امنیت اطلاعات
چند اسکریپت اثبات آسیب پذیری کشف شده در yii https://github.com/Maskhe/CVE-2020-15148-bypasses #poi #rce #php @sec_nerd
باگ RCE در Pulse Secure پس از احراز هویت
https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/
CVE-2020-8218
#rce
#pulse
#network
@sec_nerd
https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/
CVE-2020-8218
#rce
#pulse
#network
@sec_nerd
توضیحات و اکسپلویت آسیب پذیری اخیر outlook 2019
https://github.com/0neb1n/CVE-2020-16947
#outlook
#windows
#rce
@sec_nerd
https://github.com/0neb1n/CVE-2020-16947
#outlook
#windows
#rce
@sec_nerd
GitHub
GitHub - 0neb1n/CVE-2020-16947: PoC of CVE-2020-16947 (Microsoft Outlook RCE vulnerablility)
PoC of CVE-2020-16947 (Microsoft Outlook RCE vulnerablility) - 0neb1n/CVE-2020-16947
توضیحات کامل یک محقق در خصوص آسیب پذیری استک tcp/ip در ویندوز که با نام bad neighbor (همسایه ی بد) شناخته میشود
cve-2020-16898
https://blog.pi3.com.pl/?p=780
کد اکسپلویت:
https://site.pi3.com.pl/exp/p_CVE-2020-16898.py
#windows
#tcpip
#rce
@sec_nerd
cve-2020-16898
https://blog.pi3.com.pl/?p=780
کد اکسپلویت:
https://site.pi3.com.pl/exp/p_CVE-2020-16898.py
#windows
#tcpip
#rce
@sec_nerd
https://twitter.com/MrDamanSingh/status/1317042176337932291?s=20
https://twitter.com/nullenc0de/status/1317195661377503232?s=20
#ssti
#pentest
@sec_nerd
https://twitter.com/nullenc0de/status/1317195661377503232?s=20
#ssti
#pentest
@sec_nerd
Twitter
Damanpreet Singh🇮🇳
Got RCE in 2 minutes via SSTI, ~waybackurls https://t.co/DC4dDq3TjO | qsreplace "daman{{9*9}}" > fuzz.txt ~ffuf -u FUZZ -w fuzz.txt -replay-proxy https://127.0.0.1:8080/ (captured requests in burp) searched: daman81 in burp, got 43 results from 1266 requests…
باگ RCE در اپلیکیشن discord
masatokinugawa.l0.cm/2020/10/discord-desktop-rce.html (日本語)
https://mksben.l0.cm/2020/10/discord-desktop-rce.html (English)
https://youtube.com/watch?v=0f3RrvC-zGI (DEMO)
#discord
#rce
@sec_nerd
masatokinugawa.l0.cm/2020/10/discord-desktop-rce.html (日本語)
https://mksben.l0.cm/2020/10/discord-desktop-rce.html (English)
https://youtube.com/watch?v=0f3RrvC-zGI (DEMO)
#discord
#rce
@sec_nerd
mksben.l0.cm
Discord Desktop app RCE
A few months ago, I discovered a remote code execution issue in the Discord desktop application and I reported it via their Bug Bounty Prog...
ورد لیست برای بروت فورس xxe
https://gist.github.com/honoki/d7035c3ccca1698ec7b541c77b9410cf
#xxe
#pentest
@sec_nerd
https://gist.github.com/honoki/d7035c3ccca1698ec7b541c77b9410cf
#xxe
#pentest
@sec_nerd
Gist
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder - xxe-payloads.txt
رتبه بندی زبانهای برنامه نویسی بر اساس میزان برقی که مصرف میکنند!
https://thenewstack.io/which-programming-languages-use-the-least-electricity/
#programming
@sec_nerd
https://thenewstack.io/which-programming-languages-use-the-least-electricity/
#programming
@sec_nerd
When ntuser.pol leads you to SYSTEM
https://decoder.cloud/2020/10/24/when-ntuser-pol-leads-you-to-system/
#windows
#privesc
@sec_nerd
https://decoder.cloud/2020/10/24/when-ntuser-pol-leads-you-to-system/
#windows
#privesc
@sec_nerd
آسیب پذیری عجیب Tiki Wiki Cms Groupware
CVE-2020-15906
https://github.com/S1lkys/CVE-2020-15906
بعد از بروت فورس و قفل شدن اکانت ادمین، امکان ورود با پسورد خالی فراهم میشود!
#web
#pentest
#writeup
@sec_nerd
CVE-2020-15906
https://github.com/S1lkys/CVE-2020-15906
بعد از بروت فورس و قفل شدن اکانت ادمین، امکان ورود با پسورد خالی فراهم میشود!
#web
#pentest
#writeup
@sec_nerd
دستورات و ابزارهای کاربردی در تست نفوذ به اکتیودایرکتوری
https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet
#AD
#windows
#pentest
@sec_nerd
https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet
#AD
#windows
#pentest
@sec_nerd
GitHub
GitHub - Integration-IT/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods…
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. - Integration-IT/Active-Directory-Exploitation-Cheat-Sheet
ابزارهای ویندوزی برای تیم های قرمز
https://github.com/Mr-Un1k0d3r/RedTeamCSharpScripts
به زبان سی شارپ
#pentest
@sec_nerd
https://github.com/Mr-Un1k0d3r/RedTeamCSharpScripts
به زبان سی شارپ
#pentest
@sec_nerd
GitHub
GitHub - Mr-Un1k0d3r/RedTeamCSharpScripts: C# Script used for Red Team
C# Script used for Red Team. Contribute to Mr-Un1k0d3r/RedTeamCSharpScripts development by creating an account on GitHub.
صفر تا صد نفوذ به اکتیودایرکتوری
https://rootsecdev.medium.com/forest-a-walk-through-in-hacking-active-directory-c83ecb21e1a9
#AD
#windows
#network
@sec_nerd
https://rootsecdev.medium.com/forest-a-walk-through-in-hacking-active-directory-c83ecb21e1a9
#AD
#windows
#network
@sec_nerd
Medium
Forest: A walk through in hacking active directory
This box is on the retired list in hack the box. Here is a walk through on how I got full system privileges in this active directory…