Windows computer.
The Microsoft JET Database Engine, or simply JET (Joint Engine Technology), is a database engine integrated within several Microsoft products, including Microsoft Access and Visual Basic.
An attacker must convince a targeted user into opening a specially crafted JET database file in order to exploit this vulnerability and remotely execute malicious code on a targeted vulnerable Windows computer.
Read More
ZDI Advisory
ActiveX Browser PoC
A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system (including server editions) after the company failed to patch a responsibly disclosed bug within the 120-days deadline.
Discovered by Lucas Leong of the Trend Micro Security Research team, the zero-day vulnerability resides in Microsoft Jet Database Engine that could allow an attacker to remotely execute malicious code on any vulnerable Windows computer.
The Microsoft JET Database Engine, or simply JET (Joint Engine Technology), is a database engine integrated within several Microsoft products, including Microsoft Access and Visual Basic.
An attacker must convince a targeted user into opening a specially crafted JET database file in order to exploit this vulnerability and remotely execute malicious code on a targeted vulnerable Windows computer.
Read More
ZDI Advisory
ActiveX Browser PoC
منابعی در خصوص نحوه پیدا کردن آی پی اصلی وبسایتهایی که از #cloudflare استفاده میکنند و دور زدن محدودیت های فایروال
https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/
https://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html
https://www.securityidiots.com/Web-Pentest/Information-Gathering/Cloudflare-Bypass/Part-2-Cloudflare-Security-Bypass.html
https://medium.com/secure-hacker/bypass-cloudflare-protection-get-subdomains-ofa-website-2cb1d749c510
#web
#pentest
#bypass
#sqli
#xss
@sec_nerd
https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/
https://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html
https://www.securityidiots.com/Web-Pentest/Information-Gathering/Cloudflare-Bypass/Part-2-Cloudflare-Security-Bypass.html
https://medium.com/secure-hacker/bypass-cloudflare-protection-get-subdomains-ofa-website-2cb1d749c510
#web
#pentest
#bypass
#sqli
#xss
@sec_nerd
Christophe Tafani-Dereeper
CloudFlair: Bypassing Cloudflare using Internet-wide scan data - Christophe Tafani-Dereeper
Cloudflare is a service that acts as a middleman between a website and its end users, protecting it from various attacks. Unfortunately, those websites are often poorly configured, allowing an attacker to entirely bypass Cloudflare and run DDoS attacks or…
عملیات #pivoting با استفاده از Responder
https://ijustwannared.team/2017/05/27/responder-and-layer-2-pivots/
#network
#pentest
#windows
@sec_nerd
https://ijustwannared.team/2017/05/27/responder-and-layer-2-pivots/
#network
#pentest
#windows
@sec_nerd
ijustwannaredteam
Responder and Layer 2 Pivots
Hey all, In the previous post we discussed using Responder with Snarf, this post will be doing the same but through a pivot. To pivot in we’ll be using Simpletun and a layer 2 pivoting clien…
استفاده از OSINT برای کشف ارتباط بین دامین،ایمیل و آدرس آی پی
https://medium.com/@woj_ciech/osint-tool-for-visualizing-relationships-between-domains-ips-and-email-addresses-94377aa1f20a
#osint
#domain
#enum
@sec_nerd
https://medium.com/@woj_ciech/osint-tool-for-visualizing-relationships-between-domains-ips-and-email-addresses-94377aa1f20a
#osint
#domain
#enum
@sec_nerd
Medium
OSINT tool for visualizing relationships between domains, IPs and email addresses.
Migrated to new blog
امنیت اطلاعات
زبان از وصف این شجاعت قاصره! اسکریپت ماینری که در وبسایت پلیس راهور کار گذاشته شده! https://twitter.com/hfahimi/status/1043453260596690944 #iran #news #police #coinhive #monero #btc @sec_nerd
توضیحات وبسایت دیجیاتو در این خصوص
https://digiato.com/article/2018/09/23/%DA%A9%D8%AF-%D9%85%D8%A7%DB%8C%D9%86%DB%8C%D9%86%DA%AF-%D8%AF%D8%B1-%D8%B3%D8%A7%DB%8C%D8%AA-%D9%BE%D9%84%DB%8C%D8%B3-%D8%B1%D8%A7%D9%87%D9%88%D8%B1/
#iran
#news
#police
#coinhive
#monero
#btc
@sec_nerd
https://digiato.com/article/2018/09/23/%DA%A9%D8%AF-%D9%85%D8%A7%DB%8C%D9%86%DB%8C%D9%86%DA%AF-%D8%AF%D8%B1-%D8%B3%D8%A7%DB%8C%D8%AA-%D9%BE%D9%84%DB%8C%D8%B3-%D8%B1%D8%A7%D9%87%D9%88%D8%B1/
#iran
#news
#police
#coinhive
#monero
#btc
@sec_nerd
دیجیاتو
کد ماینینگ در سایت پلیس راهور با استفاده از سیستم بازدیدکنندگان ارز مجازی استخراج میکند
چند کارشناس امنیت اطلاعات در شبکههای اجتماعی از وجود اسکریپت ماینر پول رمزنگاریشده در سایت پلیس راهور ناجا خبر دادهاند. در زمان انتشار این مطلب البته
شهادت جمعی از هموطنان عزیزمان در حادثه تروریستی اهواز را به خانواده های این عزیزان و همه ایرانیان تسلیت عرض مینماییم.
#rip
#iran
#terrorism
@sec_nerd
#rip
#iran
#terrorism
@sec_nerd
چک لیست تست نفوذ وبسایتها
https://hackercombat.com/web-application-penetration-testing-checklist/
#web
#pentest
@sec_nerd
https://hackercombat.com/web-application-penetration-testing-checklist/
#web
#pentest
@sec_nerd
HackerCombat
Web Application Penetration Testing Checklist | Updated 2023
Web Application Penetration Testing Checklist with step by step instructions. Know what is Web App Pen Testing and how it strengthen the app security.
ترامپ راهبرد جدید امنیت سایبری آمریکا را امضا کرد
طبق این راهبرد جدید، عملیاتهای سایبری آمریکا برای دفاع در برابر حملات سایبری خارجی وارد فاز تهاجمی خواهند شد.
https://thehill.com/policy/cybersecurity/407861-trumps-new-cyber-approach-the-best-defense-is-a-good-offense
#usa
#cybersec
#news
#iran
#russia
#stuxnet
@sec_nerd
طبق این راهبرد جدید، عملیاتهای سایبری آمریکا برای دفاع در برابر حملات سایبری خارجی وارد فاز تهاجمی خواهند شد.
https://thehill.com/policy/cybersecurity/407861-trumps-new-cyber-approach-the-best-defense-is-a-good-offense
#usa
#cybersec
#news
#iran
#russia
#stuxnet
@sec_nerd
TheHill
Trump’s new cyber approach: The best defense is a good offense
The Trump administration's new cyber strategy is raising questions about the U.S. role in offensive cyberattacks.
This media is not supported in your browser
VIEW IN TELEGRAM
This media is not supported in your browser
VIEW IN TELEGRAM
بی بی سی سعی کرد با شناسایی مکان در ویدیو، کار تحقیقاتی خودش رو شروع کنه.
شکل کوهها قدم اول بود.
#osint
شکل کوهها قدم اول بود.
#osint
This media is not supported in your browser
VIEW IN TELEGRAM