گروه امنیت اطلاعات
https://t.iss.one/joinchat/Cu-7qUvIA5ULBMsmH9yVzA
بخش فارسی کانال:
https://t.iss.one/sec_nerd
بخش انگلیسی کانال:
https://t.iss.one/sec_nerd_en
https://t.iss.one/joinchat/Cu-7qUvIA5ULBMsmH9yVzA
بخش فارسی کانال:
https://t.iss.one/sec_nerd
بخش انگلیسی کانال:
https://t.iss.one/sec_nerd_en
راه اندازی بات تلگرامی برای تست نفوذ با استفاده از ابزارهای دلخواه
https://medium.com/@arbazhussain/telegram-bot-for-hacking-pentesting-b7856db28ef
#telegram
#bot
#pentest
@sec_nerd
https://medium.com/@arbazhussain/telegram-bot-for-hacking-pentesting-b7856db28ef
#telegram
#bot
#pentest
@sec_nerd
اپلیکیشن موبایلی موتور جستجوی shodan
https://github.com/PaulSec/Shodan.io-mobile-app
نسخه اندروید:
https://play.google.com/store/apps/details?id=io.shodan.app
#shodan
#android
@sec_nerd
https://github.com/PaulSec/Shodan.io-mobile-app
نسخه اندروید:
https://play.google.com/store/apps/details?id=io.shodan.app
#shodan
#android
@sec_nerd
رایت آپ های مرتبط با آسیب پذیری IDOR
https://medium.com/@UpdateLap/idor-facebook-malicious-person-add-people-to-the-top-fans-4f1887aad85a
https://medium.com/@Bohr/idor-lets-delete-any-account-2926ae85ddbd
https://medium.com/@black_b/yahoo-idor-elimination-of-any-comment-e898f4f955f1
https://medium.com/@mastenwap/vulnerability-idor-in-hago-games-f08a0aebcc43
https://medium.com/@mahmoudadel0x/two-captcha-bypasses-idor-and-token-reuse-3ccc385236b
https://medium.com/@be1iev3r/idor-leads-to-getting-all-customers-order-history-data-55dcfcd977f5
https://medium.com/@rajsek/my-2nd-facebook-bounty-poc-fb-data-of-birth-disclosure-d02e1bec50
https://medium.com/@jjowi/bug-idor-unsubscribe-email-klikindomaret-7d2f14509cd8
https://medium.com/@jjowi/bug-idor-apps-tirtoid-65ea9699315b
https://medium.com/@cyb3rlant3rn/email-bombing-idor-49654d18106
https://medium.com/@alhif/bug-idor-on-erpandistro-com-shopcart-8657981116fb
#idor
#pentest
#bugbounty
#writeup
@sec_nerd
https://medium.com/@UpdateLap/idor-facebook-malicious-person-add-people-to-the-top-fans-4f1887aad85a
https://medium.com/@Bohr/idor-lets-delete-any-account-2926ae85ddbd
https://medium.com/@black_b/yahoo-idor-elimination-of-any-comment-e898f4f955f1
https://medium.com/@mastenwap/vulnerability-idor-in-hago-games-f08a0aebcc43
https://medium.com/@mahmoudadel0x/two-captcha-bypasses-idor-and-token-reuse-3ccc385236b
https://medium.com/@be1iev3r/idor-leads-to-getting-all-customers-order-history-data-55dcfcd977f5
https://medium.com/@rajsek/my-2nd-facebook-bounty-poc-fb-data-of-birth-disclosure-d02e1bec50
https://medium.com/@jjowi/bug-idor-unsubscribe-email-klikindomaret-7d2f14509cd8
https://medium.com/@jjowi/bug-idor-apps-tirtoid-65ea9699315b
https://medium.com/@cyb3rlant3rn/email-bombing-idor-49654d18106
https://medium.com/@alhif/bug-idor-on-erpandistro-com-shopcart-8657981116fb
#idor
#pentest
#bugbounty
#writeup
@sec_nerd
Medium
IDOR FACEBOOK: malicious person add people to the “Top Fans”
Hi hackers,
رایت آپ کشف آسیب پذیری SSRF در وبسایت Vimeo
https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437
#writeup
#ssrf
#vimeo
@sec_nerd
https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437
#writeup
#ssrf
#vimeo
@sec_nerd
Medium
Vimeo upload function SSRF
TL;DR
This media is not supported in your browser
VIEW IN TELEGRAM
[PoC] CVE-2019-11932 Whatsapp 2.19.216 Remote Code Execution
1. set the listner ip (nc -lvp 5555)
2. run ./exploit and save the content to .gif
3. exploit.gif file and send it as Document with WhatsApp to another WhatsApp user
https://github.com/dorkerdevil/CVE-2019-11932
https://github.com/awakened1712/CVE-2019-11932
#whatsapp
#exploit
#rce
https://github.com/valbrux/CVE-2019-11932-SupportApp
@sec_nerd
1. set the listner ip (nc -lvp 5555)
2. run ./exploit and save the content to .gif
3. exploit.gif file and send it as Document with WhatsApp to another WhatsApp user
https://github.com/dorkerdevil/CVE-2019-11932
https://github.com/awakened1712/CVE-2019-11932
#exploit
#rce
https://github.com/valbrux/CVE-2019-11932-SupportApp
@sec_nerd
image_2019-12-14_20-23-31.png
185.3 KB
اکسپلویت کردن آسیب پذیری XSS با محدودیت ۲۰ کاراکتر
https://jlajara.gitlab.io/posts/2019/11/30/XSS_20_characters.html
#xss
#web
#bugbounty
@sec_nerd
https://jlajara.gitlab.io/posts/2019/11/30/XSS_20_characters.html
#xss
#web
#bugbounty
@sec_nerd
نقشه ی میزان گستردگی سرورهای آسیب پذیر Pulse Secure
https://docs.google.com/spreadsheets/d/1tDEWMl-IkFeUaegbp4KynwugYqIRWu4nAoRUM6KO1LM/edit
شناسه : CVE-2019-11510
🇺🇸United States: 1,381
🇯🇵 Japan: 430
🇬🇧 United Kingdom: 232
🇰🇷 South Korea: 214
🇫🇷 France: 190
🇩🇪 Germany: 145
🇨🇳 China: 126
🇧🇪 Belgium: 98
🇭🇰 Hong Kong: 92
🇨🇦 Canada: 80
All others: 1,033
#pulse
#network
#vpn
@sec_nerd
https://docs.google.com/spreadsheets/d/1tDEWMl-IkFeUaegbp4KynwugYqIRWu4nAoRUM6KO1LM/edit
شناسه : CVE-2019-11510
🇺🇸United States: 1,381
🇯🇵 Japan: 430
🇬🇧 United Kingdom: 232
🇰🇷 South Korea: 214
🇫🇷 France: 190
🇩🇪 Germany: 145
🇨🇳 China: 126
🇧🇪 Belgium: 98
🇭🇰 Hong Kong: 92
🇨🇦 Canada: 80
All others: 1,033
#pulse
#network
#vpn
@sec_nerd
Google Docs
Pulse Secure VPN servers vulnerable to CVE-2019-11510 by country – 2019-12-13 Scan Results
World Map
کشف آسیب پذیری XSS در فیسبوک که منجر به تسخیر اکانت میشود
https://ysamm.com/?p=343
#bugbounty
#writeup
#facebook
#xss
@sec_nerd
https://ysamm.com/?p=343
#bugbounty
#writeup
#xss
@sec_nerd
بانتی ۵۵۰ دلاری در کمتر از ۵ دقیقه!
https://medium.com/@ahmadbrainworks/bug-bounty-how-i-earned-550-in-less-than-5-minutes-open-redirect-chained-with-rxss-8957979070e5?
#writeup
#bugbounty
#web
#pentest
@sec_nerd
https://medium.com/@ahmadbrainworks/bug-bounty-how-i-earned-550-in-less-than-5-minutes-open-redirect-chained-with-rxss-8957979070e5?
#writeup
#bugbounty
#web
#pentest
@sec_nerd
Medium
BUG BOUNTY: How I earned $550 in less than 5 minutes. “Open Redirect chained with rXSS”
Assalamu Alaikum Warahmatullahi Wa Barakatuhu…
خواندنی های هفته ی گذشته:
🗞 https://hipotermia.pw/bb/http-desync-idor
🗞 https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md#git-submodule-update-command-execution
🗞 https://reddit.com/r/crypto/comments/e8t17w/comment/faerj2m
🗞 https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
🗞 https://diverto.github.io/2019/11/18/Cracking-LUKS-passphrases
#writeup
#bugbounty
#exploit
#pentest
@sec_nerd
🗞 https://hipotermia.pw/bb/http-desync-idor
🗞 https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md#git-submodule-update-command-execution
🗞 https://reddit.com/r/crypto/comments/e8t17w/comment/faerj2m
🗞 https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
🗞 https://diverto.github.io/2019/11/18/Cracking-LUKS-passphrases
#writeup
#bugbounty
#exploit
#pentest
@sec_nerd
hipotermia.pw
hipotermia - HTTP Request Smuggling + IDOR
A bug chain of HTTP Request Smuggling and an IDOR which allows to retrieve user sensitive data
۵ دلیلی که برنامه نویسان باید مانند هکرها فکر کنند:
۱- سرسختی بی نظیر هکرها
۲- کار عملی بجای مطالعه و یادگیری سنتی
۳- پیش بینی نقص های امنیتی محتمل
۴- تفکر خلاق و تمایل به خروج از قالب های مرسوم
۵- تفریح!
https://thehackernews.com/2019/12/cybersecurity-for-programmers.html
#hack
#programming
@sec_nerd
۱- سرسختی بی نظیر هکرها
۲- کار عملی بجای مطالعه و یادگیری سنتی
۳- پیش بینی نقص های امنیتی محتمل
۴- تفکر خلاق و تمایل به خروج از قالب های مرسوم
۵- تفریح!
https://thehackernews.com/2019/12/cybersecurity-for-programmers.html
#hack
#programming
@sec_nerd
آخرین اخبار هک، ابزارها و روش های تست نفوذ را در این کانال دنبال کنید
لینک گروه:
https://t.iss.one/joinchat/Cu-7qUvIA5ULBMsmH9yVzA
بخش انگلیسی :
https://t.iss.one/sec_nerd_en
@sec_nerd
لینک گروه:
https://t.iss.one/joinchat/Cu-7qUvIA5ULBMsmH9yVzA
بخش انگلیسی :
https://t.iss.one/sec_nerd_en
@sec_nerd
افزونه ی burpsuite برای رمزگشایی ترافیک whatsapp
https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
#whatsapp
#burpsuite
@sec_nerd
https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
#burpsuite
@sec_nerd
GitHub
GitHub - romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint: This tool was created during our research at Checkpoint Software…
This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol (This repository will be updated after BlackHat 2019) - romanzaikin/BurpExtension-WhatsApp-Decrypt...